Podcasts about openldap

Howard Chu, CTO of Symas Corp and chief architect of the OpenLDAP project, discusses the key features of B+Tree Data Structures which make it the default selection for efficient and predictable storage of sorted data.

table td.shrink { white-space:nowrap } New hosts Welcome to our new host: timttmy. Last Month's Shows Id Day Date Title Host 3281 Mon 2021-03-01 HPR Community News for February 2021 HPR Volunteers 3282 Tue 2021-03-02 HP Laptop with AMD Ryzen 3 Mobile with Radeon Graphics Some Guy On The Internet 3283 Wed 2021-03-03 HPR RPG Club reviews Dead Earth klaatu 3284 Thu 2021-03-04 Introduction to gdb klaatu 3285 Fri 2021-03-05 Upgrading Lubuntu on my Samsung N150 Plus netbook MrX 3286 Mon 2021-03-08 Wireguard How To timttmy 3287 Tue 2021-03-09 Quick tip Archer72 3288 Wed 2021-03-10 Linux Inlaws S01E25: The Grumpy Old Coders monochromec 3289 Thu 2021-03-11 NextCloud the hard way Ken Fallon 3290 Fri 2021-03-12 GIMP: More on Layer Tools and Techniques Ahuka 3291 Mon 2021-03-15 The New Audacity and Batch Processing Macros Ahuka 3292 Tue 2021-03-16 Squirrel FSF blog Zen_Floater2 3293 Wed 2021-03-17 HPR RPG Club reviews Dungeon Raiders klaatu 3294 Thu 2021-03-18 Update to MakeMKV to back up media Archer72 3295 Fri 2021-03-19 Renewing a Let's Encrypt cert for Home Network use Ken Fallon 3296 Mon 2021-03-22 Spam Bot Honey Pot Rho`n 3297 Tue 2021-03-23 Nextcloud Application Updating ToeJet 3298 Wed 2021-03-24 Poisoning The Well Some Guy On The Internet 3299 Thu 2021-03-25 Linux Inlaws S01E26: Make your Linux harder monochromec 3300 Fri 2021-03-26 YouTube Channels for Learning Spanish, Part 1 Ahuka 3301 Mon 2021-03-29 K S P Kerbal Space Program! (Game) operat0r 3302 Tue 2021-03-30 Input Methods on Ubuntu clacke 3303 Wed 2021-03-31 Slackware on RaspberryPi Brian in Ohio Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 15 comments in total. Past shows There are 3 comments on 3 previous shows: hpr3153 (2020-09-02) "Fixing eBooks with Calibre and pdfcrop" by Ken Fallon. Comment 2: Ken Fallon on 2021-03-03: "Thanks Again." hpr3241 (2021-01-04) "HPR Community News for December 2020" by HPR Volunteers. Comment 4: clacke on 2021-03-03: "OpenLDAP on BDB?" hpr3262 (2021-02-02) "My thoughts on diversity in Linux and open source" by swift110. Comment 6: bjhend on 2021-03-08: "Get rid of bad terms in IT" This month's shows There are 12 comments on 7 of this month's shows: hpr3282 (2021-03-02) "HP Laptop with AMD Ryzen 3 Mobile with Radeon Graphics" by Some Guy On The Internet. Comment 1: frank on 2021-03-18: "Using your OEM Windows key in a VM" hpr3289 (2021-03-11) "NextCloud the hard way" by Ken Fallon. Comment 1: monochromec on 2021-01-29: "apachectl restart vs. systemctl restart apache2.service" hpr3291 (2021-03-15) "The New Audacity and Batch Processing Macros" by Ahuka. Comment 1: RmccurdyDOTcom on 2021-03-15: "audio"Comment 2: Gumnos on 2021-03-26: "Which hardware podcast player did you move to?"Comment 3: Kevin O'Brien on 2021-03-27: "Your answer" hpr3292 (2021-03-16) "Squirrel FSF blog" by Zen_Floater2. Comment 1: Ken Fallon on 2021-03-09: "Good Question"Comment 2: A listener on 2021-03-16: "Enjoyed the podcast, but..."Comment 3: Kevin O'Brien on 2021-03-18: "Thank you"Comment 4: Thaj on 2021-03-27: "Well..." hpr3296 (2021-03-22) "Spam Bot Honey Pot" by Rho`n. Comment 1: Kevin O'Brien on 2021-03-25: "Great show!" hpr3298 (2021-03-24) "Poisoning The Well" by Some Guy On The Internet. Comment 1: Windigo on 2021-03-25: "Agreed" hpr3299 (2021-03-25) "Linux Inlaws S01E26: Make your Linux harder" by monochromec. Comment 1: nobody on 2021-03-25: "Other MAC implementations" Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mail List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: http://hackerpublicradio.org/pipermail/hpr_hackerpublicradio.org/2021-March/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page. Any other business Tags and Summaries Thanks to the following contributor for sending in updates in the past month: Dave Morriss Over the period tags and/or summaries have been added to 10 shows which were without them. There are now 404 shows which need a summary and/or tags. If you would like to contribute to the tag/summary project visit the summary page at https://hackerpublicradio.org/report_missing_tags.php and follow the instructions there.

This week we discuss security updates in Linux Mint, Google funding Linux kernel security development and details for security updates in BIND, OpenSSL, Jackson, OpenLDAP and more.

This week we look at vulnerabilities in MoinMoin, OpenLDAP, Kerberos, Raptor (including a discussion of CVE workflows and the oss-security mailing list) and more, whilst in community news we talk about the upcoming AppArmor webinar, migration of Ubuntu CVE information to ubuntu.com and reverse engineering of malware by the Canonical Sustaining Engineering team.

Special guest, Tim McNamara, author of Rust In Action talks all things Rust plus we look at security updates for Linux bluetooth firmware, OpenLDAP, PulseAudio, Squid and more.

Howard Chu, CTO of Symas Corp and chief architect of the OpenLDAP project, discusses the key technical features of the Lightning Memory-mapped Database (LMDB) that make it one of the fastest, most efficient, and safest embedded data stores in the world. Host Gavin Henry spoke with Chu about B+tree data structures, multi-version concurrency control, memory-mapped […]

DragonflyBSD’s hammer1 encrypted master/slave setup, second part of our BSDCan recap, NomadBSD 1.1-RC1 available, OpenBSD adds an LDAP client to base, FreeBSD gets pNFS support, Intel FPU Speculation Vulnerability confirmed, and what some Unix command names mean. ##Headlines DragonflyBSD: Towards a HAMMER1 master/slave encrypted setup with LUKS I just wanted to share my experience with setting up DragonFly master/slave HAMMER1 PFS’s on top of LUKS So after a long time using an Synology for my NFS needs, I decided it was time to rethink my setup a little since I had several issues with it : You cannot run NFS on top of encrypted partitions easily I suspect I am having some some data corruption (bitrot) on the ext4 filesystem the NIC was stcuk to 100 Mbps instead of 1 Gbps even after swapping cables, switches, you name it It’s proprietary I have been playing with DragonFly in the past and knew about HAMMER, now I just had the perfect excuse to actually use it in production :) After setting up the OS, creating the LUKS partition and HAMMER FS was easy : kdload dm cryptsetup luksFormat /dev/serno/ cryptsetup luksOpen /dev/serno/ fort_knox newfs_hammer -L hammer1_secure_master /dev/mapper/fort_knox cryptsetup luksFormat /dev/serno/ cryptsetup luksOpen /dev/serno/ fort_knox_slave newfs_hammer -L hammer1_secure_slave /dev/mapper/fort_knox_slave Mount the 2 drives : mount /dev/mapper/fort_knox /fort_knox mount /dev/mapper_fort_know_slave /fort_knox_slave You can now put your data under /fort_knox Now, off to setting up the replication, first get the shared-uuid of /fort_knox hammer pfs-status /fort_knox Create a PFS slave “linked” to the master hammer pfs-slave /fort_knox_slave/pfs/slave shared-uuid=f9e7cc0d-eb59-10e3-a5b5-01e6e7cefc12 And then stream your data to the slave PFS ! hammer mirror-stream /fort_knox /fort_knox_slave/pfs/slave After that, setting NFS is fairly trivial even though I had problem with the /etc/exports syntax which is different than Linux There’s a few things I wish would be better though but nothing too problematic or without workarounds : Cannot unlock LUKS partitions at boot time afaik (Acceptable tradeoff for the added security LUKS gives me vs my old Synology setup) but this force me to run a script to unlock LUKS, mount hammer and start mirror-stream at each boot No S1/S3 sleep so I made a script to shutdown the system when there’s no network neighborgs to serve the NFS As my system isn’t online 24/7 for energy reasons, I guess will have to run hammer cleanup myself from time to time Some uncertainty because hey, it’s kind of exotic but exciting too :) Overall, I am happy, HAMMER1 and PFS are looking really good, DragonFly is a neat Unix and the community is super friendly (Matthew Dillon actually provided me with a kernel patch to fix the broken ACPI on the PC holding this setup, many thanks!), the system is still a “work in progress” but it is already serving my files as I write this post. Let’s see in 6 months how it goes in the longer run ! Helpful resources : https://www.dragonflybsd.org/docs/how_to_implement_hammer_pseudo_file_system__40___pfs___41___slave_mirroring_from_pfs_master/ ###BSDCan 2018 Recap As promised, here is our second part of our BSDCan report, covering the conference proper. The last tutorials/devsummit of that day lead directly into the conference, as people could pick up their registration packs at the Red Lion and have a drink with fellow BSD folks. Allan and I were there only briefly, as we wanted to get back to the “Newcomers orientation and mentorship” session lead by Michael W. Lucas. This session is intended for people that are new to BSDCan (maybe their first BSD conference ever?) and may have questions. Michael explained everything from the 6-2-1 rule (hours of sleep, meals per day, and number of showers that attendees should have at a minimum), to the partner and widowers program (lead by his wife Liz), to the sessions that people should not miss (opening, closing, and hallway track). Old-time BSDCan folks were asked to stand up so that people can recognize them and ask them any questions they might have during the conferences. The session was well attended. Afterwards, people went for dinner in groups, a big one lead by Michael Lucas to his favorite Shawarma place, followed by gelato (of course). This allowed newbies to mingle over dinner and ice cream, creating a welcoming atmosphere. The next day, after Dan Langille opened the conference, Benno Rice gave the keynote presentation about “The Tragedy of Systemd”. Benedict went to the following talks: “Automating Network Infrastructures with Ansible on FreeBSD” in the DevSummit track. A good talk that connected well with his Ansible tutorial and even allowed some discussions among participants. “All along the dwatch tower”: Devin delivered a well prepared talk. I first thought that the number of slides would not fit into the time slot, but she even managed to give a demo of her work, which was well received. The dwatch tool she wrote should make it easy for people to get started with DTrace without learning too much about the syntax at first. The visualizations were certainly nice to see, combining different tools together in a new way. ZFS BoF, lead by Allan and Matthew Ahrens SSH Key Management by Michael W. Lucas. Yet another great talk where I learned a lot. I did not get to the SSH CA chapter in the new SSH Mastery book, so this was a good way to wet my appetite for it and motivated me to look into creating one for the cluster that I’m managing. The rest of the day was spent at the FreeBSD Foundation table, talking to various folks. Then, Allan and I had an interview with Kirk McKusick for National FreeBSD Day, then we had a core meeting, followed by a core dinner. Day 2: “Flexible Disk Use in OpenZFS”: Matthew Ahrens talking about the feature he is implementing to expand a RAID-Z with a single disk, as well as device removal. Allan’s talk about his efforts to implement ZSTD in OpenZFS as another compression algorithm. I liked his overview slides with the numbers comparing the algorithms for their effectiveness and his personal story about the sometimes rocky road to get the feature implemented. “zrepl - ZFS replication” by Christian Schwarz, was well prepared and even had a demo to show what his snapshot replication tool can do. We covered it on the show before and people can find it under sysutils/zrepl. Feedback and help is welcome. “The Evolution of FreeBSD Governance” by Kirk McKusick was yet another great talk by him covering the early days of FreeBSD until today, detailing some of the progress and challenges the project faced over the years in terms of leadership and governance. This is an ongoing process that everyone in the community should participate in to keep the project healthy and infused with fresh blood. Closing session and auction were funny and great as always. All in all, yet another amazing BSDCan. Thank you Dan Langille and your organizing team for making it happen! Well done. Digital Ocean ###NomadBSD 1.1-RC1 Released The first – and hopefully final – release candidate of NomadBSD 1.1 is available! Changes The base system has been upgraded to FreeBSD 11.2-RC3 EFI booting has been fixed. Support for modern Intel GPUs has been added. Support for installing packages has been added. Improved setup menu. More software packages: benchmarks/bonnie++ DSBDisplaySettings DSBExec DSBSu mail/thunderbird net/mosh ports-mgmt/octopkg print/qpdfview security/nmap sysutils/ddrescue sysutils/fusefs-hfsfuse sysutils/fusefs-sshfs sysutils/sleuthkit www/lynx x11-wm/compton x11/xev x11/xterm Many improvements and bugfixes The image and instructions can be found here. ##News Roundup LDAP client added to -current CVSROOT: /cvs Module name: src Changes by: reyk@cvs.openbsd.org 2018/06/13 09:45:58 Log message: Import ldap(1), a simple ldap search client. We have an ldapd(8) server and ypldap in base, so it makes sense to have a simple LDAP client without depending on the OpenLDAP package. This tool can be used in an ssh(1) AuthorizedKeysCommand script. With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@ OK deraadt@ Status: Vendor Tag: reyk Release Tags: ldap_20180613 N src/usr.bin/ldap/Makefile N src/usr.bin/ldap/aldap.c N src/usr.bin/ldap/aldap.h N src/usr.bin/ldap/ber.c N src/usr.bin/ldap/ber.h N src/usr.bin/ldap/ldap.1 N src/usr.bin/ldap/ldapclient.c N src/usr.bin/ldap/log.c N src/usr.bin/ldap/log.h No conflicts created by this import ###Intel® FPU Speculation Vulnerability Confirmed Earlier this month, Philip Guenther (guenther@) committed (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs. Theo de Raadt (deraadt@) discussed this in his BSDCan 2018 session. Using information disclosed in Theo’s talk, Colin Percival developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the official announcement of the vulnerability. FPU change in FreeBSD Summary: System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel. Description: System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. · CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Affected Products: Intel® Core-based microprocessors. Recommendations: If an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore. Acknowledgements: Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue and working with us on coordinated disclosure. iXsystems iX Ad Spot iX Systems - BSDCan 2018 Recap ###FreeBSD gets pNFS support Merge the pNFS server code from projects/pnfs-planb-server into head. This code merge adds a pNFS service to the NFSv4.1 server. Although it is a large commit it should not affect behaviour for a non-pNFS NFS server. Some documentation on how this works can be found at: Merge the pN http://people.freebsd.org/~rmacklem/pnfs-planb-setup.txt and will hopefully be turned into a proper document soon. This is a merge of the kernel code. Userland and man page changes will come soon, once the dust settles on this merge. It has passed a "make universe", so I hope it will not cause build problems. It also adds NFSv4.1 server support for the "current stateid". Here is a brief overview of the pNFS service: A pNFS service separates the Read/Write operations from all the other NFSv4.1 Metadata operations. It is hoped that this separation allows a pNFS service to be configured that exceeds the limits of a single NFS server for either storage capacity and/or I/O bandwidth. It is possible to configure mirroring within the data servers (DSs) so that the data storage file for an MDS file will be mirrored on two or more of the DSs. When this is used, failure of a DS will not stop the pNFS service and a failed DS can be recovered once repaired while the pNFS service continues to operate. Although two way mirroring would be the norm, it is possible to set a mirroring level of up to four or the number of DSs, whichever is less. The Metadata server will always be a single point of failure, just as a single NFS server is. A Plan B pNFS service consists of a single MetaData Server (MDS) and K Data Servers (DS), all of which are recent FreeBSD systems. Clients will mount the MDS as they would a single NFS server. When files are created, the MDS creates a file tree identical to what a single NFS server creates, except that all the regular (VREG) files will be empty. As such, if you look at the exported tree on the MDS directly on the MDS server (not via an NFS mount), the files will all be of size 0. Each of these files will also have two extended attributes in the system attribute name space: pnfsd.dsfile - This extended attrbute stores the information that the MDS needs to find the data storage file(s) on DS(s) for this file. pnfsd.dsattr - This extended attribute stores the Size, AccessTime, ModifyTime and Change attributes for the file, so that the MDS doesn't need to acquire the attributes from the DS for every Getattr operation. For each regular (VREG) file, the MDS creates a data storage file on one (or more if mirroring is enabled) of the DSs in one of the "dsNN" subdirectories. The name of this file is the file handle of the file on the MDS in hexadecimal so that the name is unique. The DSs use subdirectories named "ds0" to "dsN" so that no one directory gets too large. The value of "N" is set via the sysctl vfs.nfsd.dsdirsize on the MDS, with the default being 20. For production servers that will store a lot of files, this value should probably be much larger. It can be increased when the "nfsd" daemon is not running on the MDS, once the "dsK" directories are created. For pNFS aware NFSv4.1 clients, the FreeBSD server will return two pieces of information to the client that allows it to do I/O directly to the DS. DeviceInfo - This is relatively static information that defines what a DS is. The critical bits of information returned by the FreeBSD server is the IP address of the DS and, for the Flexible File layout, that NFSv4.1 is to be used and that it is "tightly coupled". There is a "deviceid" which identifies the DeviceInfo. Layout - This is per file and can be recalled by the server when it is no longer valid. For the FreeBSD server, there is support for two types of layout, call File and Flexible File layout. Both allow the client to do I/O on the DS via NFSv4.1 I/O operations. The Flexible File layout is a more recent variant that allows specification of mirrors, where the client is expected to do writes to all mirrors to maintain them in a consistent state. The Flexible File layout also allows the client to report I/O errors for a DS back to the MDS. The Flexible File layout supports two variants referred to as "tightly coupled" vs "loosely coupled". The FreeBSD server always uses the "tightly coupled" variant where the client uses the same credentials to do I/O on the DS as it would on the MDS. For the "loosely coupled" variant, the layout specifies a synthetic user/group that the client uses to do I/O on the DS. The FreeBSD server does not do striping and always returns layouts for the entire file. The critical information in a layout is Read vs Read/Writea and DeviceID(s) that identify which DS(s) the data is stored on. At this time, the MDS generates File Layout layouts to NFSv4.1 clients that know how to do pNFS for the non-mirrored DS case unless the sysctl vfs.nfsd.default_flexfile is set non-zero, in which case Flexible File layouts are generated. The mirrored DS configuration always generates Flexible File layouts. For NFS clients that do not support NFSv4.1 pNFS, all I/O operations are done against the MDS which acts as a proxy for the appropriate DS(s). When the MDS receives an I/O RPC, it will do the RPC on the DS as a proxy. If the DS is on the same machine, the MDS/DS will do the RPC on the DS as a proxy and so on, until the machine runs out of some resource, such as session slots or mbufs. As such, DSs must be separate systems from the MDS. *** ###[What does {some strange unix command name} stand for?](http://www.unixguide.net/unix/faq/1.3.shtml) + awk = "Aho Weinberger and Kernighan" + grep = "Global Regular Expression Print" + fgrep = "Fixed GREP". + egrep = "Extended GREP" + cat = "CATenate" + gecos = "General Electric Comprehensive Operating Supervisor" + nroff = "New ROFF" + troff = "Typesetter new ROFF" + tee = T + bss = "Block Started by Symbol + biff = "BIFF" + rc (as in ".cshrc" or "/etc/rc") = "RunCom" + Don Libes' book "Life with Unix" contains lots more of these tidbits. *** ##Beastie Bits + [RetroBSD: Unix for microcontrollers](http://retrobsd.org/wiki/doku.php) + [On the matter of OpenBSD breaking embargos (KRACK)](https://marc.info/?l=openbsd-tech&m=152910536208954&w=2) + [Theo's Basement Computer Paradise (1998)](https://zeus.theos.com/deraadt/hosts.html) + [Airport Extreme runs NetBSD](https://jcs.org/2018/06/12/airport_ssh) + [What UNIX shell could have been](https://rain-1.github.io/shell-2.html) *** Tarsnap ad *** ##Feedback/Questions + We need more feedback and questions. Please email feedback@bsdnow.tv + Also, many of you owe us BSDCan trip reports! We have shared what our experience at BSDCan was like, but we want to hear about yours. What can we do better next year? What was it like being there for the first time? + [Jason writes in](https://slexy.org/view/s205jU58X2) + https://www.wheelsystems.com/en/products/wheel-fudo-psm/ + [June 19th was National FreeBSD Day](https://twitter.com/search?src=typd&q=%23FreeBSDDay) *** - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv) ***

Today we're joined by Howard "hyc" Chu, CTO and Founder of Symas Corp, core member of the OpenLDAP development team, and co-founder of MoneroDirect.com to talk about his background and involvement in Monero. We talk about how Howard helped develop the world's fastest directory software, became involved in the Monero project, and saved a NASA shuttle mission. Find out why Howard claims Monero, and not Bitcoin, is the world's only true cryptocurrency.    Today's show includes a duet compiled by Howard and featuring his friend Nerea, used with their permission. You can follow Nerea's music on her facebook page, facebook.com/crazyfiddlelady.    Music featured in the show is "The Grind" by Justin Maher and used under a Creative Commons License. https://musopen.org/music/1652/justin-mahar/the-grind/    Enjoy the show? Please consider donating: 47SMPWHYcn5AfKzYF3c6cX94dCNcijKfdMgkCBTEmMtG4q9u9GdN7YdAmP777hfkmg52xntkDyxwh3nKcdGa2eApFAe5oZx 

On this episode of BSDNow, we will be talking to Glen Barber and Peter Wemm of the FreeBSD RE and Cluster Admin teams! That plus our This episode was brought to you by Headlines 2016 FreeBSD Community Survey (https://www.surveymonkey.com/r/freebsd2016) We often get comments from our listeners, “I'm not a developer, how can I help out”? Well today is your chance to do something. The FreeBSD Foundation has its 2016 Community Survey online, where they are asking for feedback from you! I just did the survey, it'll take you about 5 minutes, but gives you a chance to provide valuable feedback to the foundation about things that are important to you. Be sure to answer in as much detail as possible and the foundation will review and use this feedback for its operations going forward. *** ART, OpenBSDs new routing table, single thread performances (http://www.grenadille.net/post/2016/06/17/ART-single-thread-performances) OpenBSD has changed the way routes are looked up in the kernel as part of their path to an SMP networking stack The “Allotment Routing Table” (ART) is a performance tradeoff, where more memory is used to store the routing table, in exchange for faster lookups With this new arrangement, a full BGP routing table will grow from 130MB to 180MB of memory “ART is a free multibit trie based routing table. To keep it simple, it can be seen as using more memory for fewer CPU cycles. In other words, we get a faster lookup by wasting memory. The original paper (http://www.hariguchi.org/art/art.pdf) presents some performance comparisons between two ART configurations and the BSD Radix. But how does this apply to OpenBSD?” “I asked Hrvoje Popovski to run his packet forwarding test on his Xeon box (E5-2620 v2 @ 2.10GHz, 2400.34 MHz) with ix(4) (82599) interfaces. The test setup consist of three machines with the OpenBSD box in the middle” “The simulations have been performed with an OpenBSD -current from June 9th. The machine is configured with pf(4) disabled in order to force a single route lookup for every IPv4 packet. Based on the result of the lookup the kernel decide if it should forward, deliver or drop the packet” *** BSDCan 2016 Playlist (https://www.youtube.com/playlist?list=PLeF8ZihVdpFfoEV67dBSrKfA8ifpUr6qC) The complete set of videos from BSDCan is online and ready to be consumed Remember the good-ole days where we would wait months (or years) to get videos posted from conferences? Well, who are we kidding, some conferences STILL do that, but we can't count BSDCan among them. Only two weeks out from this years exciting BSDCan, and all the videos have now landed on YouTube. Granted, this is no substitute for actually being at the conference, but even if you attended you probably missed quite a few of the talks. There are no videos of the hallway track, which is the best part of the conference Except the dinner discussion of course. and don't forget the hacker lounge *** Should you be scared of Unix signals? (http://jvns.ca/blog/2016/06/13/should-you-be-scared-of-signals/) Do you know much about UNIX Signals? Are you afraid of their complexity? Do you know there are signals other than SIGKILL? This article talks about the practical implications of signals from a programming perspective The things you need to consider when dealing with signals Basically, you register a “signal handler”, the function that will be run when a signal arrives As you program is running, if a signal arrives, your program will be interrupted. Its current state will be saved and any system calls in progress will return EINTR (Error, Interrupted), then your signal handler will be run. Once the signal handler is complete, the state of your application will be restored, and execution will resume As long as your program properly handles this interruption, and errors that might result from it (getting EINTR from a read() call, instead of the data you expected), then everything should be fine. Of course, you need to be careful what you do inside your signal handler, as if you modify any variables or state in your application, it might be very confused when it resumes. *** Interview - Glen and Peter- News Roundup Unik - The Unikernel Compilation and Deployment Platform (uses NetBSD's Rump) (https://github.com/emc-advanced-dev/unik) We've talked a bit about NetBSD's RUMP (unikernel) in the past, including articles on how to deploy services using it. Now we have an interesting project which makes the process super-easy, and dare-we-say almost “Docker-Like?” The Unik project has a fairly complete walkthrough right on their GitHub project page, including details on installation and creating your own unikernel containers. In addition, it provides instructions on boot-strapping your own Go/Node.js/Python/Java applications, and supports out of Box VCenter / AWS / Qemu / VirtualBox providers. *** PkgSrc 50th Release Highlights () pkgsrc is celebrating its 50th release, and to highlight this, they have posted a series of interviews from people who have been active in the project pkgsrc 50th release interviews - Jonathan Perkin (http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_jonathan) pkgsrc 50th release interviews - Ryo ONODERA (http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_ryo) pkgsrc 50th release interviews - Joerg Sonnenberg (http://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interview_with) pkgsrc 50th release interviews - Sevan Janiyan (https://blog.netbsd.org/tnf/entry/pkgsrc_50th_release_interviews_sevan) *** Migrating to FreeBSD from Solaris 11 (http://justinholcomb.me/blog/2016/02/28/migration-to-freebsd-part1.html) Part 2 (http://justinholcomb.me/blog/2016/03/12/migration-to-freebsd-part2.html) Part 3 (http://justinholcomb.me/blog/2016/03/19/migration-to-freebsd-part3.html) Part 4 (http://justinholcomb.me/blog/2016/03/26/migration-to-freebsd-part4.html) Part 5 (http://justinholcomb.me/blog/2016/04/03/migration-to-freebsd-part5.html) *** How to chroot www/firefox on NetBSD (https://github.com/alnsn/localpkgsrc/tree/master/firefox-chroot) Looking for a jail-like method of running FireFox on NetBSD? (Or possibly other BSDs?) We have a github repo with details on how to setup and run FireFox using a chroot using a “webuser” account for safety. Think of this as a jail alternative, may be useful on systems with no jail support. Of interest is the method used to do X forwarding. It uses Xorg TCP listen option (which is often off by default for security reasons). Perhaps SSH X forwarding would be a better alternative. (Or nullfs mounts of /tmp) *** Beastie Bits Tredly - V1 Release Candidate (https://github.com/tredly/tredly/releases/tag/v1.0.0-rc.1) Call for Testing - ypldap testing against OpenLDAP and Microsoft Active Directory (http://lists.freebsd.org/pipermail/freebsd-current/2016-June/061775.html) BSD Magazine, June 2016 Out Now (https://bsdmag.org/) Hammer2 - Add xxhash to H2 and throw in debug stuff for performance testing (http://lists.dragonflybsd.org/pipermail/commits/2016-June/500610.html) chyves pre-announcement (http://justinholcomb.me/blog/2016/06/14/chyves-project-preannouncement.html) *** Feedback/Questions Michael - Versioning (http://pastebin.com/1hpGrmuL) Michael - Removing Encryption (http://pastebin.com/2PkrMGGx) Bostjan - PC-BSD Questions (http://pastebin.com/q5VdmNxG) Fong - ZFS Rollback (http://pastebin.com/2aedLV7d) Jochen - Docker on FBSD (http://pastebin.com/dneVZkXc) ***

This week on the show, we interview author Michael W Lucas to discuss his new book in the FreeBSD This episode was brought to you by Headlines OpenBSD 5.9 Released early (http://undeadly.org/cgi?action=article&sid=20160329181346&mode=expanded) Finished ahead of schedule! OpenBSD 5.9 has officially landed We've been covering some of the ongoing changes as they landed in the tree, but with the official release it's time to bring you the final list of the new hotness which landed. First up: Pledge - Over 70%! Of the userland utilities have been converted to use it, and the best part, you probably didn't even notice UEFI - Laptops which are pre-locked down to boot UEFI only can now be installed and used - GPT support has also been greatly improved ‘Less' was replaced with a fork from Illumos, and has been further improved Xen DomU support - OpenBSD now plays nice in the cloud X11 - Broadwell and Bay Trail are now supported Initial work on making the network stack better support SMP has been added, this is still ongoing, but things are starting to happen 802.11N! Specifically for the iwn/iwm drivers In addition to support for UTF-8, most other locales have been ripped out, leaving only C and UTF-8 left standing in the wake All and all, sounds like a solid new release with plenty of new goodies to play with. Go grab a copy now! *** New routing table code (ART) enabled in -current (http://undeadly.org/cgi?action=article&sid=20160324093944) While OpenBSD 5.9 just landed, we also have some interesting work landing right now in -CURRENT as well. Specifically the new routing table code (ART) has landed: “I just enabled ART in -current, it will be the default routing table backend in the next snapshots. The plan is to squash the possible regressions with this new routing table backend then when we're confident enough, take its route lookup out of the KERNEL_LOCK(). Yes, this is one of the big steps for our network SMP improvements. In order to make progress, we need your help to make sure this new backend works well on your setup. So please, go download the next snapshot and report back. If you encounter any routing table regression, please make sure that you cannot reproduce it with your old kernel and include the output of # route -n show for the 2 kernels as well as the dmesg in your report. I know that simple dhclient(8) based setups work with ART, so please do not flood us too much. It's always great to know that things work, but it's also hard to keep focus ;) Thank your very much for your support!” + There you have it folks! If 5.9 is already too stale for you, time to move over to -CURRENT and give the new routing tables a whirl. fractal cells - FreeBSD-based All-In-One solution for software development startups (https://forums.freebsd.org/threads/55561/) Fractal Cells is a suite that transforms a stock FreeBSD installation into an instant “Startup Software Development Platform” It Integrates ZFS, PostgreSQL, OpenSMTPD, NGINX, OpenVPN, Redmine, Jenkins, Zabbix, Gitlab, and Ansible, all under OpenLDAP common authentication The suite is available under the 2-clause BSD license Provides all of the tools and infrastructure to build your application, including code review, issue tracking, continuous integration, and monitoring An interesting way to make it easier for people to start building new applications and startups on top of FreeBSD *** LinuxSecrets publishes guide on installing FreeBSD ezJail (http://www.linuxsecrets.com/blog/51freebsd/2016/02/29/1726-installing) Covers all of the steps of setting up ezjail on FreeBSD Includes the instructions for updating the version of the OS in the jail In a number of places the tutorial uses: > cat > /etc/rc.conf > setting=”value” Instead, use: sysrc setting=”value” It is safer, and easier to type When you create the jail, if you specify an IP address, it is expected that this IP address is already setup on the host machine If instead you specify: ‘em0|192.168.1.105' (where em0 is your network interface), the IP address will be added as an alias when the jail starts, and removed from the host when the jail is stopped You can also comma separate a list of addresses to have multiple IPs (possibly on different interfaces) in the jail Although recently posted, this appears as if it might be an update to a previous tutorial, as there are a few old references that have not been updated (pkg_add, rc.d/ezjail.sh), while the start of the article clearly covers pkg(8) *** Interview - Michael W. Lucas - mwlucas@michaelwlucas.com (mailto:mwlucas@michaelwlucas.com) / @mwlauthor (https://twitter.com/mwlauthor) + New Book: “FreeBSD Mastery: Specialty Filesystems” News Roundup NetBSD on Dreamcast (https://github.com/fwbug/dreamcast-slides) Ahh the dreamcast, so much promise. So much potential. If you are still holding onto your beloved dreamcast hoping that someday Sega will re-enter the console market… Then give it up now! In the meantime, you can now do something more interesting with that box taking up space in the closet. We have a link to a GitHub repo where a user has uploaded his curses-based slide-show for the upcoming Fort-Wayne, Indiana meetup. Aside from the novelty of using a curses-based slide setup, the presenter will also be displaying them from his beloved dreamcast, which “of course” runs NetBSD 7 The slide source code is available, which you too can view / compile and find out details of getting NetBSD boot-strapped on the DC. *** OPNsense 16.1.7 Released (https://opnsense.org/opnsense-16-1-7-released/) captive portal: add session timeout to status info firewall: fix non-report of errors when filter reload errors couldn't be parsed proxy: adjust category visibility as not all of them were shown before firmware: fix an overzealous upgrade run when the package tool only changes options firmware: fixed the binary upgrade patch from 15.7.x in FreeBSD's package tool system: removed NTP settings from general settings access: let only root access status.php as it leaks too much info development: remove the automount features development: addition of “opnsense-stable” package on our way to nightly builds development: opnsense-update can now install locally available base and kernel sets *** “FreeBSD Mastery: Advanced ZFS” in tech review (http://blather.michaelwlucas.com/archives/2570) Most of the tech review is finished It was very interesting to hear from many ZFS experts that they learned something from reading the review copy of the book, I was not expecting this Many minor corrections and clarifications have been integrated The book is now being copy edited *** Why OpenBSD? (http://www.cambus.net/why-openbsd/) Frederic Cambus gives us a nice perspective piece today on what his particular reasons are for choosing OpenBSD. Frederic is no stranger to UNIX-Like systems, having used them for 20 years now. In particular starting on Slackware back in ‘96 and moving to FreeBSD from 2000-2005 (around the 4.x series) His adventure into OpenBSD began sometime after 2005 (specific time unknown), but a bunch of things left a very good impression on him throughout the years. First, was the ease of installation, with its very minimalistic layout, which was one of the fastest installs he had ever done. Second was the extensive documentation, which extends beyond just manpages, but into other forms of documentation, such as presentations and papers as well. He makes the point about an “ecosystem of quality” that surrounds OpenBSD: OpenBSD is an ecosystem of quality. This is the result of a culture of code auditing, reviewing, and a rigorous development process where each commit hitting the tree must be approved by other developers. It has a slower evolution pace and a more carefully planned development model which leads to better code quality overall. Its well deserved reputation of being an ultra secure operating system is the byproduct of a no compromise attitude valuing simplicity, correctness, and most importantly proactivity. OpenBSD also deletes code, a lot of code. Everyone should know that removing code and keeping the codebase modern is probably as important as adding new one. Quoting Saint-Exupery: "It seems that perfection is attained not when there is nothing more to add, but when there is nothing more to remove". The article then covers security mechanisms, as well as the defaults which are turned specifically with an eye towards security. All-in-all a good perspective piece about the reasons why OpenBSD is the right choice for Frederic, worth your time to read up on it if you want to learn more about OpenBSD's differences. *** BeastieBits Call for 2016Q1 quarterly status reports (https://docs.freebsd.org/cgi/getmsg.cgi?fetch=9011+0+current/freebsd-hackers) FreeBSD Mastery: Advanced ZFS” sponsorships ending soon (http://blather.michaelwlucas.com/archives/2593) Shawn Webb from HardenedBSD talking about giving away RPi3's at BSDCan and hacking on them to get FreeBSD working (https://docs.freebsd.org/cgi/getmsg.cgi?fetch=250105+0+archive/2016/freebsd-arm/20160306.freebsd-arm) xterm(1) now UTF-8 by default (http://undeadly.org/cgi?action=article&sid=20160308204011) Call For Artists: New Icon Theme (https://blog.pcbsd.org/2016/03/call-for-artists-new-icon-theme/) Happy 23rd Birthday, src! (http://blog.netbsd.org/tnf/entry/happy_23rd_birthday_src) Feedback/Questions Alison - Readahead and Wayland (http://slexy.org/view/s2oqRuXCYW) Kenny - Gear (http://slexy.org/view/s2sQ8MxNPh) Ben - IPFW2/3 (http://slexy.org/view/s20SRvXPZA) Brad - ZFS Writeback (http://slexy.org/view/s207mV2Ph1) Simon - BSD Toonz (http://slexy.org/view/s202loSWdf) ***

In der Folge 51 geht es ums Speichern und Verwalten von (grossen) Datenmengen und vorallem auch darum, wie man seine Daten so ordnet, dass man die gewünschten Datensätze wieder findet. Dazu haben wir Oli Sennhauser, ein echter Datenbankier und Profi auf dem Gebiet, zu uns ins Studio eingeladen. Trackliste

In der Folge 51 geht es ums Speichern und Verwalten von (grossen) Datenmengen und vorallem auch darum, wie man seine Daten so ordnet, dass man die gewünschten Datensätze wieder findet. Dazu haben wir Oli Sennhauser, ein echter Datenbankier und Profi auf dem Gebiet, zu uns ins Studio eingeladen. Trackliste