Podcasts about midnightbsd

The Unix v4 recovery, webzfs, openbgpd 9.0, MidnightBSD 4.0, and more... NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines University of Utah team discovers rare computer relic (https://ksltv.com/science-technology/university-of-utah-discovers-rare-computer-relic/853296/) The attempt to read the UNIX V4 tape is underway! (https://mastodon.social/redirect/statuses/115747843746305391) UNIX V4 Tape from University of Utah (https://archive.org/details/utah_unix_v4_raw) UNIX V4 tape successfully recovered: First ever version of UNIX written in C is running again (https://www.theregister.com/2025/12/23/unix_v4_tape_successfully_recovered/) An initial analysis of the discovered Unix V4 tape (https://www.spinellis.gr/blog/20251223/) WebZFS (https://github.com/webzfs/webzfs) News Roundup OpenBGPD 9.0 released (https://www.undeadly.org/cgi?action=article;sid=20251231070524) MidnightBSD 4.0 (https://www.midnightbsd.org/notes/4.0/index.html) Let's run FreeBSD 15.0-RELEASE on a Raspberry Pi Zero 2 W (https://briancallahan.net/blog/20251216.html) Figuring out how I want to set up the TVPC (https://vulcanridr.mataroa.blog/blog/figuring-out-how-i-want-to-set-up-the-tvpc/) TVPC update (https://vulcanridr.mataroa.blog/blog/tvpc-update/) C&C Red Alert2 in your browser (https://chronodivide.com) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions rick - shout out.md (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/646/feedback/rick%20-%20shout%20out.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs (https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/) 2023 in Review: Continuous Integration and Workflow Improvement (https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/) News Roundup Running OpenBSD on OmniOS using bhyve (https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/) FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory? (https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/) OpenBSD workstation hardening (https://dataswamp.org/~solene/2023-12-31-hardened-openbsd-workstation.html) KDE Plasma now linked to packages build on -current (https://www.undeadly.org/cgi?action=article;sid=20231227120851&utm_source=bsdweekly) MidnightBSD 3.1.3 release (https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Kieran - Feedback (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md) Albin - links inquires questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

This challenge gets ugly as we slowly realize we've just become zombie slayers. We load Linux on three barely alive systems, and it takes a turn we didn't expect.

Terrapin Attack, SSH Hardening with ssh-audit, MidnightBSD 3.1.2, syscall(2) removed from -current, 2024 FreeBSD Community Survey is Here NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Terrapin Attack (https://terrapin-attack.com) OpenSSH 9.6 is out (https://undeadly.org/cgi?action=article;sid=20231219122431) OpenBSD Patches (https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/011_ssh.patch.sig) FreeBSD Patches (https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc) If anyone is aware of NetBSD Patches, please send them into the show so I can update the show notes SSH Hardening with ssh-audit (https://thoughts.greyh.at/posts/ssh-audit/) News Roundup MidnightBSD 3.1.2 (https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-2) syscall(2) removed from -current (https://undeadly.org/cgi?action=article;sid=20231213062827) 2024 FreeBSD Community Survey is Here (https://freebsdfoundation.org/blog/2024-freebsd-community-survey-is-here/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions (Markus - how to verify FreeBSD deliverables](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/Markus%20-%20how%20to%20verify%20FreeBSD%20deliverables.md) (neb - tui](https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/539/feedback/neb%20-%20tui.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Unlocking Infrastructure Sovereignty, first meeting of the FreeBSD Enterprise Working Group, HardenedBSD August 2023 Status Report, GhostBSD August 2023 donation report, MidnightBSD 3.1 Released, OpenBSD Webzine ISSUE #14, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Unlocking Infrastructure Sovereignty: Harnessing the Power of Open Source Solutions for Business Flexibility and Cost-Effectiveness (https://klarasystems.com/articles/unlocking-infrastructure-sovereignty-harnessing-the-power-of-open-source-solutions/) Recap of first meeting of the FreeBSD Enterprise Working Group (https://freebsdfoundation.org/blog/recap-of-first-meeting-of-the-freebsd-enterprise-working-group/) News Roundup HardenedBSD August 2023 Status Report (https://hardenedbsd.org/article/shawn-webb/2023-09-01/hardenedbsd-august-2023-status-report) • [HardenedBSD 14-STABLE Now Available](https://hardenedbsd.org/article/shawn-webb/2023-09-11/hardenedbsd-14-stable-now-available) August 2023 donation report (http://ghostbsd.org/news/August_2023_donation_report) • [Late on the announcement but... GhostBSD 23.06.01 ISO is now available](http://ghostbsd.org/23.06.01_iso_is_now_available) MidnightBSD 3.1 Released (https://www.phoronix.com/news/MidnightBSD-3.1) OpenBSD Webzine ISSUE #14 is out (https://webzine.puffy.cafe/issue-14.html) Beastie Bits • [ZFS for Dummies](https://ikrima.dev/dev-notes/homelab/zfs-for-dummies/) • [The Switch runs FreeBSD](https://www.reddit.com/r/NintendoSwitch/comments/5xbe5a/the_switch_runs_freebsd_making_it_nintendos_first/) • [KDE on OpenBSD](https://marc.info/?l=openbsd-ports&m=169391479324962) • [(Kubernetes v1.28.0) for illumos, FreeBSD and OpenBSD](https://medium.com/@norlin.t/by-the-way-planternetes-kubernetes-v1-28-0-for-illumos-freebsd-and-openbsd-5d57026d6a25) • [Video: C Programming on System 6 - VCF Midwest, Wi-Fi DA](https://jcs.org/2023/09/20/vcfmw) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

FreeBSD 13.2 Release, Using DTrace to find block sizes of ZFS, NFS, and iSCSI, Midnight BSD 3.0.1, Closing a stale SSH connection, How to automatically add identity to the SSH authentication agent, Pros and Cons of FreeBSD for virtual Servers, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD 13.2 Release Announcement (https://www.freebsd.org/releases/13.2R/announce/) Using DTrace to find block sizes of ZFS, NFS, and iSCSI (https://axcient.com/blog/using-dtrace-to-find-block-sizes-of-zfs-nfs-and-iscsi/) News Roundup Midnight BSD 3.0.1 (https://www.phoronix.com/news/MidnightBSD-3.0.1) Closing a stale SSH connection (https://davidisaksson.dev/posts/closing-stale-ssh-connections/) How to automatically add identity to the SSH authentication agent (https://sleeplessbeastie.eu/2023/04/10/how-to-automatically-add-identity-to-the-ssh-authentication-agent/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Dan - ZFS question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/504/feedback/Dan%20-%20ZFS%20question.md) Matt - Thanks (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/504/feedback/Matt%20-%20Thanks.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

First up in the news: Looks like the end for Mycroft, Proton offers Drive for everybody, MidnightBSD takes on helloSystem, Fedora 38 now with full Flathub access, new Transmission, Android 14 Preview, Framework has new SSDs, new versions of KaOS and Parrot, Ardour and Clonezilla have new releases, and systemd is the future; In security and privacy, several PyPI packages steal crypto; Then in our Wanderings, Joe's back hurts, Moss is underworked, and Bill is not. In our Innards section, we have invited Danielle Foré to come and talk about her Elementary OS project, and other changes; Download

UNIX, Linux, and BSD Linux was created by PC users attempting to use mainframe UNIX. BSD was created by mainframe UNIX users attempting to use a PC. BSD is what I like to call a “Pedigree UNIX”, meaning that it is a pure blooded descendant of AT&T UNIX. Although all of the original AT&T code has been re-written so a permissive license, the heritage persists. In contrast to Linux (which shares no original Bell Labs code), BSD was originally all Labs code. BSD in the wild BSD style licensing is quite simple to understand compared to the tome that is the GPL. Interpreting it usually goes something like follows: Do whatever the hell you want with this code, just don't blame me when it breaks something and don't claim you wrote it Permissive licensing means that various companies can put lipstick on the UNIX pig and falsely assert that it's anything other than lipstick on the UNIX pig. Not that UNIX is a pig, but you cannot disguise a pig with lipstick. Those burdened with the gift of sight and knowledge can spot a UNIX system quite easily. Apple software is basically stolen BSD Windows TCP/IP stack (and ftp/rcp/rsh/ssh/scp and other various non-trash networking protocols) is basically stolen BSD Sony PlayStation is basically stolen BSD Nintendo switch is basically stolen BSD a million others that I can't be bothered to list because they're either abandonware or are embedded in your e-toaster and internet enabled dishwasher so no one cares Interacting with BSD guys Most Linux enthusiasts are missionaries. They are generally helpful and seek to guide the computing neophyte into the inner circle of FSF initiates. The BSD guys tend to be like hermits. They don't care if you use their code, they only care that the code works for them. When you ask for help, a typical response will be “did you even read the error logs?” or “did you even RTFM? What about supplemental documentation? We didn't write TFM just so you could go online and ask something clearly documented in TFM.” Not all BSD guys are bitter, but you really should consult available resources before asking questions Forking vs distros In Linux land, all the distros are basically the same with varying coats of paint. We call these distributions because all “implementations” of linux are nearly identical code bases built with varying compile time options. In BSD land, distros don't exist. Free/Net/Open are entirely independent and don't share a common upstream. They are forks of primordial BSD that run separate kernels, separate userlands, etc. Although code is shared amongst each other, a statically linked binary can't simply be dumped from one to another and still run as it would in Linux land. Meta-distos of FreeBSD do exist but they are short lived unless they have corporate backers. Idiot's guide to picking a BSD I want basically Linux desktop out of the box but with a BSD kernel so I can look cool when I post a neofetch screenshot to the /g/ desktop thread!! Selecting a FreeBSD fork that comes with a desktop is your goto. The currently maintained desktop distros are HelloSystems, GhostBSD, NomadBSD, and MidnightBSD. I want a viable desktop operating system FreeBSD with a non-GNOME DE is fairly reliable. I've had success with KDE, XFCE, and various tiling window managers. GNOME is too reliant on systemd so the port is janky. I want something to learn by example with OpenBSD is a great learning platform. The source code for userland utils is simple, short, and generally free from OS specific function calls. RTFM goes by the wayside when you easily RTFSC. I want to prevent foot shooting incidents OpenBSD eliminates many foot shooting scenarios by being a thorn in the side of the user who wants to do stupid things I want to run UNIX to an obscure device OpenBSD runs on a lot of architectures: i386, amd64, arm64, arm7, alpha, sparc64, risc64, ppc64, etc. The devs self-host these ports (ie build the release on a physical processor instead of cross compiling). This means that the alpha port is actually built on a VAX machine, the sparc port is actually built on a sparc machine, etc. NetBSD runs on everything. I can't decide!!! Pick one for me!!! Just go with FreeBSD. It feels a lot like old Debian. Hardware Lenovo Thinkpads are bulletproof. Buy something on ebay. Dell desktops generally work quite well. Intel components are most stable. You will suffer less if you can find a pure Intel machine. The biggest things to look for are an intel CPU, intel wireless chipset, intel integrated graphics, and an intel sticker. Vpro vs no vpro doesn't seem to make a difference in my anecdotal experience. But what about a GPU???? no. FreeBSD Goal: general purpose, easy to use operating system Use cases: server, desktop, NAS, hypervisor Features: Core OS system feels clean and organized. Everything required to boot the system is in / Everything not required to boot the system is in /usr/local ZFS boot environments allow modification and upgrading without worrying Familiar enough to linux users System feels well integrated instead of hacked together like a GNU+/Linux storage UFS is dead, long live ZFS (the only actually good RAID) Disk encryption via GELI and encrypted ZVOLS Third party software Largest ports system of the BSDs Can install precompiled packages with the pkg utility or compile yourself via the ports tree Jails Like a chroot but actually secure Like docker but without the aspect of downloading random stuff from github all jails share a kernel but have separate hostnames, ip addrs, etc Virtualization bhyve hypervisor, similar to kvm Security Capsicum (sandboxing framework) ACLs OS compat layers Linux compat layer (can even run steam). wine Documentation FreeBSD handbook Detriments: storage UFS is not journaled by default, just use ZFS Virtualization there is a virtualbox port Security Fast rather than secure by default read security(7) and you'll be fine OpenBSD Goal: simplicity, portability, standardization, correctness, proactive security, and integrated cryptography Use Cases: Networking appliances, desktops, servers Merits: Core OS webcam and microphone disabled by default Security API changes to prevent foot shooting (ie strlcpy and strlcat because string functions in C are a memory leak waiting to happen). kernel is randomly relinked and randomized at boot time Memory protection W^X protection means that memory is either exclusively writable or exclusively executable malloc'd memory is randomly allocated (bonus: makes buggy programs segfualt loudly) Crypto full disk encryption (including swap) various algos TCP/IP stack randomizes things to reduce predictibality Xenocara X11 fork privilege separation (ie all Xsessions don't run as root) Pledge/unveil syscalls pledge restricts process capabilities, kernel kills misbehaving processes unveil restricts filesystem access to a minimul level All of the standard daemons run in a chroot with privilege separation ASLR A million other things Third party software Everything you need is in the base system. Some of what you want is available via ports or pkg_add Subprojects: CARP, doas (like sudo but less spaghetti), OpenBSD httpd, LibreSSL, OpenBGPD, OpenNTPD, OpenSMTPD, OpenSSH, pf (the only easy to use firewall), spamd (email filter that plugs into pf), a million other things Virtualization vmm and vmd Documentation FAQ Handbook Source code is the only good “learn by example” for C Demerits: Security features can cause slowness sometimes you can't shoot your foot even if you really really want to critics claim it's all security theater Requires opening vulnerabilities back up if you want a “Just Werks™” Linux desktop experience No MAC NetBSD Goal: clean and careful design, scalability, portability Use cases: server, embedded, desktop if you're a flagellant Features: Portability It actually runs everywhere Designed for cross compiling (via build.sh) pkgsrc UNIX and arch agnostic third party packing framework virtualization xen nvmm (similar to kvm, works with qemu) storage a bunch of filesystems, including journaling UFS and ZFS LVM entirely POSIX compliant kernel is scriptable with Lua Demerits: haven't used it enough to die the death of a thousand papercuts

FreeBSD Foundation October Fundraising Update, Advanced ZFS Snapshots, Full WireGuard setup with OpenBSD, MidnightBSD a Linux Alternative, FreeBSD Audio, Tuning Power Consumption on FreeBSD Laptops, Thoughts on Spelling Fixes, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD Foundation October 2021 Fundraising Update (https://freebsdfoundation.org/blog/freebsd-foundation-october-2021-fundraising-update/) Advanced ZFS Snapshots (https://klarasystems.com/articles/advanced-zfs-snapshots/) News Roundup Full WireGuard setup with OpenBSD (https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html) MidnightBSD a Linux Alternative (https://www.makeuseof.com/midnightbsd-linux-desktop-alternative/) FreeBSD Audio (https://meka.rs/blog/2021/10/12/freebsd-audio/) Tuning Power Consumption on FreeBSD Laptops and Intel Speed Shift (6th Gen and Later) (https://www.neelc.org/posts/freebsd-speed-shift-laptop/) Some Thoughts on Spelling Fixes (http://bsdimp.blogspot.com/2021/10/spelling-fixes-some-advice.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Bens feedback to Benedict's feedback to Bens question about zpoolboy (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/Bens%20feedback%20to%20Benedicts%20feedback%20to%20Bens%20question%20about%20zpoolboy.md) hcddbz - Old Technical Books (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/hcddbz%20-%20Old%20Technical%20Books.md) jason - a jails question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/429/feedback/jason%20-%20a%20jails%20question.md) *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

The New Architecture on the Block, OpenBSD on Vortex86DX CPU, lots of new releases, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines RISC-V: The New Architecture on the Block (https://klarasystems.com/articles/risc-v-the-new-architecture-on-the-block/) If you want more RISC-V, check out JT's interview with Mark Himelstein the CTO of RISC-V International (https://www.opensourcevoices.org/20) *** ### OpenBSD on the Vortex86DX CPU (https://www.cambus.net/openbsd-on-the-vortex86dx-cpu/) *** ## News Roundup aka there's been lots of releases recently so lets go through them: ### Lumina 1.6.1 (http://lumina-desktop.org/post/2021-10-05/) ### opnsense 21.7.3 (https://opnsense.org/opnsense-21-7-3-released/) ### LibreSSL patches (https://bsdsec.net/articles/openbsd-errata-september-27-2021-libressl) ### OpenBGPD 7.2 (https://marc.info/?l=openbsd-announce&m=163239274430211&w=2) ### Midnight BSD 2.1.0 (https://www.midnightbsd.org/notes/) ### GhostBSD 21.09 ISO (http://ghostbsd.org/ghostbsd_21.09.29_iso_now_available) ### helloSystemv0.6 (https://github.com/helloSystem/ISO/releases/tag/r0.6.0) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Brandon - FreeBSD question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Brandon%20-%20FreeBSD%20question.md) Bruce - Fixing a weird Apache Bug (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Bruce%20-%20Fixing%20a%20weird%20Apache%20Bug.md) Dan - zfs question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/425/feedback/Dan%20-%20zfs%20question.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

J language working on OpenBSD, Comparing FreeBSD GELI and OpenZFS encrypted pools, What is FreeBSD, actually?, OpenBSD's pledge and unveil from Python, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines I got the J language working on OpenBSD (https://briancallahan.net/blog/20210911.html) Rubenerd: Comparing FreeBSD GELI and OpenZFS encrypted pools with keys (https://rubenerd.com/my-first-prod-encrypted-openzfs-pool/) News Roundup What is FreeBSD, actually? Think again. (https://medium.com/@probonopd/what-is-freebsd-actually-think-again-200c2752d026) OpenBSD's pledge and unveil from Python (https://nullprogram.com/blog/2021/09/15/) Beastie Bits • [Hibernate time reduced](http://undeadly.org/cgi?action=article;sid=20210831050932) • [(open)rsync gains include/exclude support](http://undeadly.org/cgi?action=article;sid=20210830081715) • [Producer JT's latest ancient find that he needs help with](https://twitter.com/q5sys/status/1440105555754848257) • [Doas comes to MidnightBSD](https://github.com/slicer69/doas) • [FreeBSD SSH Hardening](https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11) • [OpenBSD 6.8 and you](https://home.nuug.no/~peter/openbsd_and_you/#1) • [By default, scp(1) now uses SFTP protocol](https://undeadly.org/cgi?action=article;sid=20210910074941) • [FreeBSD 11.4 end-of-life](https://lists.freebsd.org/pipermail/freebsd-announce/2021-September/002060.html) • [sched_ule(4): Improve long-term load balancer](https://cgit.freebsd.org/src/commit/?id=e745d729be60a47b49eb19c02a6864a747fb2744) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Tracing the History of ARM and FreeBSD, Make ‘less’ more friendly, NomadBSD 1.4 Release, Create an Ubuntu Linux jail on FreeBSD 12.2, OPNsense 21.1.2 released, Midnight BSD and BastilleBSD, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines Tracing the History of ARM and FreeBSD (https://klarasystems.com/articles/tracing-the-history-of-arm-and-freebsd/) When we think of computers, we generally think of laptops and desktops. Each one of these systems is powered by an Intel or AMD chip based on the x86 architecture. It might feel like you spend all day interacting with these kinds of systems, but you would be wrong. Unix Tip: Make ‘less’ more friendly (https://ascending.wordpress.com/2011/02/11/unix-tip-make-less-more-friendly/) You probably know about less: it is a standard tool that allows scrolling up and down in documents that do not fit on a single screen. Less has a very handy feature, which can be turned on by invoking it with the -i flag. This causes less to ignore case when searching. For example, ‘udf’ will find ‘udf’, ‘UDF’, ‘UdF’, and any other combination of upper-case and lower-case. If you’re used to searching in a web browser, this is probably what you want. But less is even more clever than that. If your search pattern contains upper-case letters, the ignore-case feature will be disabled. So if you’re looking for ‘QXml’, you will not be bothered by matches for the lower-case ‘qxml’. (This is equivalent to ignorecase + smartcase in vim.) News Roundup NomadBSD 1.4 Release (https://www.itsfoss.net/nomadbsd-1-4-release/) Version 1.4 of NomadBSD, a persistent live system for USB flash drives based on FreeBSD and featuring a graphical user interface built around Openbox, has been released: “We are pleased to present the release of NomadBSD 1.4. Create an Ubuntu Linux jail on FreeBSD 12.2 (https://hackacad.net/post/2021-01-23-create-a-ubuntu-linux-jail-on-freebsd/) OPNsense 21.1.2 released (https://opnsense.org/opnsense-21-1-2-released/) Work has so far been focused on the firmware update process to ensure its safety around edge cases and recovery methods for the worst case. To that end 21.1.3 will likely receive the full revamp including API and GUI changes for a swift transition after thorough testing of the changes now available in the development package of this release. Midnight BSD and BastilleBSD (https://www.justjournal.com/users/mbsd/entry/33869) We recently added a new port, mports/sysutils/bastille that allows you to manage containers. This is a port of a project that originally targetted FreeBSD, but also works on HardenedBSD. Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Brad - monitoring with Grafana (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Brad%20-%20monitoring%20with%20Grafana) Dennis - a few questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Dennis%20-%20a%20few%20questions) Paul - FreeBSD 13 (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/395/feedback/Paul%20-%20FreeBSD%2013) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines FuryBSD 2020-Q3 The world’s first OpenZFS based live image (https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/) FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root). FreeBSD Subversion to Git Migration: Pt 1 Why? (https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html) FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"? Video from Warner Losh (https://www.youtube.com/watch?v=Lx9lKr_M-DI) News Roundup FreeBSD Instant-workstation 2020 (https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html) A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you. nut – testing the shutdown mechanism (https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/) Following on from my recent nut setup, this is the second in a series of three posts. The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required. login_ldap added to OpenBSD -current (https://undeadly.org/cgi?action=article;sid=20200913081040) With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current + https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2 Beastie Bits NetBSD current now has GCC 9.3.0 for x86/ARM (https://twitter.com/netbsd/status/1305082782457245696) MidnightBSD 1.2.8 (https://www.justjournal.com/users/mbsd/entry/33802) MidnightBSD 2.0-Current (https://www.justjournal.com/users/mbsd/entry/33806) Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 (https://www.singlix.com/runix/) *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Rick - rcorder (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md) Dan - machiatto bin (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md) Luis - old episodes (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated (https://dzone.com/articles/high-availability-routerfirewall-using-openbsd-car) I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection. Building the Development Version of Emacs on NetBSD (https://lars.ingebrigtsen.no/2020/08/25/building-the-development-version-of-emacs-on-netbsd/) I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived. News Roundup rc.d belongs in libexec, not etc (https://jmmv.dev/2020/08/rcd-libexec-etc.html) Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration. This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change. FreeBSD 11.3 EOL (https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html) As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly encouraged to upgrade to a newer release as soon as possible. OPNsense 20.7.1 Released (https://opnsense.org/opnsense-20-7-1-released/) Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned. MidnightBSD 1.2.7 out (https://www.justjournal.com/users/mbsd/entry/33801) MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github. It includes several bug fixes and security updates over the last ISO release and is recommended for new installations. Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes Beastie Bits Tarsnap podcast (https://blog.firosolutions.com/2020/08/tarsnap-podcast/) NetBSD Tips and Tricks (http://students.engr.scu.edu/~sschaeck/netbsd/index.html) FreeBSD mini-git Primer (https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g) GhostBSD Financial Reports (https://ghostbsd.org/financial_reports_from_January_to_June_2020) *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Daniel - Documentation Tooling (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Daniel%20-%20Documentation%20Tooling.md) Fongaboo - Where did the ZFS tutorial Go? (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Fongaboo%20-%20Where%20did%20the%20ZFS%20Tutorial%20Go.md) Johnny - Browser Cold Wars (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/369/feedback/Johnny%20-%20Browser%20Cold%20Wars.md) *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.

MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more. ##Headlines MidnightBSD 1.0 now available I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools. Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD. The 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload… Download links: https://www.midnightbsd.org/download/ https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4 ###MeetBSD Review MeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community. MeetBSD 2018 At most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team. Like every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two. MeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room. The group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle. MeetBSD Gives me The Feels I find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community. ###[EuroBSDcon 2018 Trip Reports] https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/ https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/ https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/ ##News Roundup DNS over TLS in FreeBSD 12 With the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box. DNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up. Conclusion We’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks. The question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception. ###Upgrading OpenBSD with Ansible My router runs OpenBSD -current A few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages. I eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkgadd, and then return to the dishes while it upgraded packages. Out of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs). Ansible Reboot Module I recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the waitforconnection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-) I learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter: I took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7. I proceeded to actually write the playbook, and then I hit a bug. The parameter reboottimeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible. Fun fact about Ansible and reboots: “The winreboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article. The explanations Ansible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in autoupdate mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages. It also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the pathsets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror. I’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story. sysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email. Initially, I used the openbsdpkg module, but it doesn’t work on -current just before a release because pkgadd automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter. The result I’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. o/ ###Using smartd to automatically run tests on your drives Those programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information. NOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS. I first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via dailystatussmartdevices in /etc/periodic.conf and the daily status reports would include drive health information. Two types of tests My original abandoned attempt How do you prove it works? Looking at the test results Failed drive to the rescue smartd.conf I am using supernews ##Beastie Bits Decent Pics of “Relayd & Httpd Mastery” signature A Unix Shell poster from 1983 Cambridge UNIX historians (Cambridge, United Kingdom) Goals for FreeBSD 13 September/October 2018 Issue of the FreeBSD Journal Now Available Using acme.sh for Let’s Encrypt certificates on pkgsrc.org servers Deploying Anycast DNS Using OpenBSD and BGP How to check your data integrity? ##Feedback/Questions Raymond - MeetBSD California Dev Summit Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI Conference Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b Conference videos are still being processed, the rest should appear over the next few weeks. Greg - Stable vs Release Mjrodriguez - Open/FreeBSD support for Single Board computers Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.

AsiaBSDcon review, Meltdown and Spectre Patches in FreeBSD stable, Interview with MidnightBSD founder, 8 months with TrueOS, mysteries of GNU and BSD split This episode was brought to you by Headlines AsiaBSDCon 2018 has concluded (https://2018.asiabsdcon.org/) We have just returned from AsiaBSDCon in Tokyo, Japan last weekend Please excuse our jetlag The conference consisted two days of meeting followed by 2 days of paper presentations We arrived a few days early to see some sights and take a few extra delicious meals in Tokyo The first day of meetings was a FreeBSD developer summit (while Benedict was teaching his two tutorials) where we discussed the FreeBSD release cycle and our thoughts on improving it, the new Casper capsicum helper service, and developments in SDIO which will eventually enable WiFi and SD card readers on more embedded devices The second day of meetings consisted of bhyvecon, a miniconf that covered development in all hypervisors on all BSDs. It also included presentations on the porting of bhyve to IllumOS. Then the conference started There were a number of great presentations, plus an amazing hallway track as usual It was great to see many old friends and to spend time discussing the latest happenings in BSD. A couple of people came by and asked to take a picture with us and we were happy to do that. *** FreeBSD releases Spectre and Meltdown mitigations for 11.1 (https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc) Speculative execution vulnerability mitigation is a work in progress. This advisory addresses the most significant issues for FreeBSD 11.1 on amd64 CPUs. We expect to update this advisory to include 10.x for amd64 CPUs. Future FreeBSD releases will address this issue on i386 and other CPUs. freebsd-update will include changes on i386 as part of this update due to common code changes shared between amd64 and i386, however it contains no functional changes for i386 (in particular, it does not mitigate the issue on i386). Many modern processors have implementation issues that allow unprivileged attackers to bypass user-kernel or inter-process memory access restrictions by exploiting speculative execution and shared resources (for example, caches). An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser). + Meltdown: The mitigation is known as Page Table Isolation (PTI). PTI largely separates kernel and user mode page tables, so that even during speculative execution most of the kernel's data is unmapped and not accessible. A demonstration of the Meltdown vulnerability is available at https://github.com/dag-erling/meltdown. A positive result is definitive (that is, the vulnerability exists with certainty). A negative result indicates either that the CPU is not affected, or that the test is not capable of demonstrating the issue on the CPU (and may need to be modified). A patched kernel will automatically enable PTI on Intel CPUs. The status can be checked via the vm.pmap.pti sysctl PTI introduces a performance regression. The observed performance loss is significant in microbenchmarks of system call overhead, but is much smaller for many real workloads. + Spectre V2: There are two common mitigations for Spectre V2. This patch includes a mitigation using Indirect Branch Restricted Speculation, a feature available via a microcode update from processor manufacturers. The alternate mitigation, Retpoline, is a feature available in newer compilers. The feasibility of applying Retpoline to stable branches and/or releases is under investigation. The patch includes the IBRS mitigation for Spectre V2. To use the mitigation the system must have an updated microcode; with older microcode a patched kernel will function without the mitigation. IBRS can be disabled via the hw.ibrsdisable sysctl (and tunable), and the status can be checked via the hw.ibrsactive sysctl. IBRS may be enabled or disabled at runtime. Additional detail on microcode updates will follow. + Wiki tracking the vulnerabilities and mitigations on different platforms (https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities) Interview with MidnightBSD Founder and Lead Dev Lucas Holt (https://itsfoss.com/midnightbsd-founder-lucas-holt/) Recently, I have taken a little dip into the world of BSD. As part of my attempt to understand the BSD world a little better, I connected with Lucas Holt (MidnightBSD founder and lead developer) to ask him a few questions about his project. Here are his answers. It's FOSS: Please explain MidnightBSD in a nutshell. How is it different than other BSDs? Lucas Holt: MidnightBSD is a desktop focused operating system. When it's considered stable, it will provide a full desktop experience. This differs from other efforts such as TrueOS or GhostBSD in that it's not a distro of FreeBSD, but rather a fork. MidnightBSD has its own package manager, mport as well as unique package cluster software and several features built into user land such as mDNSresponder, libdispatch, and customizations throughout the system. It's FOSS: Who is MidnightBSD aimed at? Lucas Holt: The goal with MidnightBSD has always been to provide a desktop OS that's usable for everyday tasks and that even somewhat non technical people can use. Early versions of Mac OS X were certainly an inspiration. In practice, we're rather far from that goal at this point, but it's been an excellent learning opportunity. It's FOSS: What is your background in computers? Lucas Holt: I started in technical support at a small ISP and moved into web design and system administration. While there, I learned BSDi, Solaris and Linux. I also started tinkering with programming web apps in ASP and a little perl CGI. I then did a mix of programming and system administration jobs through college and graduated with a bachelors in C.S. from Eastern Michigan University. During that time, I learned NetBSD and FreeBSD. I started working on several projects such as porting Apple's HFS+ code to FreeBSD 6 and working on getting the nforce2 chipset SATA controller working with FreeBSD 6, with the latter getting committed. I got a real taste for BSD and after seeing the lack of interest in the community for desktop BSDs, I started MidnightBSD. I began work on it in late 2005. Currently, I'm a Senior Software Engineer focusing on backend rest services by day and a part-time graduate student at the University of Michigan Flint. It's FOSS: I recently installed TrueOS. I was disappointed that a couple of the programs I wanted were not available. The FreeBSD port system looked mildly complicated for beginners. I'm used to using pacman to get the job done quickly. How does MidnightBSD deal with ports? Lucas Holt: MidnightBSD has it's own port system, mports, which shared similarities with FreeBSD ports as well as some ideas from OpenBSD. We decided early on that decent package management was essential for regular users. Power users will still use ports for certain software, but it's just so time consuming to build everything. We started work on our own package manager, mport. Every package is a tar lzma archive with a sqlite3 manifest file as well as a sqlite 3 index that's downloaded from our server. This allows users to query and customize the package system with standard SQL queries. We're also building more user friendly graphical tools. Package availability is another issue that most BSDs have. Software tends to be written for one or two operating systems and many projects are reluctant to support other systems, particularly smaller projects like MidnightBSD. There are certainly gaps. All of the BSD projects need more volunteers to help with porting software and keeping it up to date. It's FOSS: During your June 2015 interview on BSDNow, you mentioned that even though you support both i386 and amd64, that you recommend people choose amd64. Do you have any plans to drop i386 support in the future, like many have done? Lucas Holt: Yes, we do plan to drop i386 support, mostly because of the extra work needed to build and maintain packages. I've held off on this so far because I had a lot of feedback from users in South America that they still needed it. For now, the plan is to keep i386 support through 1.0 release. That's probably a year or two out. It's FOSS: What desktop environments does MidnightBSD support? Lucas Holt: The original plan was to use Etoile as a desktop environment, but that project changed focus. We currently support Xfce, Gnome 3, WindowMaker + GNUstep + Gworkspace as primary choices. We also have several other window managers and desktop environments available such as Enlightenment, rat poison, afterstep, etc. Early versions offered KDE 3.x but we had some issues with KDE 4. We may revisit that with newer versions. It's FOSS: What is MidnightBSD's default filesystem? Do you support DragonflyBSD's HAMMER filesystem? What other filesystems? Lucas Holt: Boot volumes are UFS2. We also support ZFS for additional storage. We have read support for ExFat, NTFS, ext2, CD9660. NFS v3 and v4 are also supported for network file systems. We do not support HAMMER, although it was considered. I would love to see HAMMER2 get added to MidnightBSD eventually. It's FOSS: Is MidnightBSD affected by the recent Spectre and Meltdown issues? Lucas Holt: Yes. Most operating systems were affected by these issues. We were not informed of the issue until the general public became aware. Work is ongoing to come up with appropriate mitigations. Unfortunately, we do not have a patch yet. It's FOSS: The Raspberry Pi and its many clones have made the ARM platform very popular. Are there any plans to make MidnightBSD available on that platform? Lucas Holt: No immediate plans. ARM is an interesting architecture, but by the very nature of SoC designs, takes a lot of work to support a broad number of devices. It might be possible when we stop supporting i386 or if someone volunteers to work on the ARM port. Eventually, I think most hobby systems will need to run ARM chips. Intel's planning on locking down hardware with UEFI 3 and this may make it difficult to run on commodity hardware in the future not only for MidnightBSD but other systems as well. At one point, MidinightBSD ran on sparc64. When workstations were killed off, we dropped support. A desktop OS on a server platform makes little sense. It's FOSS: Does MidnightBSD offer support for Linux applications? Lucas Holt: Yes, we offer Linux emulation. It's emulating a 2.6.16 kernel currently and that needs to be updated so support newer apps. It's possible to run semi-recent versions of Firefox, Thunderbird, Java, and OpenOffice on it though. I've also used it to host game servers in the past and play older games such as Quake 3, enemy territory, etc. It's FOSS: Could you comment on the recent dust-up between the Pale Moon browser developers and the team behind the OpenBSD ports system? [Author's Note: For those who haven't heard about this, let me summarize. Last month, someone from the OpenBSD team added the Pale Moon browser to their ports collection. A Pale Moon developer demanded that they include Pale Moon's libraries instead of using system libraries. As the conversation continued, it got more hostile, especially on the Pale Moon side. The net result is that Pale Moon will not be available on OpenBSD, MidnightBSD, or FreeBSD.] Lucas Holt: I found this discussion frustrating. Many of the BSD projects hear a lot of complaints about browser availability and compatibility. With Firefox moving to Rust, it makes it even more difficult. Then you get into branding issues. Like Firefox, the Pale Moon developers have decided to protect their brand at the cost of users. Unlike the Firefox devs, they've made even stranger requirements for branding. It is not possible to use a system library version of anything with Pale Moon and keep their branding requirements. As such, we cannot offer Pale Moon in MidnightBSD. The reason this is an issue for an open source project is that many third party libraries are used in something as complex as a web browser. For instance, Gecko-based browsers use several multimedia libraries, sqlite3 (for bookmarks), audio and video codecs, etc. Trying to maintain upstream patches for each of these items is difficult. That's why the BSDs have ports collections to begin with. It allows us to track and manage custom patches to make all these libraries work. We go through a lot of effort in keeping these up to date. Sometimes upstream patches don't get included. That means our versions are the only working copies. With pale moon's policy, we'd need to submit separate patches to their customized versions of all these libraries too and any new release of the browser would not be available as changes occur. It might not even be possible to compile pale moon without a patch locally. With regard to Rust, it requires porting the language, as well as an appropriate version of LLVM before you can even start on the browser. It's FOSS: If someone wanted to contribute to your project, both financial and technical, how can they do that? Lucas Holt: Financial assistance for the project can be submitted online. We have a page outlining how to make donations with Patreon, Paypal or via bitcoin. Donations are not tax deductible. You can learn more at http://www.midnightbsd.org/donate/ We also need assistance with translations, porting applications, and working on the actual OS. Interested parties can contact us on the mailing list or through IRC on freenode #midnightbsd We also could use assistance with mirroring ISOs and packages. I would like to thank Lucas for taking the time to reply to my many questions. For more information about MidnightBSD or to download it, please visit their website. The most recent version of MidnightBSD is 0.8.6. News Roundup 8 months with TrueOS (https://inflo.ws/blog/post/2018-03-03-trueos-8th-month-review/) Purpose of this review - what it is and what it is not. I vowed to write down what I felt about TrueOS if I ever got to the six month mark of usage. This is just that. This is neither a tutorial, nor a piece of evangelism dedicated towards it. This is also not a review of specific parts of TrueOS such as Lumina or AppCafe, since I don't use them at all. In the spirit of presenting a screen shot, here is my i3wm displaying 4 windows in one screen - a configuration that I never use. https://inflo.ws/blog/images/trues-screenshot.png The primary tasks I get done with my computer. I need a tiling wm with multi-desktop capability. As regards what I do with a computer, it is fairly straightforward to describe if I just list down my most frequently used applications. xterm (CLI) Emacs (General editing and org mode) Intellij IDEA (Java, Kotlin, SQL) Firefox (Main web browser, with Multi-Account Containers) Thunderbird (Work e-mail) Notmuchmail (Personal e-mail) Chromium/Iridium (Dumb web browser) Telegram Desktop weechat (with wee-slack) cmus (Music player) mpv (Video player) mps-youtube (Youtube client) transmission-gtk Postgresql10 (daemon) Rabbitmq (daemon) Seafile (file sync) Shotwell (manage pictures) GIMP (Edit pictures) Calibre (Manage e-books) VirtualBox All of these are available as binary packages from the repository. Since I use Intellij Ultimate edition, I decided to download the no-jdk linux version from the website rather than install it. This would make sure that it gets updated regularly. Why did I pick TrueOS ? I ran various Linux distributions from 2001 all the way till 2009, till I discovered Arch, and continued with it till 2017. I tried out Void for two months before I switched to TrueOS. Over the last few years, I started feeling like no matter which Linux distribution I touched, they all just stopped making a lot of sense. Generally in the way things were organised, and particularly in terms of software like systemd, which just got pushed down my throat. I couldn't wrap my head around half the things going on in my computer. Mostly I found that Linux distributions stopped becoming a collection of applications that got developed together to something more coupled by software mechanisms like systemd - and that process was more and more opaque. I don't want to talk about the merits and de-merits of systemd, lets just say that I found it of no use and an unnecessary hassle. In February, I found myself in charge of the entire technology stack of a company, and I was free to make choices. A friend who was a long time FreeBSD user convinced me to try it on the servers. My requirement then was to run Postgres, Rabbitmq, Nginx and a couple of JVM processes. The setup was zero hassle and it hasn't changed much in a year. About three months of running FreeBSD-11.x on servers was enough for me to consider it for my laptop. I was very apprehensive of hardware support, but luckily my computer is a Thinkpad, and Thinkpads sort of work out of the box with various BSDs. My general requirements were: Must run Intellij IDEA. Must have proper graphics and sound driver support. Must be able to run VirtualBox. I had to pick from FreeBSD, NetBSD and OpenBSD, since these were the major BSDs that I was familiar with. One of my requirements was that I needed to be able to run VMs just in case I needed to test something on Windows/Linux. This ruled out OpenBSD. Then I was left with NetBSD and FreeBSD. NetBSD's driver support for newer Intel chip-sets were questionable, and FreeBSD was the only choice then. When I was digging through FreeBSD forums, I found out that running the 11.x RELEASE on my laptop was out of the question since it didn't have proper drivers for my chip-set either. A few more hours of digging led me to GhostBSD and TrueOS. I picked TrueOS straightaway because - well because TrueOS came from the old PC-BSD and it was built off FreeBSD-12-CURRENT with the latest drivers integrated. I downloaded the UNSTABLE version available in June 2017, backed up ALL my data and home directory, and then installed it. There were no glitches during installation - I simply followed the installation as described in the handbook and everything was fine. My entire switch from Arch/Void to TrueOS took about an hour, discounting the time it took to backup my data to an external hard disk. It was that easy. Everything I wanted to work just worked, everything was available in the repo. Tweaks from cooltrainer.org : I discovered this excellent tutorial that describes setting up a FreeBSD 11 desktop. It documents several useful tweaks, some of which I applied. A few examples - Fonts, VirtualBox, Firewall, UTF-8 sections. TrueOS (and FreeBSD) specific things I liked Open-rc The open-rc init system is familiar and is well documented. TrueOS specific parts are described here. When I installed postgresql10-server, there was no open-rc script for it, but I could cobble one together in two hours with zero prior experience writing init scripts. Later on I figured out that the init script for postgresql9 would work for 10 as well, and used that. Boot Environments This was an alien concept to me, but the first time I did an update without waiting for a CDN sync to finish, my computer booted into the shell and remained there. The friendly people at TrueOS discourse asked me to roll back to an older BE and wait for sync to finish. I dug through the forums and found "ZFS / Snapshots basics & How-To's for those new to TrueOS". This describes ZFS and BEs, and is well worth reading. ZFS My experience with boot environments was enough to convince me about the utility of ZFS. I am still reading about it and trying things out, and whatever I read just convinces me more about why it is good. File-system layout Coming from the Linux world, how the FreeBSD file-system is laid out seemed odd at first. Then I realised that it was the Linux distros that were doing the odd thing. e.g : The whole OS is split into base system and applications. All the non base system configurations and apps go into /usr/local. That made a lot of sense. The entire OS is developed along with its applications as a single coherent entity, and that shows. Documentation The handbooks for both TrueOS and FreeBSD are really really good. For e.g, I kept some files in an LUKS encrypted drive (when I used Arch Linux). To find an equivalent, all I had to do was read the handbook and look at the GELI section. It is actually nice being able to go to a source like Handbook and things from there just work. Arch Linux and Gentoo has excellent documentation as well, if anyone is wondering about Linux distros. Community The TrueOS community on both Telegram as well as on Discourse are very friendly and patient. They help out a lot and do not get upset when I pose really stupid questions. TrueOS core developers hangout in the Telegram chat-room too, and it is nice being able to talk to them directly about things. What did not work in TrueOS ? The following things that worked during my Linux tenure doesn't work in TrueOS. Netflix Google Hangouts Electron based applications (Slack, Skype) These are not major concerns for the kind of work I do, so it doesn't bother me much. I run a WinXP VM to play some old games, and a Bunsenlabs installation for Linux things like Hangouts/Netflix. I don't have a video calling system setup in TrueOS because I use my phone for both voice and video calls exclusively. Why am I staying on TrueOS ? Great community - whether on Discourse or on the telegram channel, the people make you feel welcome. If things go unanswered, someone will promise to work on it/file a bug/suggest work-arounds. Switching to TrueOS was philosophical as well - I thought a lot more about licenses, and I have arrived at the conclusion that I like BSD more than GPL. I believe it is a more practical license. I believe TrueOS is improving continuously, and is a great desktop UNIX if you put some time into it. AsiaBSDCon 2016 videos now available (https://www.youtube.com/playlist?list=PLnTFqpZk5ebD-FfVScL-x6ZnZSecMA1jI) The videos from AsiaBSDCon 2016 have been posted to youtube, 30 videos in all We'll cover the videos from 2017 next week The videos from 2018 should be posted in 4-6 weeks I are working on a new version of https://papers.freebsd.org/ that will make it easier to find the papers, slides, and videos of all talks related to FreeBSD *** syspatches will be provided for both supported releases (https://undeadly.org/cgi?action=article;sid=20180307234243) Good news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself: ``` Subject: CVS: cvs.openbsd.org: www From: T.J. Townsend Date: 2018-03-06 22:09:12 CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2018/03/06 15:09:12 Modified files: . : errata61.html stable.html faq : faq10.html Log message: syspatches will now be provided for both supported releases. ``` Thanks to all the developers involved in providing these! Update: An official announcement has been released: ``` I'm happy to announce that we are now able to provide two releases worth of syspatches on the amd64 and i386 platforms. The binary patches for 6.1 will hit the mirrors shortly, so you will be able to catch up with the errata on https://www.openbsd.org/errata61.html using the syspatch utility. People running amd64 will thus get the meltdown workaround. This means in particular that 6.2 will remain supported by syspatch when 6.3 comes out. Thanks to robert and ajacoutot for their amazing work on syspatch and for all their help. Thanks also to tj and the volunteers from #openbsd for their timely tests and of course to Theo for overseeing it all. ``` Exploring permutations and a mystery with BSD and GNU split filenames (https://www.lorainekv.com/permutations_split_and_gsplit/) Recently, I was playing around with the split command-line tool on Mac OS X, and I decided to chop a 4000-line file into 4000 separate single-line files. However, when I attempted to run split -l1, I ran into a funny error: split: too many files Curious to see if any splitting had occurred, I ran ls and sure enough, a huge list of filenames appeared, such as: xaa xab ... xzy xzz Now I could see why you'd run out of unique filenames - there are only 26 letters in the alphabet and these filenames were only three letters long. Also, they all seemed to begin with the letter "x". BSD split's filename defaults I checked the manual for split's defaults and confirmed what I was seeing: each file into which the file is split is named by the prefix followed by a lexically ordered suffix using suffix_length characters in the range 'a-z'. If -a is not specified, two letters are used as the suffix....with the prefix 'x' and with suffixes as above. Got it, so running split with the defaults for prefix name and suffix length will give me filenames that always start with the letter "x" followed by two-letter alphabetical permutations composed of a-z letters, with repeats allowed. I say "repeats allowed" because I noticed filenames such as xaa and xbb in the output. Side node: The reason why I say "permutations" rather than "combinations" is because letter order matters. For example, xab and xba are two distinct and legitimate filenames. Here's a nice explanation about the difference between permutations and combinations. Some permutation math So how many filenames can you get from the BSD split tool using the defaults? There are permutation formulas out there for repeating values and non-repeating values. Based on split's behavior, I wanted to use the repeating values formula: n^r where n equals the number of possible values (26 for a-z) and r equals the number of values (2, since there are only 2 letters after "x" in the filename). 26^2 = 676 So the total number of filename permutations allowed with BSD split's defaults should be 676. To double check, I ran ls | wc -l to get the total number of files in my split_test directory. The output was 677. If you subtract my original input file, input.txt, then you have 676, or the number of permutations split would allow before running out of filenames! Neat. But I still wanted my 4000 files. Moar permutations pls While 26^2 permutations doesn't support 4000 different filenames, I wondered if I could increase r to 3. Then, I'd have 17,576 different filename permutations to play with - more than enough. Earlier, I remembered the manual mentioning suffix length: -a suffixlength Use suffixlength letters to form the suffix of the file name. So I passed 3 in with the -a flag and guess what? I got my 4000 files! split -l1 -a3 input.txt ls | wc -l 4001 But that was a lot of work. It would be great if split would just handle these permutations and suffix lengths by default! In fact, I vaguely remember splitting large files into smaller ones with numerical filenames, which I prefer. I also remember not having to worry about suffixes in the past. But numerical filenames didn't seem to be an option with split installed on Mac OS X - there was no mention of it in the manual. Turns out that I was remembering GNU split from using the Debian OS two years ago, a different flavor of the split tool with different defaults and behaviors. Beastie Bits Michael Lucas is speaking at mug.org 10 April 2018 (https://blather.michaelwlucas.com/archives/3121) PkgsrcCon 2018 July 7+8 Berlin (http://pkgsrc.org/pkgsrcCon/2018/) Tint2 rocks (http://www.vincentdelft.be/post/post_20180310) Open Source Summit Europe 2018 Call for Proposals (https://www.freebsdfoundation.org/news-and-events/call-for-papers/open-source-summit-europe-2018-call-for-proposals/) Travel Grants for BSDCan 2018 (https://www.freebsdfoundation.org/blog/bsdcan-2018-travel-grant-application-now-open/) BSDCan 2018 FreeBSD Developers Summit Call for Proposals (https://www.freebsdfoundation.org/news-and-events/call-for-papers/bsdcan-2018-freebsd-developers-summit-call-for-proposals/) OpenBSD vmm(4) update, by Mike Larkin (https://www.openbsd.org/papers/asiabsdcon2018-vmm-slides.pdf) Feedback/Questions Morgan ZFS Install Question (http://dpaste.com/3NZN49P#wrap) Andre - Splitting ZFS Array, or not (http://dpaste.com/3V09BZ5#wrap) Jake - Python Projects (http://dpaste.com/2CY5MRE#wrap) Dave - Screen Sharing & Video Conference (http://dpaste.com/257WGCB#wrap) James - ZFS disk id switching (http://dpaste.com/3HAPZ90#wrap)

FreeBSD 11.1-RELEASE is out, we look at building at BSD home router, how to be your own OpenBSD VPN provider, and find that glob matching can be simple and fast. This episode was brought to you by Headlines FreeBSD 11.1-RELEASE (https://www.freebsd.org/releases/11.1R/relnotes.html) FreeBSD 11.1 was released on July 26th (https://www.freebsd.org/releases/11.1R/announce.asc) You can download it as an ISO or USB image, a prebuilt VM Image (vmdk, vhd, qcow2, or raw), and it is available as a cloud image (Amazon EC2, Microsoft Azure, Google Compute Engine, Vagrant) Thanks to everyone, including the release engineering team who put so much time and effort into managing this release and making sure it came out on schedule, all of the FreeBSD developers who contributed the features, the companies that sponsored that development, and the users who tested the betas and release candidates. Support for blacklistd(8) has been added to OpenSSH The cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default. The syslogd(8) utility has been updated to add the include keyword which allows specifying a directory containing configuration files to be included in addition to syslog.conf(5). The default syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default. The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options The efivar(8) utility has been added, providing an interface to manage UEFI variables. The ipsec and tcpmd5 kernel modules have been added, these can now be loaded without having to recompile the kernel A number of new IPFW modules including Network Prefix Translation for IPv6 as defined in RFC 6296, stateless and stateful NAT64, and a module to modify the TCP-MSS of packets A huge array of driver updates and additions The NFS client now supports the Amazon® Elastic File System™ (EFS) The new ZFS Compressed ARC feature was added, and is enabled by default The EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server For a complete list of new features and known problems, please see the online release notes and errata list, available at: FreeBSD 11.1-RELEASE Release Notes (https://www.freebsd.org/releases/11.1R/relnotes.html) FreeBSD 11.1-RELEASE Errata (https://www.freebsd.org/releases/11.1R/errata.html) For more information about FreeBSD release engineering activities, please see: Release Engineering Information (https://www.freebsd.org/releng/) Availability FreeBSD 11.1-RELEASE is now available for the amd64, i386, powerpc, powerpc64, sparc64, armv6, and aarch64 architectures. FreeBSD 11.1-RELEASE can be installed from bootable ISO images or over the network. Some architectures also support installing from a USB memory stick. The required files can be downloaded as described in the section below. SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card images are included at the bottom of this message. PGP-signed checksums for the release images are also available at: FreeBSD 11.1 Release Checksum Signatures (https://www.freebsd.org/releases/11.1R/signatures.html) A PGP-signed version of this announcement is available at: FreeBSD 11.1-RELEASE Announcement (https://www.FreeBSD.org/releases/11.1R/announce.asc) *** Building a BSD home router - ZFS and Jails (https://eerielinux.wordpress.com/2017/07/15/building-a-bsd-home-router-pt-8-zfs-and-jails/) Part of a series of posts about building a router: Part 1 (https://eerielinux.wordpress.com/2017/05/30/building-a-bsd-home-router-pt-1-hardware-pc-engines-apu2/) -- discussing why you want to build your own router and how to assemble the APU2 Part 2 (https://eerielinux.wordpress.com/2017/06/03/building-a-bsd-home-router-pt-2-the-serial-console-excursion) -- some Unix history explanation of what a serial console is Part 3 (https://eerielinux.wordpress.com/2017/06/10/building-a-bsd-home-router-pt-3-serial-access-and-flashing-the-firmware/) -- demonstrating serial access to the APU and covering firmware update Part 4 (https://eerielinux.wordpress.com/2017/06/15/building-a-bsd-home-router-pt-4-installing-pfsense/) -- installing pfSense Part 5 (https://eerielinux.wordpress.com/2017/06/20/building-a-bsd-home-router-pt-5-installing-opnsense/) -- installing OPNsense instead Part 6 (https://eerielinux.wordpress.com/2017/06/30/building-a-bsd-home-router-pt-7-advanced-opnsense-setup/) -- Comparison of pfSense and OPNsense Part 7 (https://eerielinux.wordpress.com/2017/06/30/building-a-bsd-home-router-pt-7-advanced-opnsense-installation/) -- Advanced installation of OPNsense After the advanced installation in part 7, the tutorials covers converting an unused partition into swap space, and converting the system to ZFS After creating a new pool using the set aside partition, some datasets are created, and the log files, ports, and obj ZFS datasets are mounted The tutorial then goes on to cover how to download the ports tree, and install additional software on the router I wonder what part 9 will be about. *** Be your own VPN provider with OpenBSD (v2) (https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.htm) This article covers how to build your own VPN server with some advanced features including: Full Disk Encryption (FDE) Separate CA/signing machine (optional) Multiple DNSCrypt proxy instances for failover OpenVPN: Certificate Revocation List/CRL (optional) OpenVPN: TLS 1.2 only OpenVPN: TLS cipher based on AES-256-GCM only OpenVPN: HMAC-SHA512 instead of HMAC-SHA1 OpenVPN: TLS encryption of control channel (makes it harder to identify OpenVPN traffic) The article starts with an explanation of the differences between OpenVPN and IPSEC. In the end the author chose OpenVPN because you can select the port it runs on, and it has a better chance of working from hotel or coffee shop WiFi. The guide them walks through doing an installation on an encrypted disk, with a caution about the limitations of encrypted disk with virtual machines hosted by other parties. The guide then locks down the newly installed system, configuring SSH for keys only, adding some PF rules, and configuring doas Then networking is configured, including enabling IP forwarding since this machine is going to act as the VPN gateway Then a large set of firewall rules are created that NAT the VPN traffic out of the gateway, except for DNS requests that are redirected to the gateways local unbound Then some python scripts are provided to block brute force attempts We will use DNSCrypt to make our DNS requests encrypted, and Unbound to have a local DNS cache. This will allow us to avoid using our VPS provider DNS servers, and will also be useful to your future VPN clients which will be able to use your VPN server as their DNS server too Before configuring Unbound, which is the local DNS cache which will make requests to dnscrypt_proxy, we can configure an additional dnscrypt instance, as explained in the pkg readme. Indeed, dnscrypt DNS servers being public ones, they often goes into maintenance, become offline or temporarily unreachable. To address this issue, it is possible to setup multiple dnscrypt instances. Below are the steps to follow to add one, but you can add more if you wish Then a CA and Certificate are created for OpenVPN OpenVPN is installed and configured as a server Configuration is also provided for a client, and a mobile client Thanks to the author for this great tutorial You might also want to check out this section from their 2015 version of this post: Security vs Anonymity (https://networkfilter.blogspot.nl/2015/01/be-your-own-vpn-provider-with-openbsd.html#security_anonymity) *** Essen Hackathon Trip - Benedict Reuschling (https://www.freebsdfoundation.org/blog/2017-essen-hackathon-trip-report-benedict-reuschling/) Over on the FreeBSD Foundation Blog, Benedict provides a detailed overview of the Essen Hackathon we were at a few weeks ago. Head over there and give it a read, and get a feel for what these smaller type of community events are like. Hopefully you can attend, or better yet, organize, a similar event in your area. News Roundup Blog about my self-hosted httpd blog (https://reykfloeter.com/posts/blog-about-my-blog) I really like Twitter because it allows me to share short messages, we have a great community, and 140 characters are enough for everybody. And this statement was exactly 140 characters, but sometimes I want to say more than that. And that's why I finally created this new blog. I was never really into blogging because I barely had time or the audience to write long articles. I sometimes wrote short stories for sites like undeadly.org, I collected some of them here, but my own blog was hosted on tumblr and never saw any activity. I want to try it again, and this time I decided to create a self-hosted blog. Something that runs on my own server and with httpd, the web server that I wrote for OpenBSD. So I was looking for potential blogging tools that I could use to run my own blog. Besides the popular and heavyweight ones such as WordPress, there are countless other options: I looked at blogs from fellow developers, such as Ted Unangst's flak (I like the fact that it is written in Lua but the implementation is a bit over my head), or Pelican that is used by Peter Hessler for bad.network (but, sorry, I don't like Python), and finally Kristaps Dzonsons' sblg that is used for all of his projects and blogs. I decided to use sblg. Kristaps keeps on releasing very useful free software. Most well-known is mandoc, at least everyone is using it for manpages these days, but there is is also his BCHS (beaches) web stack which strongly advertises OpenBSD's httpd. Great. I also use kcgi whenever I have to write small CGIs. So sblg seemed like the right choice to me. Let me quickly iterate over my current Makefile. I keep on tweaking this file, so it might have been changed by the time you are reading this article. Please note that the Makefile is written for OpenBSD's make, a distant derivative of pmake which is not like GNU make. I'm not a designer or web developer, but I appreciate good looking web pages. I wanted to have something that is responsive, works on desktops and mobiles, looks somewhat modern, works without JavaScript, but doesn't disqualify me for all the eye candy from a geek point of view. I bootstrapped the theme by creating a simple grid layout with a fairly typical blog style: banner, top menu, middle text, sidebar. In 2017, bootstrap is probably a vintage (or retro) framework but it makes it very easy to create responsive pages with a proper layout and without caring about all the CSS and HTML5 madness too much. I also use Font Awesome because it is awesome, provides some fancy icons, and was suggested in sblg's example templates (let's blame Kristaps for it). I do not include any JavaScript which prevents me from using bootstrap's responsive hamburger menu. I have to admit that "reykfloeter" is not an ideal name for a blog. My actual name is "Reyk Flöter", and I normally just use my first name "reyk" as a user- and nickname, but it was taken when I registered my Twitter account and the related domain. So I picked reykfloeter in a few places. I'm aware that my German last name is nearly unpronounceable for others, so "reykfloeter" appears like a random concatenation of letters. As most of us, I own a number of domains and maybe I should move the blog to bsd.plumbing (which is used as a home for relayd and httpd), arc4random.com (but I intended to use it as a fine OpenBSD-powered Entropy-as-a-Service for poor Linuxers), or even copper.coffee? In addition to the domain, I also need a good blog name or tag line. A very memorable example in the BSD world is Peter Hansteen's THAT GRUMPY BSD GUY blog. So what should I use? Reyk Flöter's blog OpenBSD hacker. Coffee nerd. Founder. Ask Reyk (imaginary how-tos and 10 step guides) Sewage, Drainage and BSD Plumbing (bsd.plumbing/blog) A Replacement Call for Random (arc4random.com) Coffee with Reyk (copper.coffee) For now it will just be reykfloeter - blog iXsystems releases the X10 (https://www.ixsystems.com/blog/serverenvy-truenas-x10/) TrueNAS X10 is the the 3rd generation of the TrueNAS unified storage line. The X10 is the first of a new TrueNAS series, and will be expandable to up to 360TB with the TrueNAS ES12 expansion shelf. The X10 is cost effective, at a 30% lower price point than the Z20, making it an effective addition to your backup/DR infrastructure. The street price of a 20TB non-HA model falls under $10K. It's designed to move with six predefined configurations that match common use cases. The dual controllers for high availability are an optional upgrade to ensure business continuity and avoid downtime. The X10 boasts 36 hot swap SAS using two expansion shelves, for up to 360TB of storage, allowing you to backup thousands of VMs or share tens of thousands of files. One of the use cases for TrueNAS X10 is for backup, so users can upgrade the X10 to two ports of blazing 10GigE connectivity. The 20TB non-HA model enables you to backup over 7,000 VDI VMs for under $3.00 per VM. Overall, the X10 is a greener solution than the TrueNAS Z product line, with the non-HA version boasting only 138 watts of power and taking up only 2U of space. Best of all, the TrueNAS X10 starts at $5,500 street. You can purchase a 120TB configuration today for under $20K street. Glob Matching Can Be Simple And Fast Too (https://research.swtch.com/glob) Here's a straightforward benchmark. Time how long it takes to run ls (a)nb in a directory with a single file named a100, compared to running ls | grep (a.)nb. Superscripts denote string repetition and parentheses are for grouping only, so that when n is 3, we're running ls aaab in a directory containing the single file aaa…aaa (100 a's), compared against ls | grep a.a.a.b in the same directory. The exception seems to be the original Berkeley csh, which runs in linear time (more precisely, time linear in n). Looking at the source code, it doesn't attempt to perform glob expansion itself. Instead it calls the C library implementation glob(3), which runs in linear time, at least on this Linux system. So maybe we should look at programming language implementations too. Most programming languages provide some kind of glob expansion, like C's glob. Let's repeat the experiment in a variety of different programming languages: Perhaps the most interesting fact evident in the graph is that GNU glibc, the C library used on Linux systems, has a linear-time glob implementation, but BSD libc, the C library used on BSD and macOS systems, has an exponential-time implementation. PHP is not shown in the graph, because its glob function simply invokes the host C library's glob(3), so that it runs in linear time on Linux and in exponential time on non-Linux systems. (I have not tested what happens on Windows.) All the languages shown in the graph, however, implement glob matching without using the host C library, so the results should not vary by host operating system. The netkit ftpd runs quickly on Linux because it relies on the host C library's glob function. If run on BSD, the netkit ftpd would take exponential time. ProFTPD ships a copy of the glibc glob, so it should run quickly even on BSD systems. Ironically, Pure-FTPd and tnftpd take exponential time on Linux because they ship a copy of the BSD glob function. Presumably they do this to avoid assuming that the host C library is bug-free, but, at least in this one case, the host C library is better than the one they ship. Additional Reading This post is an elaboration of an informal 2012 Google+ post showing that most shells used exponential-time glob expansion. At the time, Tom Duff, the author of Plan 9's rc shell, commented that, “I can confirm that rc gets it wrong. My excuse, feeble as it is, is that doing it that way meant that the code took 10 minutes to write, but it took 20 years for someone to notice the problem. (That's 10 ‘programmer minutes', i.e. less than a day.)” I agree that's a reasonable decision for a shell. In contrast, a language library routine, not to mention a network server, today needs to be robust against worst-case inputs that might be controlled by remote attackers, but nearly all of the code in question predates that kind of concern. I didn't realize the connection to FTP servers until I started doing additional research for this post and came across a reference to CVE-2010-2632 in FreeBSD's glob implementation. BSD VPS Providers Needed (https://torbsd.github.io/blog.html#bsd-vps) One of TDP's recent projects is accumulating a list of virtual private server services (VPS) that provide a BSD option. VPS's are generally inexpensive services that enable the user to only concern themselves with software configuration, and not be bothered with hardware or basic operating system setup. In the pre-Cloud era, VPS providers were the “other people's computers” that users outsourced their systems to. The same shortcomings of cloud services apply to VPS providers. You don't control the hardware. Your files are likely viewable by users up the directory hierarchy. The entropy source or pool is a single source for multiple systems. The same time drift applies to all time-keeping services. Nevertheless, VPS services are often cheap and provide a good spread in terms of geography. All a provider really needs is a few server-grade computers and a decent network connection. VPS's are still a gateway drug to bare-metal servers, although it seems more and more of these gateway users stop at stage one. Cheap systems with a public IP are also a great way to tinker with a new operating system. For this reason, TDP created this list of BSD VPS providers. Some explicitly deny running Tor as a server. Some just reference vague “proxy services.” Others don't mention Tor or proxies at all. The list is a start with currently just under 70 VPS providers listed. Input through various channels already started, and TDP intends to update the list over the coming months. A first draft email and open letter addressed to the providers were drafted, and we are looking to speak directly to at least some of the better-known BSD VPS providers. We may be able to convince a few to allow public Tor relays, or at least published bridges. These providers could be new BSD users' gateway drug into the world of BSD Tor nodes. Running a Tor relay shouldn't be considered a particularly risky activity. Maybe we can adjust that perception. Let us know any input via email or GitHub, and we'll be glad to make updates. Beastie Bits Avoid OS Detection with OpenBSD (https://blog.cagedmonster.net/avoid-os-detection-openbsd/) TrueOS update to fix updating (https://www.trueos.org/blog/update-fix-updating/) MidnightBSD 0.8.5 VirtualBox Install (https://www.youtube.com/watch?v=I08__ZWaJ0w) BSD Pizza Night in Portland (http://calagator.org/events/tag/BSD) *** Feedback/Questions Andrew - BSDCan videos? (http://dpaste.com/08E90PX) Marc - The Rock64 Board (http://dpaste.com/08KE40G) Jason - Follow up on UEFI and Bhyve (http://dpaste.com/2EP7BFC) Patrick - EFI booting (http://dpaste.com/34Z9SFM) ***

Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry. This episode was brought to you by Headlines NetBSD 7.0 Release Announcement (http://www.netbsd.org/releases/formal-7/NetBSD-7.0.html) DRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15) Multiprocessor ARM support. Support for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black Major NPF improvements: BPF with just-in-time (JIT) compilation by default support for dynamic rules support for static (stateless) NAT support for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296 support for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups) Multiprocessor support in the USB subsystem. GPT support in sysinst via the extended partitioning menu. Lua kernel scripting GCC 4.8.4, which brings support for C++11 Experimental support for SSD TRIM in wd(4) and FFS tetris(6): Add colours and a 'down' key, defaulting to 'n'. It moves the block down a line, if it fits. *** CloudFlare develops interesting new netmap feature (https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/) Normally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers CloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap The change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing The RSS or other hashing must be modified to not direct traffic to this queue Then specific flows are directed to the netmap application for matching traffic For example under Linux: ethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1 ethtool -K eth3 lro off gro off ethtool -N eth3 flow-type udp4 dst-port 53 action 4 Directs all name server traffic to NIC queue number 4 Currently there is no tool like ethtool to accomplish this same under FreeBSD I wonder if the flows could be identified more specifically using something like ipfw-netmap *** Building your own OpenBSD based Mail server! (http://www.theregister.co.uk/2015/09/12/feature_last_post_build_mail_server/?mt=1442858572214) part 2 (http://www.theregister.co.uk/2015/09/19/feature_last_post_build_mailserver_part_2/) part 3 (http://www.theregister.co.uk/2015/09/26/feature_last_post_build_mailserver_part_3/) The UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7 In this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server (http://www.theregister.co.uk/2015/07/24/review_acer_revo_one_rl85_/) While a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning. Getting started with the UEFI bootloader on OpenBSD (http://blog.jasper.la/openbsd-uefi-bootloader-howto/) If you've been listening over the past few weeks, you've heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system. The initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location. As a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example) *** Recipe for building a 10Mpps FreeBSD based router (http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html) Olivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router As he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR. He mentions that this doesn't work quite on stock FreeBSD yet, you will need to pull code in from the projects/routing (https://svnweb.freebsd.org/base/projects/routing/) which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8. If you don't feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks Bonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance. *** Interview - Brandon Mercer - bmercer@openbsd.org (mailto:bmercer@openbsd.org) / @knowmercymod (https://twitter.com/knowmercymod) OpenBSD in Healthcare Sorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording *** News Roundup Nvidia releases new beta FreeBSD driver along with new kernel module (https://devtalk.nvidia.com/default/topic/884727/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-358-09-beta-/) Includes a new kernel module, nvidia-modeset.ko While this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel. The beta adds support for 805A and 960A nvidia cards Also fixes a memory leak and some regressions *** MidnightBSD 0.7-RELEASE (http://www.midnightbsd.org/pipermail/midnightbsd-users/Week-of-Mon-20150914/003462.html) We missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release This release primarily focuses on stability, but also includes important security fixes as well. It cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression Their custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal. They note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only. *** "Open Source as a Career Path" (http://media.medfarm.uu.se/play/video/5400) The FreeBSD Project held a panel discussion (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon The Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself We attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side During the question period, Dan gave a great answer (https://gist.github.com/dlangille/e262bccdea08b89b5360) to the question of .Why do open source projects still use old technologies like mailing lists and IRC. The day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle. The following day, Dan also gave a workshop (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) on how to contribute to an open source project *** Beastie-Bits NetBSD 2015PkgSrc Freeze (http://mail-index.netbsd.org/pkgsrc-users/2015/09/12/msg022186.html) Support for 802.11N for RealTek USB in FreeBSD (https://github.com/freebsd/freebsd/commits/master/sys/dev/usb/wlan/if_rsu.c) Wayland ported to DragonFlyBSD (https://github.com/DragonFlyBSD/DeltaPorts/pull/123) OpenSMTPd developer debriefs on audit report (http://undeadly.org/cgi?action=article&sid=20151013161745) FreeBSD fixes issue with pf under Xen with TSO. Errata coming soon (https://svnweb.freebsd.org/base?view=revision&revision=289316) Xinuos funds the HardenedBSD project (http://slexy.org/view/s2EBjrxQ9M) Feedback/Questions Evan (http://slexy.org/view/s21PMmNFIs) Darin writes in (http://slexy.org/view/s20qH07ox0) Jochen writes in (http://slexy.org/view/s2d0SFmRlD) ***

News:I was interviewed on the LinuxReality podcast.Interview with MidnightBSD founder Lucas Holt.File Info: 15Min, 7MB.Ogg Link:https://archive.org/download/bsdtalk126/bsdtalk126.ogg

Coming up this week, we'll be chatting with Lucas Holt, founder of MidnightBSD. It's a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We'll find out what's different about it and why it was created. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Zocker, it's like docker on FreeBSD (http://toni.yweb.fi/2015/05/zocker-diy-docker-on-freebsd.html) Containment is always a hot topic, and docker has gotten a lot of hype in Linux land in the last couple years - they're working on native FreeBSD support at the moment This blog post is about a docker-like script, mainly for ease-of-use, that uses only jails and ZFS in the base system In total, it's 1,500 lines of shell script (https://github.com/toddnni/zocker) The post goes through the process of using the tool, showing off all the subcommands and explaining the configuration In contrast to something like ezjail, Zocker utilizes the jail.conf system in the 10.x branch *** Patrol Read in OpenBSD (https://www.marc.info/?l=openbsd-cvs&m=143285964216970&w=4) OpenBSD has recently imported some new code to support the Patrol Read (http://www.intel.com/support/motherboards/server/sb/CS-028742.htm) function of some RAID controllers In a nutshell, Patrol Read is a function that lets you check the health of your drives in the background, similar to a zpool "scrub" operation The goal is to protect file integrity by detecting drive failures before they can damage your data It detects bad blocks and prevents silent data corruption, while marking any bad sectors it finds *** HAMMER 2 improvements (http://lists.dragonflybsd.org/pipermail/commits/2015-May/418653.html) DragonFly BSD has been working on the second generation HAMMER FS It now uses LZ4 compression by default, which we've been big fans of in ZFS They've also switched to a faster CRC (http://lists.dragonflybsd.org/pipermail/commits/2015-May/418652.html) algorithm, further improving HAMMER's performance, especially (http://lists.dragonflybsd.org/pipermail/commits/2015-May/418651.html) when using iSCSI *** FreeBSD foundation May update (https://www.freebsdfoundation.org/press/2015mayupdate.pdf) The FreeBSD foundation has published another update newsletter, detailing some of the things they've been up to lately In it, you'll find some development status updates: notably more ARM64 work and the addition of 64 bit Linux emulation Some improvements were also made to FreeBSD's release building process for non-X86 architectures There's also an AsiaBSDCon recap that covers some of the presentations and the dev events They also have an accompanying blog post (http://freebsdfoundation.blogspot.com/2015/05/another-data-center-site-visit-nyi.html) where Glen Barber talks about more sysadmin and clusteradm work at NYI *** Interview - Lucas Holt - questions@midnightbsd.org (mailto:questions@midnightbsd.org) / @midnightbsd (https://twitter.com/midnightbsd) MidnightBSD News Roundup The launchd on train is never coming (http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/launchd-on-bsd.html) Replacement of init systems has been quite controversial in the last few years Fortunately, the BSDs have avoided most of that conflict thus far, but there have been a few efforts made to port launchd from OS X (https://en.wikipedia.org/wiki/Launchd) This blog post details the author's opinion on why he thinks we're never going to have launchd in any of the BSDs Email us your thoughts on the matter *** Native SSH comes to… Windows (http://blogs.msdn.com/b/looking_forward_microsoft__support_for_secure_shell_ssh1/archive/2015/06/02/managing-looking-forward-microsoft-support-for-secure-shell-ssh.aspx) In what may be the first (and last) mention of Microsoft on BSD Now... They've just recently announced that PowerShell will get native SSH support in the near future It's not based on the commercial SSH either, it's the same one from OpenBSD that we already use everywhere Up until now, interacting between BSD and Windows has required something like PuTTY, WinSCP, FileZilla or Cygwin - most of which are based on really outdated versions The announcement also promises that they'll be working with the OpenSSH community, so we'll see how many Microsoft-submitted patches make it upstream (or how many donations (http://www.openbsdfoundation.org/index.html) they make) *** Moving to FreeBSD (http://www.textplain.net/blog/2015/moving-to-freebsd/) This blog post describes a long-time Linux user's first BSD switching experience The author first talks about his Linux journey, eventually coming to love the more customization-friendly systems, but the journey ended with systemd After doing a bit of research, he gave FreeBSD a try and ended up liking it - the rest of the post mostly covers why that is He also plans to write about his experience with other BSDs, and is writing some tutorials too - we'll check in with him again later on *** Feedback/Questions Adam writes in (http://slexy.org/view/s29hS2cI05) Dan writes in (http://slexy.org/view/s20VRZYBsw) Ivan writes in (http://slexy.org/view/s20bumJ5u9) Josh writes in (http://slexy.org/view/s21BU6Pnka) ***

Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines New PAE support in OpenBSD (https://www.marc.info/?l=openbsd-cvs&m=142990524317070&w=2) OpenBSD has just added Physical Address Extention (https://en.wikipedia.org/wiki/Physical_Address_Extension) support to the i386 architecture, but it's probably not what you'd think of when you hear the term In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that Instead, this change specifically allows the system to use the No-eXecute Bit (https://en.wikipedia.org/wiki/NX_bit#OpenBSD) of the processor for the userland, further hardening the in-place memory protections Other operating systems enable the CPU feature without doing anything to the page table entries (https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table), so they do get the available memory expansion, but don't get the potential security benefit As we discussed in a previous episode (http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach), the AMD64 platform already saw some major W^X kernel and userland improvements - the i386 kernel reworking will begin shortly Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W^X that was already there The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8 *** Booting Windows in bhyve (https://twitter.com/nahannisys/status/591733319357730816) Work on FreeBSD's bhyve (http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind) continues, and a big addition is on the way Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter Graphics emulation is still in the works; this image was taken by booting headless and using RDP A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan) Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts *** MidnightBSD 0.6 released (http://www.midnightbsd.org/notes/) MidnightBSD is a smaller project we've not covered a lot on the show before It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use They also have their own, smaller version of FreeBSD ports, called "mports" If you're already using it, this new version is mainly a security and bugfix release It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions You can check their site (http://www.midnightbsd.org/about/) for more information about the project We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet *** OpenBSD rewrites the file utility (https://www.marc.info/?l=openbsd-cvs&m=142989267412968&w=4) We're all probably familiar with the traditional file (https://en.wikipedia.org/wiki/File_%28command%29) command - it's been around since the 1970s (http://darwinsys.com/file/) For anyone who doesn't know, it's used to determine what type of file something actually is This tool doesn't see a lot of development these days, and it's had its share of security issues as well Some of those security issues remain (https://www.marc.info/?l=openbsd-tech&m=141857001403570&w=2) unfixed (https://www.marc.info/?l=freebsd-security&m=142980545021888&w=2) in various BSDs even today, despite being publicly known for a while It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it When you think about it, file was technically designed to be used on untrusted files OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny This new version will, by default, run as an unprivileged user (https://www.marc.info/?l=openbsd-cvs&m=143014212727213&w=2) with no shell, and in a systrace sandbox (https://www.marc.info/?l=openbsd-cvs&m=143014276127454&w=2), strictly limiting what system calls can be made With these two things combined, it should drastically reduce the damage a malicious file could potentially do Ian Darwin, the original author of the utility, saw the commit and replied (https://www.marc.info/?l=openbsd-cvs&m=142989483913635&w=4), in what may be a moment in BSD history to remember It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version Coincidentally, the lead developer and current maintainer of file just happens to be our guest today… *** Interview - Christos Zoulas - christos@netbsd.org (mailto:christos@netbsd.org) blacklistd (https://www.youtube.com/watch?v=0UKCAsezF3Q) and NetBSD advocacy News Roundup GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/projects/list/google/gsoc2015) The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list FreeBSD's list (https://wiki.freebsd.org/SummerOfCode2015Projects) includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication OpenBSD's list (http://www.openbsdfoundation.org/gsoc2015.html) includes: asynchronous USB transfer submission from userland, ARM SD/MMC & controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD We'll be sure to keep you up to date on developments from both projects Hopefully the other BSDs will make the cut too next year *** FreeBSD on the Gumstix Duovero (http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html) If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module (https://store.gumstix.com/index.php/coms/duovero-coms.html) They actually look more like a stick of RAM than a mini-computer This article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd (https://github.com/freebsd/crochet) If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us *** EU study recommends OpenBSD (https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D) A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools This is especially important, in all countries, after the mass surveillance documents came out "[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts." The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways" Reddit, Undeadly and Hacker News also had (https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/) some (http://undeadly.org/cgi?action=article&sid=20150427093546) discussion (https://news.ycombinator.com/item?id=9445831), particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer (http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq) and M:Tier (http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual) before *** FreeBSD workflow with Git (https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html) If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too This mailing list post talks about interacting between (https://wiki.freebsd.org/GitWorkflow/GitSvn) the official source repository and the Git mirror This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved *** Feedback/Questions Sean writes in (http://slexy.org/view/s2vjh3ogvG) Bryan writes in (http://slexy.org/view/s20GMcWvKE) Sean writes in (http://slexy.org/view/s21M1imT3d) Charles writes in (http://slexy.org/view/s25ScxQSwb) ***

We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines NetBSD at Hiroshima Open Source Conference (http://mail-index.netbsd.org/netbsd-advocacy/2014/09/26/msg000669.html) NetBSD developers are hard at work, putting NetBSD on everything they can find At a technology conference in Hiroshima, some developers brought their exotic machines to put on display As usual, there are lots of pictures and a nice report from the conference *** FreeBSD's Linux emulation overhaul (https://svnweb.freebsd.org/ports?limit_changes=0&view=revision&revision=368845) For a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system If you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk With some recent work, that's been replaced with a recent CentOS release This opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday *** pfSense 2.2-BETA (https://blog.pfsense.org/?p=1449) Big changes are coming in pfSense land, with their upcoming 2.2 release We talked to the developer (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) a while back about future plans, and now they're finally out there The 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes It also includes some security updates, lots of package changes and updates and much more You can check the full list of changes (https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes) on their wiki *** NetBSD on the Raspberry Pi (http://www.cambus.net/netbsd-on-the-raspberry-pi/) This article shows how you can install NetBSD on the ever-so-popular Raspberry Pi As of right now, you'll need to use a -CURRENT snapshot to do it It also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up Can anyone find something that you can't install NetBSD on? *** Interview - Steve Wills - swills@freebsd.org (mailto:swills@freebsd.org) / @swills (https://twitter.com/swills) Mentoring new BSD developers News Roundup MidnightBSD 0.5 released (http://www.midnightbsd.org/notes/) We don't hear a whole lot about MidnightBSD, but they've just released version 0.5 It's got a round of the latest FreeBSD security patches, driver updates and various small things Maybe one of their developers could come on the show sometime and tell us more about the project *** BSD Router Project 1.52 released (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.52/) The newest update for the BSD Router Project is out This version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE It's mostly a bugfix release, but includes some small changes and package updates *** Configuring a DragonFly BSD desktop (http://www.dragonflydigest.com/2014/09/19/14751.html) We've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly In this post from Justin Sherrill, you'll learn some of the steps to do just that He pulled out an old desktop machine, gave it a try and seems to be pleased with the results It includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer *** Building a mini-ITX pfSense box (http://pakitong.blogspot.com/2014/09/jetway-j7f2-four-lan-mini-itx-for.html) Another week, another pfSense firewall build post This time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports He used to be a m0n0wall guy, but wanted to give the more modern pfSense a try Lots of great pictures of the hardware, which we always love *** Feedback/Questions Damian writes in (http://slexy.org/view/s2184TfOKD) Jan writes in (http://slexy.org/view/s20uAdTwLv) Dale writes in (http://slexy.org/view/s20es52IgZ) Joe writes in (http://slexy.org/view/s2mjulpac6) Bostjan writes in (http://slexy.org/view/s2BvNC8cgi) ***

This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines pfSense 2.1.4 released (https://blog.pfsense.org/?p=1377) The pfSense team (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) has released 2.1.4, shortly after 2.1.3 - it's mainly a security release Included within are eight security fixes, most of which are pfSense-specific OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so) It also includes a large number of various other bug fixes Update all your routers! *** DragonflyBSD's pf gets SMP (http://lists.dragonflybsd.org/pipermail/commits/2014-June/270300.html) While we're on the topic of pf... Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas Stemming from a user's complaint (http://lists.dragonflybsd.org/pipermail/users/2014-June/128664.html), Matthew Dillon did his own work on pf to make it SMP-aware Altering your configuration (http://lists.dragonflybsd.org/pipermail/users/2014-June/128671.html)'s ruleset can also help speed things up, he found When will OpenBSD, the source of pf, finally do the same? *** ChaCha usage and deployment (http://ianix.com/pub/chacha-deployment.html) A while back, we talked to djm (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5 This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20 OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not Unfortunately, this article has one mistake: FreeBSD does not use it (https://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html) - they still use the broken RC4 algorithm *** BSDMag June 2014 issue (http://bsdmag.org/magazine/1864-tls-hardening-june-bsd-magazine-issue) The monthly online BSD magazine releases their newest issue This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities The free pdf file is available for download as always *** Interview - Craig Rodrigues - rodrigc@freebsd.org (mailto:rodrigc@freebsd.org) FreeBSD's continuous (https://wiki.freebsd.org/Jenkins) testing (https://docs.google.com/presentation/d/1yBiPxS1nKnVwRlAEsYeAOzYdpG5uzXTv1_7i7jwVCfU/edit#slide=id.p) infrastructure (https://jenkins.freebsd.org/jenkins/) Tutorial Creating pre-patched OpenBSD ISOs (http://www.bsdnow.tv/tutorials/stable-iso) News Roundup Preauthenticated decryption considered harmful (http://www.tedunangst.com/flak/post/preauthenticated-decryption-considered-harmful) Responding to a post (https://www.imperialviolet.org/2014/06/27/streamingencryption.html) from Adam Langley, Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) talks a little more about how signify and pkg_add handle signatures In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns With signify, now everything is fully downloaded and verified before tar is even invoked The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post Be sure to also read the original post from Adam, lots of good information *** FreeBSD 9.3-RC2 is out (https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/079092.html) As the -RELEASE inches closer, release candidate 2 is out and ready for testing Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things The updated bsdconfig will use pkgng style packages now too A lesser known fact: there are also premade virtual machine images you can use too *** pkgsrcCon 2014 wrap-up (http://saveosx.org/pkgsrcCon/) In what may be the first real pkgsrcCon article we've ever had! Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event Unfortunately no recordings to be found... *** PostgreSQL FreeBSD performance and scalability (https://kib.kiev.ua/kib/pgsql_perf.pdf) FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings Lots of technical details if you're interested in getting the best performance out of your hardware It also includes specific kernel options he used and the rest of the configuration If you don't want to open the pdf file, you can use this link (https://docs.google.com/viewer?url=https%3A%2F%2Fkib.kiev.ua%2Fkib%2Fpgsql_perf.pdf) too *** Feedback/Questions James writes in (http://slexy.org/view/s24pFjUPe4) Klemen writes in (http://slexy.org/view/s21OogIgTu) John writes in (http://slexy.org/view/s21rLcemNN) Brad writes in (http://slexy.org/view/s203Qsx6CZ) Adam writes in (http://slexy.org/view/s2eBj0FfSL) ***

We follow up last week's poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD. Headlines pfSense 2.1-RELEASE is out (http://blog.pfsense.org/?p=712) Now based on FreeBSD 8.3 Lots of IPv6 features added Security updates, bug fixes, driver updates PBI package support Way too many updates to list, see the full list (https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes) *** New kernel based iSCSI stack comes to FreeBSD (https://lists.freebsd.org/pipermail/freebsd-current/2013-September/044237.html) Brief explanation of iSCSI This work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator Target layer consists of: ctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase iSCSI frontend to CAM Target Layer, which handles Full Feature phase. The work is being sponsored by FreeBSD Foundation Commit here (http://freshbsd.org/commit/freebsd/r255570) *** MTier creates openup utility for OpenBSD (http://www.mtier.org/index.php/solutions/apps/openup/) MTier provides a number of things for the OpenBSD community For example, regularly updated (for security) stable packages from their custom repo openup is a utility to easily check for security updates in both base and packages It uses the regular pkg tools, nothing custom-made Can be run from cron, but only emails the admin instead of automatically updating *** OpenSSH in FreeBSD -CURRENT supports DNSSEC (https://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html) OpenSSH in base is now compiled with DNSSEC support In this case the default setting for ‘VerifyHostKeyDNS' is yes OpenSSH will silently trust DNSSEC-signed SSHFP records It is the secteam's opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key *** Interview - Gilles Chehade & Eric Faurot - gilles@poolp.org (mailto:gilles@poolp.org) / @poolpOrg (https://twitter.com/poolpOrg) & eric@openbsd.org (mailto:eric@openbsd.org) / @opensmtpd (https://twitter.com/opensmtpd) OpenSMTPD Tutorial Binary packages with pkgng (http://www.bsdnow.tv/tutorials/pkgng) News Roundup New progress with Newcons (http://raybsd.blogspot.com/2013/08/newcons-beginning.html) Newcons is a replacement console driver for FreeBSD Supports unicode, better graphics modes and bigger fonts Progress is being made, but it's not finished yet *** relayd gets PFS support (http://freshbsd.org/commit/openbsd/7e7bd0a7f61ea0005b5c2f763364ff8dfce03fe2) relayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7 Currently being ported to FreeBSD. There is a WIP port (https://www.freshports.org/net/relayd/) Works by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it *** OpenZFS Launches (http://open-zfs.org/wiki/Main_Page) Slides from LinuxCon (http://www.slideshare.net/MatthewAhrens/open-zfs-linuxcon) Will feature ‘Office Hours' (Ask an Expert) Goal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code *** FreeBSD 10-CURRENT becomes 10.0-ALPHA (http://freshbsd.org/commit/freebsd/r255489) Glen Barber tagged the -CURRENT branch as 10.0-ALPHA In preparation for 10.0-RELEASE, ALPHA2 as of 9/16 Everyone was rushing to get their big commits in before 10-STABLE, which will be branched soon 10 is gonna be HUGE (https://wiki.freebsd.org/WhatsNew/FreeBSD10) *** September issue of BSD Mag (http://bsdmag.org/magazine/1848-day-to-day-bsd-administration) BSD Mag is a monthly online magazine about the BSDs This month's issue has some content written by Kris Topics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS *** The FreeBSD IRC channel is official For many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix Finally it has freenode's blessing and looks like a normal channel! The old one will forward to the new one, so your IRC clients don't need updating *** OpenSSH 6.3 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031638.html) After a big delay, Damien Miller announced the release of 6.3 Mostly a bugfix release, with a few new features Of note, SFTP now supports resuming failed downloads via -a *** Feedback/Questions [James writes in](http://slexy.org/view/s2wBbbSWGz] [Elias writes in](http://slexy.org/view/s2LMDF3PYx] [Gabor writes in](http://slexy.org/view/s2aCodo65X] Possibly the coolest feedback we've gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation! ***