Podcast appearances and mentions of michael dexter

Maintaining a local fork of an open source project is like maintaining an illusion. It only gives momentarily control and becomes expensive to keep up over time. Have you experienced that already?This My Open Source Experience podcast episode evolves around this topic and explores why and how to invest in open source projects, including how to pick which ones to rely on, what to consider when setting up your organizational structure, and why avoid maintaining local forks.- Austen Bryan covers the benefits of relying on OSS projects, and how to pick the right ones.- Samson Goddy talks about why roles like Developer Relations don't belong in the marketing department- Greg Kroah-Hartman shares why you don't want to maintain a local fork- Federico Gonzalez Waite talks about educating people about open source and guiding a large organization through an open source transition- Michael Dexter shares his thoughts and experience with regulations, patents. copyright laws and how they've been affecting software development and the FOSS movement- Tom Sadler shares the benefits of investing in upstream work, and why maintaining a local fork turned out to be a bad idea for his company Hosted on Acast. See acast.com/privacy for more information.

By definition, open source projects and communities are supposed to be accessible. And while the code is always openly available, the remaining parts of the ecosystem might be further out of reach than you would thinkIn this episode of the My Open Source Experience Podcast, Michael Dexter, Ildiko and Phil explore the open source ecosystem from two perspectives: business and accessibility. Businesses rely on open source software, soemtimes unknowinlgy, all around the globe as digital infrastructure doesn't exist without it any more, and yet, making it integral part of the business strategy is a constant struggle for companies. And yet, even when companies and individuals reach the point of investing their time, money and resources into open source projects it appears to be more difficult than it is supposed to be. Michael, Ildiko and Phil are discussing these challenges and digging into how to address them.Learn more about:- The relationship between open source and business interests- The fragility of funding in the open source ecosystem- The role of open source foundations- Stages of involvement in open source projects- Maintainer shortage and how to bring people (back) into open source projects Hosted on Acast. See acast.com/privacy for more information.

On episode 495 of The Nurse Keith Show nursing and healthcare career podcast, Keith interviews Michael Dexter, MSN, RN, EMT, CEN, CPEN, CFRN, CTRN, TCRN, CCRN, CNL, the Director of Professional Development at the Board of Certification for Emergency Nursing (BCEN). In the course of their conversation, Keith and Michael discuss how emergency nurses can lean into their specialty, sharpen their skills and knowledge, and maximize their impact on patients and the quality of care delivered in emergency departments around the country. They also discuss BCEN's overarching mission of promoting education and growth within emergency nursing, and the six certifications overseen and administered by this crucial specialty nursing organization. Michael Dexter holds a master's degree as a clinical nurse leader and 7 board certifications. He is passionate about professional growth, continuous learning, and collaborative care practices. Having worked emergency, transport, and cardiac care areas, Michael uses his experiences to tie clinical conditions together across the entire emergency care spectrum. Connect with Michael Dexter and BCEN: BCEN website Facebook BCEN on LinkedIn Instagram YouTube Michael Dexter on LinkedIn Contact Nurse Keith about holistic career coaching to elevate your nursing and healthcare career at NurseKeith.com. Keith also offers services as a motivational and keynote speaker and freelance nurse writer. You can always find Keith on LinkedIn. Are you looking for a novel way to empower your career and move forward in life? Keith's wife, Shada McKenzie, is a gifted astrologer and reader of the tarot who combines ancient and modern techniques to provide valuable insights into your motivations, aspirations, and life trajectory, and she offers listeners of The Nurse Keith Show a 10% discount on their first consultation. Contact Shada at TheCircelandtheDot.com or shada@thecircleandthedot.com.

In this 100th podcast episode we want to introduce you to our BCEN Friend and CEO, Janie Schumaker. Janie Schumaker is a dedicated healthcare professional whose journey began in a nursing home doing laundry. She furthered her education as a certified nursing assistant to LPN and finally obtaining her RN. Janie quickly recognized her passion for the Emergency Department, where she spent most of her career at the bedside and in nursing leadership. As the CEO of the Board of Certification for Emergency Nursing for the past seven years, Janie is a fierce advocate for nurses, emphasizing the importance of professional development and specialty certification. Janie holds multiple degrees, advanced certifications, and is an active member in several nursing organizations. Outside of her professional life, Janie volunteers for an animal rescue in Kansas City and cherishes time with her family, including her husband, son, daughter-in-law, two granddaughters, four dogs and the occasional foster pet, just because. Come along as Michael Dexter and Hollye Briggs talk with Janie about her insights on leadership, taking risks, and owning mistakes. This episode is called, Certified Leadership: One life influencing another. Janie can be reached on LinkedIn and Facebook @JanieSchumaker BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friends, Sean Elwell and Adam Oliver. Sean Elwell is the Senior Director of Emergency Services, Critical Care Transport, and the Pediatric Trauma Center at Nemours Children's Hospital in Wilmington, Delaware, where he has dedicated over 21 years of service. Starting his career as an EMT, Sean transitioned to become a registered nurse and earned his Doctor of Nursing Practice from Wilmington University. He holds a master's degree in nursing leadership and health systems management from Drexel University, graduating Summa Cum Laude. A recognized leader in his field, Sean has published numerous articles and presented at regional and national conferences. He is a Past-President of the Society of Trauma Nurses and currently serves as Secretary/Treasurer on the Board of Certification for Emergency Nursing. In addition to his professional roles, Sean actively contributes to his community as the Mayor of Elsinboro Township, where he has served for 18 years, including 14 years as Mayor. He has held various leadership positions within local government and is currently on the Executive Board for the New Jersey League of Municipalities, set to become First Vice-President this November. Sean also dedicates time to volunteer with the Elsinboro Fire Company, where he serves as Chief. His extensive experience and commitment to both healthcare and public service make him a respected leader in his community. Adam Oliver is a dedicated healthcare professional with over two decades of experience in the emergency medical field. He resides in Gilliam, Louisiana, located in northern Caddo Parish, approximately 30 miles north of Shreveport. Currently Adam serves as the Director of Integrated Health for LifeNet, Inc. and manages three rotor-wing assets and one fixed-wing asset within the Air Division, while also overseeing the development of community paramedic and telehealth programs. As a passionate advocate for community service, Adam is the Mayor of Gilliam and has previously served as a town council member. His commitment to public safety is further exemplified by his ten-year service as a Board Commissioner for Caddo Fire District Seven, which operates in a large rural area. Recently appointed to the Hospital Service District board, he plays a vital role in supporting the North Caddo Medical Center, a critical access hospital that includes five rural health clinics, two pharmacies, and a dental clinic. Since a young age, Adam has been committed to serving others in their most vulnerable moments. His diverse experiences as a paramedic, emergency nurse, ICU nurse, and flight nurse have shaped his approach to healthcare and community engagement, reinforcing his belief in the importance of compassion and support in times of need. Come along as Michael Dexter and Hollye Briggs talk with these dual guests and discuss how their experiences in healthcare have shaped their political roles and community service. This episode is called, Mayor may not be outside the Scope of Nursing. Sean Elwell can be reached via email at sean@seanelwell.com and Adam Oliver can be reached on Instagram @flyin_fishin. BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Deborah Spann. Deborah Spann is a dedicated Registered Nurse with extensive experience in network development aimed at improving trauma and time-sensitive illness responses across the healthcare system. Currently serving as the Education Coordinator for the Louisiana Emergency Response Network, Deb is committed to advancing emergency and medical surgical nursing through education and certification. Deb holds a degree from Louisiana Tech University and a Masters in Clinical Nurse Leadership from the University of Arizona. Obtaining and maintaining her CEN and being inducted as a Fellow in the Academy of Emergency Nurses, Deb has accomplished many achievements throughout her career and with still more to come. Beyond her professional achievements, Deb is deeply rooted in her family life as the eldest of five siblings, a mother of two, and a grandmother to five, ensuring that her life is both fulfilling and vibrant. Come along as Michael Dexter and Hollye Briggs talk with Deb about barriers in communication, the importance of professional development, and the value of recognition. This episode is called, Serving up a hot cup of Coffee and Mentoring. Deb can be reached on LinkedIn @DebSpann and on the LERN website at www.LERN.LA.GOV BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Adam Sorenson. Graduating in 2012 with his BSN, Adam Sorenson began his career as a pediatric nurse before transitioning to a role as a pediatric intensive care nurse. After a few years in the PICU, Adam shifted to working in an adult surgical intensive care unit (SICU) at a Level 1 trauma center, where he continues to work today. Adam's professional development includes advanced training, starting with Trauma Nursing Core Course (TNCC) and Advanced Trauma Care Nursing (ATCN) to obtaining his certification as a Trauma Certified Registered Nurse (TCRN). In 2014, during the Ebola outbreak in Central and West Africa, Adam joined the Highly Infectious Treatment Team (HITeam) at Denver Health Hospital, an all-voluntary group established to handle such crises. Denver Health was designated as an Ebola regional treatment center in 2015. In 2021, Adam took on a part-time role as a Biocontainment Unit Nurse Educator, focusing on training, education, and preparedness for viral hemorrhagic fevers, rare respiratory viruses, and novel viruses. Additionally, Adam has served as a nurse in the Air Force Reserves for the past five years. Come along as Michael Dexter and Hollye Briggs talk with Adam about his nursing career from pediatrics to trauma care to biocontainment. This episode is called, “Hero Dirt: Collaboration on Emerging Special Pathogens.” Adam can be reached on the Denver Health website at https://www.denverhealth.org/services/regional-emerging-special-pathogen-treatment-center and also recommends resources through the NETEC website at https://netec.org/ BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Lionel Lyde. Lionel Lyde is a retired Military Nurse with 35 years of service in the armed forces. He holds his MHA MBA, and CEN. Lionel has taken on clinical, leadership and executive leadership positions during his 31-year nursing career, spending most of his clinical time as a critical care and ER/Trauma Nurse. His last position being an Air Force Critical Care Master Clinician and Special Military Consultant to the Air Force Surgeon General for Critical Care Nursing. He retired from military service 2022 but has certainly not retired from nursing. He's currently the Director of Nursing for a group home and manages a free clinic. His current professional goal is to network primary care clinics that provide care to low income and indigent patient populations. This goal is part of a greater aspiration to facilitate access to the healthcare system and decompress community emergency departments. Come along as Michael Dexter and Hollye Briggs talk with Lionel about his career in military nursing and leadership. He will discuss his current focus, improving access to healthcare for low-income populations. This episode is called, This is the Way Of Nursing. Lionel can be reached on Facebook and LinkedIn @Lionel Lyde BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Megan Wood.  Megan Wood is currently a critical care ground transport nurse with AHN LifeFlight and holds the CFRN and Pre-hospital Register Nurse certification. She also works as a nurse intensivist, critical care, and L& D nurse at a PA area hospital. Megan began her career as a paramedic for over 10 years in a busy 911 based EMS system and also as a flight paramedic. When she became a nurse, she continued to fly with Stat MedEvac in Pittsburgh, and working some shifts in a local hospital. After a few years, Megan decided to embrace change and jumped into an ICU role in her hometown of Washington, PA, and once she got a few years in the ICU, she changed again to a role in the Labor and Delivery unit. It was here that Megan discovered a great passion for women's health and has used that knowledge to teach other healthcare providers on the topics of fetal, maternal, and neonatal care as well as transport considerations for this special population. Come along as Michael Dexter and Hollye Briggs talk with Megan about the journey from paramedic to transport nurse. She speaks to the challenges of ground transport nursing, particularly for high-risk OB care. This episode is called, Take Care of You on the Go. Megan can be reached on LinkedIn @MeganWood BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Jaime Phillips.  Jaime Phillips is currently a special agent with the Army Criminal Investigation Division, a retired Staff Sergeant with the U.S. Army Reserves, a registered nurse, and certified tactical paramedic. Jaime has over ten years of experience in law enforcement and tactical medicine which has made him very passionate about the specialty of operational medicine. Jaime is a founding member, current President, and Fellow for the newly launched Academy of Operational Medicine. This fellowship program recognizes individuals who have demonstrated their advanced practice of operational medicine through experience, education, and leadership. Come along as Janie Schumaker, Michael Dexter and Hollye Briggs talk with Jaime about his latest mission: the Academy of Operational Medicine. He's unifying healthcare providers practicing in unconventional and hostile environments. This episode is called, Where Comfort Zones End. Jaime can be reached on Instagram @FAOMedicine and on faom.org BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Taylor DuBose. Taylor is an emergency nurse with 6 years of experience in various ED settings, including a level 2 trauma and rural. She holds the CEN and CPEN credentials and is currently working as the Department Chair of Nursing at a technical college. Taylor oversees the Associates Degree, Transition, and Practical Nursing programs. Taylor started her nursing education as an ADN then completed an RN to MSN tract in Leadership and Management. She recently completed her MBA and is enrolling in a DNP program for Educational Leadership It's clear that Taylor is passionate about education and using her love of lifelong learning to help others achieve their goals. Come along as Michael Dexter and Hollye Briggs talk with Taylor about her start in emergency nursing. Taylor is using all her experiences to guide student nurses as they navigate the transition from classroom to patient care. This episode is called, “Learning to Embrace the In-between.” Taylor can be reached on Facebook @TaylorDuBose BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Merideth Gradowski. Merideth Gradowski is the Trauma Program Manager at an ACS (American College of Surgeons) verified Level I trauma center in Phoenix, Arizona. She has been a nurse since 2009 with the majority of her experience in emergency and trauma nursing. Her prior roles include ED charge nurse and supervisor, trauma injury prevention coordinator, and trauma performance improvement nurse. Merideth initially obtained her associates degree in nursing and then furthered her education with a Bachelors of Nursing from Arizona State University and then a Master's of Nursing from Queens University of Charlotte. Come along as Michael Dexter and Hollye Briggs talk with Merideth about her role within    trauma care and her best advice to progress as a new professional.  This episode is called “Quality Trauma Care: From the City to the Burbs.” Merideth can be reached on LinkedIn @MeridethGradowski and X @level1traumarn BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend, Jonathan Green. Jonathan Green is the Senior Director of Nursing at Montefiore Medical Center's Einstein Campus, Bronx, NY, responsible for nursing practice and operations across multiple service lines. He has over 25 years of healthcare leadership experience with an emphasis on emergency and critical care nursing and nursing leadership. He is active in the Emergency Nurses Association, the American College of Healthcare Executives, and is a life member of the Veterans of Foreign Wars. He teaches nursing leadership courses in the graduate and undergraduate programs at Excelsior University in Albany, NY, and consults on a variety of nursing leadership and nursing education topics.  A little about his education background, Jonathan earned an MBA in Healthcare Management from Excelsior University in Albany, NY, a Doctor of Nursing Practice and Master of Science degree in nursing at Dominican University in Orangeburg, NY, a Bachelor of Science in nursing at Excelsior University in Albany, NY, and a Bachelor of Science in Biomedical Engineering at Rensselaer Polytechnic Institute in Troy, NY. He is board-certified in healthcare management as a Fellow of the American College of Healthcare Executives (FACHE), as an emergency nurse and nurse practitioner (CEN, ENP-C), critical care nurse (CCRN), and as a nurse executive-advanced (NEA-BC).  Come along as Michael Dexter and Hollye Briggs talk with Jonathan about his drive to influence and empower the entire healthcare team. This episode is called, “Engineering Excellence with Intentional Leadership”. Jonathan can be reached on LinkedIn @JGreenDNP BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Becky Rich. Becky Rich has been in the world of emergency medicine and nursing for the past 9 years, and recently obtained her Doctorate in Nursing Practice. She works full time in nursing education teaching didactic and practical skills and also works PRN as a float nurse across multiple emergency departments in a local health system. The chaos and the structure of these two positions are exactly, as Becky believes, the best of both worlds. Outside of her professional life, Becky enjoys family time with her fiancée, daughter, and two dogs. Whether it be walks, hikes, or pool time, she enjoys all the natural joys of the beautiful Arizona weather. Come along as Michael Dexter and Hollye Briggs talk with Becky about her start in emergency nursing.  They will chat about how she went from a patient care tech to recently finishing her DNP. It's been quite a journey thus far, but Becky hasn't lost a step. This episode is called “Another bend in the road from PCT to DNP”. Becky can be reached on LinkedIn @RebeccaRich BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Angela Atwood. Angela ‘Angie' Atwood has over 25 years of experience caring for critical care patients in ground, air, and hospital environments. She has served in roles ranging from paramedic, firefighter, ER nurse, Flight RN, and direction of education. Angie has her MSN in Nursing leadership and management as well as her CFRN and FP-C (certified flight paramedic). Her current role includes clinical content creation, serving as a SME and adjunct lecturer and CAPCE (commission on accreditation for prehospital continuing education) Program Director. She also volunteers as a certification item writer and ASTNA education committee member. Come along as Michael Dexter and Hollye Briggs talk with Angie about her career. She'll talk about how she went from taking an EMT class to educating thousands of transport and flight clinicians. Angie has taken every experience as an opportunity to grow into the highly effective professional she is today. This episode is called “Starting with the End in Mind”. Angie can be reached on LinkedIn @AngelaAtwood; Instagram & Facebook @AngieAtwood. BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Joe Hill. Joe Hill started his career at a Level 1 adult/pediatric trauma center then moved into critical care ground transport. He decided to make the jump into flight medicine where he stayed for 19 years serving as a flight nurse and clinical directors. In 2021, Joe finished his MSN-APRN and in March of 2023 Joe began working as a Family Nurse practitioner. Even though the learning curve was bit higher than he initially expected, Joe is finding he can make a significant difference in the emergency needs of patients through his new role in primary care. Come along as Michael Dexter and Hollye Briggs talk with Joe about his career in emergency and flight nursing. From his initial why to why he's stayed in this profession for over 25 years, this episode is sure to help us all find a place to land.     This episode is called “Setting up an LZ in Primary Care”. Joe can be reached on LinkedIn @JosephHill-78937951 BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Mandy Felder. Mandy Felder is a leader in pediatric trauma care with over 20 years of pediatric nursing experience. She is currently the Pediatric Trauma Program Manager at an ACS Level II trauma center in South Carolina. Mandy serves on the South Carolina Emergency Medical Services for Children Committee as well as the Trauma Advisory Committee. She is an active member in several professional organizations including the Trauma Association of South Carolina, the Pediatric Trauma Society, and the Society of Trauma Nursing. She teaches ENPC, TNCC and PTACC. She holds her masters in nursing administration and organizational leadership as well as the TCRN and CPEN. Mandy is passionate about improving care for children in the prehospital and hospital setting and promoting injury prevention efforts and education. Come along as Michael Dexter and Hollye Briggs talk with Mandy about her passion for pediatric trauma care. She will also discuss why she believes it's important to take that next step in professional development because even a small step is significant.   This episode is called “Creating Space for Pediatrics in Trauma Services.” Mandy can be reached on LinkedIn @Amanda Felder

In this podcast episode we want to introduce you to our BCEN Friend Tesla Teitge. Tesla is an emergency nurse with over 10 years of clinical experience. She is also the owner and creator for the dynamic and “Paradise” inspired compressions socks from her company, Up at Dawn Compression Socks. In 2023, Tesla completed her Masters in Nursing Education. She lives with her family in the Garden State where she has the opportunity to fill some of her favorite roles: ER nurse, university clinical instructor, mother, wife, beach enthusiast, and small business owner. Come along as Michael Dexter and Hollye Briggs talk with Tesla about her passion for emergency nursing and how she took her personal love of compression socks and became an entrepreneur for her company, Up at Dawn Compression.   This episode is called “Emergency Nursing Til Dawn Edition.” Tesla can be reached from her website: www.upatdawn.co

In this podcast episode we want to introduce you to our BCEN Friend Lynn Miller Hayward. Lynn Miller Hayward was born in South Africa and started her nursing career by obtaining a Bachelor of Social Sciences as a Registered Nursing and Midwife in 1979. She moved to the US shortly after graduating and spent 3 years in US healthcare before returning to South Africa. An experience with emergency services, lit the fire for Lynn to become an Advance Life Support Paramedic and take to the flight world for several years. She also became an AHA instructor for community education. From a cruise ship nurse to a free-standing ED in North Carolina, Lynn's career has moved into many different specialties of nursing, but she as she will tell, gaining her CEN made her feel recognized and respected in the field of emergency nursing. Lynn returned stateside in 2023 and is trying something new in the field of Endoscopy, as she believes there is always something to learn. Come along as Michael Dexter and Hollye Briggs talk with Lynn about her deep-rooted career in nursing grown over the past 40 years. Lynn is sure to inspire and impart some wisdom she's learned along the way.   This episode is called “No Wasted Time.” Lynn can be reached by email at cen.lynn3@gmail.com

In this podcast episode we want to introduce you to our BCEN Friend Shawntay Harris. Shawntay Harris is the President and CEO of Eminent Healthcare Resources Consultants Inc, which offers education for nurses from bedside clinical training to leadership and administrative coursework. With over 23 years of nursing experience in emergency services, she has established an influence in her home state of Texas as well as nationally through her work with the Texas Emergency Nurses Association and the ENA Foundation. Shawntay was recently highlighted in the media for her induction as a Fellow in the Academy of Emergency Nursing, becoming the first black nurse to be awarded this distinction for her service and leadership.  Shawntay maintains all 5 BCEN credentials as well as being a doctoral student with completion of her program coming very soon in 2024. Come along as Michael Dexter and Hollye Briggs talk with Shawntay about her career, and the ways she's shaping the future of nursing through education and influence. Shawntay's energy and excellence are sure to leave an impression.    This episode is called “Establishing an Eminent Legacy.” Shawntay can be reached on LinkedIn and Facebook @ShawntayHarris and on Eminentcpr.com

In this podcast episode we want to introduce you to our BCEN Friend Mary Whelan. Mary Whelan has held many different leadership positions over the past 24 years of her career as a director of emergency services from a level II Trauma Center to a community hospital ED, she proved time and again with every leadership role that she possesses the tools to transform department culture and produce improved staff and patient engagement scores. Mary built a reputation of actively engaging with staff to assist with patient flow and clinical care, helping build a relationship with bedside staff and demonstrating to them that she understands the valuable work they are doing. Mary's tireless work to develop strategic collaborations within the ED and the healthcare system resulted in outcome data that reflected clinical excellence under her leadership.  Come along as Michael Dexter and Hollye Briggs talk with Mary about nursing leadership. Looking across the span of her career, what topics she believes are most important for those continuing to lead the profession.   This episode is called “Reigniting Leadership in Nursing.” Mary can be reached on LinkedIn @MaryWhelan.

In this podcast episode we want to introduce you to our BCEN Friend Joe Blansfield. Joseph “Joe” Blansfield is a board-certified Adult Nurse Practitioner with over 5 decades of experience in the emergency and trauma setting. The last 27 years of his career were spent in the role of the Trauma/Acute Care Surgery Program Manager at Boston Medical Center, where Joe was responsible for maintaining all the requirements for this Level 1 Trauma Center until his retirement in June 2019. Joe also has 26 years of active military service in the US Army Reserves retiring as a Colonel from the Army Nurse Corp, also earning a Bronze Star Medal and Legion of Merit. Joe has volunteered for BCEN through the TCRN Exam Construction Review Committee, worked on revisions of trauma materials for ENA, as well as being a speaker and published author of many clinical topics. He has been recognized for his excellence through various national awards as his dedication to nursing seems to know no bounds. Come along as Michael Dexter and Hollye Briggs talk with Joe about his career in all things trauma related, from the stretcher-side to deployment, advanced practice to giving back and everything in between.    This episode is called “Navigating and Challenging the Trauma Landscape.” Joe can be reached on Facebook and LinkedIn @Joseph Blansfield.  

In this podcast episode we want to introduce you to our BCEN Friend Anne O'Connor. Annemarie O'Connor is an Advanced Practice Nurse Practitioner at the Burn and Complex Wound Center at the University of Chicago Medicine in Illinois. With over 35 years of nursing within burn care from the bedside to administration and advanced practice, Anne has taken on responsibilities that encompass intensive care, surgical assist, outpatient wound management and community health and education. Anne has served on various councils for advanced practice nursing and worked with the American Burn Association on several national committees including the Burn Nurse Certification initiative. She is a national faculty for the Advanced Burn Life Support Course thru ABA and has presented at state, national and international events presenting burn care content and education.   Come along as Michael Dexter and Hollye Briggs talk with Anne about her journey in the specialty of burn nursing from initial fears to pioneering the future with national certification.   This episode is called “When a Passion for Burn Care ignites your Whole Career.” Anne recommends connecting through the website for University of Chicago Medical Center-Burn Center (www.uchicagomedicine.org/conditions-services/burn-center).   BCEN & Friends Podcast is presented by the Board of Certification for Emergency Nursing. We invite you to visit us online at https://bcen.org for additional information about emergency nursing certification, education, and much more.

In this podcast episode we want to introduce you to our BCEN Friend Alice Benjamin. “Nurse Alice” Benjamin is a board-certified family nurse practitioner, clinical nurse specialist, author, speaker, podcast host and a nurse pioneer on TV as a medical correspondent. Her experiences range from cardiovascular health, critical care, and emergency medicine involving patient care at some of the most prestigious and underserved hospitals. As a medical correspondent for NBC Los Angeles, she was the nation's most watched nurse on TV who kept millions of viewers up to date with daily reporting during the Covid crisis. Spanning her career, Nurse Alice has appeared on numerous national shows, networks and radio shows including GMA3, Dr. Oz, The Doctors, CNN, HLN, FOX News, News Nation, TVOne, BBC, just to name a few. She also hosts the Ask Nurse Alice Podcast which we will spend more time on in the episode. Her written health features have been published in Parent Magazine, Blavity, Huffington Post, EBONY, The American Nurse, Minority Nurse, and many more. She is also the Founder and Senior editor for AskNurseAlice.com, a trusted online health, wellness, and medical media outlet. Her mantra is she likes to talk to people before they become her patients. And when she talks, people listen. Come along as Michael Dexter and Hollye Briggs talk with Alice about her career in nursing, which has spanned from the bedside to the boardroom and national media outlets.   This episode is called “My Way to Becoming Nurse Alice.” Alice can be reached on Instagram, Facebook, and TikTok @AskNurseAlice or on her website at www.AskNurseAlice.com.  

In this podcast episode we want to introduce you to our BCEN Friend George Olschewski. George Olschewski started out in healthcare as an EMT in 1993 and finished an English degree with a minor in journalism before going back for his nursing degree. Since 1998 George worked in the hospital from the intermediate and step down units to the ED at the Level One trauma center-University Hospital in Newark, New Jersey. It was there that George became a founding member of the Critical Care Transport Team at the trauma center. George continues to serve in both specialties of EMS and transport nursing at Hackensack University Medical Center's specialty care transport unit and Angel Midflight's aeromedical flight team. In addition to his CTRN, George holds the TCRN, CEN and TCRN certification along with his certification as a Nationally Registered Paramedic. Come along as Janie Schumaker, Michael Dexter, and Hollye Briggs talk with George about his career in transport nursing and recent nomination and selection for a BCEN award.  Come join in on this celebration conversation. This episode is called “Not all Heroes are in Comic Books: Spotlight on the 2023 Distinguished CTRN Award Winner.” George can be reached on LinkedIn @GeorgeOlschewski.

In this podcast episode we want to introduce you to our BCEN Friend Jordan Tyczka. Jordan is currently the director of trauma services at Inova Loudoun Hospital, which is a Level III trauma center in Leesburg, VA. Since starting her nursing career in 2007, Jordan has worked in various Level I and Level II trauma centers along the east coast. She has obtained her master's degree in nursing education and served as the clinical nurse educator for trauma services prior to her current role. During her time in the educator role, Jordan achieved her TCRN and helped 50 other nurse co-workers attain their TCRN certifications as well. Come along as Janie Schumaker, Michael Dexter, and Hollye Briggs talk with Jordan about her career in trauma nursing and recently being selected as the 2023 Distinguished Trauma Certified Registered Nurse. Come join in on this celebration conversation. This episode is called “No Escaping this Distinguished Nurse: Spotlight on 2023 Distinguished TCRN Award Winner.” Jordan can be reached on LinkedIn @JordanTyczka.

In this podcast episode we want to introduce you to our BCEN Friend Kayleigh Summers. Kayleigh Summers is a licensed clinical social worker and private practice owner in Downingtown, PA. Kayleigh uses her training as a licensed therapist and her own experience as an Amniotic Fluid Embolism survivor to treat and support families experiencing perinatal trauma. Kayleigh has created thriving birth trauma support communities through Instagram and TikTok, as well as her podcast, where she provides connection, story sharing, and resources to support those experiencing birth and other trauma. Come along as Michael Dexter and Hollye Briggs talk with Kayleigh about her lived experiences and current passion for perinatal trauma. Kayleigh offers some great insight and advice during this meaningful conversation. This episode is called “Speak Now with the Birth Trauma Mama.” Kayleigh Summers can be reached on Instagram and TikTok @thebirthtrauma_mama and on her website: https://thebirthtraumamama.com/

In this podcast episode we want to introduce you to our BCEN Friend Kris Ramos. Kris Ramos is a master's prepared registered nurse and paramedic with a broad base of critical care experience including ground and air ambulance prehospital care, adult and pediatric emergency departments, pediatric cardiovascular intensive care, PICU, NICU, hemodialysis, and leadership roles. He currently serves as the Base Hospital Coordinator at Phoenix Children's. Kris's daily focus is to improve prehospital care for children by bringing Phoenix Children's expertise to emergency responders through continuing education, patient follow-up, and operations consultations. Kris is the founder and chair of the Phoenix Children's Annual EMS conference which provides prehospital providers with current pediatric trauma and emergency care continuing education. Kris also serves as vice chair of the Arizona Department of Health Services' Pediatric Advisory Council for Emergency Services, a committee that plays a lead role within Arizona's EMS and trauma community to improve pediatric care. Come along as Michael Dexter and Hollye Briggs talk with Kris about his career in prehospital medicine and nursing. Kris has been instrumental in moving the benchmarks for pediatric prehospital care and offering the most up-to-date continuing education. This episode is called “Walking the Line for quality pediatric prehospital care.” Kris Ramos can be reached via LinkedIn @Kris-Ramos and through the Phoenix Children's EMS and Prehospital Care Conference website (ems.phoenixchildrens.org).  

In this podcast episode we want to introduce you to our BCEN Friend Sean Fox. Dr. Sean Fox is a Professor of Emergency Medicine and of Pediatrics as well as the Program Director of the Emergency Medicine Residency at Carolinas Medical Center. He works half his shifts in the Pediatric ED and the other half in the Adult ED. Since his time at the University of Maryland, when he served as a Chief Resident, Sean has been passionate about both clinical care and medical education. In 2014 he won the American College of Emergency Physicians' (ACEP's) National Emergency Medicine Faculty Teaching Award.  Currently, while he educates the next generation of Emergency Physicians in North Carolina, Sean has partnered with other educators across the U.S. to craft national educational courses and curriculum. Dr. Fox spends his spare time generating and managing several educational websites geared toward the practice of emergency medicine. Come along as Michael Dexter and Hollye Briggs talk with Sean about his career in emergency medicine where he specialized in both adult and pediatrics. Sean has some great morsels of advice and recommendations in this conversation. This episode is called “Inconceivable! From emergency medicine to podcast producer.” Sean Fox can be reached on Twitter and Instragram @PedEMMorsels and @EMGuidewire Dr. Fox's website recommendations: www.pedemmorsels.com, www.emguidewire.com, www.cmcecg.com, www.mededmasters.com, www.cmcedmasters.com

In this podcast episode we want to introduce you to our BCEN Friend Carole Covey. Carole Covey has worked in various roles within healthcare over the past 15 years, ranging from ED to ICU, trauma to flight nursing, pre-hospital to administration and lots of in between. She has a passion for education, leadership and serving those in vulnerable populations. During 2020, Carole focused her efforts on emergency response and humanitarian aid services from Florida to California. She is currently the Medical Services Manager with AECOM, working on a large-scale project involving pediatric and adolescent care. Carole holds multiple certifications including the CEN and CFRN. She is also a student, working on a dual master's degree program in nursing and business administration. Come along as Michael Dexter and Hollye Briggs talk with Carole about her journey in emergency nursing which has led her to her current role planning and organizing healthcare to meet the needs of a very vulnerable patient population-unaccompanied minors from the US borders.  This episode is called “Next thing you know: ED nursing to hospital contracts and design.” Carole Covey can be reached on LinkedIn @CaroleCovey & Facebook @Carole.A.Covey.

In this podcast episode we want to introduce you to our BCEN Friend Caitlin Parker.. Caitlin Parker is a Certified Child Life Specialist at Atrium Health Levine Children's in Charlotte, NC. In her 13-year career at Levine's, she has worked in various roles across multiple service lines in pediatric and adult populations. She is driven by a passion for enhancing family nuclei coping and advocacy in the hospital setting that will carry over to better physical, emotional, and psychosocial outcomes for the trajectory of their health journey. Whether it is a child's first visit to the ED or their 30th admission, Caitlin believes in recognizing and impacting the momentous touchpoints during these visits, which will support the development and wellbeing of the whole family. These moments are where you will find Certified Child Life Specialist, like Caitlin, doing their best work. Come along as Michael Dexter and Hollye Briggs talk with Caitlin about her career as a Certified Child Life Specialist. Her compassion and insight are sure to uplift and make a lasting impact.   This episode is called “Living with Purpose as a Child Life Specialist.” Website resources recommended by Caitlin: Child Life Program | Levine Children's Hospital | Atrium Health Association of Child Life Professionals @Home (childlife.org) Caitlin Parker can be reached via email at: Caitlin.Parker@atriumhealth.org

In this podcast episode we want to introduce you to our BCEN Friend Jonah Pregulman. Jonah has been a nurse since 2016, having initially obtained his BSN from Case Western Reserve University in Cleveland, OH. He earned his MSN from Capella University with a specialization in Informatics in 2020. Jonah specializes in emergency, flight, and critical care transport. Jonah has also achieved all 5 BCEN certifications. He is a Nationally Registered Paramedic with a variety of EMS experience spanning over 10 years in 911, IFT and special event EMS. His work history includes various exotic locations such as Guam, Hawaii, Antarctica, and other international locations.  Come along as Michael Dexter and Hollye Briggs talk with Jonah about his career in flight nursing from the US to nearly every continent on the globe. Jonah has advice and insight packed and ready to go.  This episode is called “Where in the world is Jonah?”

In this podcast episode we want to introduce you to our BCEN Friend Jacob Miller. Jacob Miller is a Nurse Practitioner, Clinical Nurse Specialist, and Nationally Registered Paramedic with a background in flight, critical care transport, and emergency nursing, in addition to over 15 years of EMS practice. Jacob received his Master of Science in acute care from the University of Maryland, a post-master's certificate in advanced flight nursing from Case Western Reserve University, and his Doctorate in Nursing Practice from the University of Cincinnati. Jacob currently works as a clinical educator and critical care transport clinician in Cincinnati, Ohio. Jacob holds multiple certifications including the CFRN and CTRN from BCEN. He is active in several professional organizations including serving as an at-large director on the Air & Surface Transport Nurses Association board of directors, chair of the Emergency Nurses Association's advanced practice advisory council, and co-chair for the EMS Special Interest Group with the American Academy of Emergency Nurse Practitioners. One of Jacob's recent accomplishments is being accepted as a Fellow in the Academy of Emergency Nursing. Come along as Michael Dexter and Hollye Briggs talk with Jacob about his career in flight nursing to his latest adventures in advanced practice and all things education. Jacob is serving up lots of advice and insight.   This episode is called, “Professionalism any way you slice it!” Jacob Miller can be reached through the following platforms: Website: www.JacobMillerACNP.com     Facebook/Twitter/LinkedIn - @JacobMillerACNP

In this podcast episode we want to introduce you to our BCEN Friend Steven Malarchick. Steven Malarchick began his career in prehospital care as an EMT-basic progressing to a Paramedic. His medic career included roles as the Regional EMS Coordinator for Colorado as well as offshore work on a deep-water drill ship and as public safety Director for the Ute Mountain Ute Tribe. He became a nurse in 2003, starting in the emergency department and moving into flight. Steven continued his nursing education becoming a family nurse practitioner in 2021 and continues to fly as a flight NP. Steven enjoys teaching in all its forms: from online to classrooms, conference stages to podcasts. Come along as Michael Dexter and Hollye Briggs talk with Steven about his career in flight & nursing to becoming a living donor which had him in the patient role and gaining new perspectives. Steven is setting a new standard for giving back.   This episode is called, “Exponential Impact: From flight nursing to organ donation.” Steven Malarchick can be reached through the following platforms: Facebook/Instagram: @StevenMalarchick

In this podcast episode we want to introduce you to our BCEN Friend Sarah Wells Sarah Wells is a certified emergency nurse with her master's in nursing. She is a national speaker, educator, and the founder of New Thing Nurse, an academic and professional coaching company for the nursing community. Sarah works with nurses and nursing students from around the United States to help them achieve their professional goals. Sarah has worked in various emergency departments over the past 11 years. She is passionate about nurse wellness and creating a more supportive nursing culture throughout healthcare. Come along as Michael Dexter and Hollye Briggs talk with Sarah about her career in nursing, from starting in the ED to paying it forward helping others succeed in their nursing journey. Sarah is sure to spark a flame for what's next.   This episode is called,” Leveling Up with the New Thing Nurse.” Sarah Wells can be reached through the following platforms: Email: Newthingnurse@newthingnurse.com Facebook/Instagram: @newthingnurse LinkedIn: Sarah K. Wells MSN RNS CEN CNL

In this podcast episode we want to introduce you to our BCEN Friend Hannah Pye. Hannah Pye is a certified emergency nurse working as full-time nursing faculty while pursuing her DNP degree. Hannah is passionate about breastfeeding success and believes emergency department nurses can play a key role in breastfeeding support. Her other professional interests include nursing student success, disaster preparedness and response, care seat safety, and of course, emergency medicine.  Hannah is married to an Army physician and has two daughters. She enjoys kayaking, hiking, and eating good food. Come along as Michael Dexter and Hollye Briggs talk with Hannah about her career in nursing, from working with nursing students to being a doctoral student herself. Hannah is sure to inspire you to take your shot when it comes to your passion in nursing.  This episode is called, “In the room where it happens: from passion to practice change.” For information on disaster preparedness as Hannah mentioned in this podcast, see the Center for Domestic Preparedness at https://cdp.dhs.gov/.

In this podcast episode we want to introduce you to our BCEN Friend Bruce Hoffman. Bruce is a critical care registered nurse and paramedic whose clinical background includes the ICU, ER, trauma, cardiology and critical care transport/flight.  He holds graduate degrees in education and advanced practice. Bruce has spoken at multiple conferences and has a passion for education. He lives in CT with his wife, Stephanie (also a nurse) and three beautiful children – Ava Mae, Adelynn Lue and Jackson Lee, and Bella, their Boston Terrier. Come along as Michael Dexter and Hollye Briggs talk with Bruce about his career in nursing from pre-hospital to transport, and his passion for all things cardiac. Bruce is sure to create a thirst for knowledge during this conversation. This episode is called “Might as well Jump! into Education and Knowledge.” Bruce Hoffman can be reached on Twitter @BruceEHoffman.

This episode of BCEN and Friends lets you meet our friend Major Tiffany Welsh. Tiffany Welsh is a registered nurse in the United States Air Force Nurse Corp. Her primary nursing practice has been in Emergency and Trauma nursing for 18 years, and she has been on active duty for 10 years. Since coming on active duty, Major Welsh has served as a trauma nurse in military treatment facilities as well as become a member of the Critical Care Air Transport Teams.  She has 3 deployments and is currently a Deputy Director, as well as holding a teaching role, at the Center for Sustainment of Trauma and Readiness Skills in Omaha, Nebraska, specializing in the Principles of Biocontainment Care. Come along as Michael Dexter and Hollye Briggs talk with Major Welsh about her career in nursing from joining the US Air Force Nursing Corp, critical care transport and biocontainment. Thanks for joining us as we take this conversation up in the air and into the heart of military nursing. This episode is called Impacting Lives around the World through Military Transport.

In this podcast episode we want to introduce you to our BCEN Friend Roger Casey. Roger has over 30 years of emergency and critical care nursing experience. He uses his experience by volunteering on the BCEN Certified Emergency Nurse Exam Construction Review Committee to provide evidence-based items to the emergency nursing certification. He serves currently on the Board of Directors for BCEN. Roger has also been a part of the Emergency Nurse's Association's Trauma Nursing Core Curriculum development and is a Fellow of the Academy of Emergency Nursing. Come along as Michael Dexter and Hollye Briggs talk with Roger about his passion for nursing and how volunteering and gratitude has shifted his outlook on the profession. Roger is sure to create a spark of gratitude during this conversation. This episode is called Gratitude: shifting from a job to a calling. Roger Casey can be reached on Facebook/LinkedIn @RogerCasey and Instagram/Twitter @Traumanator.

In this podcast episode we want to introduce you to our BCEN Friend Heather Scruton. Heather is a transport nurse who graduated from the University of Kansas with her nursing degree in 1997 and went back for her master's degree in nursing and business administration from the University of Mary in 2014. She has over 25 years of experience with high-risk obstetric patients. Heather currently serves as the Director of Outreach for the Critical Care Transport Team at Children's Mercy Hospital in Kansas City. Her transport team completes approximately 6000 transports a year, specializing in neonatal, pediatric, maternal and OB services. Heather has spoken nationally on the topics of fetal medicine, innovative program design and implementation, communication in health care and maternal fetal transport. She Is an advocate with the federal lawmakers, educating lawmakers on the topics of FMLA, the opioid epidemic response and rising national maternal mortality rates. Heather serves on the Kansas Maternal Mortality Review Board and the Legislative Coordinator for the Association of Women's Health, Obstetric and Neonatal Nurses. Come along as Michael Dexter and Hollye Briggs talk with Heather about her passion for maternal/fetal transport and improving communication with each other. It's going to be a wild conversational ride! This episode is called, “Maternal Health and OB Transport: Oh baby!” Heather Scruton can be reached through Facebook @HeatherScruton and on @ChildrensMercyOutreach-Education and Activities page.

In this podcast episode we want to introduce you to our BCEN Friend Steve Cumming. Steve Cumming has been in healthcare for over 30 years. He started his career in the US Navy and following honorable discharge, he obtained his nursing degree. His early nursing career was in the emergency and ICU setting, however after 15 years, Steve found his true passion: flight nursing. He advocates for lifelong learning and has spoken on the topics of leadership, critical care and education. Steve has been married for 20 years to in his words "An exceptional woman who is my rock-Karen" Together they have 4 beautiful kids and 3 amazing grandkids. When he's not flying or teaching, Steve enjoys the outdoors-camping, hiking and off-roading. Come along as Michael Dexter and Hollye Briggs talk with Steve about his career in nursing, from starting as a tech in the ICU to soaring into the clouds of flight nursing. Steve is up for the challenge whether it's a critical patient or exploring the great outdoors. This episode is called, “Engineered for critical thinking and professional growth.” 

This episode of BCEN and Friends lets you meet our friend, Nancy Denke. Nancy is a Nurse Practitioner in Scottsdale, AZ.  She has lived & worked all over the United States. She grew up in New York and went to Penn State as an undergrad. Years later, she would return to school at the U. of North Carolina-Chapel Hill and earn her MSN as a Clinical Nurse Specialist and then return a year later to earn her FNP.  She worked as a NP in the ED until her husband's job took them to Fort Collins, CO.  In 2005, her husband accepted a new position in the Phoenix area where landed a position as the 1st Trauma NP for the system, then transitioned after 8 years to a Neuro/Stroke position and now for the last 5 years is working in a small Toxicology practice in the Scottsdale, AZ area. Nancy also received her Acute care NP certificate from St. Louis U. and a DNP in Leadership Innovation at Arizona State University where she has been teaching in the DNP program from 2014. Come along as Michael Dexter and Hollye Briggs talk with Nancy about her nursing career which has led to her study of toxicology and a passion for collaboration with the patient care team. When it comes to solving the puzzle of “what did my patient get into?” Nancy is an expert in this field. This episode is called Talking Toxicology: a recipe for disaster.

This episode of BCEN and Friends lets you meet our friend Martha Roberts Martha Roberts is an Assistant Professor and lead of the Pediatrics department for Samuel Merritt School of Nursing in Sacramento, California. She is also an adult and pediatric nurse practitioner at Zuckerberg San Francisco General Hospital and Trauma Center in the emergency department. Martha is a host for the Center for Medical Education's EM Bootcamps, The 2 View Podcast, and teaches nationally. Additionally, she remains adjunct faculty for Georgetown University School of Nursing. Her specialty focuses on emergency and critical care populations. Come along as Michael Dexter and Hollye Briggs talk with Martha about her career in emergency medicine from her initial start in music & audio production to nursing into advanced practice nursing. Join the conversation discussing the ways Martha uses her skills, talents and passions to build one opportunity on top of another. This episode is called, Building Blocks of a Nursing Career. Martha Roberts can be followed on 2view.fireside.fm

This episode of BCEN and Friends lets you meet our friend Brandon Joines. Brandon Joines is an emergency nurse with over 18 years of experience including pre-hospital, flight and transport care. Brandon started his career as an Emergency Medical Technician (EMT-Basic) in early 2000's and since then Brandon has obtained his Master's in Nursing Education in 2020. Brandon currently works as a flight nurse for CareFlite in the Dallas/Fort Worth area of Texas. He also serves part-time as an adjunct nursing instructor for North Central Texas College. Brandon lives with his wife, Elizabeth, who in Brandon's eyes is the greatest nurse he knows, along with their two children, Finley and Stella. During Brandon's first year working as a nurse, his son Finley was diagnosed with Autism. This led Brandon to a new passion, helping to educate emergency professionals in practices to provide better care for patients on the autism spectrum during emergency situations. Come along as Michael Dexter and Hollye Briggs talk with Brandon about his journey in emergency services and nursing, leading up to his new passion on educating pre-hospital and hospital staff about best practices related to patients with autism. This episode is called, Flying the Flag for Autism Awareness. Brandon Joines can be reached on Instagram @BrandonJoines

This episode of BCEN and Friends lets you meet our friend Austin Johnson. Austin is a registered nurse born, raised, and living in Florida. He is a Critical Care Transport Nurse with AdventHealth Central Florida, one of the largest hospital systems in the country with an equally large fleet of ground and flight transport units. Austin holds all 5 BCEN credentials as well as 2 other specialty certifications and has been a mentor for the BCEN InstaCrew, helping spread the word about the importance of emergency nursing certification and continuing education. Austin has spoken at several conferences and loves sharing his passion for education and professional development with the nursing community. Austin believes that every nurse should have access to the knowledge, skills, and tools they need to do the best job they can and if he can help them find those, he will. Come along as Michael Dexter and Hollye Briggs talk with Austin about the topics of trauma, emergency, critical care and transport nursing. It's a conversational ride along into certification and mentoring, and so much more. This episode is called, Transporting a Passion for Certification and Nursing. Austin Johnson can be reached on Instagram @AJinFlight  

This episode of BCEN and Friends lets you meet our friend Kristen Gilmore. Kristen obtained her Bachelor of Science in Nursing in 2004 and in 2014 she graduated with her master's degree in Nursing. Kristen's career includes work as an ED nurse, clinical nurse manager, nursing supervisor, nurse manager, and clinical operations coordinator. Throughout her career, Kristen has been the recipient of multiple clinical and leadership awards, serving as a mentor to others. Her passion for education and mentorship led her to teaching for a local nursing program. Kristen in now the Inaugural Program Manager for Nurse Well-Being at Jefferson Northeast in Philadelphia. The newly established Institute for Nurse Well-Being is dedicated to transforming culture to ensure a positive nurse practice work environment. Outside of her day-to-day work, Kristen is the current President of the Philadelphia Chapter of the Pennsylvania ENA. Come along as Michael Dexter and Hollye Briggs talk with Kristen about her journey in emergency nursing leading up to her newest venture into Nurse Well-Being. It's sure to be an encouraging conversation to our valued listeners. This episode is called, Blazing a Trail for Nurse Well-Being. Kristen Gilmore can be reached via email at Kristen.Gilmore@jefferson.edu or on Instagram @KristenC1209  

This episode of BCEN and Friends lets you meet our friend Jamin Rankin. Jamin Rankin obtained a bachelor's degree in biology prior to pursuing nursing school. He has been a nurse since 2013, having worked in the emergency department, air transport, and now as a trauma program manager. Jamin's nursing interests involve all things emergency, trauma, and critical care. In his role as a trauma program manager, Jamin oversees clinical, operational, and performance improvement processes for a newly verified trauma center in north Louisiana. Apart from nursing, Jamin enjoys spending time with his family as well as hunting, fishing, camping, and golfing. Come along as Michael Dexter and Hollye Briggs talk with Jamin about his journey in emergency and flight nursing to trauma center manager and everything in between. This episode is called, Defy Gravity: From Flight to Trauma Program Launch. Jamin Rankin can be reached on LinkedIn and Twitter.  

This episode of BCEN and Friends lets you meet our friend Barbara Weintraub. Barbara has been an ER nurse since 1985. After initially obtaining a bachelor's degree in Biology from Northwestern in 1983, she completed her bachelor's degree in nursing in 1984. Barbara later obtained a Master's in Public Health from the University of Illinois at Chicago in 1991 and a Master's in Nursing from Rush University in 1999. Barbara has one son, 32, who lives in Boston and is obtaining a PhD in computer cybersecurity. Barb says he's the “smarty” in the family! Barb has three cats! Barbara has been very active in emergency nursing, having both presented and been published on a wide variety of topics, including pediatric emergency care and improving patient flow. She has also been an active member of the Emergency Nurses Association, having served in both state and national positions. Come along as Michael Dexter and Hollye Briggs talk with Barbara about her career journey – the past, present, and future of nursing as she sees it. This episode is called, A Heart for Nursing. Barbara Weintraub can be reached on LinkedIn and Facebook.

This episode of BCEN and Friends lets you meet our friend Mark Eggers. Mark Eggers is the Education and Technology Services Manager at BCEN. Mark started his formal career in I/T about 48 years ago working on IBM mainframes (no personal computers at that time) as a computer operator. As his career progressed, he went into various management roles in I/T including customer support manager for a hotel chain. For the last 22 years Mark has had many roles in the area of training and development, including training all levels of an organization on many diverse topics. He was instrumental in designing, developing, and teaching education at his former employers along with implementing and maintaining Learning Management Systems (LMS) for organizations. Mark lives in Fairhope, AL with his wife Kathy and their Dachshund Root Beer. They have (not Root Beer) 4 children, 10 grandchildren and 3 great grandchildren. Mark says that he loves life and everything about it Come along as Janie Schumaker, Michael Dexter and Hollye Briggs talk with Mark about his career journey – Past, Present, and Future as Mark hands off the Hosting of BCEN and Friends and begins a new adventure: RETIREMENT! This episode is called The M.E. behind the Microphone. Mark Eggers can be reached on LinkedIn

This episode of BCEN and Friends lets you meet our friend Eddie Johnson. Eddie Johnson is a skilled nursing professional with a varied clinical background in both the acute and subacute care settings. Focused and hardworking, he strives for clinical excellence through an evidence based multidisciplinary team approach, ensuring only the best outcomes. He leads by example, empowering other team members to also excel in providing only the best care to those whom they serve. He takes nothing more serious than his job, or the trust built between himself and the community. His keen clinical judgment and nursing intervention is the culmination of only working in the most difficult practice settings including ER / Trauma, critical care, the recovery room, and correctional settings. Eddie is also passionate about being a lifelong learner and has extended his care through the education of others, ensuring nursing standards are upheld and that the next generation of nurses are committed as well as confident, yet competent. He lives that philosophy day to day, through every interaction with team members, and what patient situations that may arise. Michael Dexter and Mark Eggers talk with Eddie about his nursing career and the various roles he has had along the way. This episode is called, Emergency Care, Critical Care, Correctional Care Eddie Johnson can be reached at the following. LinkedIn: https://www.linkedin.com/in/eddie-johnson-msn-rn-ccrn-cen-cpan-6a22a8104?trk=public_profile_browsemap Email: EddieJ1985@gmail.com

This episode of BCEN and Friends lets you meet our friend Brett Dodd. Brett Dodd is the Associate Director for the Women's Guild Simulation Center for Advance Learning at Cedars Sinai Medical Center in Los Angeles, CA. He spent 6 years in the pre-hospital environment working as a paramedic and has been a Registered Nurse for over 20 years.  He has an associate degree in Emergency Medical Technology, master's degree in nursing, and recently completed his MBA.  His background is emergency and flight medicine, disaster management, trauma, critical care, education, and simulation. In his current role, he coordinates, develops, and uses simulation to create highly immersive multidisciplinary educational programs. Brett is an instructor and course director for many programs including TNCC, ENPC, ATCN, DMEP and PHTLS.  On his off time, he spends weekends enjoying the outdoors in the Eastern Sierras snowboarding, mountain biking, and hiking. Come along as Michael Dexter and Mark Eggers talk with Brett about his career journey – Past, Present, and even what he sees for the future. This episode is called, Simulation in Education Programs Brett Dodd can be reached on LinkedIn

This episode of BCEN and Friends lets you meet our friend Scott DeBoer. Scott DeBoer is a dynamic seminar leader with over 30 years of emergency, critical care, & flight nursing experience. After 25 years of flight nursing at the University of Chicago, Scott is now the primary seminar leader for Pedi-Ed-Trics, a company dedicated to teaching better ways to care for kids.  Scott holds a master's degree in emergency/critical care nursing as well as the CPEN certification and retired CEN, CFRN, and CCRN certifications. He has been published over 150 times in journals around the world and has been the recipient of a number of professional healthcare awards. Scott is also a husband and father and a cancer survivor. And if you happen to travel, you may run into him playing paramedic at a popular Orlando tourist destination! More on that later but first, welcome, Scott DeBoer! Michael Dexter and Mark Eggers talk with Scott about his healthcare career and specifically his focus on pediatrics. Also come along and find out about Scott's new part time job! This episode is called, Better Ways to Care for Kids Scott DeBoer can be reached at PediEd.com And on Facebook - https://www.facebook.com/PediEdTrics

This episode of BCEN and Friends lets you meet our friend Jessica Evins. Jessica Evins is a registered nurse in the Pediatric Emergency Department at New York-Presbyterian Morgan Stanley Children's Hospital—the only Pediatric Level 1 trauma center in New York City. Jessica has worked in the Pediatric Emergency Department for her entire nursing career, beginning in 2014, and became a Certified Pediatric Emergency Nurse in 2016. Jessica is a strong advocate for simulation-based multidisciplinary education and serves on her department's simulation committee and as the co-chair of her hospital's vascular access committee. Jessica authored a pediatric emergency nursing handbook that is in use by her hospital and has presented and been an invited speaker on medical simulation and clinical debriefing at a number of national and international conferences—and has also advised business leaders on teamwork in high pressure settings. Jessica is passionate about expanding the roles of both palliative care and child life in the emergency department setting and also works as a sexual assault forensic examiner. Prior to becoming a nurse, Jessica was an aerospace engineer at the U.S. Navy's Naval Sea Systems Command, where she received the Navy Meritorious Civilian Service Award. Jessica holds a Bachelor of Science in engineering from Washington University in St. Louis and a Bachelor of Science in nursing from New York University. She resides in New York City with her husband, one year old daughter, and dog. Jessica is the recipient of the 2022 BCEN Distinguished CPEN award. Michael Dexter and Mark Eggers talk with Jessica, about being a pediatric nurse and what her role entails. Congratulations to Jessica Evins for being BCEN's 2022 Distinguished CPEN Award Winner This episode is called, Getting to know BCEN's 2022 Distinguished CPEN Award Winner Jessica Evins can be found on LinkedIn by searching for Jessica Evins

This episode of BCEN and Friends lets you meet our friend Shayna Stevens. Shayna has been a nurse for 20 years. She graduated from Stephen F Austin State University and currently attends West Texas A&M University for Gradate school. She is seeking a master's degree in comprehensive nursing. Shayna has worked as a nurse in ICU stepdown, ICU, surgical, dialysis, and most recently emergency room settings. She is currently a trauma clinician at a level II trauma center in Plano, TX. Shayna has a spouse Richard, and they have been together for 11 years. They have an amazing group of friends that we love to visit whenever their busy schedule allows. They have 2 dogs and a cat that keep them laughing. Their favorite thing to do is travel. Their last trip was before the pandemic, and they got to visit Costa Rica and loved it.   If a pandemic has taught Shayna anything, it is the importance of self-care. If you don't care for yourself, how are you expected to care for anyone else? Her hospital has been very supportive of all of everyone taking the time to do just that. Michael Dexter and Mark Eggers talk with Shayna Stevens, about being a trauma nurse and what her role entails. Congratulations to Shayna Stevens for being BCEN's 2022 Distinguished TCRN Award Winner This episode is called, Getting to know BCEN's 2022 Distinguished TCRN Award Winner Shayna can be reached on Facebook, Shayna Stevens and Instagram sstevens143

This episode of BCEN and Friends lets you meet our friend Kay Brown. Kay Brown is a 73 yr. old Grandmother, Mother & wife who is blessed with a caring family. Kay doesn't mind telling her age because she says she worked very hard for all those years, and she doesn't mind claiming all of them. She was a Commercial Property Manager until her heart issues made it impossible & she had to retire in her early 60s. Kay was diagnosed with Cardio Myopathy (congestive heart failure) when she was about 55 yrs. old & told she had about 5 yrs. to live. Thankfully, the drug Coreg was discovered and extended her life for years.  As time passed, the congestive heart failure symptoms increased as it is a progressive disease.  In Sept 2016, she had her 1st heart failure episode and was taken to the hospital by ambulance.  From then on she was having heart failure episodes about every 2 months.   They progressively got worse until the last of June 2017.  While preparing to go home from the hospital, another episode happened with left her on life support & unconscious.  One young doctor gave her husband a death message and said this would be a life ending experience. The regular cardiologist knew that the only hope was a LVAD & she was transferred to Baylor in Dallas.  In a couple of days from arriving, they gave her the LVAD.  That was almost 5 years ago, and she is living a full life and thankful for God and the medical staff who have given her another chance to live. Michael Dexter and Mark Eggers talk with Kay about her life with an LVAD. Listen to Kay as she tells you what an LVAD is and what it does. Kay also shares how important it is to be part of a support group. This episode is called, Battery Operated Grandma Kay can be reached on Facebook, Kay Alexander Brown – personal account Also on FB, LVAD Support Group / of NW Louisiana & NE Texas Kay is the creator and Admin

This episode of BCEN and Friends lets you meet our friend Laura Kemerling. Laura is a registered nurse and works for the Children's Mercy Critical Care Transport team in Kansas City, Missouri. She graduated from Missouri Western State University in 2003 with a Bachelor of Science in Nursing and began her nursing career in the operating room at Children's Mercy Hospital, later transitioning to adult ICU nursing for several years. Laura returned to pediatric care in 2010 to work for the Transport team. Upon completing a Master of Science in Nursing Education from Benedictine University in 2018, she began clinical instructing for BSN students. Her current full-time role focuses on Transport and EMS relations, outreach education, and caring for critically ill neonatal, pediatric, and maternal fetal patients in the out-of-hospital setting. Laura maintains a national certification in neonatal and pediatric transport through the NCC and she is an active member of the Missouri and Kansas Emergency Medical Services for Children (EMSC), as well as the Air and Surface Transport Nurses Association (ASTNA). She is an instructor for the Pediatric Advanced Transport Course and the S.T.A.B.L.E. Program, and has hosted multiple webinars, symposiums, and workshops focused on evidence-based pediatric emergency care in the transport environment. Michael Dexter and Mark Eggers talk with Laura, about her role as the coordinator for Children's Mercy Critical Care Transport program. What an amazing story. Listen as Laura tells us about the app that was developed for pediatric emergency care, how it came to be and what the driving factors were behind it! This episode is called, Pediatric Emergency Care .. There's an App for that? Laura Kemerling can be found on LinkedIn and Facebook Website: https://www.childrensmercy.org/health-care-providers/transport/outreach-and-education/ Social media: LinkedIn:       https://www.linkedin.com/in/laura-kemerling Facebook:      Laura Kemerling

This episode of BCEN and Friends lets you meet our friend Sam Quinones. Sam Quinones is a Los Angeles-based freelance journalist, a reporter for 35 years, and author of four acclaimed books of narrative nonfiction. He is a veteran reporter on immigration, gangs, drug trafficking, and the border. He is formerly a reporter with the L.A. Times, where he worked for 10 years. Before that, he made a living as a freelance writer residing in Mexico for a decade. In 2015, Sam Quinones authored Dreamland: The True Tale of America's Opiate Epidemic (Bloomsbury, 2015), which ignited awareness of the epidemic that has cost the United States hundreds of thousands of lives and become deadliest drug scourge in the nation's history. Dreamland won a National Book Critics Circle award for Best Nonfiction Book of 2015 and has been selected as one of the top books of 2015 by Amazon, Daily Beast, Buzzfeed, Boston Globe, Entertainment Weekly, the Wall Street Journal, and many other organizations. His latest book, released in November 2021, is The Least of Us: True Tales of America and Hope in the Time of Fentanyl and Meth. In The Least of Us, Quinones chronicles the emergence of a drug-trafficking world producing massive supplies of dope cheaper and deadlier than ever, marketing to the population of addicts created by the nation's opioid epidemic, as the backdrop to tales of Americans' quiet attempts to recover community through simple acts of helping the vulnerable. Michael Dexter and Mark Eggers talk with Sam about two of his books, Dreamland: The Tale of America's Opiate Epidemic and The Least of Us: True Tales of America and Hope in the Time of Fentanyl and Meth. Come spend some time with us as we listen to Sam tell about these books and some of the stories within the pages. Sam also shares some of his history of being a writer and his love for crime reporting. This episode is called: Hope: during America's Opiate Epidemic Sam Quinones can be found: Email: samquinones7@yahoo.com Twitter: @samquinones7 Facebook: samquinonesjournalist Instagram: @samquinones_author

Bob Fojut [FOY-et] is the editor of Trauma System News, an online publication dedicated to trauma center leadership and management. In this role, Bob oversees coverage of topics such as trauma center standards compliance, trauma quality and PI, trauma team organization, trauma data management and trauma registry. And, thanks to a new content partnership with BCEN, Trauma System News is now expanding its coverage with a wider variety of topics in trauma clinical nursing. Bob was born and raised in Wisconsin, and he graduated from the University of Dallas in Irving, Texas, where he majored in philosophy. His career has taken him through nearly every role in publishing and communications, from proofreading and production art to writing, editing, and marketing. Bob and his wife have been married for 31 years, and they have six children, ages 30 to 11. In this podcast episode we want to introduce you to our BCEN Friend Bob Fojut (FOY-et). Janie Schumaker and Michael Dexter talk with Bob about Trauma Systems News, how he started it, what type of articles are in it, and how you can subscribe. Get to know Bob as he shares a wealth of information that you will only hear on this BCEN & Friends podcast. As a special bonus, Bob gives the hosts a pop quiz. Let's see if you get the correct answer.  This episode is called, Trauma System News … the inside scoop   Bob Fojut can be found on Facebook, LinkedIn and Twitter along with the Trauma News website. www.trauma-news.com Trauma System News Facebook page: https://www.facebook.com/groups/1742750556005128 “Trauma Leaders” group on LinkedIn: https://www.linkedin.com/groups/8388509/ Trauma System News Twitter profile: @TraumaNews

This episode of BCEN and Friends lets you meet our friend Mallory (Mal) Robalino. Mal is from Long Island, NY and attended Quinnipiac University for nursing. She began as a med/surg nurse in 2016 before switching into the emergency room in 2017, where she has been ever since. She is currently finishing her MBA in healthcare administration from St Joseph's College and recently began an acute care nurse practitioner program at Hofstra University.  She has her CEN and TCRN certifications. She is an AHA BLS, ACLS, and PALS instructor, and a certified sexual assault forensic examiner (NY-SAFE). She loves leveraging technology to promote staff education and feels that information should be easily accessible and straight to the point. Mal was recently published in the Journal of Emergency Nursing for her article, “Intervention Development: Quick Response Code Implementation for Point-of-Care Training Needs in the Emergency Department”- which outlines the use of QR code technology to provide educational insight and skills refreshment for high acuity/low volume therapies within the emergency department. Outside of work she enjoys weightlifting, running, photography, and cuddling with her dog, Tonka. Michael Dexter and Mark Eggers talk with Mal, about her recently published article in the Journal of Emergency Nursing and how the article came to be published. Find out how she has taken QR code to a new level within the emergency department. This episode is called, Educational insight and skills refreshment using a QR code Mallory (Mal) Robalino can be reached via LinkedIn, Mallory Robalino. She also has an Instagram account for her photography page- @MTaylorArt.

This episode of BCEN and Friends lets you meet our friend Susan Brady. Susan MacKenty Brady inspires, educates, and ignites leaders globally on fostering a mindset of inclusion and self-awareness. As an expert in inclusion and the advancement of women leaders, Susan advises executives on how to create gender parity in organizations and motivates women at all levels of organizational leadership to fully realize—and manifest—their leadership potential. Featured on ABC's Good Morning America, Susan is the author of Mastering Your Inner Critic and 7 Other High Hurdles to Advancement: How the Best Women Leaders Practice Self-Awareness to Change What Really Matters (McGraw-Hill, November 2018), and The 30-Second Guide to Coaching Your Inner Critic (Linkage, 2014). A celebrated speaker, Susan has keynoted or consulted at over 500 organizations around the world. Building on the institution's 40-year history impacting over 100,000 professional women at their events and programs, Susan now serves as the Deloitte Ellen Gabriel Chair for Women and Leadership at Simmons University and the first Chief Executive Officer of The Simmons University Institute for Inclusive Leadership. The Institute produces a global set of game-changing professional initiatives for the purpose of intersecting leadership, equity, and inclusion. Prior to joining Simmons, Susan was Executive Vice President at Linkage, Inc. a global leadership development consulting and training firm.  She founded Linkage's Women in Leadership Institute™ and launched Linkage's global practice on Advancing Women Leaders and Inclusive Leadership and led the field research behind the 7 Leadership Hurdles Women Leaders Face in the Workforce™.  Dedicated to inclusively and collaboratively inspiring every girl to realize her full potential, Susan serves on the board of the not-for-profit Strong Women, Strong Girls. Susan resides in the Boston area with her husband, two teenage daughters, and two Portuguese water dogs. Michael Dexter and Mark Eggers talk with Susan Brady, about Inclusive leadership. What is inclusive leadership? Why is it so important in healthcare? Susan will discuss these questions and more in this episode called Better Understanding. Susan can be found on the following social media platform: https://www.inclusiveleadership.com/

This episode of BCEN and Friends lets you meet our friend Loren Sanders. Loren Sanders is a synergist who focuses on building better teams and better outcomes. Her passion is focused on leveraging knowledge and performance and connecting people to create solutions. She is motivational, inspirational, and intuitive. Her approach consists of identifying goals and talents, isolating opportunities for growth, guiding people to realizations, and helping people create action plans for change. Loren has a B.S. in Community Health from University of Illinois and an MBA in Organizational Behavior from Lake Forest Graduate School of Management where she also teaches Talent Management and Organizational Communications. She is a regular speaker for the HR and Training Industries and has also spoken at The Illinois Government Finance Association Conferences and The Midwest Claim Conference. Her day-to-day job is the Sr. Manager of the Evolution and Transformation Team at CVS Health. She and her husband run a consulting business in their spare time that focuses on non-profits and government agencies. Michael Dexter and Mark Eggers talk with Loren Sanders about her approaches to professional development and the value training brings. Loren talks about her passion for empathy and the information she conveys will make you think. Listen and learn from events that greatly impacted Loren in her life and helped shape Loren into who she is today.  This episode is called, Empathy is my Jam Loren can be found on the following social media platform: www.linkedin.com/lorensanders0919

This episode of BCEN and Friends lets you meet our friend Sarah McLelland. Sarah McLelland has been a nurse for 22 years. She started on the trauma/surgery floor at Charity Hospital in New Orleans and then moved to the ED to begin her journey in Emergency Nursing. After 4 years at Charity, she decided to travel, and did so for 4 years at various hospitals throughout the country including Level One Trauma Centers in New York, Los Angeles, Miami, and San Diego to name a few. She returned to New Orleans in 2008 and has served in many leadership roles at her current facility where she is now working as a Clinical Educator for the Emergency Department. Needless to say, she has certainly dealt with her share of unique and interesting patient encounters over the years. She currently serves as Chair of the LENA Education committee, an item writer for the CEN practice exam, and hosts online certification jeopardy games to encourage engagement and certification within her state. Sarah has been recognized as Nurse Educator of the Year by the Louisiana ENA in 2016, Mentor of the Year by her home facility, and a recipient of the Daisy Award. She holds a Masters Degree and two Bachelor Degrees, with one being her BSN, and has achieved certifications for CEN, TCRN, CPEN, and SANE-A. We are going to follow a little different format in this Halloween episode special. Listen as Michael Dexter and Mark Eggers talk with Sarah about Charity Hospital in New Orleans as she shares her own stories and stories of other nurses. Of course, we will still have the rapid-fire questions, but Halloween is the main flavor of this podcast night. Sarah can be found on Facebook and Instagram

This episode of BCEN and Friends lets you meet our friend Casey Green. Casey Green has been a nurse for 6 years. She started in med surg telemetry and then moved to the ED. She also has 6 years as a volunteer firefighter and EMT (working on finishing her paramedic licensure). Casey has 4 associates degrees (Nursing, Spanish, General Studies, and 1 bachelor's degree (nursing) with hopes of CRNA school in the future She wears many hats in the area of nursing jobs (all current): Critical care ground transport, ER, pediatric cardiac ICU (full time job, at Hopkins), nursing clinical instructor at Howard Community College (same place her associates are from, and was awarded as an inspiring adjunct faculty) In August (2021) she launched Critical Care Casey, a platform for critical care education, helping nursing students get through nursing school, mentoring students and nurses, and helping nurses reach their certification goals As Janie Schumaker and Michael Dexter talk with Casey Green, you will learn about her nursing journey including her full-time job at Hopkins, and you won't want to miss her story about the broken shoe that may make your pause the next time you put on your own shoes. Casey can be found on the following social media platform: https://linktr.ee/CriticalCareCasey Instagram: heycaseyg, criticalcarecasey Facebook: my name Linkedin: linkedin.com/in/CriticalCareCasey Hopkins link about Casey Green.             https://www.hopkinsmedicine.org/nursing/news/a-certification-celebration.html

This podcast episode introduces you to our BCEN friend Ronald Bubba Fletcher. Bubba, as his friends call him, is the program director for the Ark-La-Tex chapter of the Think First Foundation. Bubba has been a voice of injury prevention public speaker for 14 years and a peer mentor to those with spinal cord injuries. Although suffering a significant injury of his own, Bubba uses this to inspire and motivate others while remaining active as a youth baseball coach. He is also a big college sports fan. Bubba is married and the father of 3, 1 girl and 2 boys. As you listen to Michael Dexter and Mark Eggers talk with Bubba about Think First, you will be inspired by what Bubba has gone through and how he is using his personal experiences to make a difference in the world. Bubba can be found on the following social media platforms: Website is https://thinkfirstlouisiana.org Facebook @ ThinkFirst Ark-La-Tex Instagram @ ThinkFirst_Ark-La-Tex

012 - Mike runs a software company, volunteers in the community through the school system, works with the rotary club and as a SCORE mentor helping businesses with a variety of needs as well as being an avid gardener, birder, and photographer. Listen in as he describes his experience working on a PPE (Personal Protective Equipment) project during the COVID-19 Pandemic as a purchasing agent for Brevard and Transylvania County!

The first live podcast of Free as in Freedom, hosted at SeaGL 2019 in November 2019. Hear questions from the studio audience and answers from Bradley and Karen. Show Notes: Segment 0 (00:38) Producer Dan speaks on mic to introduce that this is a live show. Segment 1 (01:17) This is a live show from SeaGL 2019, a community-organized FaiP (02:15) Carol Smith from Microsoft asked about being a charity in the USA under recent tax changes regarding tax deduction and, and asked about Conservancy's annual fundraiser which had completed by the time this show was released. (04:53) Deb took a photo during the show (07:30) A questioner asked about the so-called “ethical but-non-FOSS licenses”. Bradley gave an answer that is supplemented well by this blog post (10:15) and Karen mentioned at CopyleftConf 2020 there was a discussion about this. (15:15) The follow up question was also related to these topics (15:44). Eric Hopper asked about how Conservancy decides when a project joins, and what factors Conservancy considers in projects joining (18:14) A written questioner asked how to handle schools requiring proprietary software as part of their coursework. (22:00) Michael Dexter asked about Karen's teaching at Columbia Law School. (27:25) A written questioner asked about copyleft-next's sunset clause. (29:22) Karen mentioned “Copyleft, All wrongs reversed” as it appeared on n June 1976 on Tiny BASIC, which inspired the term copyleft to mean what it does today. (30:45) Karen spoke about the issues of copyright and trademark regarding Disney, that is supplemented by this blog post. (32:52) Carol Smith asked what Karen and Bradley thought were Conservancy's and/or FOSS' biggest achievements in the last decade. (35:20) Karen mentioned Outreachy was a major success. (37:08) A questioner asked about using the CASE Act to help in GPL enforcement. Bradley discussed how it might ultimately introduce problems similar to arbitration clauses. (41:42) Since the podcast was recorded, the CASE Act has also passed the Senate, but does not seem to have been signed by the President. (47:30) Bradley noted that Mako Hill has pointed out that FOSS has not been involved in lobbying enough. (48:10) A questioner in the audience asked about the Mozilla Corporation structure would allow Mozilla to do lobbying for FOSS. (50:57) Karen explained the Mozilla corporate legal structure (51:35). A questioner in the audience asked about Mako Hill's keynote and how individuals can help further the cause of software freedom. (54:53) Michael Dexter asked if software patents are still as much of a threat as they once were. (1:01:30) Carol asked about the supreme court hearing the Oracle v. Google case (1:09:04) Send feedback and comments on the cast to . You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on identi.ca and and Twitter. Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums. The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

The first live podcast of Free as in Freedom, hosted at SeaGL 2019 in November 2019. Hear questions from the studio audience and answers from Bradley and Karen. Show Notes: Segment 0 (00:38) Producer Dan speaks on mic to introduce that this is a live show. Segment 1 (01:17) This is a live show from SeaGL 2019, a community-organized FaiP (02:15) Carol Smith from Microsoft asked about being a charity in the USA under recent tax changes regarding tax deduction and, and asked about Conservancy's annual fundraiser which had completed by the time this show was released. (04:53) Deb took a photo during the show (07:30) A questioner asked about the so-called “ethical but-non-FOSS licenses”. Bradley gave an answer that is supplemented well by this blog post (10:15) and Karen mentioned at CopyleftConf 2020 there was a discussion about this. (15:15) The follow up question was also related to these topics (15:44). Eric Hopper asked about how Conservancy decides when a project joins, and what factors Conservancy considers in projects joining (18:14) A written questioner asked how to handle schools requiring proprietary software as part of their coursework. (22:00) Michael Dexter asked about Karen's teaching at Columbia Law School. (27:25) A written questioner asked about copyleft-next's sunset clause. (29:22) Karen mentioned “Copyleft, All wrongs reversed” as it appeared on n June 1976 on Tiny BASIC, which inspired the term copyleft to mean what it does today. (30:45) Karen spoke about the issues of copyright and trademark regarding Disney, that is supplemented by this blog post. (32:52) Carol Smith asked what Karen and Bradley thought were Conservancy's and/or FOSS' biggest achievements in the last decade. (35:20) Karen mentioned Outreachy was a major success. (37:08) A questioner asked about using the CASE Act to help in GPL enforcement. Bradley discussed how it might ultimately introduce problems similar to arbitration clauses. (41:42) Since the podcast was recorded, the CASE Act has also passed the Senate, but does not seem to have been signed by the President. (47:30) Bradley noted that Mako Hill has pointed out that FOSS has not been involved in lobbying enough. (48:10) A questioner in the audience asked about the Mozilla Corporation structure would allow Mozilla to do lobbying for FOSS. (50:57) Karen explained the Mozilla corporate legal structure (51:35). A questioner in the audience asked about Mako Hill's keynote and how individuals can help further the cause of software freedom. (54:53) Michael Dexter asked if software patents are still as much of a threat as they once were. (1:01:30) Carol asked about the supreme court hearing the Oracle v. Google case (1:09:04) Send feedback and comments on the cast to . You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter. Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums. The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more. Headlines LLDB Threading support now ready for mainline (https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready) Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages. In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report. So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report. Multiple IPSec VPN tunnels with FreeBSD (https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt) The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html) But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below. The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE). Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C). VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C). News Roundup Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance (https://www.phoronix.com/scan.php?page=news_item&px=Netflix-NUMA-FreeBSD-Optimized) Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel. Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made. For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%. unwind(8); "happy eyeballs" (https://marc.info/?l=openbsd-tech&m=157475113130337&w=2) In case you are wondering why happy eyeballs: It's a variation on this: https://en.wikipedia.org/wiki/Happy_Eyeballs unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers. This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E): 17 files changed, 385 insertions(+), 1683 deletions(-) Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals. Amazon now has FreeBSD ARM 12 (https://aws.amazon.com/marketplace/pp/B081NF7BY7) Product Overview FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years. FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems. OpenSSH U2F/FIDO support in base (https://www.undeadly.org/cgi?action=article;sid=20191115064850) I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys. Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step. You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time. So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too. Please test this thoroughly - it's a big change that we want to have stable before the next release. Beastie Bits DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud (http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html) Really fast Markov chains in ~20 lines of sh, grep, cut and awk (https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-~20-lines-of-sh-grep-cut-and-awk/) FreeBSD Journal Sept/Oct 2019 (https://www.freebsdfoundation.org/past-issues/security-3/) Michael Dexter is raising money for Bhyve development (https://twitter.com/michaeldexter/status/1201231729228308480) syscall call-from verification (https://marc.info/?l=openbsd-tech&m=157488907117170) FreeBSD Forums Howto Section (https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/) Feedback/Questions Jeroen - Feedback (http://dpaste.com/0PK1EG2#wrap) Savo - pfsense ports (http://dpaste.com/0PZ03B7#wrap) Tin - I want to learn C (http://dpaste.com/2GVNCYB#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Your browser does not support the HTML5 video tag.

vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more. Headlines vBSDcon Recap Allan and Benedict attended vBSDcon 2019, which ended last week. It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks. The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails. If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” abstract (https://www.vbsdcon.com/schedule/2019-09-06.html#talk:132615) and the recent commit we covered in episode 313. Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs. David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD. Shawn Webb followed with his overview talk about the “State of the Hardened Union”. Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality. Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale. People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts. Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”. Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads. “By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms. Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”. Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”. A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night. We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees! humungus - an hg server (https://humungus.tedunangst.com/r/humungus) Features View changes, files, changesets, etc. Some syntax highlighting. Read only. Serves multiple repositories. Allows cloning via the obvious URL. Supports go get. Serves files for downloads. Online documentation via mandoc. Terminal based admin interface. News Roundup OpenBSD on fan-less Tuxedo InfinityBook 14″ v2. (https://hazardous.org/archive/blog/openbsd/2019/09/02/OpenBSD-on-Infinitybook14) The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.). I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop. The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta. See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader Unix at 50: How the OS that powered smartphones started from failure (https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/) Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey. It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term. Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.” Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for. Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote. Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals. Some of Allan’s favourite excerpts: In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor. And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics. With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget. McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it. It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.” Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document. Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles. In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task. Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics. By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer. It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications. The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy. The rest has quite literally made tech history. See the link for the rest of the article How to configure a network dump in FreeBSD? (https://www.oshogbo.vexillium.org/blog/68/) A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump. So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0. Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client. See the link for the rest of the article Beastie Bits Sudo Mastery 2nd edition is not out (https://mwl.io/archives/4530) Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development (http://users.utu.fi/kakrind/publications/19/vulnfuzz_camera.pdf) soso (https://github.com/ozkl/soso) GregKH - OpenBSD was right (https://youtu.be/gUqcMs0svNU?t=254) Game of Trees (https://gameoftrees.org/faq.html) Feedback/Questions BostJan - Another Question (http://dpaste.com/1ZPCCQY#wrap) Tom - PF (http://dpaste.com/3ZSCB8N#wrap) JohnnyK - Changing VT without keys (http://dpaste.com/3QZQ7Q5#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Your browser does not support the HTML5 video tag.

Allan’s recap of the ZFS User conference, first impressions of OmniOS by a BSD user, Nextcloud 13 setup on FreeBSD, OpenBSD on a fanless desktop computer, an intro to HardenedBSD, and DragonFlyBSD getting some SMP improvements. Headlines ZFS User Conference Recap Attendees met for breakfast on the fourth floor, in a lunchroom type area just outside of the theatre. One entire wall was made of lego base plates, and there were buckets of different coloured lego embedded in the wall. The talks started with Matt Ahrens discussing how the 2nd most requested feature of ZFS, Device Removal, has now landed, then pivoting into the MOST requested feature, RAID-Z expansion, and his work on that so far, which included the first functional prototype, on FreeBSD. Then our friend Calvin Hendryx-Parker presented how he solves all of his backup headaches with ZFS. I provided him some helpful hints to optimize his setup and improve the throughput of his backups Then Steven Umbehocker of OSNEXUS talked about their products, and how they manage large numbers of ZFS nodes After a very nice lunch, Orlando Pichardo of Micron talked about the future of flash, and their new 7.5TB SATA SSDs. Discussion of these devices after the talk may lead to enhancements to ZFS to better support these new larger flash devices that use larger logical sector sizes. Alek Pinchuk of Datto talked about Pool Layout Considerations then Tony Hutter of LLNL talked about the release process for ZFS on Linux Then Tom Caputi of Datto presented: Helping Developers Help You, guidance for users submitting bug reports, with some good and bad examples Then we had a nice cocktail party and dinner, and stayed late into the night talked about ZFS The next day, Jervin Real of Percona, presented: ZFS and MySQL on Linux, the Sweet Spots. Mostly outlining some benchmark they had done, some of the results were curious and some additional digging may turn up enhancements that can be made to ZFS, or just better tuning advice for high traffic MySQL servers. Then I presented my ZSTD compression work, which had been referenced in 2 of the previous talks, as people are anxious to get their hands on this code. Lastly, Eric Sproul of Circonus, gave his talk: Thank You, ZFS. It thanked ZFS and its Community for making their companies product possible, and then provided an update to his presentation from last year, where they were having problems with extremely high levels of ZFS fragmentation. This also sparked a longer conversation after the talk was over. Then we had a BBQ lunch, and after some more talking, the conference broke up. Initial OmniOS impressions by a BSD user I had been using FreeBSD as my main web server OS since 2012 and I liked it so much that I even contributed money and code to it. However, since the FreeBSD guys (and gals) decided to install anti-tech feminism, I have been considering to move away from it for quite some time now. As my growing needs require stronger hardware, it was finally time to rent a new server. I do not intend to run FreeBSD on it. Although the most obvious choice would be OpenBSD (I run it on another server and it works just fine), I plan to have a couple of databases running on the new machine, and database throughput has never been one of OpenBSD's strong points. This is my chance to give illumos another try. As neither WiFi nor desktop environments are relevant on a no-X11 server, the server-focused OmniOS seemed to fit my needs. My current (to be phased out) setup on FreeBSD is: apache24 with SSL support, running five websites on six domains (both HTTP and HTTPS) a (somewhat large) Tiny Tiny RSS installation from git, updated via cronjob sbcl running a daily cronjob of my Web-to-RSS parser an FTP server where I share stuff with friends an IRC bouncer MariaDB and PostgreSQL for some of the hosted services I would not consider anything of that too esoteric for a modern operating system. Since I was not really using anything mod_rewrite-related, I was perfectly ready to replace apache24 by nginx, remembering that the prepackaged apache24 on FreeBSD did not support HTTPS out of the box and I had ended up installing it from the ports. That is the only change in my setup which I am actively planning. So here's what I noticed. First impressions: Hooray, a BSD boot loader! Finally an operating system without grub - I made my experiences with that and I don't want to repeat them too often. It is weird that the installer won't accept "mydomain.org" as a hostname but sendmail complains that "mydomain" is not a valid hostname right from the start, OmniOS sent me into Maintenance Mode to fix that. A good start, right? So the first completely new thing I had to find out on my new shiny toy was how to change the hostname. There is no /etc/rc.conf in it and hostname mydomain.org was only valid for one login session. I found out that the hostname has to be changed in three different files under /etc on Solaris - the third one did not even exist for me. Changing the other two files seems to have solved this problem for me. Random findings: ~ I was wondering how many resources my (mostly idle) new web server was using - I always thought Solaris was rather fat, but it still felt fast to me. Ah, right - we're in Unixland and we need to think outside of the box. This table was really helpful: although a number of things are different between OmniOS and SmartOS, I found out that the *stat tools do what top does. I could probably just install top from one of the package managers, but I failed to find a reason to do so. I had 99% idle CPU and RAM - that's all I wanted to know. ~ Trying to set up twtxt informed me that Python 3.6 (from pkgin) expects LANG and LC_ALL to be set. Weird - did FreeBSD do that for me? It's been a while ... at least that was easy to fix. ~ SMF - Solaris's version of init - confuses me. It has "levels" similar to Gentoo's OpenRC, but it mostly shuts up during the boot process. Stuff from pkgsrc, e.g. nginx, comes with a description how to set up the particular service, but I should probably read more about it. What if, one day, I install a package which is not made ready for OmniOS? I'll have to find out how to write SMF scripts. But that should not be my highest priority. ~ The OmniOS documentation talks a lot about "zones" which, if I understand that correctly, mostly equal FreeBSD's "jails". This could be my chance to try to respect a better separation between my various services - if my lazyness won't take over again. (It probably will.) ~ OmniOS's default shell - rather un-unixy - seems to be the bash. Update: I was informed about a mistake here: the default shell is ksh93, there are bogus .bashrc files lying around though. ~ Somewhere in between, my sshd had a hiccup or, at least, logging into it took longer than usual. If that happens again, I should investigate. Conclusion: By the time of me writing this, I have a basic web server with an awesome performance and a lot of applications ready to be configured only one click away. The more I play with it, the more I have the feeling that I have missed a lot while wasting my time with FreeBSD. For a system that is said to be "dying", OmniOS feels well-thought and, when equipped with a reasonable package management, comes with everything I need to reproduce my FreeBSD setup without losing functionality. I'm looking forward to what will happen with it. DigitalOcean http://do.co/bsdnow [Open Source Hardware Camp 2018 — Sat 30/06 & Sun 01/07, Lincoln, UK (includes 'Open-source RISC-V core quickstart' and 'An introductory workshop to NetBSD on embedded platforms')](http://oshug.org/pipermail/oshug/2018-April/000635.html) ``` Hi All, I'm pleased to announce that we have 10 talks and 7 workshops confirmed for Open Source Hardware Camp 2018, with the possibility of one or two more. Registration is now open! For the first time ever we will be hosting OSHCamp in Lincoln and a huge thanks to Sarah Markall for helping to make this happen. As in previous years, there will be a social event on the Saturday evening and we have a room booked at the Wig and Mitre. Food will be available. There will likely be a few of us meeting up for pre-conference drinks on the Friday evening also. Details of the programme can be found below and, as ever, we have an excellent mix of topics being covered. Cheers, Andrew ``` Open Source Hardware Camp 2018 On the 30th June 2018, 09:00 Saturday morning - 16:00 on the Sunday afternoon at The Blue Room, The Lawn, Union Rd, Lincoln, LN1 3BU. Registration: http://oshug.org/event/oshcamp2018 Open Source Hardware Camp 2018 will be hosted in the historic county town of Lincoln — home to, amongst others, noted engine builders Ruston & Hornsby (now Siemens, via GEC and English Electric). Lincoln is well served by rail, reachable from Leeds and London within 2-2.5 hours, and 4-5 hours from Edinburgh and Southampton. There will be a social at the Wig and Mitre on the Saturday evening. For travel and accommodation information information please see the event page on oshug.org. News Roundup Nextcloud 13 on FreeBSD Today I would like to share a setup of Nextcloud 13 running on a FreeBSD system. To make things more interesting it would be running inside a FreeBSD Jail. I will not describe the Nextcloud setup itself here as its large enough for several blog posts. Official Nextcloud 13 documentation recommends following setup: MySQL/MariaDB PHP 7.0 (or newer) Apache 2.4 (with mod_php) I prefer PostgreSQL database to MySQL/MariaDB and I prefer fast and lean Nginx web server to Apache, so my setup is based on these components: PostgreSQL 10.3 PHP 7.2.4 Nginx 1.12.2 (with php-fpm) Memcached 1.5.7 The Memcached subsystem is least important, it can be easily changed into something more modern like Redis for example. I prefer not to use any third party tools for FreeBSD Jails management. Not because they are bad or something like that. There are just many choices for good FreeBSD Jails management and I want to provide a GENERIC example for Nextcloud 13 in a Jail, not for a specific management tool. Host Lets start with preparing the FreeBSD Host with needed settings. We need to allow using raw sockets in Jails. For the future optional upgrades of the Jail we will also allow using chflags(1) in Jails. OpenBSD on my fanless desktop computer You asked me about my setup. Here you go. I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop. Bear in mind, this is a relatively cheap ergonomic setup, because all I need is xterm(1) with Vim and Firefox, I don’t care about CPU/GPU performance or mobility too much, but I want a large screen and a good keyboard. Item Price, USD Zotac CI527 NANO-BE $371 16GB RAM Crucial DDR4-2133 $127 250GB SSD Samsung 850 EVO $104 Asus VZ249HE 23.8" IPS Full HD $129 ErgoDox EZ V3, Cherry MX Brown, blank DCS $325 Kensington Orbit Trackball $33 Total $1,107 OpenBSD I tried few times to install OpenBSD on my MacBooks—I heard some models are compatible with it,—but in my case it was a bit of a fiasco (thanks to Nvidia and Broadcom). That’s why I bought a new computer, just to be able to run this wonderful operating system. Now I run -stable on my desktop and servers. Servers are supposed to be reliable, that’s obvious, why not run -current on a desktop? Because -stable is shipped every six months and I that’s is often enough for me. I prefer slow fashion. iXsystems iX Ad Spot NAB 2018 – Michael Dexter’s Recap Introduction to HardenedBSD World HardenedBSD is a security enhanced fork of FreeBSD which happened in 2014. HardenedBSD is implementing many exploit mitigation and security technologies on top of FreeBSD which all started with implementation of Address Space Layout Randomization (ASLR). The fork has been created for ease of development. To cite the https://hardenedbsd.org/content/about page – “HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. (…) HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies.” Most FreeBSD enthusiasts know mfsBSD project by Martin Matuska – http://mfsbsd.vx.sk/ – FreeBSD system loaded completely into memory. The mfsBSD synonym for the HardenedBSD world is SoloBSD – http://www.solobsd.org/ – which is based on HardenedBSD sources. One may ask how HardenedBSD project compared to more well know for its security OpenBSD system and it is very important question. The OpenBSD developers try to write ‘good’ code without dirty hacks for performance or other reasons. Clean and secure code is most important in OpenBSD world. The OpenBSD project even made security audit of all OpenBSD code available, line by line. This was easier to achieve in FreeBSD or HardenedBSD because OpenBSD code base its about ten times smaller. This has also other implications, possibilities. While FreeBSD (and HardenedBSD) offer many new features like mature SMP subsystem even with some NUMA support, ZFS filesystem, GEOM storage framework, Bhyve virtualization, Virtualbox option and many other new modern features the OpenBSD remains classic UNIX system with UFS filesystem and with very ‘theoretical’ SMP support. The vmm project tried to implement new hypervisor in OpenBSD world, but because of lack of support for graphics its for OpenBSD, Illumos and Linux currently, You will not virtualize Windows or Mac OS X there. This is also only virtualization option for OpenBSD as there are no Jails on OpenBSD. Current Bhyve implementation allows one even to boot latest Windows 2019 Technology Preview. A HardenedBSD project is FreeBSD system code base with LOTS of security mechanisms and mitigations that are not available on FreeBSD system. For example entire lib32 tree has been disabled by default on HardenedBSD to make it more secure. Also LibreSSL is the default SSL library on HardenedBSD, same as OpenBSD while FreeBSD uses OpenSSL for compatibility reasons. Comparison between LibreSSL and OpenSSL vulnerabilities. https://en.wikipedia.org/wiki/LibreSSL#Security https://wiki.freebsd.org/LibreSSL#LibreSSL.28andOpenSSL.29SecurityVulnerabilities One may see HardenedBSD as FreeBSD being successfully pulled up to the OpenBSD level (at least that is the goal), but as FreeBSD has tons more code and features it will be harder and longer process to achieve the goal. As I do not have that much competence on the security field I will just repost the comparison from the HardenedBSD project versus other BSD systems. The comparison is also available here – https://hardenedbsd.org/content/easy-feature-comparison – on the HardenedBSD website. Running my own git server Note: This article is predominantly based on work by Hiltjo Posthuma who you should read because I would have spent far too much time failing to set things up if it wasn’t for their post. Not only have they written lots of very interesting posts, they write some really brilliant programs Since I started university 3 years ago, I started using lots of services from lots of different companies. The “cloud” trend led me to believe that I wanted other people to look after my data for me. I was wrong. Since finding myself loving the ethos of OpenBSD, I found myself wanting to apply this ethos to the services I use as well. Not only is it important to me because of the security benefits, but also because I like the minimalist style OpenBSD portrays. This is the first in a mini-series documenting my move from bloated, hosted, sometimes proprietary services to minimal, well-written, free, self-hosted services. Tools & applications These are the programs I am going to be using to get my git server up and running: httpd(8) acme-client(1) git(1) cgit(1) slowcgi(8) Setting up httpd Ensure you have the necessary flags enabled in your /etc/rc.conf.local: Configuring cgit When using the OpenBSD httpd(8), it will serve it’s content in a chrooted environment,which defaults to the home directory of the user it runs as, which is www in this case. This means that the chroot is limited to the directory /var/www and it’s contents. In order to configure cgit, there must be a cgitrc file available to cgit. This is found at the location stored in $CGIT_CONFIG, which defaults to /conf/cgitrc. Because of the chroot, this file is actually stored at /var/www/conf/cgitrc. Beastie Bits My Penguicon 2018 Schedule sigaction: see who killed you (and more) Takeshi steps down from NetBSD core team after 13 years DragonFlyBSD Kernel Gets Some SMP Improvements – Phoronix Writing FreeBSD Malware Tarsnap ad Feedback/Questions Troels - Question regarding ZFS xattr Mike - Sharing your screen Wilyarti - Adlocking on FreeBSD Brad - Recommendations for snapshot strategy Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

New ZFS features landing in FreeBSD, MAP_STACK for OpenBSD, how to write safer C code with Clang’s address sanitizer, Michael W. Lucas on sponsor gifts, TCP blackbox recorder, and Dell disk system hacking. Headlines [A number of Upstream ZFS features landed in FreeBSD this week] 9188 increase size of dbuf cache to reduce indirect block decompression With compressed ARC (6950) we use up to 25% of our CPU to decompress indirect blocks, under a workload of random cached reads. To reduce this decompression cost, we would like to increase the size of the dbuf cache so that more indirect blocks can be stored uncompressed. If we are caching entire large files of recordsize=8K, the indirect blocks use 1/64th as much memory as the data blocks (assuming they have the same compression ratio). We suggest making the dbuf cache be 1/32nd of all memory, so that in this scenario we should be able to keep all the indirect blocks decompressed in the dbuf cache. (We want it to be more than the 1/64th that the indirect blocks would use because we need to cache other stuff in the dbuf cache as well.) In real world workloads, this won't help as dramatically as the example above, but we think it's still worth it because the risk of decreasing performance is low. The potential negative performance impact is that we will be slightly reducing the size of the ARC (by ~3%). 9166 zfs storage pool checkpoint The idea of Storage Pool Checkpoint (aka zpool checkpoint) deals with exactly that. It can be thought of as a “pool-wide snapshot” (or a variation of extreme rewind that doesn’t corrupt your data). It remembers the entire state of the pool at the point that it was taken and the user can revert back to it later or discard it. Its generic use case is an administrator that is about to perform a set of destructive actions to ZFS as part of a critical procedure. She takes a checkpoint of the pool before performing the actions, then rewinds back to it if one of them fails or puts the pool into an unexpected state. Otherwise, she discards it. With the assumption that no one else is making modifications to ZFS, she basically wraps all these actions into a “high-level transaction”. More information 8484 Implement aggregate sum and use for arc counters In pursuit of improving performance on multi-core systems, we should implements fanned out counters and use them to improve the performance of some of the arc statistics. These stats are updated extremely frequently, and can consume a significant amount of CPU time. And a small bug fix authored by me: 9321 arcloancompressedbuf() can increment arcloanedbytes by the wrong value arcloancompressedbuf() increments arcloanedbytes by psize unconditionally In the case of zfscompressedarcenabled=0, when the buf is returned via arcreturnbuf(), if ARCBUFCOMPRESSED(buf) is false, then arcloanedbytes is decremented by lsize, not psize. Switch to using arcbufsize(buf), instead of psize, which will return psize or lsize, depending on the result of ARCBUF_COMPRESSED(buf). MAP_STACK for OpenBSD Almost 2 decades ago we started work on W^X. The concept was simple. Pages that are writable, should not be executable. We applied this concept object by object, trying to seperate objects with different qualities to different pages. The first one we handled was the signal trampoline at the top of the stack. We just kept making changes in the same vein. Eventually W^X came to some of our kernel address spaces also. The fundamental concept is that an object should only have the permissions necessary, and any other operation should fault. The only permission separations we have are kernel vs userland, and then read, write, and execute. How about we add another new permission! This is not a hardware permission, but a software permission. It is opportunistically enforced by the kernel. the permission is MAPSTACK. If you want to use memory as a stack, you must mmap it with that flag bit. The kernel does so automatically for the stack region of a process's stack. Two other types of stack occur: thread stacks, and alternate signal stacks. Those are handled in clever ways. When a system call happens, we check if the stack-pointer register points to such a page. If it doesn't, the program is killed. We have tightened the ABI. You may no longer point your stack register at non-stack memory. You'll be killed. This checking code is MI, so it works for all platforms. Since page-permissions are generally done on page boundaries, there is caveat that thread and altstacks must now be page-sized and page-aligned, so that we can enforce the MAPSTACK attribute correctly. It is possible that a few ports need some massaging to satisfy this condition, but we haven't found any which break yet. A syslog_r has been added so that we can identify these failure cases. Also, the faulting cases are quite verbose for now, to help identify the programs we need to repair. **iXsystems** Writing Safer C with the Clang Address Sanitizer We wanted to improve our password strength algorithm, and decided to go for the industry-standard zxcvbn, from the people at Dropbox. Our web front-end would use the default Javascript library, and for mobile and desktop, we chose to use the C implementation as it was the lowest common denominator for all platforms. Bootstrapping all of this together was done pretty fast. I had toyed around with a few sample passwords so I decided to run it through the test suite we had for the previous password strength evaluator. The test generates a large number of random passwords according to different rules and expects the strength to be in a given range. But the test runner kept crashing with segmentation faults. It turns out the library has a lot of buffer overflow cases that are usually "harmless", but eventually crash your program when you run the evaluator function too much. I started fixing the cases I could see, but reading someone else's algorithms to track down tiny memory errors got old pretty fast. I needed a tool to help me. That's when I thought of Clang's Address Sanitizer. AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library Let's try the sanitizer on a simple program. We'll allocate a buffer on the heap, copy each character of a string into it, and print it to standard output. + The site walks through a simple example which contains an error, it writes past the end of a buffer + The code works as expected, and nothing bad happens. It must be fine… + Then they compile it again with the address sanitizer actived So what can we gather from that pile of hex? Let's go through it line by line. AddressSanitizer found a heap buffer overflow at 0x60200000ef3d, a seemingly valid address (not NULL or any other clearly faulty value). + ASAN points directly to the line of code that is causing the problem We're writing outside of the heap in this instruction. And AddressSanitizer isn't having it. This is definitely one of my favorite indications. In addition to telling which line in the code failed and where in the memory the failure happened, you get a complete description of the closest allocated region in memory (which is probably the region you were trying to access). + They then walk through combining this with lldb, the Clang debugger, to actually interactively inspect the state of the problem when an invalid memory access happens Back to my practical case, how did I put the address sanitizer to good use? I simply ran the test suite, compiled with the sanitizer, with lldb. Sure enough, it stopped on every line that could cause a crash. It turns out there were many cases where zxcvbn-c wrote past the end of allocated buffers, on the heap and on the stack. I fixed those cases in the C library and ran the tests again. Not a segfault in sight! I've used memory tools in the past, but they were usually unwieldy, or put such a toll on performance that they were useless in any real-life case. Clang's address sanitizer turned out to be detailed, reliable, and surprisingly easy to use. I've heard of the miracles of Valgrind but macOS hardly supports it, making it a pain to use on my MacBook Pro. Coupled with Clang's static analyzer, AddressSanitizer is going to become a mandatory stop for evaluating code quality. It's also going to be the first tool I grab when facing confusing memory issues. There are many more case where I could use early failure and memory history to debug my code. For example, if a program crashes when accessing member of a deallocated object, we could easily trace the event that caused the deallocation, saving hours of adding and reading logs to retrace just what happened. News Roundup On sponsor gifts Note the little stack of customs forms off to the side. It’s like I’ve learned a lesson from standing at the post office counter filling out those stupid forms. Sponsors should get their books soon. This seems like an apropos moment to talk about what I do for print sponsors. I say I send them “a gift,” but what does that really mean? The obvious thing to ship them is a copy of the book I’ve written. Flat-out selling print books online has tax implications, though. Sponsors might have guessed that they’d get a copy of the book. But I shipped them the hardcover, which isn’t my usual practice. That’s because I send sponsors a gift. As it’s a gift, I get to choose what I send. I want to send them something nice, to encourage them to sponsor another book. It makes no sense for me to send a sponsor a Singing Wedgie-O-Gram. (Well, maybe a couple sponsors. You know who you are.) The poor bastards who bought into my scam–er, sponsored my untitled book–have no idea what’s coming. As of right now, their sensible guesses are woefully incomplete. Future books? They might get a copy of the book. They might get book plus something. They might just get the something. Folks who sponsor the jails book might get a cake with a file in it. Who knows? It’s a gift. It’s my job to make that gift worthwhile. And to amuse myself. Because otherwise, what’s the point? TCP Blackbox Recorder ``` Add the "TCP Blackbox Recorder" which we discussed at the developer summits at BSDCan and BSDCam in 2017. The TCP Blackbox Recorder allows you to capture events on a TCP connection in a ring buffer. It stores metadata with the event. It optionally stores the TCP header associated with an event (if the event is associated with a packet) and also optionally stores information on the sockets. It supports setting a log ID on a TCP connection and using this to correlate multiple connections that share a common log ID. You can log connections in different modes. If you are doing a coordinated test with a particular connection, you may tell the system to put it in mode 4 (continuous dump). Or, if you just want to monitor for errors, you can put it in mode 1 (ring buffer) and dump all the ring buffers associated with the connection ID when we receive an error signal for that connection ID. You can set a default mode that will be applied to a particular ratio of incoming connections. You can also manually set a mode using a socket option. This commit includes only basic probes. rrs@ has added quite an abundance of probes in his TCP development work. He plans to commit those soon. There are user-space programs which we plan to commit as ports. These read the data from the log device and output pcapng files, and then let you analyze the data (and metadata) in the pcapng files. Reviewed by: gnn (previous version) Obtained from: Netflix, Inc. Relnotes: yes Differential Revision: https://reviews.freebsd.org/D11085 ``` **Digital Ocean** Outta the way, KDE4 KDE4 has been rudely moved aside on FreeBSD. It still installs (use x11/kde4) and should update without a problem, but this is another step towards adding modern KDE (Plasma 5 and Applications) to the official FreeBSD Ports tree. This has taken a long time mostly for administrative reasons, getting all the bits lined up so that people sticking with KDE4 (which, right now, would be everyone using KDE from official ports and packages on FreeBSD) don’t end up with a broken desktop. We don’t want that. But now that everything Qt4 and kdelibs4-based has been moved aside by suffixing it with -kde4, we have the unsuffixed names free to indicate the latest-and-greatest from upstream. KDE4 users will see a lot of packages moving around and being renamed, but no functional changes. Curiously, the KDE4 desktop depends on Qt5 and KDE Frameworks 5 — and it has for quite some time already, because the Oxygen icons are shared with KDE Frameworks, but primarily because FileLight was updated to the modern KDE Applications version some time ago (the KDE4 version had some serious bugs, although I can not remember what they were). Now that the names are cleaned up, we could consider giving KDE4 users the buggy version back. From here on, we’ve got the following things lined up: Qt 5.10 is being worked on, except for WebEngine (it would slow down an update way too much), because Plasma is going to want Qt 5.10 soon. CMake 3.11 is in the -rc stage, so that is being lined up. The kde5-import branch in KDE-FreeBSD’s copy of the FreeBSD ports tree (e.g. Area51) is being prepped and polished for a few big SVN commits that will add all the new bits. So we’ve been saying Real Soon Now ™ for years, but things are Realer Sooner Nower ™ now. Dell FS12-NV7 and other 2U server (e.g. C6100) disk system hacking A while back I reviewed the Dell FS12-NV7 – a 2U rack server being sold cheap by all and sundry. It’s a powerful box, even by modern standards, but one of its big drawbacks is the disk system it comes with. But it needn’t be. There are two viable solutions, depending on what you want to do. You can make use of the SAS backplane, using SAS and/or SATA drives, or you can go for fewer SATA drives and free up one or more PCIe slots as Plan B. You probably have an FS12 because it looks good for building a drive array (or even FreeNAS) so I’ll deal with Plan A first. Like most Dell servers, this comes with a Dell PERC RAID SAS controller – a PERC6/i to be precise. This ‘I’ means it has internal connectors; the /E is the same but its sockets are external. The PERC connects to a twelve-slot backplane forming a drive array at the front of the box. More on the backplane later; it’s the PERCs you need to worry about. The PERC6 is actually an LSI Megaraid 1078 card, which is just the thing you need if you’re running an operating system like Windows that doesn’t support a volume manager, striping and other grown-up stuff. Or if your OS does have these features, but you just don’t trust it. If you are running such an OS you may as well stick to the PERC6, and good luck to you. If you’re using BSD (including FreeNAS), Solaris or a Linux distribution that handles disk arrays, read on. The PERC6 is a solution to a problem you probably don’t have, but in all other respects its a turkey. You really want a straightforward HBA (Host Bus Adapter) that allows your clever operating system to talk directly with the drives. Any SAS card based on the 1078 (such as the PERC6) is likely to have problems with drives larger than 2Tb. I’m not completely sure why, but I suspect it only applies to SATA. Unfortunately I don’t have any very large SAS drives to test this theory. A 2Tb limit isn’t really such a problem when you’re talking about a high performance array, as lots of small drives are a better option anyway. But it does matter if you’re building a very large datastore and don’t mind slower access and very significant resilvering times when you replace a drive. And for large datastores, very large SATA drives save you a whole lot of cash. The best capacity/cost ratio is for 5Gb SATA drives Some Dell PERCs can be re-flashed with LSI firmware and used as a normal HBA. Unfortunately the PERC6 isn’t one of them. I believe the PERC6/R can be, but those I’ve seen in a FS12 are just a bit too old. So the first thing you’ll need to do is dump them in the recycling or try and sell them on eBay. There are actually two PERC6 cards in most machine, and they each support eight SAS channels through two SFF-8484 connectors on each card. Given there are twelve drives slots, one of the PERCs is only half used. Sometimes they have a cable going off to a battery located near the fans. This is used in a desperate attempt to keep the data in the card’s cache safe in order to avoid write holes corrupting NTFS during a power failure, although the data on the on-drive caches won’t be so lucky. If you’re using a file system like that, make sure you have a UPS for the whole lot. But we’re going to put the PERCs out of our misery and replace them with some nice new LSI HBAs that will do our operating system’s bidding and let it talk to the drives as it knows best. But which to pick? First we need to know what we’re connecting. Moving to the front of the case there are twelve metal drive slots with a backplane behind. Dell makes machines with either backplanes or expanders. A backplane has a 1:1 SAS channel to drive connection; an expander takes one SAS channel and multiplexes it to (usually) four drives. You could always swap the blackplane with an expander, but I like the 1:1 nature of a backplane. It’s faster, especially if you’re configured as an array. And besides, we don’t want to spend more money than we need to, otherwise we wouldn’t be hot-rodding a cheap 2U server in the first place – expanders are expensive. Bizarrely, HBAs are cheap in comparison. So we need twelve channels of SAS that will connect to the sockets on the backplane. The HBA you will probably want to go with is an LSI, as these have great OS support. Other cards are available, but check that the drivers are also available. The obvious choice for SAS aficionados is the LSI 9211-8i, which has eight internal channels. This is based on an LSI 2000 series chip, the 2008, which is the de-facto standard. There’s also four-channel -4i version, so you could get your twelve channels using one of each – but the price difference is small these days, so you might as well go for two -8i cards. If you want cheaper there are 1068-based equivalent cards, and these work just fine at about half the price. They probably won’t work with larger disks, only operate at 3Gb and the original SAS standard. However, the 2000 series is only about £25 extra and gives you more options for the future. A good investment. Conversely, the latest 3000 series cards can do some extra stuff (particularly to do with active cables) but I can’t see any great advantage in paying megabucks for one unless you’re going really high-end – in which case the NV12 isn’t the box for you anyway. And you’d need some very fast drives and a faster backplane to see any speed advantage. And probably a new motherboard…. Whether the 6Gb SAS2 of the 9211-8i is any use on the backplane, which was designed for 3Gb, I don’t know. If it matters that much to you you probably need to spend a lot more money. A drive array with a direct 3Gb to each drive is going to shift fast enough for most purposes. Once you have removed the PERCs and plugged in your modern-ish 9211 HBAs, your next problem is going to be the cable. Both the PERCs and the backplane have SFF-8484 multi-lane connectors, which you might not recognise. SAS is a point-to-point system, the same as SATA, and a multi-lane cable is simply four single cables in a bundle with one plug. (Newer versions of SAS have more). SFF-8484 multi-lane connectors are somewhat rare, (but unfortunately this doesn’t make them valuable if you were hoping to flog them on eBay). The world switched quickly to the SFF-8087 for multi-lane SAS. The signals are electrically the same, but the connector is not. Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post So there are two snags with this backplane. Firstly it’s designed to work with PERC controllers; secondly it has the old SFF-8484 connectors on the back, and any SAS cables you find are likely to have SFF-8087. First things first – there is actually a jumper on the backplane to tell it whether it’s talking to a PERC or a standard LSI HBA. All you need to do is find it and change it. Fortunately there are very few jumpers to choose from (i.e. two), and you know the link is already in the wrong place. So try them one at a time until it works. The one you want may be labelled J15, but I wouldn’t like to say this was the same on every variant. Second problem: the cable. You can get cables with an SFF-8087 on one end and an SFF-8484 on the other. These should work. But they’re usually rather expensive. If you want to make your own, it’s a PITA but at least you have the connectors already (assuming you didn’t bin the ones on the PERC cables). I don’t know what committee designed SAS cable connectors, but ease of construction wasn’t foremost in their collective minds. You’re basically soldering twisted pair to a tiny PCB. This is mechanically rubbish, of course, as the slightest force on the cable will lift the track. Therefore its usual to cover the whole joint in solidified gunk (technical term) to protect it. Rewiring SAS connectors is definitely not easy. I’ve tried various ways of soldering to them, none of which were satisfactory or rewarding. One method is to clip the all bare wires you wish to solder using something like a bulldog clip so they’re at lined up horizontally and then press then adjust the clamp so they’re gently pressed to the tracks on the board, making final adjustments with a strong magnifying glass and a fine tweezers. You can then either solder them with a fine temperature-controlled iron, or have pre-coated the pads with solder paste and flash across it with an SMD rework station. I’d love to know how they’re actually manufactured – using a precision jig I assume. The “easy” way is to avoid soldering the connectors at all; simply cut existing cables in half and join one to the other. I’ve used prototyping matrix board for this. Strip and twist the conductors, push them through a hole and solder. This keeps things compact but manageable. We’re dealing with twisted pair here, so maintain the twists as close as possible to the board – it actually works quite well. However, I’ve now found a reasonably-priced source of the appropriate cable so I don’t do this any more. Contact me if you need some in the UK. So all that remains is to plug your HBAs to the backplane, shove in some drives and you’re away. If you’re at this stage, it “just works”. The access lights for all the drives do their thing as they should. The only mystery is how you can get the ident LED to come on; this may be controlled by the PERC when it detects a failure using the so-called sideband channel, or it may be operated by the electronics on the backplane. It’s workings are, I’m afraid, something of a mystery still – it’s got too much electronics on board to be a completely passive backplane. Plan B: SATA If you plan to use only SATA drives, especially if you don’t intend using more than six, it makes little sense to bother with SAS at all. The Gigabyte motherboard comes with half a dozen perfectly good 3Gb SATA channels, and if you need more you can always put another controller in a PCIe slot, or even USB. The advantages are lower cost and you get to free up two PCIe slots for more interesting things. The down-side is that you can’t use the SAS backplane, but you can still use the mounting bays. Removing the backplane looks tricky, but it really isn’t when you look a bit closer. Take out the fans first (held in place by rubber blocks), undo a couple of screws and it just lifts and slides out. You can then slot and lock in the drives and connect the SATA connectors directly to the back of the drives. You could even slide them out again without opening the case, as long as the cable was long enough and you manually detached the cable it when it was withdrawn. And let’s face it – drives are likely to last for years so even with half a dozen it’s not that great a hardship to open the case occasionally. Next comes power. The PSU has a special connector for the backplane and two standard SATA power plugs. You could split these three ways using an adapter, but if you have a lot of drives you might want to re-wire the cables going to the backplane plug. It can definitely power twelve drives. And that’s almost all there is to it. Unfortunately the main fans are connected to the backplane, which you’ve just removed. You can power them from an adapter on the drive power cables, but there are unused fan connectors on the motherboard. I’m doing a bit more research on cooling options, but this approach has promising possibilities for noise reduction. Beastie Bits Adriaan de Groot’s post FOSDEM blog post My First FreeNAS smart(8) Call for Testing by Michael Dexter BSDCan 2018 Travel Grant Application Now Open BSD Developer Kristaps Dzonsons interviews Linus Torvalds, about diving Twitter vote - The secret to a faster FreeBSD default build world... tmate - Instant terminal sharing Tarsnap Feedback/Questions Vikash - Getting a port added Chris Wells - Quarterly Ports Branch FreeBSD-CI configs on Github Jenkins on the FreeBSD Wiki Gordon - Centralised storage suggestions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

We talk about our recent trip to FOSDEM, we discuss the pros and cons of permissive licensing, cover the installation of OpenBSD on a dedibox with full-disk encryption, the new Lumina guide repository, and we explain ZFS vs. OpenZFS. This episode was brought to you by Headlines [FOSDEM Trip report] Your BSDNow hosts were both at FOSDEM in Brussels, Belgium over the weekend. On the friday before FOSDEM, we held a FreeBSD devsummit (3rd consecutive year), sponsored by the FreeBSD Foundation and organized by Benedict (with the help from Kristof Provost, who did it in previous years but could not make it this year). We had 21 people attend, a good mixture of FreeBSD committers (mostly ports) and guests. After introductions, we collected topics and discussed various topics, including a new plan for a future FreeBSD release roadmap (more frequent releases, so that features from HEAD can be tried out earlier in RELEASES). The devsummit concluded with a nice dinner in a nearby restaurant. On Saturday, first day of FOSDEM, we set up the FreeBSD Foundation table with flyers, stickers, FreeBSD Journal print editions, and a small RPI 3 demo system that Deb Goodkin brought. Our table was located next to the Illumos table like last year. This allowed us to continue the good relationship that we have with the Illumos people and Allan helped a little bit getting bhyve to run on Illumos with UEFI. Meanwhile, our table was visited by a lot of people who would ask questions about FreeBSD, take info material, or talk about their use cases. We were busy refilling the table throughout the day and luckily, we had many helpers at the table. Some items we had ran out in the early afternoon, an indicator of how popular they were. Saturday also featured a BSD devroom (https://twitter.com/fosdembsd), organized by Rodrigo Osorio. You can find the list of talks and the recordings on the BSD Devroom schedule (https://fosdem.org/2018/schedule/track/bsd/). The room was very crowded and popular. Deb Goodkin gave the opening talk with an overview of what the Foundation is doing to change the world. Other speakers from various BSD projects presented their talks after that with a range of topics. Among them, Allan gave his talk about ZFS: Advanced Integration (https://fosdem.org/2018/schedule/event/zfs_advanced_integration/), while Benedict presented his Reflections on Teaching a Unix Class With FreeBSD (https://fosdem.org/2018/schedule/event/reflections_on_reaching_unix_class_with_freebsd/). Sunday was just as busy on the FreeBSD table as Saturday and we finally ran out of stickers and some other goodies. We were happy with the results of the two days. Some very interesting conversations at the table about FreeBSD took place, some of which we're going to follow up afterwards. Check out the FOSDEM schedule as many talk recordings are already available, and especially the ones from the BSD devroom if you could not attend the conference. We would like to thank everyone who attended the FreeBSD devsummit, who helped out at the FreeBSD table and organized the BSD devroom. Also, thanks to all the speakers, organizers, and helping hands making FOSDEM another success this year. *** NetBSD kernel wscons IOCTL vulnerable bug class (http://blog.infosectcbr.com.au/2018/01/netbsd-kernel-wscons-ioctl-vulnerable.html) I discovered this bug class during the InfoSect public code review session we ran looking specifically at the NetBSD kernel. I found a couple of these bugs and then after the session was complete, I went back and realised the same bug was scattered in other drivers. In total, 17 instances of this vulnerability and its variants were discovered. In all fairness, I came across this bug class during my kernel audits in 2002 and most instances were patched. It just seems there are more bugs now in NetBSD while OpenBSD and FreeBSD have practically eliminated them. See slide 41 in http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-cesare.pdf (http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-cesare.pdf) for exactly the same bug (class) 16 years ago. The format of the this blog post is as follows: Introduction Example of the Bug Class How to Fix How to Detect Automatically with Coccinelle More Bugs Conclusion These source files had bugs ./dev/tc/tfb.c ./dev/ic/bt485.c ./dev/pci/radeonfb.c ./dev/ic/sti.c ./dev/sbus/tcx.c ./dev/tc/mfb.c ./dev/tc/sfb.c ./dev/tc/stic.c ./dev/tc/cfb.c ./dev/tc/xcfb.c ./dev/tc/sfbplus.c ./arch/arm/allwinner/awin_debe.c ./arch/arm/iomd/vidcvideo.c ./arch/pmax/ibus/pm.c ./dev/ic/igfsb.c ./dev/ic/bt463.c ./arch/luna68k/dev/lunafb.c Reporting of the bugs was easy. In less than a week from reporting the specific instances of each bug, patches were committed into the mainline kernel. Thanks to Luke Mewburn from NetBSD for coming to the code review session at InfoSect and coordinating with the NetBSD security team. The patches to fix these issues are in NetBSD: https://mail-index.netbsd.org/source-changes/2018/01/24/msg091428.html (https://mail-index.netbsd.org/source-changes/2018/01/24/msg091428.html) "Permissive licensing is wrong!” – Is it? (https://eerielinux.wordpress.com/2017/11/25/permissive-licensing-is-wrong-is-it-1-2/) A few weeks ago I've been attacked by some GNU zealots on a German tech site after speaking in favor of permissive licenses. Unfortunately a discussion was not possible there because that would require the will to actually communicate instead of simply accusing the other side of vile motives. Since I actually do care about this topic and a reader asked for a post about it in comments a while ago, here we go. This first part tries to sum up the most important things around the topic. I deliberately aim for an objective overview that tries not to be one-sided. The second part will then contain my points in defence of permissive licensing. Why license software at all? Licenses exist for reasons of protection. If you're the author/inventor of some software, a story or whatever product, you get to decide what to do with it. You can keep it for yourself or you can give it away. If you decide for the latter, you have to decide who may use it and in which way(s). In case you intend to give it to a (potentially) large group of people, you may not want to be asked for permission to xyz by everybody. That's when you decide to write a license which states what you are allowing and explicitly disallowing. Most of the well-known commercial licenses focus on what you're not allowed to do (usually things like copying, disassembling, etc.). Open source licenses on the other hand are meant to grant the user rights (e.g. the right to distribute) while reserving some rights or only giving permission under certain conditions – and they usually make you claim responsibility for using the software. For these reasons licenses can actually be a good thing! If you got an unlicensed piece of code, you're not legally allowed to do anything with it without getting the author's permission first. And even if you got that permission, your project would be risky, since the author can withdraw it later. A proper license protects both parties. The author doesn't get his mail account full of email asking for permission, he's save from legal trouble if his code breaks anything for you and at the same time you have legal certainty when you decide to put the code to long-term use. Permissive vs. Copyleft (in a nutshell) In short terms, permissive licensing usually goes like this: “Here you are, have fun. Oh, and don't sue me if it does something else than what you expect!” Yes, it's that easy and there's little to dispute over. Copyleft on the other side sounds like this (if you ask somebody in favor of Copyleft): “Sure, you can use it, it's free. Just keep it free, ok?”. Also quite simple. And not too bad, eh? Other people however read the same thing like this: “Yes, you're free to use it. Just read these ten pages of legalese and be dead certain that you comply. If you got something wrong, we will absolutely make you regret it.” The GNU Public license (GPL) The most popular copyleft license in use is the GPL (in various versions) (https://www.gnu.org/licenses/gpl.html). It got more and more complex with each version – and to be fair, it had to, because it was necessary to react to new threats and loop holes that were found later. The GNU project states that they are committed to protect what they call the four freedoms of free software: the freedom to use the software for any purpose the freedom to change the software to suit your needs the freedom to share the software with your friends and neighbors the freedom to share the changes you make These are freedoms that every supporter of open source software should be able to agree with. So what's the deal with all the hostility and fighting between the two camps? Let's take a look at a permissive license, too. The BSD license Unlike the GPL, the BSD family of licenses begun with a rather simple license that span four rules (“original BSD license”). It was later revised and reduced to three (“modified BSD license”). And the modern BSD license that e.g. FreeBSD uses is even just two (“simplified BSD license”). Did you read the GPLv3 that I linked to above? If you are using GPL'd code you really should. In case you don't feel like reading all of it, at least take a look and grasp how long that text is. Now compare it to the complete modern BSD license (https://opensource.org/licenses/bsd-license.php). What's the problem? There are essentially two problems that cause all the trouble. The first one is the question of what should be subject to the freedom that we're talking about. And closely related, the second one is where that freedom needs to end. Ironically both camps claim that freedom is the one important thing and it must not be restricted. The GPL is meant to protect the freedom of the software and enforces the availability of the source code, hence limiting the freedom of actual persons. BSD on the other hand is meant to protect the freedom of human beings who should be able to use the software as they see fit – even if that means closing down former open source code! The GNU camp taunts permissive licenses as being “lax” for not providing the protection that they want. The other camp points out that the GPL is a complex monster and that it is virulent in nature: Since it's very strict in a lot of areas, it's incompatible with many other licenses. This makes it complicated to mix GPL and non-GPL code and in the cases where it's legally possible, the GPL's terms will take precedence and necessarily be in effect for the whole combined work. Who's right? That totally depends on what you want to achieve. There are pros and cons to both – and in fact we're only looking at the big picture here. There's also e.g. the Apache license which is often deemed as kind of middle ground. Then you may want to consider the difference between weak (e.g. LGPL) as well as strong copyleft (GPL). Licensing is a potentially huge topic. But let's keep it simple here because the exact details are actually not necessary to understand the essence of our topic. In the next post I'll present my stance on why permissive licensing is a good thing and copyleft is more problematic than many people may think. “Permissive licensing is wrong?” – No it's not! (https://eerielinux.wordpress.com/2018/01/25/permissive-licensing-is-wrong-no-its-not-2-2/) The previous post gave a short introduction into the topic of software licenses, focusing on the GPL vs. BSD discussion. This one is basically my response to some typical arguments I've seen from people who seem to loathe permissive licensing. I'll write this in dialog style, hoping that this makes it a little lighter to read. Roundup Install OpenBSD on dedibox with full-disk encryption (https://poolp.org/posts/2018-01-29/install-openbsd-on-dedibox-with-full-disk-encryption/) TL;DR: I run several "dedibox" servers at online.net, all powered by OpenBSD. OpenBSD is not officially supported so you have to work-around. Running full-disk encrypted OpenBSD there is a piece of cake. As a bonus, my first steps within a brand new booted machine ;-) Step #0: choosing your server OpenBSD is not officially supported, I can't guarantee that this will work for you on any kind of server online.net provides, however I've been running https://poolp.org on OpenBSD there since 2008, only switching machines as they were getting a bit old and new offers came up. Currently, I'm running two SC 2016 (SATA) and one XC 2016 (SSD) boxes, all three running OpenBSD reliably ever since I installed them. Recently I've been willing to reinstall the XC one after I did some experiments that turned it into a FrankenBSD, so this was the right occasion to document how I do it for future references. I wrote an article similar to this a few years ago relying on qemu to install to the disk, since then online.net provided access to a virtual serial console accessed within the browser, making it much more convenient to install without the qemu indirection which hid the NIC devices and disks duid and required tricks. The method I currently use is a mix and adaptation from the techniques described in https://www.2f30.org/guides/openbsd-dedibox.html to boot the installer, and the technique described in https://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption.html to setup the crypto slice. Step #1: boot to rescue mode Step #2: boot to the installer Step #3: prepare softraid Step #4: reboot to encrypted OpenBSD system Bonus: further tightening your system enable doas disable the root account update system with syspatch add my ssh public key to my ~/.ssh/authorized_keys disable password authentication within ssh reboot so you boot on a brand new up-to-date system with latest stable kernel VOILA ! January 2018 Development Projects Update (https://www.freebsdfoundation.org/blog/january-2018-development-projects-update/) Spectre and Meltdown in FreeBSD Issues affecting most CPUs used in servers, desktops, laptops, and mobile devices are in the news. These hardware vulnerabilities, known by the code-names “Meltdown” and “Spectre”, allow malicious programs to read data to which they should not have access. This potentially includes credentials, cryptographic material, or other secrets. They were originally identified by a researcher from Google's Project Zero, and were also independently discovered by researchers and academics from Cyberus Technology, Graz University of Technology, the University of Pennsylvania, the University of Maryland, Rambus, the University of Adelaide and Data61. These vulnerabilities affect many CPU architectures supported by FreeBSD, but the 64-bit x86 family of processors from Intel and AMD are the most widely used, and are a high priority for software changes to mitigate the effects of Meltdown and Spectre. In particular, the Meltdown issue affects Intel CPUs and may be used to extract secret data from the running kernel, and therefore, is the most important issue to address. The FreeBSD Foundation collaborates with Intel, and under this relationship participated in a briefing to understand the details of these issues and plan the mitigations to be applied to the x86 architectures supported by FreeBSD. We also made arrangements to have FreeBSD's security officer join me in the briefing. It is through the generous support of the Foundation's donors that we are able to dedicate resources to focus on these issues on demand as they arise. Foundation staff member Konstantin (Kostik) Belousov is an expert on FreeBSD's Virtual Memory (VM) system as well as low-level x86 details, and is developing the x86 kernel mitigations for FreeBSD. The mitigation for Meltdown is known as Page Table Isolation (PTI). Kostik created a PTI implementation which was initially committed in mid-January and is available in the FreeBSD-CURRENT development repository. This is the same approach used by the Linux kernel to mitigate Meltdown. One of the drawbacks of the PTI mitigation is that it incurs a performance regression. Kostik recently reworked FreeBSD's use of Process-Context Identifiers (PCID) in order to regain some of the performance loss incurred by PTI. This change is also now available in FreeBSD-CURRENT. The issue known as Spectre comes in two variants, and variant 2 is the more troubling and pressing one. It may be mitigated in one of two ways: by using a technique called “retpoline” in the compiler, or by making use of a CPU feature introduced in a processor microcode update. Both options are under active development. Kostik's change to implement the CPU-based mitigation is currently in review. Unfortunately, it introduces a significant performance penalty and alternatives are preferred, if available. For most cases, the compiler-based retpoline mitigation is likely to be the chosen mitigation. Having switched to the Clang compiler for the base system and most of the ports collection some years ago, FreeBSD is well-positioned to deploy Clang-based mitigations. FreeBSD developer Dimitry Andric is spearheading the update of Clang/LLVM in FreeBSD to version 6.0 in anticipation of its official release; FreeBSD-CURRENT now includes an interim snapshot. I have been assisting with the import, particularly with respect to LLVM's lld linker, and will support the integration of retpoline. This support is expected to be merged into FreeBSD in the coming weeks. The Foundation's co-op students have also participated in the response to these vulnerabilities. Mitchell Horne developed the patch to control the PTI mitigation default setting, while Arshan Khanifar benchmarked the performance impact of the in-progress mitigation patches. In addition, Arshan and Mitchell each developed changes to FreeBSD's tool chain to support the full set of mitigations that will be applied. These mitigations will continue be tested, benchmarked, and refined in FreeBSD-CURRENT before being merged into stable branches and then being made available as updates to FreeBSD releases. Details on the timing of these merges and releases will be shared as they become available. I would like to acknowledge all of those in the FreeBSD community who have participated in FreeBSD's response to Meltdown and Spectre, for testing, reviewing, and coordinating x86 mitigations, for developing mitigations for other processor architectures and for the Bhyve hypervisor, and for working on the toolchain-based mitigations. Guides: Getting Started & Lumina Theme Submissions (https://lumina-desktop.org/guides-getting-started-lumina-themes/) I am pleased to announce the beginning of a new sub-series of blog posts for the Lumina project: Guides! The TrueOS/Lumina projects want to support our users as they use Lumina or experiment with TrueOS. To that end, we've recently set up a central repository for our users to share instructions or other “how-to” guides with each other! Project developers and contributors will also submit guides to the repository on occasion, but the overall goal is to provide a simple hub for instructions written by any Lumina or TrueOS user. This will make it easier for users to not only find a “how-to” for some procedure, but also a very easy way to “give back” to the community by writing simple instructions or more detailed guides. Guides Repository Our first guide to get the whole thing started was created by the TrueOS Linebacker (https://discourse.trueos.org/t/introducing-the-trueos-linebacker/991) (with technical assistance from our own q5sys). In this guide, Terry Tate will walk you through the steps necessary to submit new wallpaper images to the Lumina Themes collection. This procedure is fully documented with screenshots every step of the way, walking you through a simple procedure that only requires a web browser and a Github account! Guide: Lumina Themes Submissions (https://github.com/trueos/guides/blob/master/lumina-themes-submissions/readme.md) The end result of this guide was that Terry Tate was able to submit this cool new “Lunar-4K” wallpaper to the “lumina-nature” collection. TrueOS Community Guides (https://github.com/trueos/guides/tree/master) ZFS vs. OpenZFS (by Michael Dexter) (https://www.ixsystems.com/blog/zfs-vs-openzfs/) You've probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. Our Senior Analyst clears up what ZFS and OpenZFS refer to and how they differ. I admit that we geeks tend to get caught up in the nuts and bolts of enterprise storage and overlook the more obvious questions that users might have. You've probably noticed that this blog and the FreeNAS blog refer to “ZFS” and “OpenZFS” seemingly at random when talking about the amazing file system at the heart of FreeNAS and every storage product that iXsystems sells. I will do my best to clarify what exactly these two terms refer to. From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset' and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS. Yes, ZFS is really as good as people say it is. After enjoying nearly a decade of refinement by a growing group of developers around the world, ZFS became the property of database vendor Oracle, which ceased public development of both ZFS and OpenSolaris in 2010. Disappointed but undeterred, a group of OpenSolaris users and developers forked the last public release of OpenSolaris as the Illumos project. To this day, Illumos represents the official upstream home of the Open Source OpenSolaris technologies, including ZFS. The Illumos project enjoys healthy vendor and user participation but the portable nature and compelling features of ZFS soon produced far more ZFS users than Illumos users around the world. While most if not all users of Illumos and its derivatives are ZFS users, the majority of ZFS users are not Illumos users, thanks significantly in part to FreeNAS which uses the FreeBSD operating system. This imbalance plus several successful ZFS Day events led ZFS co-founder Matt Ahrens and a group of ZFS developers to announce the OpenZFS project, which would remain a part of the Illumos code base but would be free to coordinate development efforts and events around their favorite file system. ZFS Day has grown into the two-day OpenZFS Developer Summit and is stronger than ever, a testament to the passion and dedication of the OpenZFS community. Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs' command, which on FreeBSD relies on the ‘zfs.ko' kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology. Beastie Bits Explaining Shell (https://explainshell.com/) OPNsense® 18.1 Released (https://opnsense.org/opnsense-18-1-released/) “SSH Mastery 2/e” copyedits back (https://blather.michaelwlucas.com/archives/3104) Sponsoring a Scam (https://blather.michaelwlucas.com/archives/3106) Thursday, February 8, 2018 - Come to Netflix to talk about FreeBSD (https://www.meetup.com/BAFUG-Bay-Area-FreeBSD-User-Group/events/246623825/) BSD User Group meeting in Stockholm: March 22, 17:30 - 21:00 (https://www.meetup.com/BSD-Users-Stockholm/events/247552279/) FreeBSD Flavoured talks from Linux.conf.au: You can't unit test C, right? (https://www.youtube.com/watch?v=z-uWt5wVVkU) and A Brief History of I/O (https://www.youtube.com/watch?v=qAhZEI_6lbc) EuroBSDcon 2018 website is up (https://2018.eurobsdcon.org/) Full day bhyvecon Tokyo, Japan, March 9, 2018 (http://bhyvecon.org/) *** Feedback/Questions Thomas - freebsd installer improvements (http://dpaste.com/3G2F7RC#wrap) Mohammad - FreeBSD 11 installation from a read only rescue disk (http://dpaste.com/0HGK3FQ#wrap) Stan - Follow up on guide you covered (http://dpaste.com/2S169SH#wrap) Jalal - couple questions (http://dpaste.com/35N8QXP#wrap)

This episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice. Headlines Pre-conference activities: Goat BoF, FreeBSD Foundation Board Meeting, and FreeBSD Journal Editorial Board Meeting The FreeBSD Foundation has a new President as Justin Gibbs is busy this year with building a house, so George Neville-Neil took up the task to serve as President, with Justin Gibbs as Secretary. Take a look at the updated Board of Directors (https://www.freebsdfoundation.org/about/board-of-directors/). We also have a new staff member (https://www.freebsdfoundation.org/about/staff/): Scott Lamons joined the Foundation team as senior program manager. Scott's work for the Foundation will focus on managing and evangelizing programs for advanced technologies in FreeBSD including preparing project plans, coordinating resources, and facilitating interactions between commercial vendors, the Foundation, and the FreeBSD community. The Foundation also planned various future activities, visits of upcoming conferences, and finding new ways to support and engage the community. The Foundation now has interns in the form of co-op students from the University of Waterloo, Canada. This is described further in the May 2017 Development Projects Update (https://www.freebsdfoundation.org/blog/may-2017-development-projects-update/). Both students (Siva and Charlie) were also the conference, helping out at the Foundation table, demonstrating the tinderbox dashboard. Follow the detailed instructions (https://www.freebsdfoundation.org/news-and-events/blog/blog-post/building-a-physical-freebsd-build-status-dashboard/) to build one of your own. The Foundation put out a call for Project Proposal Solicitation for 2017 (https://www.freebsdfoundation.org/blog/freebsd-foundation-2017-project-proposal-solicitation/). If you think you have a good proposal for work relating to any of the major subsystems or infrastructure for FreeBSD, we'd be happy to review it. Don't miss the deadlines for travel grants to some of the upcoming conferences. You can find the necessary forms and deadlines at the Travel Grant page (https://www.freebsdfoundation.org/what-we-do/travel-grants/travel-grants/) on the Foundation website. Pictures from the Goat BoF can be found on Keltia.net (https://assets.keltia.net/photos/BSDCan-2017/Royal%20Oak/index.html) Overlapping with the GoatBoF, members of the FreeBSD Journal editorial board met in a conference room in the Novotel to plan the upcoming issues. Topics were found, authors identified, and new content was discussed to appeal to even more readers. Check out the FreeBSD Journal website (https://www.freebsdfoundation.org/journal/) and subscribe if you like to support the Foundation in that way. FreeBSD Devsummit Day 1 & 2 (https://wiki.freebsd.org/DevSummit/201706) The first day of the Devsummit began with introductory slides by Gordon Tetlow, who organized the devsummit very well. Benno Rice of the FreeBSD core team presented the work done on the new Code of Conduct, which will become effective soon. A round of Q&A followed, with positive feedback from the other devsummit attendees supporting the new CoC. After that, Allan Jude joined to talk about the new FreeBSD Community Proposal (FCP) (https://github.com/freebsd/fcp) process. Modelled after IETF RFCs, Joyent RFDs, and Python PEP, it is a new way for the project to reach consensus on the design or implementation of new features or processes. The FCP repo contains FCP#0 that describes the process, and a template for writing a proposal. Then, the entire core team (except John Baldwin, who could not make it this year) and core secretary held a core Q&A session, Answering questions, gathering feedback and suggestions. After the coffee break, we had a presentation about Intel's QAT integration in FreeBSD. When the lunch was over, people spread out into working groups about BearSSL, Transport (TCP/IP), and OpenZFS. OpenZFS working group (https://pbs.twimg.com/media/DBu_IMsWAAId2sN.jpg:large): Matt Ahrens lead the group, and spent most of the first session providing a status update about what features have been recently committed, are out for review, on the horizon, or in the design phase. Existing Features Compressed ARC Compressed Send/Recv Recently Upstreamed A recent commit improved RAID-Z write speeds by declaring writes to padding blocks to be optional, and to always write them if they can be aggregated with the next write. Mostly impacts large record sizes. ABD (ARC buffer scatter/gather) Upstreaming In Progress Native Encryption Channel Programs Device Removal (Mirrors and Stripes) Redacted Send/recv Native TRIM Support (FreeBSD has its own, but this is better and applies to all ZFS implementations) Faster (mostly sequential) scrub/resilver DRAID (A great deal of time was spent explaining how this works, with diagrams on the chalk board) vdev metadata classes (store metadata on SSDs with data is on HDDs, or similar setups. Could also be modified to do dedup to SSD) Multi-mount protection (“safe import”, for dual-headed storage shelves) zpool checkpoint (rollback an entire pool, including zfs rename and zfs destroy) Further Out Import improvements Import with missing top-level vdevs (some blocks unreadable, but might let you get some data) Improved allocator performance -- vdev spacemap log ZIL performance Persistent L2ARC ZSTD Compression Day 2 Day two started with the Have/Want/Need session for FreeBSD 12.0. A number of features that various people have or are in the process of building, were discussed with an eye towards upstreaming them. Features we want to have in time for 12.0 (early 2019) were also discussed. After the break was the Vendor summit, which continued the discussion of how FreeBSD and its vendors can work together to make a better operating system, and better products based on it After lunch, the group broke up into various working groups: Testing/CI, Containers, Hardening UFS, and GELI Improvements Allan lead the GELI Improvements session. The main thrust of the discussions was fixing an outstanding bug in GELI when using both key slots with passphrases. To solve this, and make GELI more extensible, the metadata format will be extended to allow it to store more than 512 bytes of data (currently 511 bytes are used). The new format will allow arbitrarily large metadata, defined at creation time by selecting the number of user key slots desired. The new extended metadata format will contain mostly the same fields, except the userkey will no longer be a byte array of IV-key, Data-key, HMAC, but a struct that will contain all data about that key This new format will store the number of pkcs5v2 iterations per key, instead of only having a single location to store this number for all keys (the source of the original bug) A new set of flags per key, to control some aspects of the key (does it require a keyfile, etc), as well as possibly the role of the key. An auxdata field related to the flags, this would allow a specific key with a specific flag set, to boot a different partition, rather than decrypt the main partition. A URI to external key material is also stored per key, allowing GELI to uniquely identify the correct data to load to be able to use a specific decryption key And the three original parts of the key are stored in separate fields now. The HMAC also has a type field, allowing for a different HMAC algorithm to be used in the future. The main metadata is also extended to include a field to store the number of user keys, and to provide an overall HMAC of the metadata, so that it can be verified using the master key (provide any of the user keys) Other topics discussed: Ken Merry presented sedutil, a tool for managing Self Encrypting Drives, as may be required by certain governments and other specific use cases. Creating a deniable version of GELI, where the metadata is also encrypted The work to implemented GELI in the UEFI loader was discussed, and a number of developers volunteered to review and test the code Following the end of the Dev Summit, the “Newcomers orientation and mentorship” session was run by Michael W. Lucas, which attempts to pair up first time attendees with oldtimers, to make sure they always know a few people they can ask if they have questions, or if they need help getting introduced to the right people. News Roundup Conference Day 1 (http://www.bsdcan.org/2017/schedule/day_2017-06-09.en.html) The conference opened with some short remarks from Dan Langille, and then the opening keynote by Dr Michael Geist, a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. The keynote focused on what some of the currently issues are, and how the technical community needs to get involved at all levels. In Canada especially, contacting your representatives is quite effective, and when it does not happen, they only hear the other side of the story, and often end up spouting talking points from lobbyists as if they were facts. The question period for the keynote ran well overtime because of the number of good questions the discussion raised, including how do we fight back against large telcos with teams of lawyers and piles of money. Then the four tracks of talks started up for the day The day wrapped up with the Work In Progress (WIP) session. Allan Jude presented work on ZSTD compression in ZFS Drew Gallatin presented about work at Netflix on larger mbufs, to avoid the need for chaining and to allow more data to be pushed at once. Results in an 8% CPU time reduction when pushing 90 gbps of TLS encrypted traffic Dan Langille presented about letsencrypt (the acme.sh tool specifically), and bacula Samy Al Bahra presented about Concurrency Kit *** Conference Day 2 (http://www.bsdcan.org/2017/schedule/day_2017-06-10.en.html) Because Dan is a merciful soul, BSDCan starts an hour later on the second day Another great round of talks and BoF sessions over lunch The hallway track was great as always, and I spent most of the afternoon just talking with people Then the final set of talks started, and I was torn between all four of them Then there was the auction, and the closing party *** BSDCan 2017 Auction Swag (https://blather.michaelwlucas.com/archives/2962) Groff Fundraiser Pins: During the conference, You could get a unique Groff pin, by donating more than the last person to either the FreeBSD or OpenBSD foundation Michael W. Lucas and his wife Liz donated some interesting home made and local items to the infamous Charity Auction I donated the last remaining copy of the “Canadian Edition” of “FreeBSD Mastery: Advanced ZedFS”, and a Pentium G4400 (Skylake) CPU (Supports ECC or non-ECC) Peter Hessler donated his pen (Have you read “Git Commit Murder” yet?) Theo De Raadt donated his autographed conference badge David Maxwell donated a large print of the group photo from last years FreeBSD Developers Summit, which was purchased by Allan There was also a FreeBSD Dev Summit T-Shirt (with the Slogan: What is Core doing about it?) autographed by all of the attending members of core, with a forged jhb@ signature. Lastly, someone wrote “I

This week on BSDNow, reports from AsiaBSDcon, TrueOS and FreeBSD news, Optimizing IllumOS Kernel, your questions and more. This episode was brought to you by Headlines AsiaBSDcon Reports and Reviews () AsiaBSDcon schedule (https://2017.asiabsdcon.org/program.html.en) Schedule and slides from the 4th bhyvecon (http://bhyvecon.org/) Michael Dexter's trip report on the iXsystems blog (https://www.ixsystems.com/blog/ixsystems-attends-asiabsdcon-2017) NetBSD AsiaBSDcon booth report (http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html) *** TrueOS Community Guidelines are here! (https://www.trueos.org/blog/trueos-community-guidelines/) TrueOS has published its new Community Guidelines The TrueOS Project has existed for over ten years. Until now, there was no formally defined process for interested individuals in the TrueOS community to earn contributor status as an active committer to this long-standing project. The current core TrueOS developers (Kris Moore, Ken Moore, and Joe Maloney) want to provide the community more opportunities to directly impact the TrueOS Project, and wish to formalize the process for interested people to gain full commit access to the TrueOS repositories. These describe what is expected of community members and committers They also describe the process of getting commit access to the TrueOS repo: Previously, Kris directly handed out commit bits. Now, the Core developers have provided a small list of requirements for gaining a TrueOS commit bit: Create five or more pull requests in a TrueOS Project repository within a single six month period. Stay active in the TrueOS community through at least one of the available community channels (Gitter, Discourse, IRC, etc.). Request commit access from the core developers via core@trueos.org OR Core developers contact you concerning commit access. Pull requests can be any contribution to the project, from minor documentation tweaks to creating full utilities. At the end of every month, the core developers review the commit logs, removing elements that break the Project or deviate too far from its intended purpose. Additionally, outstanding pull requests with no active dissension are immediately merged, if possible. For example, a user submits a pull request which adds a little-used OpenRC script. No one from the community comments on the request or otherwise argues against its inclusion, resulting in an automatic merge at the end of the month. In this manner, solid contributions are routinely added to the project and never left in a state of “limbo”. The page also describes the perks of being a TrueOS committer: Contributors to the TrueOS Project enjoy a number of benefits, including: A personal TrueOS email alias: @trueos.org Full access for managing TrueOS issues on GitHub. Regular meetings with the core developers and other contributors. Access to private chat channels with the core developers. Recognition as part of an online Who's Who of TrueOS developers. The eternal gratitude of the core developers of TrueOS. A warm, fuzzy feeling. Intel Donates 250.000 $ to the FreeBSD Foundation (https://www.freebsdfoundation.org/news-and-events/latest-news/new-uranium-level-donation-and-collaborative-partnership-with-intel/) More details about the deal: Systems Thinking: Intel and the FreeBSD Project (https://www.freebsdfoundation.org/blog/systems-thinking-intel-and-the-freebsd-project/) Intel will be more actively engaging with the FreeBSD Foundation and the FreeBSD Project to deliver more timely support for Intel products and technologies in FreeBSD. Intel has contributed code to FreeBSD for individual device drivers (i.e. NICs) in the past, but is now seeking a more holistic “systems thinking” approach. Intel Blog Post (https://01.org/blogs/imad/2017/intel-increases-support-freebsd-project) We will work closely with the FreeBSD Foundation to ensure the drivers, tools, and applications needed on Intel® SSD-based storage appliances are available to the community. This collaboration will also provide timely support for future Intel® 3D XPoint™ products. Thank you very much, Intel! *** Applied FreeBSD: Basic iSCSI (https://globalengineer.wordpress.com/2017/03/05/applied-freebsd-basic-iscsi/) iSCSI is often touted as a low-cost replacement for fibre-channel (FC) Storage Area Networks (SANs). Instead of having to setup a separate fibre-channel network for the SAN, or invest in the infrastructure to run Fibre-Channel over Ethernet (FCoE), iSCSI runs on top of standard TCP/IP. This means that the same network equipment used for routing user data on a network could be utilized for the storage as well. This article will cover a very basic setup where a FreeBSD server is configured as an iSCSI Target, and another FreeBSD server is configured as the iSCSI Initiator. The iSCSI Target will export a single disk drive, and the initiator will create a filesystem on this disk and mount it locally. Advanced topics, such as multipath, ZFS storage pools, failover controllers, etc. are not covered. The real magic is the /etc/ctl.conf file, which contains all of the information necessary for ctld to share disk drives on the network. Check out the man page for /etc/ctl.conf for more details; below is the configuration file that I created for this test setup. Note that on a system that has never had iSCSI configured, there will be no existing configuration file, so go ahead and create it. Then, enable ctld and start it: sysrc ctld_enable=”YES” service ctld start You can use the ctladm command to see what is going on: root@bsdtarget:/dev # ctladm lunlist (7:0:0/0): Fixed Direct Access SPC-4 SCSI device (7:0:1/1): Fixed Direct Access SPC-4 SCSI device root@bsdtarget:/dev # ctladm devlist LUN Backend Size (Blocks) BS Serial Number Device ID 0 block 10485760 512 MYSERIAL 0 MYDEVID 0 1 block 10485760 512 MYSERIAL 1 MYDEVID 1 Now, let's configure the client side: In order for a FreeBSD host to become an iSCSI Initiator, the iscsd daemon needs to be started. sysrc iscsid_enable=”YES” service iscsid start Next, the iSCSI Initiator can manually connect to the iSCSI target using the iscsictl tool. While setting up a new iSCSI session, this is probably the best option. Once you are sure the configuration is correct, add the configuration to the /etc/iscsi.conf file (see man page for this file). For iscsictl, pass the IP address of the target as well as the iSCSI IQN for the session: + iscsictl -A -p 192.168.22.128 -t iqn.2017-02.lab.testing:basictarget You should now have a new device (check dmesg), in this case, da1 The guide them walks through partitioning the disk, and laying down a UFS file system, and mounting it This it walks through how to disconnect iscsi, incase you don't want it anymore This all looked nice and easy, and it works very well. Now lets see what happens when you try to mount the iSCSI from Windows Ok, that wasn't so bad. Now, instead of sharing an entire space disk on the host via iSCSI, share a zvol. Now your windows machine can be backed by ZFS. All of your problems are solved. Interview - Philipp Buehler - pbuehler@sysfive.com (mailto:pbuehler@sysfive.com) Technical Lead at SysFive, and Former OpenBSD Committer News Roundup Half a dozen new features in mandoc -T html (http://undeadly.org/cgi?action=article&sid=20170316080827) mandoc (http://man.openbsd.org/mandoc.1)'s HTML output mode got some new features Even though mdoc(7) is a semantic markup language, traditionally none of the semantic annotations were communicated to the reader. [...] Now, at least in -T html output mode, you can see the semantic function of marked-up words by hovering your mouse over them. In terminal output modes, we have the ctags(1)-like internal search facility built around the less(1) tag jump (:t) feature for quite some time now. We now have a similar feature in -T html output mode. To jump to (almost) the same places in the text, go to the address bar of the browser, type a hash mark ('#') after the URI, then the name of the option, command, variable, error code etc. you want to jump to, and hit enter. Check out the full report by Ingo Schwarze (schwarze@) and try out these new features *** Optimizing IllumOS Kernel Crypto (http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html) Sašo Kiselkov, of ZFS fame, looked into the performance of the OpenSolaris kernel crypto framework and found it lacking. The article also spends a few minutes on the different modes and how they work. Recently I've had some motivation to look into the KCF on Illumos and discovered that, unbeknownst to me, we already had an AES-NI implementation that was automatically enabled when running on Intel and AMD CPUs with AES-NI support. This work was done back in 2010 by Dan Anderson.This was great news, so I set out to test the performance in Illumos in a VM on my Mac with a Core i5 3210M (2.5GHz normal, 3.1GHz turbo). The initial tests of “what the hardware can do” were done in OpenSSL So now comes the test for the KCF. I wrote a quick'n'dirty crypto test module that just performed a bunch of encryption operations and timed the results. KCF got around 100 MB/s for each algorithm, except half that for AES-GCM OpenSSL had done over 3000 MB/s for CTR mode, 500 MB/s for CBC, and 1000 MB/s for GCM What the hell is that?! This is just plain unacceptable. Obviously we must have hit some nasty performance snag somewhere, because this is comical. And sure enough, we did. When looking around in the AES-NI implementation I came across this bit in aes_intel.s that performed the CLTS instruction. This is a problem: 3.1.2 Instructions That Cause VM Exits ConditionallyCLTS. The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 read shadow. The CLTS instruction signals to the CPU that we're about to use FPU registers (which is needed for AES-NI), which in VMware causes an exit into the hypervisor. And we've been doing it for every single AES block! Needless to say, performing the equivalent of a very expensive context switch every 16 bytes is going to hurt encryption performance a bit. The reason why the kernel is issuing CLTS is because for performance reasons, the kernel doesn't save and restore FPU register state on kernel thread context switches. So whenever we need to use FPU registers inside the kernel, we must disable kernel thread preemption via a call to kpreemptdisable() and kpreemptenable() and save and restore FPU register state manually. During this time, we cannot be descheduled (because if we were, some other thread might clobber our FPU registers), so if a thread does this for too long, it can lead to unexpected latency bubbles The solution was to restructure the AES and KCF block crypto implementations in such a way that we execute encryption in meaningfully small chunks. I opted for 32k bytes, for reasons which I'll explain below. Unfortunately, doing this restructuring work was a bit more complicated than one would imagine, since in the KCF the implementation of the AES encryption algorithm and the block cipher modes is separated into two separate modules that interact through an internal API, which wasn't really conducive to high performance (we'll get to that later). Anyway, having fixed the issue here and running the code at near native speed, this is what I get: AES-128/CTR: 439 MB/s AES-128/CBC: 483 MB/s AES-128/GCM: 252 MB/s Not disastrous anymore, but still, very, very bad. Of course, you've got keep in mind, the thing we're comparing it to, OpenSSL, is no slouch. It's got hand-written highly optimized inline assembly implementations of most of these encryption functions and their specific modes, for lots of platforms. That's a ton of code to maintain and optimize, but I'll be damned if I let this kind of performance gap persist. Fixing this, however, is not so trivial anymore. It pertains to how the KCF's block cipher mode API interacts with the cipher algorithms. It is beautifully designed and implemented in a fashion that creates minimum code duplication, but this also means that it's inherently inefficient. ECB, CBC and CTR gained the ability to pass an algorithm-specific "fastpath" implementation of the block cipher mode, because these functions benefit greatly from pipelining multiple cipher calls into a single place. ECB, CTR and CBC decryption benefit enormously from being able to exploit the wide XMM register file on Intel to perform encryption/decryption operations on 8 blocks at the same time in a non-interlocking manner. The performance gains here are on the order of 5-8x.CBC encryption benefits from not having to copy the previously encrypted ciphertext blocks into memory and back into registers to XOR them with the subsequent plaintext blocks, though here the gains are more modest, around 1.3-1.5x. After all of this work, this is how the results now look on Illumos, even inside of a VM: Algorithm/Mode 128k ops AES-128/CTR: 3121 MB/s AES-128/CBC: 691 MB/s AES-128/GCM: 1053 MB/s So the CTR and GCM speeds have actually caught up to OpenSSL, and CBC is actually faster than OpenSSL. On the decryption side of things, CBC decryption also jumped from 627 MB/s to 3011 MB/s. Seeing these performance numbers, you can see why I chose 32k for the operation size in between kernel preemption barriers. Even on the slowest hardware with AES-NI, we can expect at least 300-400 MB/s/core of throughput, so even in the worst case, we'll be hogging the CPU for at most ~0.1ms per run. Overall, we're even a little bit faster than OpenSSL in some tests, though that's probably down to us encrypting 128k blocks vs 8k in the "openssl speed" utility. Anyway, having fixed this monstrous atrocity of a performance bug, I can now finally get some sleep. To made these tests repeatable, and to ensure that the changes didn't break the crypto algorithms, Saso created a crypto_test kernel module. I have recently created a FreeBSD version of crypto_test.ko, for much the same purposes Initial performance on FreeBSD is not as bad, if you have the aesni.ko module loaded, but it is not up to speed with OpenSSL. You cannot directly compare to the benchmarks Saso did, because the CPUs are vastly different. Performance results (https://wiki.freebsd.org/OpenCryptoPerformance) I hope to do some more tests on a range of different sized CPUs in order to determine how the algorithms scale across different clock speeds. I also want to look at, or get help and have someone else look at, implementing some of the same optimizations that Saso did. It currently seems like there isn't a way to perform addition crypto operations in the same session without regenerating the key table. Processing additional buffers in an existing session might offer a number of optimizations for bulk operations, although in many cases, each block is encrypted with a different key and/or IV, so it might not be very useful. *** Brendan Gregg's special freeware tools for sysadmins (http://www.brendangregg.com/specials.html) These tools need to be in every (not so) serious sysadmins toolbox. Triple ROT13 encryption algorithm (beware: export restrictions may apply) /usr/bin/maybe, in case true and false don't provide too little choice... The bottom command lists you all the processes using the least CPU cycles. Check out the rest of the tools. You wrote similar tools and want us to cover them in the show? Send us an email to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) *** A look at 2038 (http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/) I remember the Y2K problem quite vividly. The world was going crazy for years, paying insane amounts of money to experts to fix critical legacy systems, and there was a neverending stream of predictions from the media on how it's all going to fail. Most didn't even understand what the problem was, and I remember one magazine writing something like the following: Most systems store the current year as a two-digit value to save space. When the value rolls over on New Year's Eve 1999, those two digits will be “00”, and “00” means “halt operation” in the machine language of many central processing units. If you're in an elevator at this time, it will stop working and you may fall to your death. I still don't know why they thought a computer would suddenly interpret data as code, but people believed them. We could see a nearby hydropower plant from my parents' house, and we expected it to go up in flames as soon as the clock passed midnight, while at least two airplanes crashed in our garden at the same time. Then nothing happened. I think one of the most “severe” problems was the police not being able to open their car garages the next day because their RFID tokens had both a start and end date for validity, and the system clock had actually rolled over to 1900, so the tokens were “not yet valid”. That was 17 years ago. One of the reasons why Y2K wasn't as bad as it could have been is that many systems had never used the “two-digit-year” representation internally, but use some form of “timestamp” relative to a fixed date (the “epoch”). The actual problem with time and dates rolling over is that systems calculate timestamp differences all day. Since a timestamp derived from the system clock seemingly only increases with each query, it is very common to just calculate diff = now - before and never care about the fact that now could suddenly be lower than before because the system clock has rolled over. In this case diff is suddenly negative, and if other parts of the code make further use of the suddenly negative value, things can go horribly wrong. A good example was a bug in the generator control units (GCUs) aboard Boeing 787 “Dreamliner” aircrafts, discovered in 2015. An internal timestamp counter would overflow roughly 248 days after the system had been powered on, triggering a shut down to “safe mode”. The aircraft has four generator units, but if all were powered up at the same time, they would all fail at the same time. This sounds like an overflow caused by a signed 32-bit counter counting the number of centiseconds since boot, overflowing after 248.55 days, and luckily no airline had been using their Boing 787 models for such a long time between maintenance intervals. The “obvious” solution is to simply switch to 64-Bit values and call it day, which would push overflow dates far into the future (as long as you don't do it like the IBM S/370 mentioned before). But as we've learned from the Y2K problem, you have to assume that computer systems, computer software and stored data (which often contains timestamps in some form) will stay with us for much longer than we might think. The years 2036 and 2038 might be far in the future, but we have to assume that many of the things we make and sell today are going to be used and supported for more than just 19 years. Also many systems have to store dates which are far in the future. A 30 year mortgage taken out in 2008 could have already triggered the bug, and for some banks it supposedly did. sysgettimeofday() is one of the most used system calls on a generic Linux system and returns the current time in form of an UNIX timestamp (timet data type) plus fraction (susecondst data type). Many applications have to know the current time and date to do things, e.g. displaying it, using it in game timing loops, invalidating caches after their lifetime ends, perform an action after a specific moment has passed, etc. In a 32-Bit UNIX system, timet is usually defined as a signed 32-Bit Integer. When kernel, libraries and applications are compiled, the compiler will turn this assumption machine code and all components later have to match each other. So a 32-Bit Linux application or library still expects the kernel to return a 32-Bit value even if the kernel is running on a 64-Bit architecture and has 32-Bit compatibility. The same holds true for applications calling into libraries. This is a major problem, because there will be a lot of legacy software running in 2038. Systems which used an unsigned 32-Bit Integer for timet push the problem back to 2106, but I don't know about many of those. The developers of the GNU C library (glibc), the default standard C library for many GNU/Linux systems, have come up with a design for year 2038 proofness for their library. Besides the timet data type itself, a number of other data structures have fields based on timet or the combined struct timespec and struct timeval types. Many methods beside those intended for setting and querying the current time use timestamps 32-Bit Windows applications, or Windows applications defining _USE32BITTIMET, can be hit by the year 2038 problem too if they use the timet data type. The _time64t data type had been available since Visual C 7.1, but only Visual C 8 (default with Visual Studio 2015) expanded timet to 64 bits by default. The change will only be effective after a recompilation, legacy applications will continue to be affected. If you live in a 64-Bit world and use a 64-Bit kernel with 64-Bit only applications, you might think you can just ignore the problem. In such a constellation all instances of the standard time_t data type for system calls, libraries and applications are signed 64-Bit Integers which will overflow in around 292 billion years. But many data formats, file systems and network protocols still specify 32-Bit time fields, and you might have to read/write this data or talk to legacy systems after 2038. So solving the problem on your side alone is not enough. Then the article goes on to describe how all of this will break your file systems. Not to mention your databases and other file formats. Also see Theo De Raadt's EuroBSDCon 2013 Presentation (https://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp00001.html) *** Beastie Bits Michael Lucas: Get your name in “Absolute FreeBSD 3rd Edition” (https://blather.michaelwlucas.com/archives/2895) ZFS compressed ARC stats to top (https://svnweb.freebsd.org/base?view=revision&revision=r315435) Matthew Dillon discovered HAMMER was repeating itself when writing to disk. Fixing that issue doubled write speeds (https://www.dragonflydigest.com/2017/03/14/19452.html) TedU on Meaningful Short Names (http://www.tedunangst.com/flak/post/shrt-nms-fr-clrty) vBSDcon and EuroBSDcon Call for Papers are open (https://www.freebsdfoundation.org/blog/submit-your-work-vbsdcon-and-eurobsdcon-cfps-now-open/) Feedback/Questions Craig asks about BSD server management (http://pastebin.com/NMshpZ7n) Michael asks about jails as a router between networks (http://pastebin.com/UqRwMcRk) Todd asks about connecting jails (http://pastebin.com/i1ZD6eXN) Dave writes in with an interesting link (http://pastebin.com/QzW5c9wV) > applications crash more often due to errors than corruptions. In the case of corruption, a few applications (e.g., Log-Cabin, ZooKeeper) can use checksums and redundancy to recover, leading to a correct behavior; however, when the corruption is transformed into an error, these applications crash, resulting in reduced availability. ***

On today's episode, we are loaded and ready to go. Lots of OpenBSD news, a look at LetsEncrypt usage, the NetBSD scheduler (oh my) and much more. Keep it tuned to your place to B...SD! This episode was brought to you by Headlines Production ready (http://www.tedunangst.com/flak/post/production-ready) Ted Unangst brings us a piece on what it means to be Production Ready He tells the story of a project he worked on that picked a framework that was “production ready” They tested time zones, and it all seemed to work They tested the unicode support in english and various european languages, and it was all good They sent some emails with it, and it just worked The framework said “Production Ready” on the tin, and it passed all the tests. What is the worst that could happen? Now, we built our product on top of this. Some of the bugs were caught internally. Others were discovered by customers, who were of course a little dismayed. Like, how could you possibly ship this? Indeed. We were doing testing, quite a bit really, but when every possible edge case has a bug, it's hard to find them all. A customer from Arizona, which does not observe Daylight Saving Time, crashed the app Some less common unicode characters caused a buffer overflow The email system did not properly escape a period on its own line, truncating the email “Egregious performance because of a naive N^2 algorithm for growing a buffer.” “Egregious performance on some platforms due to using the wrong threading primitives.” “Bizarre database connection bugs for some queries that I can't at all explain.” “In short, everything was “works for me” quality. But is that really production quality?” “There are some obvious contenders for the title of today's most “production ready” software, but it's a more general phenomenon. People who have success don't know what they don't know, what they didn't test, what unused features will crash and burn.” Using Let's Encrypt within FreeBSD.org (https://blog.crashed.org/letsencrypt-in-freebsd-org/) I decided to give Let's Encrypt certificates a shot on my personal web servers earlier this year after a disaster with StartSSL. I'd like to share what I've learned. The biggest gotcha is that people tend to develop bad habits when they only have to deal with certificates once a year or so. The beginning part of the process is manual and the deployment of certificates somehow never quite gets automated, or things get left out. That all changes with Let's Encrypt certificates. Instead of 1-5 year lifetime certificates the Let's Encrypt certificates are only valid for 90 days. Most people will be wanting to renew every 60-80 days. This forces the issue - you really need to automate and make it robust. The Let's Encrypt folks provide tools to do this for you for the common cases. You run it on the actual machine, it manages the certificates and adjusts the server configuration files for you. Their goal is to provide a baseline shake-n-bake solution. I was not willing to give that level of control to a third party tool for my own servers - and it was absolutely out of the question for for the FreeBSD.org cluster. I should probably mention that we do things on the FreeBSD.org cluster that many people would find a bit strange. The biggest problem that we have to deal with is that the traditional model of a firewall/bastion between "us" and "them" does not apply. We design for the assumption that hostile users are already on the "inside" of the network. The cluster is spread over 8 distinct sites with naked internet and no vpn between them. There is actually very little trust between the systems in this network - eg: ssh is for people only - no headless users can ssh. There are no passwords. Sudo can't be used. The command and control systems use signing. We don't trust anything by IPv4/IPv6 address because we have to assume MITM is a thing. And so on. In general, things are constructed to be trigger / polling / pull based. The downside is that this makes automation and integration of Let's Encrypt clients interesting. If server configuration files can't be modified; and replicated web infrastructure is literally read-only (via jails/nullfs); and DNS zone files are static; and headless users can't ssh and therefore cannot do commits, how do you do the verification tokens in an automated fashion? Interesting, indeed. We wanted to be able to use certificates on things like ldap and smtp servers. You can't do http file verification on those so we had to use dns validation of domains. First, a signing request is generated, and the acme-challenge is returned Peter's post then walks through how the script adds the required TXT record to prove control of the domain, regenerates the zone file, DNSSEC signs it, and waits for it to be published, then continues the letsencrypt process. Letsencrypt then issues the actual certificate We export the fullchain files into a publication location. There is another jail that can read the fullchain certificates via nullfs and they are published with our non-secrets update mechanism Since we are using DNSSEC, here is a good opportunity to maintain signed TLSA fingerprints. The catch with TLSA record updates is managing the update event horizon. You are supposed to have both fingerprints listed across the update cycle. We use 'TLSA 3 1 1' records to avoid issues with propagation delays for now. TLSA 3 0 1 changes with every renewal, while 3 1 1 only changes when you generate a new private key. The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. I found out the hard way. There is a great deal more detail in the blog post, I recommend you check it out Learning more about the NetBSD scheduler (... than I wanted to know) Part 1 (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161105_1754.html) Part 2 (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161109_0059.html) Part 3 (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20161113_0122.html) Today I had a need to do some number crunching using a home-brewn C program. In order to do some manual load balancing, I was firing up some Amazon AWS instances (which is Xen) with NetBSD 7.0. In this case, the system was assigned two CPUs I started two instances of my program, with the intent to have each one use one CPU. Which is not what happened! Here is what I observed, and how I fixed things for now. ~~ load averages: 2.14, 2.08, 1.83; up 0+00:45:56 18:01:32 27 processes: 4 runnable, 21 sleeping, 2 on CPU CPU0 states: 100% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Memory: 119M Act, 7940K Exec, 101M File, 3546M Free ~~ ~~ PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 2791 root 25 0 8816K 964K RUN/0 16:10 54.20% 54.20% myprog 2845 root 26 0 8816K 964K RUN/0 17:10 47.90% 47.90% myprog ~~ I expected something like WCPU and CPU being around 100%, assuming that each process was bound to its own CPU. The values I actually saw (and listed above) suggested that both programs were fighting for the same CPU. Huh?! NetBSD allows to create "processor sets", assign CPU(s) to them and then assign processes to the processor sets. Let's have a look! ~~ # psrset -c 1 # psrset -b 0 2791 # psrset -b 1 2845 load averages: 2.02, 2.05, 1.94; up 0+00:59:32 18:15:08 27 processes: 1 runnable, 24 sleeping, 2 on CPU CPU0 states: 100% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle CPU1 states: 100% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle Memory: 119M Act, 7940K Exec, 101M File, 3546M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 2845 root 25 0 8816K 964K CPU/1 26:14 100% 100% myprog 2791 root 25 0 8816K 964K RUN/0 25:40 100% 100% myprog ~~ Things are as expected now, with each program being bound to its own CPU. Now why this didn't happen by default is left as an exercise to the reader. I had another look at this today, and was able to reproduce the behaviour using VMWare Fusion with two CPU cores on both NetBSD 7.0_STABLE as well as -current The one hint that I got so far was from Michael van Elst that there may be a rouding error in sched_balance(). Looking at the code, there is not much room for a rounding error. But I am not familiar enough (at all) with the code, so I cannot judge if crucial bits are dropped here, or how that function fits in the whole puzzle. Pondering on the "rounding error", I've setup both VMs with 4 CPUs, and the behaviour shown there is that load is distributed to about 3 and a half CPU - three CPUs under full load, and one not reaching 100%. There's definitely something fishy in there. With multiple CPUs, each CPU has a queue of processes that are either "on the CPU" (running) or waiting to be serviced (run) on that CPU. Those processes count as "migratable" in runqueue_t. Every now and then, the system checks all its run queues to see if a CPU is idle, and can thus "steal" (migrate) processes from a busy CPU. This is done in sched_balance(). Such "stealing" (migration) has the positive effect that the process doesn't have to wait for getting serviced on the CPU it's currently waiting on. On the other side, migrating the process has effects on CPU's data and instruction caches, so switching CPUs shouldn't be taken too easy. All in all, I'd say the patch is a good step forward from the current situation, which does not properly distribute pure CPU hogs, at all. Building Cost-Effective 100-Gbps Firewalls for HPC with FreeBSD (https://www.nas.nasa.gov/SC16/demos/demo9.html) The continuous growth of the NASA Center for Climate Simulation (NCCS) requires providing high-performance security tools and enhancing the network capacity. In order to support the requirements of emerging services, including the Advanced Data Analytics Platform (ADAPT) private cloud, the NCCS security team has proposed an architecture to provide extremely cost-effective 100-gigabit-per-second (Gbps) firewalls. The aim of this project is to create a commodity-based platform that can process enough packets per second (pps) to sustain a 100-Gbps workload within the NCCS computational environment. The test domain consists of several existing systems within the NCCS, including switches (Dell S4084), routers (Dell R530s), servers (Dell R420s, and C6100s), and host card adapters (10-Gbps Mellanox ConnectX2 and Intel 8259 x Ethernet cards). Previous NCCS work testing the FreeBSD operating system for high-performance routing reached a maximum of 4 million pps. Building on this work, we are comparing FreeBSD-11.0 and FreeBSD-Current along with implementing the netmap-fwd Application Programming Interface (API) and tuning the 10-gigabit Ethernet cards. We used the tools iperf3, nuttcp, and netperf to monitor the performance of the maximum bandwidth through the cards. Additional testing has involved enabling the Common Address Redundancy Protocol (CARP) to achieve an active/active architecture. The tests have shown that at the optimally tuned and configured FreeBSD system, it is possible to create a system that can manage the huge amounts of pps needed to create a 100-Gbps firewall with commodity components. Some interesting findings: FreeBSD was able to send more pps as a client than Centos 6. Netmap-fwd increased the pps rate significantly. The choice of network card can have a significant impact on pps, tuning, and netmap support. Further tests will continue verifying the above results with even more capable systems-such as 40-gigabit and 100-gigabit Ethernet cards-to achieve even higher performance. In addition to hardware improvements, updates to the network capabilities in the FreeBSD-Current version will be closely monitored and applied as appropriate. The final result will be a reference architecture with representative hardware and software that will enable the NCCS to build, deploy, and efficiently maintain extremely cost-effective 100-Gbps firewalls. Netflix has already managed to saturate a 100 Gbps interface using only a single CPU Socket (rather than a dual socket server). Forwarding/routing is a bit different, but it is definitely on track to get there. Using a small number of commodity servers to firewall 100 Gbps of traffic just takes some careful planning and load balancing. Soon it will be possible using a single host. News Roundup iocell - A FreeBSD jail manager. (https://github.com/bartekrutkowski/iocell) Another jail manager has arrived on the scene, iocell, which begins life as a fork of the “classic” iocage. Due to its shared heritage, it offers much of the same functionality and flags as iocage users will be familiar with. For those who aren't up to speed with either products, some of those features include: Templates, clones, basejails, fully independent jails Ease of use Zero configuration files Rapid thin provisioning within seconds Automatic package installation Virtual networking stacks (vnet) Shared IP based jails (non vnet) Resource limits (CPU, MEMORY, DISK I/O, etc.) Filesystem quotas and reservations Dedicated ZFS datasets inside jails Transparent ZFS snapshot management Binary updates Differential jail packaging Export and import And many more! The program makes extensive use of ZFS for performing jail operations, so a zpool will be required (But doesn't have to be your boot-pool) It still looks “very” fresh, even using original iocage filenames in the repo, so a safe guess is that you'll be able to switch between iocage and iocell with relative ease. Fail2ban on OpenBSD 6.0 (http://blog.gordonturner.ca/2016/11/20/fail2ban-on-openbsd-6-0/) We've used Fail2Ban in PC-BSD before, due to it's ability to detect and block brute force attempts against a variety of services, including SSH, mail, and others. It even can work to detect jail brute force attempts, blocking IPs on the hosts firewall. However what about OpenBSD users? Well, Gordon Turner comes to the rescue today with a great writeup on deploying Fail2Ban specifically for that platform. Now, Fail2Ban is a python program, so you'll need to pkg install Python first, then he provides instructions on how to manually grab the F2B sources and install on OpenBSD. Helpfully Gordon gives us some handy links to scripts and modifications to get F2B running via RC as well, which is a bit different since F2B has both a server and client that must run together. With the installation bits out of the way, we get to next hit the “fun” stuff, which comes in the way of SSH brute force detection. Naturally we will be configuring F2B to use “pf” to do our actual blocking, but the examples shown give us full control over the knobs used to detect, and then ultimately call ‘pfctl' to do our heavy lifting. The last bits of the article give us a runthrough on how to “prime” pf with the correct block tables and performing basic administrative tasks to control F2B in production. A great article, and if you run an OpenBSD box exposed to the internet, you may want to bookmark this one. openbsd changes of note (http://www.tedunangst.com/flak/post/openbsd-changes-of-note) Continuing with our OpenBSD news for the week, we have a new blog post by TedU, which gives us a bunch of notes on the things which have changed over there as of late: Some of the notables include: mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They're two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that's 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less. FreeType 2.7 is prettier than ever. vmm for i386. Improve security. vmm is still running with a phenomenal set of privileges, but perhaps some cross-VM attacks may be limited. On the other side of the world, hyperv support is getting better. Remove setlocale. setlocale was sprinkled all throughout the code base many years ago, even though it did nothing, in anticipation of a day when it would do something. We've since decided that day will never come, and so many setlocale calls can go. syspatch is coming. Lots of commits actually. Despite the name, it's more like a system update, since it replaces entire binaries. Then again, replacing a few binaries in a system is like patching small parts of the whole. A syspatch update will be smaller than an entire release. There's a new build system. It kind of works like before, but a lot of the details have changed to support less root. Actually, it'd be accurate to say the whole build privilege system has been flipped. Start as root, which drops down to the build user to do the heavy lifting, instead of starting as a user that can elevate to root at any time. This no longer requires the build user to be pseudo-root; in fact, the goal is that the build user can't elevate. There's several other items on this list, take a look for more details, and he also helpfully provides commit-links if you want to see more about any of these topics. It came from Bell Labs (http://media.bemyapp.com/came-bell-labs/#) A little late for a halloween episode, we have “It came from Bell Labs”, a fascinating article talking about the successor to UNIX, Plan9 There was once an operating system that was intended to be the successor to Unix. Plan 9 From Bell Labs was its name, and playing with it for five minutes is like visiting an alternate dimension where computers are done differently. It was so ahead of its time that it would be considered cutting edge, even today. Find out the weird and woolly history to Plan Nine's inception and eventual consignment as a footnote of operating systems today. So, if you've never heard of Plan 9, how did it exactly differ from the UNIX we know and love today? Here's just a few of the key features under Plan 9's hood + 9P – The distributed file system protocol. Everything runs through this, there is no escaping it. Since everything runs on top of 9P, that makes everything running on a Plan 9 box distributed as well. This means, for example, you can import /dev/audio from another machine on the network to use its sound card when your own machine doesn't have one. + ndb – The namespace server. In conjunction with 9P, it bosses all the programs around and forces them to comply to the Plan 9 way. + Instead of Unix sockets, all the networking just runs through 9P. Thus, everything from ethernet packets to network cards are all just one more kind of file. + While Unicode is implemented ad-hoc in other systems, it's baked into Plan 9 from the first int main(). In fact, even users who don't like Plan 9 have to admit that the character encoding support, together with the beautiful built-in rio font, makes every other operating system look primitive. + The system's own internal programs are built to be a rounded set of user tools from the ground up. So, for instance, it comes with its own editor, acme, built to be its own weird morphing thing that plays nice with the 9P protocol. Sounds neat, but how did it work in the real world? The result was a mixture of both breathtaking efficiency and alienating other-worldliness. Trying out the system is like a visit to an alternate reality where time-traveling gremlins changed how computers are made and used. You can execute anycommand anywhere just by typing its name and middle-clicking on it, even in the middle of reading a file. You can type out your blog post in the middle of a man page and save it right there. Screenshots are made by pointing /dev/screen to a file. When you execute a program in a terminal, the terminal morphs into the program you launched instead of running in the background. The window manager, rio, can be invoked within rio to create an instance of itself running inside itself. You can just keep going like that, until, like Inception, you get lost in which layer you're in. Get used to running Plan 9 long enough, and you will find yourself horribly ill-adapted for dealing with the normal world. While system administrators can't stop praising it, the average home user won't see much benefit unless they happen to run about eight desktop machines scattered all over. But to quote legendary hacker tribal bard Eric S. Raymond: “…Plan 9 failed simply because it fell short of being a compelling enough improvement on Unix to displace its ancestor.” A fascinating article, worth your time to read it through, even though we've pulled some of the best bits here. Nice look at the alternative dimension that could have been. Beastie Bits inks -- Basically Reddit or Hacker News, but without the disagreeable trolls and military industrial complex shills downvoting everything to hide the truth (http://www.tedunangst.com/flak/post/inks) “PAM is Un-American” talk now online (https://youtu.be/Mc2p6sx2s7k) Reddit advertising of “PAM Mastery” (http://blather.michaelwlucas.com/archives/2818) MeetBSD 2016 Report by Michael Dexter (https://www.ixsystems.com/blog/meetbsd-2016-report-michael-dexter/) Various CBSD Tutorials (https://www.bsdstore.ru/en/tutorial.html) Feedback/Questions Dylan - Kaltura Alt (http://pastebin.com/6B96pVcm) Scott - ZFS in Low-Mem (http://pastebin.com/Hrp8qwkP) J - Mixing Ports / Pkgs (http://pastebin.com/85q4Q3Xx) Trenton - Dtract & PC-BSD (http://pastebin.com/RFKY0ERs) Ivan - ZFS Backups (http://pastebin.com/31uqW6vW) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Today on the show, we are going to be chatting with Michael Dexter about a variety of topics, but of course including bhyve! That plus This episode was brought to you by Headlines NetBSD Introduction (https://bsdmag.org/netbsd_intr/) We start off today's episode with a great new NetBSD article! Siju Oommen George has written an article for BSDMag, which provides a great overview of NetBSD's beginnings and what it is today. Of course you can't start an article about NetBSD without mentioning where the name came from: “The four founders of the NetBSD project, Chris Demetriou, Theo de Raadt, Adam Glass, and Charles Hannum, felt that a more open development model would benefit the project: one centered on portable, clean and correct code. They aimed to produce a unified, multi-platform, production-quality, BSD-based operating system. The name “NetBSD” was suggested by de Raadt, based on the importance and growth of networks, such as the Internet at that time, the distributed and collaborative nature of its development.” From there NetBSD has expanded, and keeping in line with its motto “Of course it runs NetBSD” it has grown to over 57 hardware platforms, including “IA-32, Alpha, PowerPC,SPARC, Raspberry pi 2, SPARC64 and Zaurus” From there topics such as pkgsrc, SMP, embedded and of course virtualization are all covered, which gives the reader a good overview of what to expect in the modern NetBSD today. Lastly, in addition to mentioning some of the vendors using NetBSD in a variety of ways, including Point-Of-Sale systems, routers and thin-clients, you may not have known about the research teams which deploy NetBSD: NASA Lewis Research Center – Satellite Networks and Architectures Branch use NetBSD almost exclusively in their investigation of TCP for use in satellite networks. KAME project – A research group for implementing IPv6, IPsec and other recent TCP/IP related technologies into BSD UNIX kernels, under BSD license. NEC Europe Ltd. established the Network Laboratories in Heidelberg, Germany in 1997, as NEC's third research facility in Europe. The Heidelberg labs focus on software-oriented research and development for the next generation Internet. SAMS-II Project – Space Acceleration Measurement System II. NASA will be measuring the microgravity environment on the International Space Station using a distributed system, consisting of NetBSD.“ My condolences, you're now the maintainer of a popular open source project (https://runcommand.io/2016/06/26/my-condolences-youre-now-the-maintainer-of-a-popular-open-source-project/) A presentation from a Wordpress conference, about what it is like to be the maintainer of a popular open source project The presentation covers the basics: Open Source is more than just the license, it is about community and involvement The difference between Maintainers and Contributors It covers some of the reasons people do not open up their code, and other common problems people run into: “I'm embarrassed by my code” (Hint: so is everyone else, post it anyway, it is the best way to learn) “I'm discouraged that I can't finish releases on time” “I'm overwhelmed by the PR backlog” “I'm frustrated when issues turn into flamewars” “I'm overcommitted on my open source involvement” “I feel all alone” Each of those points is met with advice and possible solutions So, there you have it. Open up your code, or join an existing project and help maintain it *** FreeBSD Committer Allan Jude Discusses the Advantages of FreeBSD and His Role in Keeping Millions of Servers Running (http://www.hostingadvice.com/blog/freebsd-project-under-the-hood/) An interesting twist on our normal news-stories today, we have an article featuring our very own Allan Jude, talking about why FreeBSD and the advantages of working on an open-source project. “When Allan started his own company hosting websites for video streaming, FreeBSD was the only operating system he had previously used with other hosts. Based on his experience and comfort with it, he trusted the system with the future of his budding business.A decade later, the former-SysAdmin went to a conference focused on the open-source operating system, where he ran into some of the folks on its documentation team. “They inspired me,” he told our team in a recent chat. He began writing documentation but soon wanted to contribute improvements beyond the docs.Today, Allan sits as a FreeBSD Project Committer. It's rare that you get to chat with someone involved with a massive-scale open-source project like this — rare and awesome.” From there Allan goes into some of the reasons “Why” FreeBSD, starting with Code Organization being well-maintained and documented: “The FreeBSD Project functions like an extremely well-organized world all its own. Allan explained the environment: “There's a documentation page that explains how the file system's laid out and everything has a place and it always goes in that place.”” + In addition, Allan gives us some insight into his work to bring Boot-Environments to the loader, and other reasons why FreeBSD “just makes sense” + In summary Allan wraps it up quite nicely: “An important take-away is that you don't have to be a major developer with tons of experience to make a difference in the project,” Allan said — and the difference that devs like Allan are making is incredible. If you too want to submit the commit that contributes to the project relied on by millions of web servers, there are plenty of ways to get involved! We're especially talking to SysAdmins here, as Allan noted that they are the main users of FreeBSD. “Having more SysAdmins involved in the actual build of the system means we can offer the tools they're looking for — designed the way a SysAdmin would want them designed, not necessarily the way a developer would think makes the most sense” A guide to saving electricity and time with poudriere and bhyve (http://justinholcomb.me/blog/2016/07/03/poudriere-in-bhyve-and-bare-metal.html) “This article goes over running poudriere to built packages for a Raspberry Pi with the interesting twist of running it both as a bhyve guest and then switching to running on bare metal via Fiber Channel via ctld by sharing the same ZFS volume.” “Firstly, poudriere can build packages for different architectures such as ARM. This can save hours of build time compared to building ports from said ARM device.” “Secondly, let's say a person has an always-on device (NAS) running FreeBSD. To save power, this device has a CPU with a low clock-rate and low core count. This low clock-rate and core count is great for saving power but terrible for processor intensive application such as poudriere. Let's say a person also has another physical server with fast processors and a high CPU count but draws nearly twice the power and a fan noise to match.” “To get the best of both worlds, the goal is to build the packages on the fast physical server, power it down, and then start the same ZFS volume in a bhyve environment to serve packages from the always-on device.” The tutorial walks through setting up ‘ahost', the always on machine, ‘fhost' the fast but noisy build machine, and a raspberry pi It also includes creating a zvol, configuring iSCSI over fibre channel and exporting the zvol, booting an iSCSI volume in bhyve, plus installing and setting up poudriere This it configures booting over fibre channel, and cross-building armv6 (raspberry pi) packages on the fast build machine Then the fast machine is shut down, and the zvol is booted in bhyve on the NAS Everything you need to know to make a hybrid physical/virtual machine The same setup could also work to run the same bhyve VM from either ahost or fhost bhyve does not yet support live migration, but when it does, having common network storage like the zvol will be an important part of that *** Interview - Michael Dexter - editor@callfortesting.org (mailto:editor@callfortesting.org) / @michaeldexter (https://twitter.com/michaeldexter) The RoloDexter *** iXSystems Children's Minnesota Star Studio Chooses iXsystems' TrueNAS Storage (https://www.youtube.com/watch?v=FFbdQ_05e-0) *** News Roundup FreeBSD Foundation June 2016 Update (https://www.freebsdfoundation.org/wp-content/uploads/2016/06/FreeBSD-Foundation-June-2016-Update.pdf) The FreeBSD Foundation's June newsletter is out Make sure you submit the FreeBSD Community Survey (https://www.surveymonkey.com/r/freebsd2016) by July 7th: In addition to the opening message from the executive director of the foundation, the update includes details to sponsored work on the FreeBSD VM system, reports from a number of conferences the Foundation attended, including BSDCan The results of the foundation's yearly board meeting People the foundation recognized for their contributions to FreeBSD at BSDCan And an introduction to their new “Getting Started with FreeBSD” project *** [How-To] Building the FreeBSD OS from scratch (http://www.all-nettools.com/forum/showthread.php?34422-Building-the-FreeBSD-OS-from-scratch) A tutorial over at the All-NetTools.com forums that walks through building FreeBSD from scratch I am not sure why anyone would want to build Xorg from source, but you can It covers everything in quite a bit of detail, from the installation process through adding Xorg and a window manager from source It also includes tweaking some device node permissions for easier operation as a non-root user, and configuring the firewall *** Window Systems Should Be Transparent (http://doc.cat-v.org/bell_labs/transparent_wsys/) + Rob Pike of AT&T Labs writes about why Window Systems should be transparent This is an old paper (undated, but I think from the late 80s), but may contain some timeless insights “UNIX window systems are unsatisfactory. Because they are cumbersome and complicated, they are unsuitable companions for an operating system that is appreciated for its technical elegance” “A good interface should clarify the view, not obscure it” “Mux is one window system that is popular and therefore worth studying as an example of good design. (It is not commercially important because it runs only on obsolete hardware.) This paper uses mux as a case study to illustrate some principles that can help keep a user interface simple, comfortable, and unobtrusive. When designing their products, the purveyors of commercial window systems should keep these principles in mind.” There are not many commercial window systems anymore, but “open source” was not really a big thing when this paper was written *** Roger Faulkner, of Solaris fame passed away (http://permalink.gmane.org/gmane.comp.standards.posix.austin.general/12877) “RIP Roger Faulkner: creator of the One and True /proc, slayer of the M-to-N threading model -- and the godfather of post-AT&T Unix” @bcantrill: Another great Roger Faulkner story (https://twitter.com/bcantrill/status/750442169807171584) The story of how pgrep -w saved a monitor -- if not a life (https://news.ycombinator.com/item?id=4306515) @bcantrill: With Roger Faulkner, Tim led an engineering coup inside Sun that saved Solaris circa 2.5 (https://twitter.com/bcantrill/status/750442169807171584) *** Beastie Bits: Developer Ed Maste is requesting information from those who are users of libvgl. (https://lists.freebsd.org/pipermail/freebsd-stable/2016-June/084843.html) HEADS UP: DragonFly 4.5 world reneeds rebuilding (http://lists.dragonflybsd.org/pipermail/users/2016-June/249748.html) Chris Buechler is leaving the pfSense project, the entire community thanks you for your many years of service (https://blog.pfsense.org/?p=2095) GhostBSD 10.3-BETA1 now available (http://ghostbsd.org/10.3_BETA1) DragonFlyBSD adds nvmectl (http://lists.dragonflybsd.org/pipermail/commits/2016-June/500671.html) OPNsense 16.1.18 released (https://opnsense.org/opnsense-16-1-18-released/) bhyve_graphics hit CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=302332) BUG Update FreeBSD Central Twitter account looking for a new owner (https://twitter.com/freebsdcentral/status/750053703420350465) NYCBUG meeting : Meet the Smallest BSDs: RetroBSD and LiteBSD, Brian Callahan (http://lists.nycbug.org/pipermail/talk/2016-July/016732.html) NYCBUG install fest @ HOPE (http://lists.nycbug.org/pipermail/talk/2016-June/016694.html) SemiBUG is looking for presentations for September and beyond (http://lists.nycbug.org/pipermail/semibug/2016-June/000107.html) Caleb Cooper is giving a talk on Crytpo at KnoxBUG on July 26th (http://knoxbug.org/content/2016-07-26) Feedback/Questions Leif - ZFS xfer (http://pastebin.com/vvASr64P) Zach - Python3 (http://pastebin.com/SznQHq7n) Dave - Versioning (http://pastebin.com/qkpjKEr0) David - Encrypted Disk Images (http://pastebin.com/yr7BUmv2) Eli - TLF in all the wrong places (http://pastebin.com/xby81NvC) ***

This week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive This episode was brought to you by Headlines FreeBSD Core Team Election (https://www.freebsd.org/administration.html#t-core) Core.9 has been elected, and will officially take over from Core.8 on Wednesday, 6 July 2016 Many thanks to the outgoing members of the core team for their service over the last 2 years 214 out of 325 eligible voters (65.8%) cast their votes in an election counting 14 candidates. The top nine candidates are, in descending order of votes received: 180 84.1% Ed Maste (incumbent) 176 82.2% George V. Neville-Neil (incumbent) 171 79.9% Baptiste Daroussin (incumbent) 168 78.5% John Baldwin 166 77.6% Hiroki Sato (incumbent) 147 68.7% Allan Jude 132 61.7% Kris Moore 121 56.5% Benedict Reuschling 108 50.5% Benno Rice There was no tie for ninth. BSDNow and the entire community would also like to extend their thanks to all those who stood for election to the core team Next week's core meeting will encompass the members of Core.8 and Core.9, as responsibility for any outstanding items will be passed from outgoing members of core to the new incoming members *** Why I run OpenBSD (http://deftly.net/posts/2016-05-31-why-i-run-openbsd.html) This week we have a good article / blog post talking about why the posted has moved to OpenBSD from Linux. “One thing I learned during my travels between OSs: consistency is everything. Most operating systems seem to, at least, keep a consistent interface between themselves and binaries / applications. They do this by keeping consistent APIs (Application Programming Interfaces) and ABIs (Application Binary Interfaces). If you take a binary from a really old version of Linux and run or build it on a brand-spanking new install of Linux, it will likely Just Work™. This is great for applications and developers of applications. Vendors can build binaries for distribution and worry less about their product working when it gets out in the wild (sure this binary built in 2016 will run on RedHat AS2.1!!).“ The author then goes through another important part of the consistency argument, with what he calls “UPI” or “User Program Interfaces”. In other words, while the ABI may be stable, what about the end-user tooling that the user directly has to interact with on a daily basis? “This inconsistency seems to have come to be when Linux started getting wireless support. For some reason someone (vendors, maybe?) decided that ifconfig wasn't a good place to let users interact with their wireless device. Maybe they felt their device was special? Maybe there were technical reasons? The bottom line is, someone decided to create a new utility to manage a wireless device… and then another one came along… pretty soon there was iwconfig(8), iw(8), ifconfig(8), some funky thing that let windows drivers interface with Linux.. and one called ip(8) I am sure there are others I am forgetting, but I prefer to forget. I have moved onto greener pastures and the knowledge of these programs no longer serves me.” The article then goes through the rundown of how he evaluated the various BSD's and ultimately settled on OpenBSD: “OpenBSD won the showdown. It was the most complete, simple, and coherent system. The documentation was thorough, the code was easy to follow and understand. It had one command to configure all of the network interfaces! I didn't have wireless, but I was able to find a cheap USB adapter that worked by simply running man -k wireless and reading about the USB entries. It didn't have some of the applications I use regularly, so I started reading about ports (intuitively, via man ports!).” The ultimate NetBSD Router (http://blog.tbrodel.me/2016/#netbsd-router) “So yesterday I spent the day setting up a new firewall at home here, based off of this BSD Now tutorial. Having set up a couple of OpenBSD routers before, either based on old laptops, bulky old power-sucking desktops or completely over-specced machines like the Intel NUC, I wanted to get some kind of BSD onto a low-powered ARM board and use that instead.” “I've had a couple of Cubietrucks lying around for a while now, I've used them in a couple of art installations, running Debian and Pure Data, but over all they've been a bit disappointing. It's more the manufacturer's fault but they require blobs for the graphics and audio, which Debian won't allow, so as a multimedia board they're dud for video, and only passable for audio work with a usb sound card. So they've been collecting dust.” “Only thing missing is a second NIC, luckily I had an Apple USB->Ethernet dongle lying around, which when I bought it was the cheapest thing I could find on eBay that OpenBSD definitely supported. There, and on NetBSD, it's supported by the axe(4) driver. USB 2.0 works fine for me as I live in Australia and my ISP can only give me 30Mbps, so this should do for the forseeable future.” + The article then walks through installing and configuring NetBSD + Configuration includes: pf, unbound, and dhcpd “This project has been really fun, I started with basically no experience with NetBSD and have finished with a really useful, low-powered and robust appliance. It's a testament to the simplicity of the NetBSD system, and the BSD design principles in general, that such a novice as myself could figure this out. The NetBSD project has easily the most polished experience on Allwinner ARM boards, even Debian doesn't make it this easy. It's been a joy running the system, it has the bits I love from OpenBSD; ksh(1), tmux(1), an http daemon in base and of course, pf(4). This is mixed with some of the pragmatism I see in FreeBSD; a willingness to accept blobs if that really is the only way to boot, or get audio, or a video console.” bhyve-Bootable Boot Environments (http://callfortesting.org/bhyve-boot-environments/) We have a lengthy article also today from our friend Michael Dexter, who asks the basic question “What if multibooting and OS upgrades weren't horrible?” No doubt if you've been a frequent listener to this show, you've heard Allan or Myself talking about ZFS Boot Environments, and how they can “change your life”. Well today Michael goes further into detail on how the BE's work, and how they can be leveraged to do neat things, like installing other versions of an operating system from the original running system. “If you are reading this, you have probably used a personal computer with a BSD or GNU/Linux operating system and at some point attempted to multiboot between multiple operating systems on the same computer. This goal is typically attempted with complex disk partitioning and a BSD or GNU/Linux boot loader like LILO or GRUB, plus several hours of frustrating experimentation and perhaps data loss. While exotic OS experimentation has driven my virtualization work since the late 1990s, there are very pragmatic reasons for multibooting the same OS on the same hardware, notable for updates and failback to "known good" versions. To its credit, FreeBSD has long had various strategies including the NanoBSD embedded system framework with primary and secondary root partitions, plus the nextboot(8) utility for selecting the "next" kernel with various boot parameters. Get everything set correctly and you can multiboot "with impunity". “That's a good start, and over time we have seen ZFS "boot environments" be used by PC-BSD and FreeNAS to allow for system updates that allow one to fall back to previous versions should something go wrong. Hats off to these efforts but they exist in essentially purpose-built appliance environments. I have long sensed that there is more fun to be had here and a wonderful thing happened with FreeBSD 10.3 and 11.0: Allan Jude added a boot environment menu to the FreeBSD loader” From here Michael takes us through the mechanical bits of actually creating a new ZFS dataset (BE) and performing a fresh FreeBSD 10.3 installation into this new boot-environment. The twist comes at the end, where he next sets up the BE to be a root NFS for booting in bhyve! This is interesting and gives you a way to test booting into your new environment via a VM, before rebooting the host directly into it. *** Interview - Edicarla Andrade & Vinícius Zavam - @egypcio (https://twitter.com/egypcio) BSD-Powered Robots News Roundup Tomohiro Kasumi explains what “@@” means, in the context of the Hammer filesystem (http://lists.dragonflybsd.org/pipermail/users/2016-June/249717.html) A post from the Dragonfly users' mailing list about what the @@ construct means in the Hammer filesystem “@@ represents the existence of a PFS which is logically separated pseudo filesystem space within HAMMER's B-Tree” “HAMMER only has 1 large B-Tree per filesystem (not per PFS), so all the PFS exist within that single B-Tree. PFS are separated by localization parameter which is one of the B-Tree keys used to lookup the tree.” Each substring in "@@-1:00001" means: "@@" means it's a PFS or snapshot. "-1" means it's a master. ":" is just a separator. "00001" means it's PFS#1, where PFS#0 is the default PFS created on newfs. There is no "00000" because that's what's mounted on /HAMMER. PFS# is used for localization parameter. “Localization parameter has the highest priority when inserting or looking up B-Tree elements, so fs elements that belong to the same PFS# tend to be localized (clustered) within the B-Tree” There is also a note about how snapshots are named: "@@0x00..." A user points out that having : in the path can confuse some applications, such as in the case of adding the current directory or a relative path to the $PATH environment variable, which is a colon delimited list of paths This seems quite a bit more confusing that the datasets created by ZFS, but they might have other useful properties *** FreeBSD 11.0 nearing RC1 (https://www.freebsd.org/releases/11.0R/schedule.html) We've all been eagerly awaiting the pending release of FreeBSD 11.0, and the schedule has now been updated! The first release candidate is slated for July 29th! If all goes well (and we stick to schedule) there will be another RC2 and possible RC3 release, before 11.0 officially drops near the end of August. Start playing with those builds folks, be sure to send your feedback to the team to make this the best .0 release ever! *** TensorFlow on FreeBSD (http://ecc-comp.blogspot.com/2016/06/tensorflow-on-freebsd.html) Next we have a blog post about the experience of a “new” FreeBSD user trying to deploy some non-ported software to his new system. Specifically he was interested in running TensorFlow, but not doing a port himself, because in his words: “First, I apologize for not supplying a port archive myself. After reading the FreeBSD handbook for creating a port, it's too complex of a task for me right now. I've only been using FreeBSD for two weeks. I would also not like to waste anyone's time giving them a terrible port archive and mess up their system.” First of all, good ports are often born out of bad ports! Don't let the porting framework daunt you, give it a go, since that's the only way you are going to learn how to write “good” ports over time. The porters-handbook is a good first place to start, plus the community usually is very helpful in providing feedback. He then walks us through the changes made to the TensorFlow code (starting with the assumption that OSX was a good “flavor” to begin porting from) and ultimately compiling. This ends up with the creation of a pip package which works! A good tutorial, and also very similar to what goes on in the porting process. With this write-up perhaps somebody will take up creating a port of it… hint hint! *** NetBSD: A New Beginning? (http://jamesdeagle.blogspot.ca/2016/06/netbsd-new-beginning.html) We don't get enough NetBSD news at times, but this post by James Deagle talks about his adventure with NetBSD 7.0 and making it his “new beginning” “After a few months of traipsing around the worlds of SunOS and Linux, I'm back to NetBSD for what I hope will be a lengthy return engagement. And while I'm enamored of NetBSD for all the previously-mentioned reasons, I'm already thinking ahead to some problems to solve, some of which have also been mentioned before.” He then goes through and lists some of the small nits he's still running into during the daily workflow YouTube audio - Specifically he mentions that no audio is playing, but wonders if Flash plays some part. (Ideally you're not using Flash though, in which case you need to check the audio backend FF is using. Try PulseAudio since it seems the best supported. If pulse is already enabled, install ‘pavucontrol' to make sure audio is playing to the correct sound device) Slow gaming performance (TuxKart and Celestia) - Check DRI / Xorg? Or is it CPU bound? Lastly some unspecified Wireless issues, which typically end up being driver related. (Or use another chipset) Beastie Bits Reproducible NetBSD? 77.7% of the way there (https://reproducible.debian.net/netbsd/netbsd.html) Create FreeBSD virtual machine using qemu. Run the VM using xhyve. (https://gist.github.com/zg/38a3afa112ddf7de4912aafc249ec82f) FreeBSD PowerPC 32bit pkg repository (unofficial). ~19,500 packages, more to come (https://joshcummings.net/pub/FreeBSD) NetBSD machines at Open Source Conference 2016 Gunma (http://mail-index.netbsd.org/netbsd-advocacy/2016/05/16/msg000706.html) Adam Leventhal (of ZFS and DTrace) does an analysis of APFS (http://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/) SemiBug June meeting summary (http://lists.nycbug.org/pipermail/semibug/2016-June/000106.html) KnoxBug Meeting (http://knoxbug.org/content/2016-07-26) Feedback/Questions Andrew - iocage (http://pastebin.com/nuYTzaG6) Florian - Arm + GitHub (http://pastebin.com/PzY68hNS) Clint - Synth (http://pastebin.com/JESGZjLu) Leonardo - Translations (http://pastebin.com/b4LAiPs4) Zachary - Moving things to VMs (http://pastebin.com/VRc8fvBk) ***

This week on the show, we have all the latest news and stories! Plus we'll be hearing more about OpnSense from the man himself, Ike! This episode was brought to you by Headlines Regarding Embargoes (http://www.tedunangst.com/flak/post/regarding-embargoes) Our buddy TedU has a great thought piece today on the idea of “embargoes” for security advisories. This all stemmed from a recent incident with LibreSSL patches from embargoed OpenSSL vulns, that accidentally got committed too early. Ted makes a pretty good case on the difficulties of having embargos, and maybe the reason there shouldn't be. Couple of quotes to give you a taste: “There are several difficulties maintaining embargoes. Keeping secrets is against human nature. I don't want to be the one who leaks, but if I see something that looks like the secret is out, it's a relief to be able to speak freely. There is a bias towards recognizing such signs where they may not really exist. (Exacerbated by broad embargoes where some parts leak but other parts don't. It's actually very hard to tell what's not publicly known when you know everything.) The most thorough embargo and release timeline reconstruction is the heartbleed timeline. It's another great case study. Who exactly decided who were the haves and have nots? Was it determined by who needed to know or who you needed to know? Eventually the dam started to crack.” “When Cloudflare brags that they get advance notice of vulnerabilities, attracting more customers, and therefore requiring even more early access, how are smaller players to compete? What happens if you're not big enough to prenotify? Sometimes vulnerabilities are announced unplanned. Zero day cyber missiles are part of our reality, which means end users don't really have the luxury of only patching on Tuesday. They need to apply patches when they appear. If applying patches at inconvenient times is a problem, make it not a problem. Not really a gripe about embargoes per se, but the scheduled timing of coordinated release at the end of the embargo is catering to a problem that shouldn't exist.” I will admit that CloudFlare bragging around Heartbleed was upsetting The biggest issue here is the difficulty with coordinating so many open source projects, which are often done by volunteers, in different countries and time zones The other issue is determining when the secret is “out of the bag” *** MAJOR ABI BREAK: csu, ld.so, libc, libpthread update (http://www.openbsd.org/faq/current.html#r20160507) OpenBSD warns those following the -current (development) branch to be careful as they upgrade because of a major ABI break that will result in applications not working “Handling of single-threaded programs is now closer to multi-threaded, with ld.so and libc.a doing thread information base (TIB) allocation. Threaded programs from before the 2016/03/19 csu and ld.so update will no longer run. An updated ld.so must be built and installed before running make build.” A special note for those on PowerPC: “PowerPC has been updated to offset the TIB from the hardware register. As a result, all threaded programs are broken until they have been rebuilt with the new libc and libpthread. perl must be built after building the libraries and before building the rest of base.” “The definitions of environ and __progname for dynamically linked programs have been moved from the C startup code to ld.so(1). An updated ld.so must be built and installed before running make build.” The link provides instructions on how to update your system properly *** How to install FreeBSD 10.3 on VMWare Workstation 12 Pro (http://random-notes-of-a-sysadmin.blogspot.be/2016/04/howto-install-freebsd-103-on-vmware.html) This tutorial starts at the very basics, running through the FreeBSD installer But then it goes on to configuring the machine specifically for VMWare After the system has been booted, the tutorial walks through installing the VMWare tools Then networking is configured in both VMWare and FreeBSD A small hack is required to make the VMWare tools startup script wait until the network is up A very nice tutorial for people using VMWare I am working on a patch to bsdinstall to ensure that the swap partition is put before the main partition, so it can more easily be resized if you later decide you need more space in your VM the camcontrol reprobe subcommand has been added (https://svnweb.freebsd.org/base?view=revision&revision=299371), “This makes it possible to manually force updating capacity data after the disk got resized. Without it it might be necessary to reboot before FreeBSD notices updated disk size under eg VMWare.” *** BSD Router project releases v1.59 (https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.59/) We've talked about the BSD Router project a bit in the past, but today we have a brand new release to bring to you. For those who don't remember, the BSDrp is a router aimed at replacing more of your big-commercial type systems. First up in the new hotness, we have it based upon recently released FreeBSD 10.3! In addition, there is a new package: New package: mlvpn (aggregated network links in order to benefit from the bandwidth of multiple links) Other packages have gotten a bump with this release as well: bsnmp-ucd to 0.4.2 dma to 0.11 dmidecode to 3.0 exabgp to 3.4.15 iperf3 to 3.1.2 monit to 5.17 mpd5 to 5.8 openvpn to 2.3.10 python to 2.7.11 quagga to 1.0.20160315 strongswan to 5.4.0 What are you waiting for? Amd64 and i386 images are ready for you to download now. Interview - Isaac (.Ike) Levy - See Ike again at SEMIBug in Troy, Michigan on May 17th (http://semibug.org/) *** News Roundup Tredly - Prebuilt containers on FreeBSD (https://github.com/tredly/) Discussion regarding its GPLv3 licensing (https://www.reddit.com/r/freebsd/comments/4gggw8/introducing_tredly_containers_for_unix_freebsd/) A new “container” solution called “Trendly” has started making some news around various tech sites. In particular, this new project uses FreeBSD as its base OS and jail functionality in the backend. Their solution seems based around the idea of shipping containers as manifests, such as lists of packages to install and configuration knobs. The project is still rather new, and we'll be keeping an eye on it for the future. One notable change already though, it was (for some reason) released under GPLv3. Understandably this caused quite a ruckus with various folks in the community, since it's built specifically on BSD. Since this, the code has been re-licensed as MIT, which is far more in the spirit of a traditional BSD license. *** NVMe driver added to NetBSD - ported from OpenBSD (https://www.netbsd.org/changes/changes-8.0.html#nvme%284%29) NetBSD has gained support for Non-Volatile Memory Express, the new standard for PCIe attached Flash Memory The change of interface from SATA to NVMe offers a number of advantages, mostly, it doesn't require the device to pretend to be a spinning disk One of the biggest advantages is that it supports completing multiple operations at once, with the Intel hardware I have tested, 63 I/Os can happen concurrently, so a very large queue depth is required to keep the device busy. The 64th I/O channel is reserved for administrative commands, to keep them from being delayed by the large queue depth The device I tested could read at 3800 MB/s, and write 1700MB/s, something that wouldn't be possible with a normal SSD It is interesting that NetBSD took the NVMe support from OpenBSD, whereas the FreeBSD implementation was contributed directly by Intel This may have to do with that fact that OpenBSD's device model is closer to that of NetBSD Commit Log (http://mail-index.netbsd.org/source-changes/2016/05/01/msg074367.html) *** New BSDNow T-Shirts (https://teespring.com/bsdnow) By popular demand, we have created a more subtle BSDNow shirt Featuring only the smallish BSDNow logo over the left breast Available in a number of styles (T-Shirt, Women's T-Shirt, Long Sleeve, and Hoodie) as well as a number of colours: Black, Blue, Grey, and White The hope is that enough orders come though so we can get them shipped in and your sweaty little hands in time for BSDCan. (I'll be wearing mine, will you B...SD?) If you still want one of our now-famous “The Usual BSD's” t-shirts, you can also indicate your interest here, and once 10 or more shirts are ordered, a reprint will happen automatically (https://teespring.com/bsd105) *** PC-BSD 11-CURRENT with Package Base (http://lists.pcbsd.org/pipermail/testing/2016-May/010616.html) Looking for a way to play with the new FreeBSD base package system? This month's PC-BSD -CURRENT image now used packages for base system installation, and is asking for testers to help find bugs. Known issues so far: setuid binaries (Fix in works) Missing tzone files Distrib packages If all that doesn't scare you away, then give it a whirl! Upgrades for previous APRIL images are now online also. *** BeastieBits HardenedBSD + LibreSSL (https://hardenedbsd.org/article/shawn-webb/2016-05-05/libressl-hardenedbsd-base) Michael Dexter's talk at LFNW 2016 is the 2nd highest youtube views from this years conference (https://www.youtube.com/watch?v=6k1Mf0c6YW8) Why OpenBSD is important to me (http://ggr.com/why-openbsd-is-important-to-me.html) Study of nginx-1.9.12 performance/latency on DragonFlyBSD-g67a73 (http://lists.dragonflybsd.org/pipermail/users/2016-May/249581.html) Running FreeBSD / OpenBSD / NetBSD as a virtualised guest on Online.net (https://www.geeklan.co.uk/?p=2109) The interesting story of how IllumOS syscalls work (http://zinascii.com/2016/the-illumos-syscall-handler.html) The BeaST is the FreeBSD based dual-controller reliable storage system concept with aim to implement ZFS and in-memory cache. (https://mezzantrop.wordpress.com/portfolio/the-beast/) Francois Tigeot updates the drm/i915 driver to match what's in Linux kernel 4.3 (http://lists.dragonflybsd.org/pipermail/commits/2016-May/500352.html) FreeBSD is working on the update to Linux Kernel 4.6, we may finally get ahead of Dragonfly! (https://twitter.com/ed_maste/status/730450314889924608) Feedback/Questions Oskar - Torrent Jail (http://pastebin.com/RT7tVtQ7) Shane - ZFS Delete (http://pastebin.com/VkpMeims) Adam - Zimbra Port (http://pastebin.com/MmQ00Sv1) Ray - PC-BSD - FrameBuffer (http://pastebin.com/Xx9TkX7A) Richard - ZFS Backups (http://pastebin.com/ncYxqpg3) ***

This week on BSDNow, Allan is back in down from Europe! We'll get to hear some of his wrap-up and get caught up on the latest BSD This episode was brought to you by Headlines FreeBSD Quarterly Report (http://www.freebsd.org/news/status/report-2016-01-2016-03.html) This quarterly status report starts with a rather interesting introduction by Warren Block ASLR Porting CEPH to FreeBSD RCTL I/O Rate Limiting The Graphics Stack on FreeBSD (Haswell is in, work is progressing on the next update) CAM I/O Scheduler NFS Server updates, working around the 16 group limit, and implementing pNFS, allowing NFS to scale beyond a single server Static Analysis of the FreeBSD Kernel with PVS Studio PCI-express HotPlug GitLab Port committed! WITHFASTDEPEND and other improvements to the FreeBSD build system Lots of other interesting stuff *** A Prog By Any Other Name (http://www.tedunangst.com/flak/post/a-prog-by-any-other-name) Ted Unangst looks at what goes into the name of a program “Sometimes two similar programs are really the same program with two names. For example, grep and egrep are two commands that perform very similar functions and are therefore implemented as a single program. Running ls -i and observing the inode number of each file will reveal that there is only one file. Calling the program egrep is a shorthand for -E and does the same thing.” So BSD provides __progname in libc, so a program can tell what its name is But, what if it has more than one name? “In fact, every program has three names: its name in the filesystem, the name it has been invoked with, and whatever it believes its own name to be.” Of course it is not that easy. “there's another set of choices for each name, the full path and the basename” “It's even possible on some systems for argv[0] to be NULL.” He then goes on to rename doas (the OpenBSD light replacement for sudo) to banana and discuss what happens “On that note, another possible bug is to realize that syslog by default uses progname. A user may be able to evade log monitoring by invoking doas with a different name. (Just fixed.)” Another interesting article from our friend Ted *** FreeBSD (https://summerofcode.withgoogle.com/organizations/4892834293350400/) and NetBSD (https://summerofcode.withgoogle.com/organizations/6246531984261120/) Google Summer of Code projects have been announced Some FreeBSD highlights: Add SCSI passthrough to CTL (share an optical drive via iSCSI) Add USB target mode driver based on CTL (share a USB device via iSCSI) API to link created /dev entries to sysctl nodes Implement Ethernet Ring Protection Switching (ERPS) HD Audio device model in userspace for bhyve Some NetBSD highlights: Implement Ext4fs support in ReadOnly mode NPF and blacklistd web interface Port U-Boot so it can be compiled on NetBSD Split debug symbols for pkgsrc builds *** libressl - more vague priomises (http://www.tedunangst.com/flak/post/libressl-more-vague-promises) We haven't had a Ted U article on the show as of late, however this week we get several! In his next entry “LibreSSL, more vague promises” He then goes into some detail on what has happened with LibreSSL in the past while, as well as future plans going forward. “With an eye to the future, what new promises can we make? Some time ago I joked that we only promised to make a better TLS implementation, not a better TLS. Remains true, but fortunately there are people working on that, too. TLS 1.3 support is on the short term watchlist. The good news is we may be ahead of the game, having already removed compression. How much more work can there be?” “LibreSSL integrated the draft chacha20-poly1305 construction from BoringSSL. The IETF has since standardized a slightly different version because if it were the same it wouldn't be different. Support for standard variant, and the beginning of deprecation for the existing code, should be landing very shortly. Incidentally, some people got bent out of shape because shipping chacha20 meant exposing non IANA approved numbers to Internet. No promises that won't happen again.” *** Interview - Samy Al Bahra - @0xF390 (https://twitter.com/0xF390) Backtrace *** News Roundup systrace(1) is removed for OpenBSD 6.0 (http://marc.info/?l=openbsd-cvs&m=146161167911029&w=2) OpenBSD has removed systrace, an older mechanism for limiting what syscalls an application can make It is mostly replaced by the pledge() system OpenBSD was the first implementation, most others have been unmaintained for some time The last reported Linux version was for kernel 2.6.1 NetBSD removed systrace in 2007 *** pfSense Video Series: Comprehensive Guide To pfSense 2.3 (https://www.youtube.com/playlist?list=PLE726R7YUJTePGvo0Zga2juUBxxFTH4Bk) A series of videos (11 so far), about pfSense Covers Why you would use it, how to pick your hardware, and installation Then the series covers some networking basics, to make sure you are up to speed before configuring your pfSense Then a comprehensive tour of the WebUI Then goes on to cover graphing, backing up and restoring configuration There are also videos on running DHCP, NTP, and DNS servers *** DuckDuckGo announces its 2016 FOSS Donations (https://duck.co/blog/post/303/2016-foss-donations-announcement) The theme is “raising the standard of trust online” Supported projects include: OpenBSD Foundation announces DuckDuckGo as a Gold Sponsor (http://undeadly.org/cgi?action=article&sid=20160503085227&mode=expanded) the Freedom of the Press Foundation for SecureDrop the Freenet Project the CrypTech Project the Tor Project Fight for the Future for Save Security Open Source Technology Improvement Fund for VeraCrypt (based on TrueCrypt) Riseup Labs for LEAP (LEAP Encryption Access Project) GPGTools for GPGMail *** Larry the BSD Guy hangs up his hat at FOSS Force (http://fossforce.com/2016/04/bsd-linuxfest-northwest/) After 15 years, Larry the BSD Guy has decided to hang it up, and walk into the sunset! (Figuratively of course) After wrapping up coverage of recent LinuxFest NorthWest (Which he didn't attend), Larry has decided it's time for a change and is giving up his column over at FOSS Force, as well as stepping away from all things technical. His last write-up is a good one, and he has some nice plugs for both Dru Lavigne and Michael Dexter of the BSD community. He will be missed, but we wish him all the luck with the future! He also puts out the plug that FOSS Force will be needing a new columnist in the near future, so if you are interested please let them know! *** Beastie Bits If you sponsored “FreeBSD Mastery: Advanced ZFS”, check your mail box (http://blather.michaelwlucas.com/archives/2648) pkg-1.7.0 is an order of magnitude slower than pkg-1.6.4 (https://marc.info/?l=freebsd-ports&m=146001143408868&w=2) -- Caused by a problem not in pkg LinuxFest Northwest 2016 Recap (https://www.ixsystems.com/blog/linuxfest-northwest-2016/) Dru Lavigne's 'Doc like an Egyption' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/doc-egyptian) Michael Dexters' 'Switching to BSD from Linux' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/devil-details-switching-bsd-linux) Michael Dexters' 'Secrets to enduring user groups' talk from LFNW (https://www.linuxfestnorthwest.org/2016/sessions/20-year-and-counting-secrets-enduring-user-groups) January issue of Freebsd Journal online for free (https://www.freebsdfoundation.org/journal/) Ghost BSD releases 10.3 Alpha1 for testing (http://ghostbsd.org/10.3_alpha1) EuroBSDcon 2016 - Call for Papers - Dealine: May 8th (https://www.freebsdnews.com/2016/04/15/eurobsdcon-2016-call-for-papers/) KnoxBUG Initial Meeting (http://www.knoxbug.org/content/knoxbug-maiden-voyage) Photos, slides, and videos from the Open Source Data Center Conference (https://www.netways.de/en/events_trainings/osdc/archive/osdc2016/) *** Feedback/Questions Mohammad - Replication (http://pastebin.com/KDnyWf6Y) John - Rolling new packages (http://pastebin.com/mAbRwbEF) Clint - Unicast (http://pastebin.com/BNa6pyir) Bill - GhostBSD (http://pastebin.com/KDjS2Hxa) Charles - BSD Videos (http://pastebin.com/ABUUtzWM) ***

This week on BSDNow, we are going to be talking to Pawel about how his This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Note the recent passing of 2 members of the BSD community Juergen Lock / Nox (https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/contrib-develinmemoriam.html) Benjamin Perrault / creepingfur (https://twitter.com/michaeldexter/status/676290499389485057) Memories from Michael Dexter (http://pastebin.com/4BQ5uVsT) Additional Memories (http://www.filis.org/rip_ben.txt) Benjamin and Allan at Ben's local bar (http://www.allanjude.com/bsd/bp/IMG_20151101_161727-auto.jpg) Benjamin treated Allan and Michael Dexter to their first ever Bermese food (http://www.allanjude.com/bsd/bp/IMG_20151101_191344-auto.jpg) Benjamin enjoying the hallway track at EuroBSDCon 2015 (http://www.allanjude.com/bsd/bp/IMG_20151003_105457-auto.jpg) *** NGINX as Reverse Proxy for Apache on FreeBSD 10.2 (http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/) A tutorial on setting up NGINX as a reverse proxy for Apache Sometimes your users or application require some feature of Apache, that cannot be easily replicated in NGINX, like .htaccess files or a custom apache module In addition, because the default worker model in Apache does not accept new work until it is finished sending the request, a user with a slow connection can tie down that worker for a long time With NGINX as a reverse proxy, it will receive the data from the Apache worker over localhost, freeing that worker to answer the next request, while NGINX takes care of sending the data to the user The tutorial walks through the setup, which is very easy on modern FreeBSD One could also add mod_rpaf2 to the Apache, to securely pass through the users' real IP address for use by Apache's logging and the PHP scripts *** FreeBSD and FreeNAS in Business by Randy Westlund (http://bsdmag.org/freebsd_freenas/) The story of how a Tent & Awning company switched from managing orders with paper, to a computerized system backed by a FreeNAS “At first, I looked at off-the-shelf solutions. I found a number of cloud services that were like Dropbox, but with some generic management stuff layered on top. Not only did these all feel like a poor solution, they were very expensive. If the provider were to go out of business, what would happen to my dad's company?” “Fortunately, sourcing the hardware and setting up the OS was the easiest part; I talked to iXsystems. I ordered a FreeNAS Mini and a nice workstation tower” “I have r2d2 (the tower, which hosts the database) replicating ZFS snapshots to c3po (the FreeNAS mini), and the data is backed up off-site regularly. This data is absolutely mission-critical, so I can't take any risks. I'm glad I have ZFS on my side.” “I replaced Dropbox with Samba on c3po, and the Windows machines in the office now store important data on the NAS, rather than their local drives.” “I also replaced their router with an APU board running pfSense and replaced their PPTP VPN with OpenVPN and certificate authorization.” “FreeBSD (in three different incarnations) helped me focus on improving the company's workflow without spending much time on the OS. And now there's an awning company that is, in a very real sense, powered by FreeBSD.” *** Tutorial, Windows running under bhyve (http://pr1ntf.xyz/windowsunderbhyve.html) With the recent passing of the world's foremost expert on running Windows under bhyve on FreeBSD, this tutorial will help you get up to speed “The secret sauce to getting Windows running under bhyve is the new UEFI support. This is pretty great news, because when you utilize UEFI in bhyve, you don't have to load the operating system in bhyveload or grub-bhyve first.” The author works on iohyve, and wanted to migrate away from VirtualBox, the only thing stopping that was support for Windows Guests iohyve now has support for managing Windows VMs The tutorial uses a script to extract the Windows Server 2008 ISO and set up AutoUnattend.xml to handle the installation of Windows, including setting the default administrator password, this is required because there is no graphical console yet The AutoUnattended setup also includes setting the IP address, laying out the partitions, and configuring the serial console A second script is then used to make a new ISO with the modifications The user is directed to fetch the UEFI firmware and some other bits Then iohyve is used to create the Windows VM The first boot uses the newly created ISO to install Windows Server 2008 Subsequent boots start Windows directly from the virtual disk Remote Desktop is enabled, so the user can manage the Windows Server graphically, using FreeRDP or a Windows client iohyve can then be used to take snapshots of the machine, and clone it *** BSD Router Project has released 1.58 (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.58/) The BSD Router project has announced the release of version 1.58 with some notable new features Update to FreeBSD 10.2-RELEASE-p8 Disabled some Chelsio Nic features not used by a router Added new easy installation helper option, use with “system install ” Added the debugging symbols for userland Includes the iperf package, and flashrom package, which allows updating system BIOS on supported boxes IMPORTANT: Corrects an important UFS label bug introduced on 1.57. If you are running 1.57, you will need to fetch their fixlabel.sh script before upgrading to 1.58 *** OPNsense 15.7.22 Released (https://opnsense.org/opnsense-15-7-22-released/) An update to OPNsense has landed this week which includes the important updates to OpenSSL 1.0.2e and LibreSSL 2.2.5 A long-standing annoying bug with filter reload timeouts has finally been identified and sorted out as well, allowing the functionality to run quickly and “glitch free” again. Some newer ports for curl (7.46), squid (3.5.12) and lighttpd (1.4.38) have also been thrown in for good measure Some other minor UI fixes have also been included as well With the holidays coming up, if you are still running a consumer router, this may be a good time to convert over to a OPNsense or PFsense box and get yourself ready for the new year. *** iXsystems iXSystems releases vCenter Web Client Plug-in for TrueNAS (https://www.ixsystems.com/whats-new/2015/12/vcenter-web-client-plug-in-for-truenas-now-available/) Interview - Pawel Jakub Dawidek - pjd@FreeBSD.org (mailto:pjd@FreeBSD.org) News Roundup Developer claims the PS4 has been jail-broken (http://www.networkworld.com/article/3014714/security/developer-claims-ps4-officially-jailbroken.html) While not exactly a well-kept secret, the PS4's proprietary “OrbOS” is FreeBSD based. Using this knowledge and a Kernel exploit, developer CTurt (https://twitter.com/CTurtE/) claims he was able jailbreak a WebKit process and gain access to the system. He has posted a small tease to GitHub, detailing some of the information gleaned from the exploit, such as PID list and root FS dump As such with these kinds of jailbreaks, he already requested that users stop sending him requests about game piracy, but the ability to hack on / run homebrew apps on the PS4 seems intriguing *** Sepherosa Ziehau is looking for testers if you have a em(4), emx(4), or igb(4) Intel device (http://lists.dragonflybsd.org/pipermail/users/2015-December/228461.html) DragonFly Testers wanted! Sephe has posted a request for users of the em(4), emx(4) and igb(4) intel drivers to test his latest branch and report back results He mentions that he has tested the models 82571, 82574 and 82573 (em/emx); 82575, 82576, 82580 and i350 specifically, so if you have something different, I'm sure he would be much appreciative of the help. It looks like the em(4) driver has been updated to 7.5.2, and igb(4) 2.4.3, and adds support for the I219-LM and I219-V NICS. *** OpenBSD Xen Support (https://marc.info/?l=openbsd-tech&m=144933933119525&w=2) Filed under the “Ohh, look what's coming soon” section, it appears that patches are starting to surface for OpenBSD Xen DOMU support. For those who aren't up on their Xen terminology, DomU is the unprivileged domain (I.E. Guest mode) Right now the patch exists at the link above, and adds a new (commented out) device to the GENERIC kernel, but this gives Xen users something new to watch for updates to. *** Thinkpad Backlit Keyboard support being worked on (http://freshbsd.org/commit/openbsd/b355449caa22e7bb6c460f7a647874836ef604f0) Another reason why Lenovo / ThinkPads are some of the best laptops currently to use with BSD, the kettenis over at the OpenBSD project has committed a patch to enable support for the “ThinkLight” For those who don't know, this is the little light that helps illuminate the laptop's keyboard under low-light situations. While the initial patch only supports the “real-deal” ThinkLight, he does mention that support will be added soon for the others on ThinkPads No sysctl's to fiddle with, this works directly with the ACPI / keyboard function keys directly, nice! *** Deadline is approaching for Submissions of Tutorial Proposals for AsiaBSDCon 2016 (https://2016.asiabsdcon.org/cfp.html) Call for Papers for BSDCAN 2016 now open (http://www.bsdcan.org/2016/papers.php) + The next two major BSD conferences both have their CFP up right now. First up is AsiaBSDCon in Tokyo from March 10th-13th, followed by BSDCan in Ottawa, June 8th-11th. + If you are working on anything interesting in the BSD community, this is a good way to get the word out about your project, plus the conference pays for Hotel / Travel. + If you can make it to both, DO SO, you won't regret it. Both Allan and Kris will be attending and we would look forward to meeting you. iohyve lands in ports (https://github.com/pr1ntf/iohyve) (http://www.freshports.org/sysutils/iohyve/) + Something we've mentioned in passing has taken its first steps in becoming reality for users! “iohyve” has now landed in the FreeBSD ports tree + While it shares a similar name to “iocage” its not directly related, different developers and such. However it does share a very similar syntax and some principles of ZFS usage + The current version is 0.7, but it already has a rather large feature set + Among the current features are ISO Management, resource management, snapshot support (via ZFS), and support for OpenBSD, NetBSD and Linux (Using grub-bhyve port) BeastieBits hammer mount is forced noatime by default (http://lists.dragonflybsd.org/pipermail/users/2015-November/228445.html) Show your support for FreeBSD (http://freebsdfoundation.blogspot.com/2015/12/show-your-support-for-freebsd.html) OpenBSD running in an Amazon EC2 t2.micro (https://gist.github.com/reyk/e23fde95354d4bc35a40) NetBSD's 2015Q4 Package freeze is coming (http://mail-index.netbsd.org/tech-pkg/2015/12/05/msg016059.html) ‘Screenshots from Developers' that we covered previously from 2002, updated for 2015 (https://anders.unix.se/2015/12/10/screenshots-from-developers--2002-vs.-2015/) Feedback/Questions (slexy was down when I made these, I only did 3, since the last is really long, save rest for next week) Mark - BSD laptops (http://pastebin.com/g0DnFG95) Jamie - zxfer (http://pastebin.com/BNCmDgTe) Anonymous - Long Story (http://pastebin.com/iw0dXZ9P) ***