Podcasts about PXE

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager!  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

USB thumb drives are old and busted. No hard drive? No problem. Need a quick system rescue or work in another distro for the day? Easy.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Your hosts this episode: Patrique OptimalAudio destroyxme embraced Once again, the podcast is back and joined by and to continue their spotlight discography deep dive on the output of everyone's favorite Swedish rap collective, Drain Gang. Picking back up from where they left off last time, your hosts discuss Drain Gang's output from Ecco2k's "PXE" EP, and collaboration with Bladee in "Crest", up to Bladee's most recent, and epic, release in "Cold Visions". Along the way they also discuss Bladee and frequent collaborator Yung Lean's Post-Punk side project "Psykos", Thaiboy Digital's three year follow up in "Back 2 Life", and the evolution of each DG member's musical output. Intro Music: Junclassic - "Borrowed Time (Instrumental)" Outro Music: Kankick - "Stagnated Pace" Edited / Produced by: Kittenpuke Find us on RYM through our provided Profile names! 0:00 - Intro / Feelings on Drain Gang Recently 15:15 - "PXE" EP by Ecco2k 30:54 - "Crest" by Bladee & Ecco2k 1:01:09 - "Spiderr" by Bladee 1:18:33 - "Back 2 Life" by Thaiboy Digital 1:32:09 - "Psykos" by Bladee & Yung Lean 1:47:23 - "Cold Visions" by Bladee 3:02:53 - Thanks & Outro

Kaspersky has released a virus scanner for Linux; should you run it? OpenBSD finally has Wayland support, OBS has a new Beta, and WSL leans into the Hypervisor. Then there's Gnome, which sort of worries us. Then for tips we've got gping for a snazzy ping tui, iVentoy for a selectable PXE boot, devicetree options in Grub, and hostnamectl. The show notes are at https://bit.ly/4aSADaP and we will see you next time! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and David Ruggles Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

An RNG that runs in your brain, Going Stateless, SmolBSD, The Wi-Fi only works when it's raining, Wayland, where are we in 2024?, Omnios pxe booting, OpenBSD scripts to convert wg-quick VPN files, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines An RNG that runs in your brain (https://www.hillelwayne.com/post/randomness/) Going Stateless (https://dataswamp.org/~solene/2024-04-20-workstation-going-stateless.html) News Roundup SmolBSD (https://smolbsd.org) The Wi-Fi only works when it's raining (https://predr.ag/blog/wifi-only-works-when-its-raining/) Wayland, where are we in 2024? Any good for being the default? (https://www.dedoimedo.com/computers/wayland-2024.html) Omnios pxe booting (https://neirac.srht.site/posts/ipxe_boot.html) OpenBSD scripts to convert wg-quick VPN files (https://dataswamp.org/~solene/2024-04-27-openbsd-wg-quick-converter.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Fun fact:  There are more vulnerabilities and exploits below the OS layer than above it! CPUs, BIOS, Firmware, embedded Linux, FPGAs, UEFI, PXE...  The list goes on an on.  What are we supposed to do about that? Allan asked Yuriy to come down to the 'Ranch to discuss this issue with him.  Yuriy is CEO at Eclypsium, member of the Forbes Technology Counsel, Founder of the open source CHIPSEC project, former head of Threat Research at McAfee, form Senior Principle Engineer at Intel…  He is uniquely qualified to discuss these issues. Full DISCLAIMER: Allan is CISO at Eclypsium.  Note that he asked Yuriy to come on the show, not the other way around.  Nobody knows this space like Yuriy and his team. Allan asks Yuriy about: The history of CPU exploits Unauthorized code in chips in network gear The various hacks available at this layer The role of SBOM in all this The open source CHIPSEC project It's an eye-opening show to say the least. Y'all be good now!

[Referências do Episódio] NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 - https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549  Chrome Releases: Stable Channel Update for Desktop - Tuesday, January 16, 2024 - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html  VMware - VMSA-2024-0001 - https://www.vmware.com/security/advisories/VMSA-2024-0001.html  CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server - https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html  Rotating credentials for GitHub.com and new GHES patches - https://github.blog/2024-01-16-rotating-credentials-for-github-com-and-new-ghes-patches/  GitHub Enterprise Server 3.11 release notes - https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3-security-fixes  *nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2 - https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/  PixieFail flaws impact PXE network boot in enterprise systems - https://www.bleepingcomputer.com/news/security/pixiefail-flaws-impact-pxe-network-boot-in-enterprise-systems/  Known Indicators of Compromise Associated with Androxgh0st Malware - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

On today's episode of The Lives of Writers, Jeff Alessandrelli interviews Joshua James Amberson.Joshua James Amberson is the author of Staring Contest: Essays About Eyes (Perfect Day Publishing), How to Forget Almost Everything: A Novel (Korza Books), a series of chapbooks on Two Plum Press, as well as the long-running Basic Paper Airplane zine series. He lives in Portland, Oregon where he runs the Antiquated Future online variety store and record label.Jeff Alessandrelli is the author of several books, including the poetry collection Fur Not Light. He is also the director and co-editor of the small presses Fonograf Editions and Bunny Presse.____________PART ONE, topics include:-- an old dog-- other priorities overtaking writing-- growing up and living in the Pacific Northwest-- an influential musical uncle-- playing musical again after a long break-- becoming a poetry publisher from 19 - 24-- playing in bands in Olympia-- moving to Portland for the writing community-- the pull to engage in collective concerns and projects-- recording an audiobook and wanting to edit everything--  the benefits of working on other projects____________PART TWO, topics include:-- pseudoxanthoma elasticum (PXE) -- retinal hemorrhaging and treatment with needles-- Joshua's new book Staring Contest: Essays About Eyes-- our ocular-centric culture and taking sight for granted-- resisting suggestions to turn essay collection into memoir-- writing the collection as a book from the beginning-- approaching one subject from many angles-- upcoming events and new projects____________Podcast theme music provided by Mike Nagel, author of Duplex. Here's more of his project: Yeah Yeah Cool Cool.The Lives of Writers is edited and produced by Michael Wheaton.

Router History Early Dialup Connection sharing DSL/Cable Linux PC with 2 NIC Set up IP masquerading Windows connection sharing This may have been against TOS $50 EBay PC Mandrake MNF Found a PC on the Street IPCop Infrequently updated No updates required or abandoned? OpenBSD Reputation for Security Something New Good instructions for setting up home office. Manual but straightforward WRT-54gl with tomato Linksys router sold specifically to run Linux Purchased to be AP Junk PC hardware failures - PSU or IDE disks Frequently used as backup. PCEngines Alix Basically a PC in a router form factor Serial port - NO VGA No USB boot - Had to set up PXE boot tftp server. Install OpenBSD No Video out - Serial port only Expensive for specs - 500MHz AMD CPU and 256M Ram Alix Limitations Worked great for a few years Compact Flash limited replacements. 100M Ethernet Found Spare on EBay as Backup, just in case. PCEngines APU2 Serial only OpenBSD 5.6 via USB drive 3 NIC - Lan, Trusted, Untrusted Unifi AP for WiFi First playbook Missing some easy management Local DNS DHCP Reservations http://hackerpublicradio.org/eps.php?id=3187 CSV file with IP,MAC, Hostname DHCP reservation and local DNS Restricting Internet Open DNS and port redirects Unbound included on OpenBSD base Caching DNS resolver Forward to Open DNS - Set to do some content filtering PF rule to redirect all incoming port 53 to unbound PF scripts PF table with IP addresses of devices Table always blocked cron jobs to add/remove IP addresses to table APU2 limitations Installer Recommends Auto partitioning Doesn't know how you plan to use OpenBSD Doesn't know the future plans for project. 16G msata drive Small /usr Re-linking growth Moving src partitions PCEngines APU2 Search /etc for changes Ansible Playbook for everything not covered by DNS/DHCP playbook email forwarding sysctls syslog to server Practice on OpenBSD VM 198.168 172.20 as variable Normally with VM, I use the VirtIO NIC I used vitalized Intel NIC so same device names: em0, em1, ... Just Do It Update APU firmware - TODO retails /usr/local/share/doc/pkg-readmes/flashrom Warned family internet would be offline a few hours Replaced M2 Sata card with 120 It worked the first time Links https://www.ipcop.org/index_php.html https://www.pcengines.ch/alix2d3.htm https://pcengines.ch/apu2.htm https://pcengines.ch/howto.htm#OS_installation https://www.openbsd.org/faq/pf/example1.html

Ceny elektřiny na burze klesly pod úroveň, na niž je nastaven vládní cenový strop. Zlevnění už brzy pocítí i koneční spotřebitelé, slibuje Jiří Matoušek z Centropolu. Energie ale i tak zůstane mnohem dražší, než bývala před krizí.Za poslední tři měsíce spadla cena elektřiny na pražské burze PXE o 47 procent. Minulý týden se megawatthodina prodávala za 156 eur, ještě v půli prosince zhruba za 300 eur.V posledních dnech se ovšem trend otočil a křivka míří vzhůru. Na burze se odráží chladnější počasí a vyšší spotřeba energií. Kde se cena ustálí? A jak se vývoj na burze odrazí na účtech domácností a firem?Podle Jiřího Matoušeka se ceny stabilizují a dodavatelé budou moci začít mírně zlevňovat. „V tuto chvíli ještě nelze předpokládat, že by spotřebitelské ceny spadly dramaticky pod cenový strop, ale může k tomu dojít později v průběhu roku 2023,“ říká marketingový šéf skupiny Centropol Energy, která patří k největším dodavatelům elektřiny a plynu u nás.Matoušek však také varuje, že ani novou cenovou hladinu nebude velká skupina domácností zvládat bez státní podpory. Ceny, jaké jsme znávali před krizí, se už nevrátí. Agenda. Rozhovory s top lídry českého byznysu, zakladateli firem, odborníky. Čtvrthodinka o byznysu z první ruky. Každý všední den na SZ Byznys a ve všech podcastových aplikacích. Odebírejte na Podcasty.cz, Apple Podcasts nebo Spotify.

About MichaelMichael is the creator of IT automation platforms Cobbler and Ansible, the latter allegedly used by ~60% of the Fortune 500, and at one time one of the top 10 contributed to projects on GitHub.Links Referenced: Speaking Tech: https://michaeldehaan.substack.com/ michaeldehaan.net: https://michaeldehaan.net Twitter: https://twitter.com/laserllama TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored by our friends at Revelo. Revelo is the Spanish word of the day, and its spelled R-E-V-E-L-O. It means “I reveal.” Now, have you tried to hire an engineer lately? I assure you it is significantly harder than it sounds. One of the things that Revelo has recognized is something I've been talking about for a while, specifically that while talent is evenly distributed, opportunity is absolutely not. They're exposing a new talent pool to, basically, those of us without a presence in Latin America via their platform. It's the largest tech talent marketplace in Latin America with over a million engineers in their network, which includes—but isn't limited to—talent in Mexico, Costa Rica, Brazil, and Argentina. Now, not only do they wind up spreading all of their talent on English ability, as well as you know, their engineering skills, but they go significantly beyond that. Some of the folks on their platform are hands down the most talented engineers that I've ever spoken to. Let's also not forget that Latin America has high time zone overlap with what we have here in the United States, so you can hire full-time remote engineers who share most of the workday as your team. It's an end-to-end talent service, so you can find and hire engineers in Central and South America without having to worry about, frankly, the colossal pain of cross-border payroll and benefits and compliance because Revelo handles all of it. If you're hiring engineers, check out revelo.io/screaming to get 20% off your first three months. That's R-E-V-E-L-O dot I-O slash screaming.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: Once upon a time, Docker came out and change an entire industry forever. But believe it or not, for many of you, this predates your involvement in the space. There was a time where we had to manage computer systems ourselves with our hands—kind of—like in the prehistoric days, chiseling bits onto disk and whatnot. It was an area crying out for automation, as we started using more and more computers to run various websites. “Oh, that's a big website. It needs three servers now.” Et cetera.The times have changed rather significantly. One of the formative voices in that era was Michael DeHaan, who's joining me today, originally one of the—or if not the creator of Cobbler, and later—for which you became better known—Ansible. First, thanks for joining me.Michael: Thank you for having me. You're also making me feel very, very old there. So, uh, yes.Corey: I hear you. I keep telling people, I'm in my mid-30s, and my wife gets incensed because I'm turning 40 in July. But still. I go for the idea of yeah, the middle is expanding all the time, but it's always disturbing talking to people who are in our sector, who are younger than some of the code that we're using, which is just bizarre to me. We're all standing on the backs of giants. Like it or not, one of them's you.Michael: Oh, well, thank you. Thank you very much. Yeah, I was, like, talking to some undergrads, I was doing a little bit of stuff helping out my alma mater for a little bit, and teaching somebody the REST lecture. I was like, “In another year, REST is going to be older than everybody in the room.” And then I was just kind of… scared.Corey: Yeah. It's been a wild ride for basically everyone who's been around long enough if you don't fall off the teeter-totter and wind up breaking a limb somewhere. So, back in the bad old days, before cloud, when everything was no longer things back then were constrained by how much room you had on your credit card like they are today with cloud, but instead by things like how much space you had in the data center, what kind of purchase order you could ram through your various accounting departments. And one of the big problems you have is, great. So, finally—never on time—Dell has shipped out a whole bunch of servers—or HP or Supermicro or whoever—and the remote hands—which is always distinct from smart hands, which says something very insulting, but they seem to be good about it—would put them into racks for you.And great, so you'd walk in and see all of these brand new servers with nothing on them. How do we go ahead and configure these things? And by hand was how most of us started, and that means, oh, great, we're going to screw things up and not do them all quite the same, and it's just a treasure and a joy. Cobbler was something that you came up with that revolutionized how provisioning of bare-metal systems worked. Tell me about it.Michael: Yeah, um, so it's basically just glue. So, the story of how I came up with that is I was working for the Emerging Technologies Group at Red Hat, and I just joined. And they were like, “We have to have a solution to install Xen and KVM virtual machines.” So obviously, everybody's familiar with, like, EC2 and things now, but this was about people running non-VMware virtualization themselves. So, that was part of the problem, but in order to make that interesting, we really needed to have some automation around bare-metal installs.And that's PXE boot. So, it's TFTP and DHCP protocol and all that kind of boring stuff. And there was glue that existed, but it was usually humans would have to click on buttons to—like Red Hat had system-config-netboot, but what really happened was sysadmins all wrote their own automation at, like, every single company. And the idea that I had, and it was sort of cemented by the fact that, like, my boss, a really good guy left for another company and I didn't have a boss for, like, a couple years, was like, I'm just going to make IRC my boss, and let's get all these admins together and build a tool we can share, right?So, that was a really good experience, and it's just basically gluing all that stuff together to fully automate an install over a network so that when a system comes on, you can either pick it out from a menu; or maybe you've already got the MAC address and you can just say, “When you see this MAC address, go install this operating system.” And there's a kickstart file, or a preseed in the case of Debian, that says, “When you're booting up through the installer, basically, here's just the answers and go do these things.” And that install processes a lot slower than what we're used to, but for a bare-metal machine, that's a pretty good way to do it.Corey: Yeah, it got to a point where you could walk through and just turn on all the servers in a rack and go out to lunch, come back, they would all be configured and ready to go. And it sounds relatively basic the way we're talking about it now, but there were some gnarly cases. Like, “When I've rebooted the database server, why did it wipe itself and reprovision?” And it's, “Oh, dear.” And you have to make sure that things are—that there's a safety built into these things.And you also don't want to have to wind up plugging in a keyboard and monitor to all of these individual machines one-by-one to hit yes and acknowledge the thing. And it was a colossal pain in the ass. That's one of the things that cloud has freed us from.Michael: Yeah, definitely. And one of the nice things about the whole cloud environment is like, if you want to experiment with those ideas, like, I want to set up some DHCP or DNS, I don't have to have this massive lab and all the electricity and costs. But like, if I want to play with a load balancer, I can just get one. That kind of gives the experience of playing with all these data center technologies to everybody, which is pretty cool.Corey: On some level, you can almost view the history of all these things as speeding things up. With a well-tuned Cobbler install, it still took multiple minutes, in some cases, tens of minutes to go from machine you're powering on to getting it provisioned and ready to go. Virtual machines dropped that down to minutes. And cloud, of course, accelerated that a bit. But then you wind up with things like Docker and it gets down to less than a second. It's the meantime to dopamine.But in between the world of containers and bare-metal, there was another project—again, the one you're best known for—Ansible. Tell me about that because I have opinions on this whole space.Michael: [laugh]. Yeah. So, how Ansible got started—well, I guess configuration management is pretty old, so the people writing their own scripts, CFEngine came out, Puppet was a much better CFEngine. I was working at a company and I kind of wanted another open-source project because I enjoyed the Cobbler experience. So, I started Ansible on the side, kind of based on some frustrations around Puppet but also the desire to unify Capistrano kind of logic, which was like, “How do I push out my apps onto these servers that are already running,” with Puppet-style logic was like, “Is this computer's firewall configured directly? And is the time set correctly?”And you can obviously use that to install apps, but there's some places where that blurred together where a lot of people are using two different tools. And there's some prior art that I worked on called Funk, which I wrote with Seth Vidal and Adrian Likins at Red Hat, which was, like, 50% of the Ansible idea, and we just never built the config management layer on top. So, the idea was make something really, really simple that just uses SSH, which was controversial at the time because people thought it, like, wouldn't scale, because I was having trouble with setting up Puppet security because, like, it had DNS or timing issues or whatever.Corey: Yeah. Let's dive in a bit to what config management is first because it turns out that not everyone was living in the trenches in quite the same way that we were. I was a traveling trainer for Puppet for a summer once, and the best descriptor I found to explain it to people who are not in this space was, “All right, let's say that you go and you buy a new computer. What do you do? Well, you're going to install the applications you'd like to use, you're going to set up your own user account, you're going to set your password correctly, you're going to set up preferences, copy some files over so you have the stuff you care about. Great. Now, imagine you need to do that to a thousand computers and they all need to be the same. How do you do that?” Well, that is the world of configuration management.And there was sort of a bifurcation there, where there was the idea of, first, we're going to have configuration management that just describes what the system should look like, and that's going to run on a schedule or whatnot, and then you're going to have the other side of it, which is the idea of remote execution, of I want to run an arbitrary command on this server, or this set of servers, or all the servers, depending upon what it is. And depending on where you started on the side of that world, you wound up wanting things from the other side of that space. With Puppet, for example, is very oriented configuration management and the question became, well, can you use this for remote execution with arbitrary commands? And they wound up doing some work with Mcollective, which was a very complicated and expensive way to say, “No, not really.” There was a need for things that needed to hang out in that space.The two that really stuck out from that era were Ansible, which had its wild runaway success, and the one that I was smacking around for a bit, SaltStack, which never saw anywhere approaching that level of popularity.Michael: Yeah, sure. I mean, I think that you hit it pretty much exactly right. And it's hard to say what makes certain things take off, but I think, like, the just SSH approach was interesting because, well for one, everybody's running it. But there was this belief that this would not scale. And I tried to optimize the heck out of that because I liked performance, but it turns out that wasn't really a business problem because if you can imagine you just wrote this little bit of automation, and you're going to run it against your entire infrastructure and you've got 30,000 machines, do you want that to—if you were to, like, run an update command on 30,000 machines at once, you're going to DDoS something. Definitely, right?Corey: Yeah. Suddenly you have 30,000 machines all talk to the same things at the same times. And you want to do them in batches or smear it across.Michael: Right, so because that was there, like, you just add batch support in Ansible and things are fine, right? People want to target little small groups of things. So, like, that whole story wasn't true, and I think it was just a matter of testing this belief that everybody thought that we needed to have this whole network of things. And honestly, Salt's idea of using a message bus is great, but we took a little bit different approach with YAML because we have YAML variables in it, but they had something that compiled down to YAML. And I think those are some differences in the dialect and some things other people preferred, but—Corey: And they use Jinja, at one point to wind up making it effectively Turing complete; you could wind up having this ridicu—like, loop flow control and loops and the rest. And it was an interesting exposure to things, but yikes, at some l—at the same time.Michael: If you use all the language features in anything you can make something complicated, and too complicated. And I was like, I wanted automation to look like grocery lists. And when I started out, I said, “Hey, if anybody is doing this all day, for a day job, I will have failed.” And it clearly shows you that I have because there are people that are doing that all day. And the goal was, let me concentrate on dev and ops and my other things and keep this really, really simple.And some people just, like, get really, really into that automation technology, which is—in my opinion—why some of the earlier stuff was really popular because sysadmin were bored, so they see something new and it's kind of like a Java developer finding Perl for the first time. They're like, “I'm going to use all these things.” And they have all their little widgets, and it gets, like, really complicated.Corey: The thing that I always found interesting and terrifying at the same time about Ansible was the fact that you did ride on top of SSH, which is great because every company already had a way of controlling access by SSH to IT systems; everyone uses it, so it has an awful lot of eyes on the security protocol on the rest. The thing that I found terrifying in the early days was that more or less every ops person would wind up checking this out onto their laptop or whatnot, so whenever they wanted to run something, they would just run it from their laptop over a VPN or whatnot from wherever they happen to be, and you wind up with a dueling banjos type of circumstance where people were often not doing it from a centralized place. And in time, best practices emerged where, okay, that is going to be the command and control server where that runs at, and you log into it. And then you start guarding that with CI/CD flows and the rest. And like anything else, it wound up building some operational approaches to it.Michael: Yeah. Like, I kind of think that created a problem that allowed us to sell a product, right, which was good. If you knew what you were doing, you could use Jenkins completely and you'd be fine, right, if you had some level of discipline and access control, and you wanted to wire that up. And if you think about cloud, this whole, like, shadow IT idea of, “I just want to do this thing, therefore I'm going to get an Amazon account,” it's kind of the same thing. It's like, “I want to use this config management, but it's not approved. Who can stop me?” Right?And that kind of probably got us in the door in few accounts that way. But yeah, it did definitely create the problem where multiple people could be running things at the same time. So yeah, I mean, that's true.Corey: And the idea of, “Hey, maybe I should be controlling these things in Git,” or some other form of version control was sort of one of those evolutionary ideas that, oh, we could treat this like code. And the early days of DevOps, that was a controversial thing. These days, you say you're not doing it and people look at you very strangely. And things were going reasonably well in that direction for a while. Then this whole Docker thing showed up, where, well, what if instead of having these long-lived servers where you have to install updates and run patches and maintain a whole user list on them, instead you had this immutable infrastructure that every time there was a change, you would just go ahead and deploy a brand new set of servers?And you could do this in the olden days with virtual machines and whatnot; it just took a long time to push things out, so do I really want to roll the entire fleet for a two-line config change? Probably not, so we're going to batch it up, or maybe do this hybrid model. With Docker, it takes less than a second to wind up provisioning the—switching over to the new container series and you're done; you can keep going with that. That really solved a lot of these problems.But there were companies that, like, the entire configuration management space, who suddenly found themselves in a really weird position. Some of them tried to fight the tide forever and say, “Oh, this is terrible because it means we don't have a business model anymore.” But you can only fight the future for so long. And I think today, we'd be hard-pressed to say that Docker hasn't won, on some level.Michael: I mean, I think it has, like, the technology has won. But I guess the interesting thing is, config management now seems to be trying to pivot towards networking where I think the tool hasn't ever been designed for networking, so it's kind of a round peg, square hole. But it's all people have that unless they're buying something. Or, like, deploying the undercloud because, like, people are still running essentially clouds on top of clouds to get their Kubernetes deployments going and those are monstrous. Or maybe to deploy a data layer; like, I know Kafka has gotten off of ZooKeeper, but the Kafka-ZooKeeper thing—and I don't remember ZooKeeper [unintelligible 00:14:37] require [unintelligible 00:14:38] or not, but managing those sort of long, persistent implications, it still has a little bit of a place where it exists.But I mean, I think the whole immutable systems idea is theoretically completely great. I never was really happy with the whole Docker development workflow, and I think it does create a problem where people don't know what they're deploying and you kind of encourage that to where they could be deploying different versions of libraries, or—and that's kind of just a problem of the whole microservices thing in general where, “Did somebody change this?” And then I was working very briefly at one company where we essentially built a whole dashboard to detect service versions and what version of the base image everybody was on, and all these other things, and it can get out of hand, too. So, it's kind of like trading some problems for other problems, I think to me. But in general, containerization is good. I just wished the management glue around it was easy, right?Corey: I wound up giving a talk at a conference a while back, 2015 or so, called, “Heresy in the Church of Docker,” and it was a throwaway five-minute lightning talk, and someone approached me afterwards with, “Hey, can you give the full version of that at ContainerCon?” “There's a full version? Yes. Yes, I can.” And it talked about a number of problems with the management layer and the rest.Now, Kubernetes absolutely solves virtually every problem that I identified with it, but when you look at the other side of it, getting Kubernetes rolled out is effectively you get to cosplay being a cloud provider yourself. It is incredibly complicated, and of course, we're right back to managing it all with YAML.Michael: Right. And I think that's an interesting point, too, is I don't know who's exactly responsible for, like, the YAML explosion. And I like it as a data format; it's really good for humans. Cobbler originally used it more of an internal storage, which I think was a mistake because, like, even—I was trying to avoid setting up a database at the time, so—because I knew if I had to require setting up a database in 2007 or 2008, I'd get way less users, so it used flat files.A lot of the YAML dialects people are developing now are very, very nested and they requires, like, loading a webpage, for the Docks, like, all the time and reading what's valid here, what's valid there. I think people learn the wrong lesson from Ansible's YAML usage, right? It was supposed to be, like, YAML's good for things that are grocery lists. And there's a lot of places where I didn't do a good job. But when you see methods taking 15 parameters and you have to constantly have the reference up, maybe that's a sign that you should do something else.Corey: At least you saved us, on some level, from having to do this all in XML. But still, there are wrong ways and more wrong ways to do it. I don't think anyone could ever agree on the right way to approach these things.Michael: Yeah. I mean, and YAML, at the time was a good answer because I knew I didn't want to write and maintain a parser as, like, a guy that was running a project. We had a lot of awesome contributors, but if I had to also maintain a DSL, not only does that mean that I have to write the code for this thing—which I, you know, observed slowing down some other projects—but also that I'd have to explain it to people. Looking kind of like Bash was not a bad thing. Not having to know and learn something, so you can kind of feel really effective in about 15 minutes or something like that.Corey: One of the things that I find really interesting about you personally is that you were starting off in a bare-metal world; Ansible was sort of wherever you wanted to run it. Great, as long as there are systems that can receive these things, we're great. And now the world has changed, and for better or worse, configuration management slash remote execution is not the problem it once was and it is not a best practice way of solving a lot of those problems either. But you aren't spending your time basically remembering the glory years. You're actively moving forward doing some fairly interesting stuff. How would you describe what you're into these days?Michael: I tried to create a few projects to, like, kind of build other systems management things for the same audience for a while. I was building a build server and a new—trying to do some next-gen config stuff. And I saw people weren't interested. But I like having conversations with people, right, and I think one of the lessons from Ansible was how to explain highly technical things to technical audiences and cut out a lot of the marketing goo and all that; how to get people excited about an idea and make a community be really authentic. So, I've been writing about that for really, it's—rebooted blog is only a couple of weeks old. But also kind of trying to do some—helping out companies with some, like, basic marketing kind of stuff, right?There's just this pattern that everybody has where every website starts with this little basic slogan and two buttons and then there's a bunch of adjectives, but it doesn't say anything. So, how can you have really good documentation, and how can you explain an idea? Because, like, really, the reason you're in it is not just to sell stuff, but it's to help people and to see them get excited about your ideas. And there's just, like, we're not doing a good job in this, like, world where there's thousands upon thousands of applications, all competing at once to, like—how do you rise above that?Corey: And that's always the hard part is at some point, this does become your identity and you become known for a thing. And when you start branching out from that thing, you bring the expertise from that area that you were in, but you start applying it to new things. I feel like so many companies get focused—and people get focused—on assuming that their audience is just like them, where they're coming in with the exact same biases, the exact same experiences. And given that basically no one was as deep in the weeds as you were when it came to configuration management, that meant that you were spending time in that side of the world, not in other pursuits which aligned in some ways more directly with people developing other things. So, I suspect this might be one of the weird things we have in common when we show up and see something new.And a company is really excited. It's like, it's basically a few people talking [unintelligible 00:20:12] that both founders are technical. And they're super excited about something they can't quite articulate. And it's this, “Slow down. Tell me exactly what it is your product does.” And that's a hard thing to do because my default response was always the if I don't understand that is clearly the way in which I am deficient somehow. But marketing is really about clear communication and there's not that much of it in our space, at least not for early-stage companies.Michael: Yeah, I don't know why that is. I mean, I think there's this belief in that there's, like, this buyer audience where there's some vice president that's going to buy your stuff if you drop the right buzzwords. And 15 years ago, like, you had to say ‘synergy,' and now you say ‘time to value' or ‘total cost of ownership' or something. And I don't think that's true. I mean, I think people use products that they like and that they need to be shown them to try them out.So like, why can't your webpage have a diagram and a screenshot instead of this, like, picture of a couple of people drinking coffee around a computer, right? It's basic stuff. But I agree with you, I kind of feel dumb when I'm looking at all these tech products that I should be excited about, and, like, the way that we get there, as we ask questions. And the way that I've actually figured out what some of these things do is usually having to ask questions from someone who uses them that I randomly find on my diminishing circle of friends, right? And that's kind of busted.So, Ansible definitely had a lot of privilege in the way that it was launched in the sense that I launched it off Cobbler list and Cobbler list started off of [ET Management Tools 00:21:34] which was a company list. But people can do things like meetup groups really easily, they can give talks, they can get their blogs reblogged, and, you know, hope for some Hacker News or Reddit juice or whatever. But in order to get that to happen, you have to be able to talk to engineers that really want to know what you're doing, and they should be excited about it. So, learn to talk to them.Corey: You have to speak their language but without going so deep in the weeds that the only people that understand it are the folks who are never going to use your product because they want to build it themselves. It's a delicate balance to strike.Michael: And it's a difficult thing to do, too, when you know about it. So, when I was, like, developing all the Ansible docs, I've told people many times—and I hope it's true—that I, like, spent, like, 40% of my time just on the website and the docs, and whenever I heard somebody complain, I tried to fix it. But the idea was like, you can lose somebody really fast, but you kind of have to forget what you know about the product. So, the worst person to sometimes look at that as the person that built it. So, you have to forget what you know, and try to see, like, what questions they're asking, what do they need to find out? How do they want to learn something?And for me, I want to see a lot of pictures. A lot of people write a bunch of giant walls of text, or worse for me is when there's just these little pithy expressions and I don't know what they mean, right? And everybody's, like, kind of doing that these days.Corey: This episode is sponsored in part by our friends at ChaosSearch. You could run Elasticsearch or Elastic Cloud—or OpenSearch as they're calling it now—or a self-hosted ELK stack. But why? ChaosSearch gives you the same API you've come to know and tolerate, along with unlimited data retention and no data movement. Just throw your data into S3 and proceed from there as you would expect. This is great for IT operations folks, for app performance monitoring, cybersecurity. If you're using Elasticsearch, consider not running Elasticsearch. They're also available now in the AWS marketplace if you'd prefer not to go direct and have half of whatever you pay them count towards your EDB commitment. Discover what companies like Equifax, Armor Security, and Blackboard already have. To learn more, visit chaossearch.io and tell them I sent you just so you can see them facepalm, yet again.48]Corey: One thing that I've really found myself enjoying recently has been your substack-based newsletter, Speaking Techis what you call it. And I didn't quite know what to expect when I signed up for it, but it's been a few weeks now, and you are more or less hitting across the board on a bunch of different things, ranging from engineering design patterns, to a teardown of random company's entire website from a marketing and messaging perspective—which I just adore personally; like that is very aligned with how I see the world—Michael: There's more of that coming.Corey: Yeah, [unintelligible 00:23:17] a bunch of other stuff. Let's talk about, for example, the idea of those teardowns. I always found that I have to be somewhat careful in how I talk about it when I'm doing a tweet thread or something like that because you are talking about people's work, let's be clear here, and I tend to be a lot kinder to small, early-stage companies than I am to, you know, $1.6 trillion companies who really should have solved for this by now, on some level. But so much of it misses the mark of great, here's the way that I think about these things. Here's the way that I don't understand what the hell you're telling me.An easy example of this for me, at least I'm curious to get your thoughts on it, I tend to almost always just skim what they're saying, great. Let's look at the pricing page because I find that speaks to people in a way that very often companies forget that they're speaking to customers.Michael: Yeah, for sure. I always tried to find the product page lately, and then, like, the product page now is, like, a regurgitation of the homepage. But it's what you said earlier. I think I try to stay nice to everybody, but it's good to show people how to understand things by counterexample, to some extent, right? Like, oh, I've got some stuff coming out—I don't know when this is actually going to get published—but next week, where I was like just taking random snippets of home pages, and like, “What's everybody doing with the header these days?”And there's just, like, ridiculous amounts of copying going on. But it's not just for, like, people's companies because everybody listening here isn't going to have a company. If you have a project and you wanted to get it noticed, right, I think, like, in the early days, the projects that I paid attention to and got excited about were often the ones that spend time on their website and their messaging and their experience. So, everybody kind of understands you have to write a good readme now but some of, like, the early Ruby crowd, for instance, did awesome, awesome web pages. They know how to pick out fonts, and I still don't know how to pick out fonts. But—Corey: I ask someone good at those things. That's how I pick ‘em.Michael: Yeah, yeah. That's not my job; get somebody that's good at that. But all that matters, right? So, if you do invest a little bit in not promoting yourself, not promoting your company, but trying to help people and communicate to them, you can build that audience around your thing and it makes it a lot more interesting.Corey: There's so many great tools out there that I find on GitHub that other people have to either point me to or I find it when I'm looking at it from a code-first perspective, just trying to find a particular example of the library being used, where they do such a terrible job of describing the problem that they solve, and it doesn't take much; it takes a paragraph or two at most. Or the idea that, “Oh, yeah, here's a way to do this thing. Just go ahead and get your credential file somewhere else.” Great. Could you maybe link to an example of how to do that?It's the basic stuff; assume that someone who isn't you might possibly want to use this. And I'm not even slightly suggesting that you wind up talking your way through how to do all of that. Just link to somewhere that has a good write-up of it and call it good. Just don't get in the way of people's first-time user experiences.Michael: Yeah, for sure. And—Corey: For some reason, that's a radical thought.Michael: Yeah, I think one of the things the industry has—well, not the industry; it's not their problem to solve, but, like, we don't really have a way for people to find what's cool and interesting anymore. So, various people have their own little lists on GitHub or whatever, but there's just so many people posting on the one or two forums people read and it goes by in a day. So, it's really, really hard to get attention. Even your own circle of followers isn't really logging into Twitter or anything, or LinkedIn. Or there's all the congratulations for your five years of Acme Corp kind of posts, and it's really, really hard to get attention.And I feel for everybody, so like, if somebody like GitHub or Microsoft is listening, and you wanted to build, like, a dashboard of here's the cool 15 projects for the week, kind of thing where everybody would see it, and start spotlight some of these really cool new things, that would be awesome, right?Corey: Whenever you see those roundups, that was things like Kubernetes and Docker. And great, I don't think those projects need the help in the same way.Michael: No, no, they don't. It's like maybe somebody's cool data thing, or a cool visualization, or the other thing that's—it's completely random, but I used to write fun graphics programs for fun or games and libraries. And I don't see that anymore, right? Maybe if you find it, you can look for it, but the things that get people excited about programming. Maybe they have no commercial value at all, but the way that people discover stuff is getting so consolidated is about Docker and Kubernetes. And everyone's talking about these three things, and if you're not Google or you're not Facebook, it's really—or Amazon, obviously—it's hard to get attention.Corey: Open-source on some level has changed from a community perspective. And part of it is because once upon a time, you could start with the very low-level stuff and build something, get it up and working. And that's where things like [Cobbler 00:27:44] and Ansible came out of. Now it's, “Click the button and use the thing everyone else is using. And if you're not doing that, what are you doing over there?”So, the idea of getting started tinkering with computers are built on top of so many frameworks and other things. And that's always been the case, but now it's much more apparent in some ways. “Okay, I'm going to go ahead and build out my first HTML file and serve it out using something in Node.” “Great, what is those NPM stuff that's scrolling past?” It's like, “The devil. That is the devil's own language you are seeing scroll past. And you don't need to worry about that; just pretend it's not there.”But back when I was learning all this stuff, we're paying attention to things scrolling past, like, you know, compilation messages and the Linux boot story as it wound up scrolling past. Terrible story; the protagonist was unreliable, but all right. And you start learning how these things work when you start scratching at the things that you're just sort of hand-waving and glossing over. These days, it feels like every time I use a modern project, that's everything.Michael: I mean, it is. And like what, React has, like, 2000 dependencies, right? So, how do you ever feel like you understand it? Or when recruiters are asking for ten years at Amazon. And then—or we find a library that it can only explain itself by being like this other library and requiring these other five.And you read one of those, and it becomes, like, this… tree of knowledge that you have no way of possibly understanding. So, we've just built these stacks upon stacks upon stacks of things. And I tend to think I kind of believe in minimalism. And like, wouldn't it be cool if we just burned this all and start—you know, we burn the forest and let something new regrow. But we tend to not do that. We just—now running a cloud on top of a cloud, and our JavaScript is thousands of miles high.Corey: I really wish that there were better paths for getting started. Like, I used to think that the right way to wind up learning how all this stuff work is to do what I did: Start off as, you know, the grumpy sysadmin type, and then—or help desk—and then work your way up and the rest. Those jobs aren't there anymore, and it doesn't leave people in a productive environment. “Oh, you want to build a computer game. Great. For an iPhone? Terrific.” Where do you go to get started on that? It's a hard thing to do.And people don't care at that scale, nor should they necessarily, on how to run your own servers. Back in the day when you wanted to have a blog on the internet, you were either reduced to using LiveJournal or MySpace, or you were running your own web server and had to learn how to make sure that it didn't become an attack platform. There was a learning curve that was fairly steep. Now, there are so many different paths to go down, you don't really need to know how any of these things even work.Michael: Yeah, I think, like, one of the—I don't know whether DevOps means anything as a topic or not, but one of the original pieces around that movement was systems administrators learning to code things and really starting to enjoy it, whether that was Python or Ruby, and so on. And now it feels like we're gluing all the things together, but that's happening in App Dev as well, right? The number of people that can build a really, really good library from the ground up, like, something that has C bindings, that's a really, really small crowd. And most of it, what we're doing is gluing together other people's libraries and compensating for the flaws and bugs in them, and duct tape and error handling or whatever. And it feels like programming has changed a lot because of this—and it's good if you want to get an idea up quickly, no doubt. But it's a different experience.Corey: The problem I always ran into was the similar problems I had with doing Debian packaging. It was always the, oh, great, there's going to be four or five different guides on how to do it—same story with RPM—and they're all going to be assuming different things, and you can crossover between them without realizing it. And then you just do something monstrous that kind of works until an actual Debian developer shoves you aside like you were a hazard to everyone around you. Let me do it for you. And there we go.It's basically, get people to do work for you by being really bad at it. And I don't love that pattern, but I'm still reminded of that because there are so many different ways to achieve any outcome that, okay, I want to run a ridiculous Hotdog or Not Hotdog style website out there. Great. I can upload things. Well, Docker or serverless? What provider do I want to put it on? And oh, by the way, a lot of those decisions very early on are one-way doors that you don't realize you're crossing through, as well as not knowing what the nuances of all of those things are. And that's dangerous.Michael: I think people are also learning the vendor as well, right? Some people get really engrossed in whether it's Amazon, or Google, or HashiCorp, or somebody's API, and you spend so much of your brain cells just learning how these people's systems work versus, like, general programming practices or whatever.Corey: I make it a point to build something on other cloud providers that aren't Amazon every now and then, just because I don't want to wind up effectively embracing a monoculture.Michael: Yeah, for sure. I mean, I think that's kind of the trend I see with people looking just at the Kubernetes stuff, or whatever, it's that I don't think it necessarily existed in web dev; there seems to be a lot of—still a lot of creativity and different frameworks there, but people are kind of… what's popular? What gets me my next job, and that kind of thing. Whereas before it was… I wasn't necessarily a sysadmin; I kind of stumbled into building admin tools. I kind of made hammers not houses or whatever, but basically, everybody was kind of building their own tools and deciding what they wanted. Now, like, people that are wanting to make money or deciding what people want for them. And it's kind of not always the simplest, easiest thing.Corey: So, many open-source projects now are—for example, one that I was dealing with recently was the AWS CLI. Great, like, I'm thrilled to throw in issues and challenges here, but I'm not going to spend significant time writing code against it because, one, it's basically impossible to get these things accepted when all the maintainers work at Amazon, and two, is it really an open-source project in the way that you and I think about community and the rest, but it's basically sole purpose is to funnel money to Amazon faster. Like, that isn't really a community ethos I feel comfortable getting behind to be perfectly honest. They're a big company; they can afford to pay people to build these things out, full time.Michael: Yeah. And GitHub, I mean, we all mostly, I think, appreciate the fact that we can host the Git repo and it's performant and everything, and we don't have blazing unicorns quite as often or whatever they used to have, but it kind of changed the whole open-source culture because we used to talk about things on mailing lists, like, what should this be, and there was like an upfront conversation, or it might happen on IRC. And now people are used to just saying, “I've got a problem. Fix it for me.” Or they're throwing code over the wall and it might not be the code or feature that you wanted because they're not really part of your thing.So before, people would get really engrossed with, like, just a couple of projects, and if they were working on them as kind of like a collective of people working against different organizations, we'd talk about things, and they kind of know what was going on. And now it's very easy to get a patch that you don't want and you're, like, “Oh, can you change all of these things?” And then somebody's, like, now they're offended because now they have to do all this extra work, whereas that conversation didn't happen. And GitHub could absolutely remodel themselves to encourage those kinds of conversations and communities, but part of the death of open-source and the fact that now it's, “Give me free code,” is because of that kind of absence of the—because we're looking at that is, like, the front of a community versus, like, a conversation.Corey: I really want to appreciate your taking so much time out of your day to basically reminisce about some of these things. But on a forward-looking basis, if people want to learn more about how you see things, where's the best place to find you?Michael: Yeah. So, if you're interested in my blog, it's pretty random, but it's michaeldehaan.substack.com. I run a small emerging consultancy thing off of michaeldehaan.net. And that's basically it. My Twitter is laserllama if you want to follow that. Yeah, thank you very much for having me. Great conversation. Definitely making all this technology feel old and busted, but maybe there's still some merit in going back—Corey: Old and busted because it wasn't built this year? Great—Michael: Yes.Corey: —yes, its legacy, which is a condescending engineering term for ‘it makes money.' Yeah, there's an entire universe of stuff out there. There are companies that are still toying with virtualization: “Is this something we get on board with?” There's nothing inherently wrong with that. I find that judging what a bunch of startups are doing or ‘company started today' is a poor frame of reference to look at what you should do with your 200-year-old insurance company.Michael: Yeah, like, [unintelligible 00:35:53] software engineering is just ridiculously new. Like, if you compare it to, like, bridge-building, or even electrical engineering, right? The industry doesn't know what it's doing and it's kind of stumbling around trying to escape local maxima and things like that.Corey: I will, of course, put links to where to find you into the [show notes 00:36:09]. Thanks again for being so generous with your time. It's appreciated.Michael: Yeah, thank you very much.Corey: Michael DeHaan, founder of Cobbler, Ansible, and oh, so much more than that. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice—and/or smash the like and subscribe buttons on the YouTubes—whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, smash the buttons as mentioned, and leave a loud, angry comment explaining what you hated about it that I will then summarily reject because it wasn't properly formatted YAML.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

It's the hottest sector for the second year in a row. Here are the ETFs that should be on your wish list. (1:10) - Why Is The ETF Market So Quite On Energy? (6:30) - Engine No. 1 Transform Climate ETF: NETZ (11:00) - Understanding How An ETN Works: Is It A Safe Way To Invest In Energy? (15:20) - What Is The Best Way To Gain Exposure To Energy Using ETFs? (27:00) - Episode  Roundup: ONG, NRGU, NETZ, XLE, PXE, PXI, GUSH, VDE, XOP

To explore HCI at the edge, we started with SUSE's Harvester. It's an HCI integration of Kubernetes, KubeVirt, and Longhorn (their storage system) plus some PXE booting magic they threw in there. From there we explored how Kubernetes can fit into Edge HCI. That really morphed into Edge operations more generally. It's not clear if hyperconverged infrastructure can or can't fit. We covered items like AWS Outpost which is Amazon's edge. We included items for the cloud to edge migration from an application development perspective. There are a lot of fascinating ops and development topics throughout the conversation. Transcript: https://otter.ai/u/Y2OH7SuJhPp4VRQSBAJk31-0_eI Photo: https://www.pexels.com/photo/crop-person-packing-jeans-into-carton-container-4498143/

Why is the sharing of data so crucial to #raredisease research? Tune in for today's full episode of Few & Far Between. Episode 10 features Sharon Terry, CEO at Genetic Alliance and #pseudoxanthomaelasticum (PXE) advocate.

About NigelNigel Kersten's day job is Field CTO at Puppet where he leads a group of engineers who work with Puppet's largest customers on cultural and organizational changes necessary for large-scale DevOps implementations - among other things. He's a co-author of the industry-leading State Of DevOps Report and likes to evenly talk about what went right with DevOps and what went wrong based on this research and his experience in the field. He's held multiple positions at Puppet across product and engineering and came to Puppet from the Google SRE organization, where he was responsible for one of the largest Puppet deployments in the world.  Nigel is passionate about behavioral economics, electronic music, synthesizers, and Test cricket. Ask him about late-stage capitalism, and shoes.Links: Puppet: https://puppet.com 2020 State of DevOps Report: https://puppet.com/resources/report/2020-state-of-devops-report/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: Your company might be stuck in the middle of a DevOps revolution without even realizing it. Lucky you! Does your company culture discourage risk? Are you willing to admit it? Does your team have clear responsibilities? Depends on who you ask. Are you struggling to get buy in on DevOps practices? Well, download the 2021 State of DevOps report brought to you annually by Puppet since 2011 to explore the trends and blockers keeping evolution firms stuck in the middle of their DevOps evolution. Because they fail to evolve or die like dinosaurs. The significance of organizational buy in, and oh it is significant indeed, and why team identities and interaction models matter. Not to mention weither the use of automation and the cloud translate to DevOps success. All that and more awaits you. Visit: www.puppet.com to download your copy of the report now!Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is sponsored by a long time… I wouldn't even say friends so much as antagonist slash protagonist slash symbiotic company with things I have done as I have staggered through the ecosystem. There's a lot of fingers of blame that I can point throughout the course of my career at different instances, different companies, different clients, et cetera, et cetera, that have shaped me into the monstrosity than I am today. But far and away, the company that has the most impact on the way that I speak publicly, is Puppet.Here to accept the recrimination for what I become and how it's played out is Nigel Kersten, a field CTO at Puppet—or the field CTO; I don't know how many of them they have. Nigel, welcome to the show, and how unique are you?Nigel: Thank you, Corey. Well, I—you know, reasonably unique. I think that you get used to being one of the few Australians living in Portland who's decided to move away from the sunny beaches and live in the gray wilderness of the Pacific Northwest.Corey: So, to give a little context into that ridiculous intro, I was a traveling contract trainer for the Puppet fundamentals course for an entire summer back in I want to say 2014, but don't hold me to it. And it turns out that when you're teaching a whole bunch of students who have paid in many cases, a couple thousand dollars out of pocket to learn a new software where, in some cases, they feel like it's taking their job away because they view their job, rightly or wrongly, is writing the same script again and again. And then the demo breaks and people are angry, and if you don't get a good enough rating, you're not invited to continue, and then the company you're contracting through hits you with a stick, it teaches you to improvise super quickly. So, I wasn't kidding when I said that Puppet was in many ways responsible for the way that I give talks now. So, what do you have to say for yourself?Nigel: Well, I have to say, congratulations for surviving, opinionated defensive nerds who think not only you but your entire product you're demoing could be replaced by a shell script. It's a tough crowd.Corey: It was an experience. And some of these were community-based, and some of them were internal to a specific company. And if people have heard more than one episode of this show, I'm sure they can imagine how that went. I gave a training at Comcast once and set a personal challenge for myself of how many times could I use the word ‘comcastic' in a three-day training. And I would work it in and talk about things like the schedule parameter in Puppet where it doesn't guarantee something's going to execute in a time window; it's the only time it may happen.If it doesn't fire off, and then it isn't going to happen. It's like a Comcast service appointment. And then they just all kind of stared at me for a while and, credit where due, that was the best user rating I ever got from people sitting through one of my training. So, thanks for teaching me how to improve at, basically, could have been a very expensive mistake on Puppet's part. It accidentally worked out for everyone.Nigel: Brilliant, brilliant. Yes, you would have survived teaching the spaceship operator to that sort of a crowd.Corey: Oh, I mostly avoided that thing. That was an advanced Puppet-ism, and this was Puppet fundamentals because I just need to be topically good at things, not deep-dive good at things. But let's dig into that a little bit. For those who have not had the pleasure of working with Puppet, what is it?Nigel: Sure? So, Puppet is a pretty simple DSL. You know, DSLs aren't necessarily in favor these days.Corey: Domain-specific language, for those who have not—Nigel: Yep.Corey: —caught up on that acronym. Yes.Nigel: So, a programming language designed for a specific task. And, you know, instead, we've decided that the world will rest on YAML. And we've absorbed a fair bit of YAML into our ecosystem, but there are things that I will still stand by are just better to do in a programming language. ‘if x then y,' for example, it's just easier to express when you have actual syntax around you and you're not, sort of, forcing everything to be in a data specification language. So, Puppet's pretty simple in that it's a language that lets you describe the state that infrastructure should be.And you can do this in a modular and composable way. So, I can build a little chunk of automation code; hand it to Corey; Corey can build something slightly bigger with it; hand it to someone else. And really, this sort of collaboration is one of the reasons why Puppet's, sort of, being at the center of the DevOps movement, which at its core is not really about tools. It's about reducing friction between different groups.Corey: Back when I was doing my traveling training shtick, I found that I had to figure out a way to describe what Puppet did to folks who were not deep in the space, and the analogy that I came up with that I was particularly partial to was, imagine you get a brand new laptop. Well, what do you do with it? You install your user account and go through the setup; you install the programs that you use, some which have licenses on it; you copy your data onto it; you make sure that certain programs always run on startup because that's the way that you work with these things; you install Firefox because that's the browser of choice that you go with, et cetera, et cetera. Now, imagine having to do that for, instead of one computer, a thousand of them, and instead of a laptop, they're servers. And that is directionally what Puppet does.Nigel: Absolutely. This is the one I use for my mother as well. Like, I was working around Puppet for years before—and the way I explained it was, “You know when you get a new iPad, you've got to set up your Facebook account and your email. Imagine you had ten thousand of these.” And she was like—I was like, “You know, companies like Google, company like big banks, they all have lots and lots and lots of computers.” And she was like, “They run all those things on iPads.” And I was like, “This is not really where my analogy was going.” But.Corey: Right. And increasingly, though, it seems like the world has shifted in some direction where, when you explain that to your mother and she comes back with, “Well, wouldn't they just put the application into Docker and be done with it?” Oh, dear. But that seems to be in many ways that the direction that the zeitgeist has moved in, whether or not that is the reality in many environments, where when you're just deploying containers everywhere—through the miracle of Kubernetes—if you'll pardon the dismissive scorn there, that you just package up your application, shove into a container, and then hurl it from the application team over the operations team, like a dead dog cast into your neighbor's yard for him to worry about. And then it sort of takes up the space of you don't have to manage state anymore because everything is mostly stateless in theory. How have you seen it play out in practice in the last five years?Nigel: I mean, that's a real trend. And, you know, the size of a container should be [laugh] smaller than an operating system. And the reality is, I'm a sysadmin; I love operating systems, I nerded out on operating systems. They're a necessary evil, they're terrible, terrible things: registry keys, config files, they're a pain in the neck to deal with. And if you look at, I think what a lot of operations folks missed about Docker when it started was that it didn't make their life better. It was worse.It was, like, this actual, sort of, terrible toolchain where you sort of tied together all these different things. But really importantly, what it did is it put control into the hands of the developers, and it was the developers who were trying to do stuff who were trying to shift into applications. And I think Docker was a really great technology, in the sense of, you know, developers could ship value on their own. And that was the huge, huge leveling up. It wasn't the interface, it wasn't the user experience, it wasn't all these things, it was just that the control got taken away from the IT trolls in their basement going, “No, don't touch my servers,” and instead given straight to the developers. And that's huge because it let us ship things faster. And that's ultimately the whole goal of things.Corey: The thing that really struck me the most from conducting the trainings that I did was meeting a whole bunch of people across the country, in different technological areas of specialty, in different states of their evolution as technologists, and something that struck me was just how much people wound up identifying with the technology that they worked on. When someone is the AIX admin, and the AIX machines are getting replaced with Linux boxes, there's this tendency to fight against that and rebel, rather than learning Linux. And I get it; I'm as subject to this as anyone is. And in many cases, that was the actual pushback that I saw against adopting something like Puppet. If I identify my job as being the person that runs all these carefully curated scripts that I've spent five years building, and now that all gets replaced with something that is more of a global solution to my local problem, then it feels like a thing that made me special is eroding.And we see that with the migration to cloud as well. When you're the storage admin, and it just becomes an API call to S3, that's kind of a scary thing. And when you're one of the server hugger types—and again, as guilty as anyone of this—and you start to see cloud coming in as, like, a rising tide that eats up what it was that you became known for, it's scary and it becomes a foundational shift in how you view yourself. What I really had a lot of sympathy for was the folks who've been doing this for 20 years. They were, in some cases, a few years away from retirement, and they've been doing basically the same set of tasks every year for 25 years.It's one year of experience repeated 25 times. And they don't have that much time left in their career, intentionally, so they want to retire, but they also don't really want to learn a whole bunch of new technologies just to get through those last few years. I feel for them. But at the same time—Nigel: No, me too, totally. But what are you going to do? But without sounding too dismissive there, I think it's a natural tendency for us to identify with the technology if that's what you're around all the time. You know, mechanics do this, truck drivers with brands of trucks, people, like, to build attachments to the technology they work with because we fit them into this bigger techno-social system. But I have a lot of empathy for the people in enterprise jobs who are being asked to change radically because the cycle of progress is speeding up faster and faster.And as you say, they might be a few years away from retirement. I think I used to feel more differently about this when I was really hot-headed and much more of a tech enthusiast, and that's what I identified with. In terms of, it's okay for a job to just be a job for people. It's okay for someone to be doing a job because they get good health care and good benefits and it's feeding their family. That's an important thing. You can't expect everyone to always be incredibly passionate about technology choices in the same way that I think many of us who live on Twitter and hanging out in this space are.Corey: Oh, I have no problem whatsoever with people who want to show up for 40 hours a week-ish, work on their job, and then go home and have lives and not think about computers at all. There's this dark mass of developers out there that basically never show up on Twitter, they aren't on IRC, they don't go to conferences, and that's fine. I have no problem with that, and I hope I don't come across as being overly dismissive of those folks. I honestly wish I could be content like that. I just don't hold still very well.Nigel: [laugh]. Yeah, so I think you touched on a few interesting things there. And some of those we sort of cover in the State of DevOps Report, which is coming out in the next few weeks.Corey: Indeed, and the State of DevOps Report started off at Puppet, and they've now done it for, what, 10 years?Nigel: This is the 10th year, which is completely crazy. So, I was looking at the stats as I was writing it, and it's 10 years of State of DevOps Reports; I think it's 11 years of DevOps Weekly, Gareth Rushgrove's newsletter; it's 12 or 13 years of DevOpsDays that have been going on. This is longer than I spent in primary and high school put together. It's kind of crazy that the DevOps movement is still, kind of, chugging along, even if it's not necessarily the coolest kid on the block, now that GitOps, SRE flavor of the month, various kinds of permutations of how we work with technology, have perhaps got a little bit cooler. But it's still very, very relevant to a lot of enterprises out there.Corey: Yeah. As I frequently say, legacy is a condescending engineering term for ‘it makes money,' and there's an awful lot of that out there. Forget cloud, there are still companies wrestling with do we explore this virtualization thing? And that was something I was very against back in 2006, let's be very honest. I am very bad at predicting the future of technology.And, “I can see this for small niche edge workload cases, where you have a bunch of idle servers, but for the most part, who's really going to use this in production?” Well, basically everyone because that, in turn, is what the cloud runs on. Yeah, I think we can safely say I got that one hilariously wrong. But hey, if you're aren't going to make predictions, then what's it matter?Nigel: But the industry pushes you in these directions. So, there was this massive bank in Asia who I've been working with for a long time and they were always resistant to adopting virtualization. And then it was only four or five years ago that I visited them; they're like, “Right. Okay. It's time. We're rolling out VMware.” And I was like, “So, I'm really curious. What exactly changed in the last year or two in, like, 2014, 2015 that you decided virtualization was the key?” And I'm like—Corey: Oh, there was this jackwagon who conducted this training? Yeah, no, no, sorry. I can't take credit for that one.Nigel: They couldn't order one rack unit servers with CD drives anymore because their whole process was actually provisioning with CDs before that point.Corey: Welcome to the brave new world of PXE booting, which is kind of hard, so yeah, virtualization is easier. You know, sometimes people have to be dragged into various ways of technological advancement. Which gets to the real thing I want to cover, since this is a promoted episode, where you're talking about the State of DevOps Report, I'm almost less interested in what this year's has to say specifically, than what you've seen over the last decade. What's changed? What was true 10 years ago that is very much not true now? Bonus points if you can answer that without using the word Kubernetes more than twice.Nigel: So, I think one of the big things was the—we've definitely passed peak DevOps team, if you may remember, there was a lot of arguments and there's still regular, is DevOps a job title? Is it a team title? Is it a [crosstalk 00:14:33]—Corey: Oh, I was much on the no side until I saw how much more I would get paid as a DevOps engineer instead of a systems administrator for the exact same job. So, you know, I shut up and I took the money. I figured that the semantic arguments are great, but yeah.Nigel: And that's exactly what we've written in the report. And I think it's great. The sysadmins, we were unloved. You know, we were in the basement, we weren't paid as much as programmers. The running joke used to be for developers, DevOps meant, “I don't need ops anymore.” But for ops people, it was, “I can get paid like a developer.”Corey: In many cases, “Oh, well, systems administrators don't want to learn how to code.” It's, yeah, you're remembering a relatively narrow slice of time between the modern era, where systems administrator types need to be able to write in the lingua franca of everything—which is, of course, YAML, as far as programming languages go—and before that, to be a competent systems administrator, you needed to have a functional grasp of C. And—Nigel: Yeah.Corey: —there is only a limited window in which a bunch of bash scripts and maybe a smidgen of Perl would have carried you through. But the deeper understanding is absolutely necessary, and I would argue, always has been.Nigel: And this is great because you've just linked up with one of the things we found really interesting about the report is that you know when we talk about legacy we don't actually mean the oldest shit. Because the oldest shit is the mainframes; it's a lot of bare metal applications. A lot of that in big enterprises—Corey: We're still waiting for an AWS/400 to replace some of that.Nigel: Well, it's administered by real systems engineers, you know, like, the people who wrote C, who wrote kernel extensions, who could debug things. What we actually mean by legacy is we mean late '90s to late 2000s, early 2010s. Stuff that was put together by kids who, like me, happened to get a job because you grew up with a computer, and then the dotcom explosion happened. You weren't necessarily particularly skilled, and a lot of people, they didn't go through the apprenticeships that mainframe folks and systems engineers actually went through. And everyone just held this stuff together with, you know, duct tape and dental floss. And then now we're paying the price of it all, like, way back down the track. So, the legacy is really just a certain slice of rapid growth in applications and infrastructure, that's sort of an unmanageable mess now.Corey: Oh, here in San Francisco, legacy is anything prior to last night's nightly build. It's turned into something a little ridiculous. I feel like the real power move as a developer now is to get a job, go in on day one, rebase everything in the Git repository to a single commit with a message, ‘legacy code' and then force push it to the main branch. And that's the power move, and that's how it works, and that's also the attitude we wind up encountering in a lot of places. And I don't think it serves anyone particularly well to tie themselves so tightly to that particular vision.Nigel: Yep, absolutely. This is a real problem in this space. And one of the things we found in the State of DevOps Report is that—let me back up a little and give a little bit of methodology of what we actually do. We survey people about their performance metrics, you know, like how quickly can you do deploys? What's your mean time to recovery? Those sorts of things, and what practices do you actually employ?And we essentially go through and do statistical analysis on this, and everyone tends to end up in three cohorts, they separate pretty easily, of low, medium, and high evolution. And so one of the things we found is that everyone at the low level has all sorts of problems. They have issues with what does my team do? What does the team next to me do? How do I talk to the team next to me?How do I actually share anything? How do I even know what my goals are? Like, fundamental company problems. But everyone at all levels of evolution is stuck on two big things: not being able to find enough people with the right skills for what they need, and their legacy infrastructure holding them back.Corey: The thing that I find the most compelling is the idea of not being able to find enough people with the skills that they need. And I'm going to break my own rule and mentioned Kubernetes as a prime example of this. If you are effective at managing Kubernetes in production, you will make a very comfortable living in any geographical location on the planet because it is incredibly complex. And every time we've seen this in previous trends, where you need to get more and more complexity, and more and more expertise just to run something, it looks like a sawtooth curve, where at some point that complexity, it gets abstracted away and compressed down into something that is basically a single line somewhere, or it happens below the surface level of awareness. My argument has been that Kubernetes is something no one's going to care about in roughly three years from now, not because we're not using it anymore, but because it's below the level of awareness that we have to think about, in the same way that there aren't a whole lot of people on the planet these days who have to think about the Linux virtual memory management subsystem. It's there and a few people really care about it, but for the rest of us, we don't have to think about that. That is the infrastructure underneath our infrastructure.Nigel: Absolutely. I used to make a living—and it's ridiculous looking back at this—for a year or two, doing high-performance custom compiled Apaches for people. Like, I was really really good at this.Corey: Well yeah, Apache is a great example of this, where back in the '90s, to get a web server up and running you needed to have three days to spare, an in-depth knowledge of GCC compiler flags, and hope for the best. And then RPM came out and then, okay, then YUM or other things like that—Nigel: Exactly.Corey: —on top of it. And then things like Puppet started showing up, and we saw, all right now, [unintelligible 00:20:01] installed. Great. And then we had—it took a step beyond that, and it was, “Oh, now it's just a Docker-run whatever it is,” and these days, yeah, it's a checkbox in S3.Nigel: So, let me get your Kubernetes prediction down, right. So, you're predicting Kubernetes is going to go away like Apache and highly successful things. It's not an OpenStack failure state; it's Apache invisibility state?Corey: Absolutely. My timeline is a bit questionable, let's be fair, but—it's a little on the aggressive side, but yeah, I think that Kubernetes is inherently too complex for most people to have to wind up thinking about it in that way. And we're not talking small companies; we're talking big ones where you're not in a position, if you're a giant blue-chip Fortune 50, to hire 2000 people who all know Kubernetes super well, and you shouldn't have to. There needs to be some flattening of all of that high level of complexity. Without the management tools, though, with things like Puppet and the things that came before and a bunch of different ways, we would all not be able to get anything done because we'd be too busy writing in assembly. There's always going to be those abstractions on top abstractions on top abstractions, and very few people understand how it works all the way down. But that's, in many cases, okay.Nigel: That's civilization, you know? Do you understand what happens when you plug in something to your electricity socket? I don't want to know; I just want light.Corey: And more to the point, whenever you flip the switch, you don't have that doubt in your mind that the light is going to come on. So, if it doesn't, that's notable, and your first thought is, “Oh, the light bulb is out,” not, “The utility company is down.” And we talk about the cloud being utility computing.Nigel: Has someone put a Kubernetes operator in this light switch that may break this process?Corey: Well, okay, IoT does throw a little bit of a crimp into those works. But yeah. So, let's talk more about the State of DevOps Report. What notable findings were there this year?Nigel: So, one of the big things that we've seen for the last couple of years has been that most companies are stuck in the middle of the evolutionary progress. And anyone who deals with large enterprises knows this is true. Whatever they've adopted in terms of technology, in terms of working methods, you know, agile, various different things, most companies don't tend to advance to the high levels; most places stay mired in mediocrity. So, we wanted to dive into that and try and work out why most companies actually stuck like this when they hit a certain size. And it turns out, the problems aren't technology or DevOps, they really fundamental problems like, “We don't have clear goals. I don't understand what the teams next to me do.”We did a bunch of qualitative interviews as well as the quantitative work in the survey with this report, and we talked to one group of folks at a pretty large financial services company who are like, “Our teams have all been renamed so many times, if I need to go and ask someone for something, I literally page up and down through ServiceNow, trying to find out where to put the change request.” And they're like, “How do I know where to put a network port opening request for this particular service when there are 20 different teams that might be named the right thing, and some are obsolete, and I get no feedback whether I've sent it off to the right thing or to a black hole of enterprise despair?”Corey: I really love installing, upgrading, and fixing security agents in my cloud estate! Why do I say that? Because I sell things, because I sell things for a company that deploys an agent, there's no other reason. Because let's face it. Agents can be a real headache. Well, now Orca Security gives you a single tool that detects basically every risk in your cloud environment -- and that's as easy to install and maintain as a smartphone app. It is agentless, or my intro would've gotten me into trouble here, but  it can still see deep into your AWS workloads, while guaranteeing 100% coverage. With Orca Security, there are no overlooked assets, no DevOps headaches, and believe me you will hear from those people if you cause them headaches. and no performance hits on live environments. Connect your first cloud account in minutes and see for yourself at orca.security. Thats “Orca” as in whale, “dot” security as in that things you company claims to care about but doesn't until right after it really should have.Corey: That doesn't get better with a lot of modernization. I mean, I feel like half of my job—and I'm not exaggerating—is introducing Amazonians to one another. Corporate communication between departments and different groups is very far from a solved problem. I think the tooling can help but I've never been a big believer in solving political problems with technology. It doesn't work. People don't work that way.Nigel: Absolutely. One of my earliest times working at Puppet doing, sort of, higher-level sales and services and support, huge national telco walk in there; we've got the development team, the QA team, the infrastructure team. In the course of this conversation, one of them makes a comment about using apt-get, and the others were like, “What do you mean? We're on RHEL.” And it turned out, production was running on RHEL, the QA team running on CentOS and the developers were all building everything on Ubuntu. And because it was Java wraps, they almost didn't have to care. But write once, debug everywhere.Corey: History doesn't repeat, but it rhymes; before Docker, so much of development in startup-land was how do I make my MacBook Pro look a lot more like an EC2 Linux instance? And it turns out that there's an awful lot of work that goes into that maybe isn't the best use of people's time. And we start to see these breakthroughs and these revelations in a bunch of different ways. I have to ask. This is the tenth year that you've done the State of DevOps Report. At this point, why keep doing it? Is it inertia? Are you still discovering new insights every year on top of it? Or is it one of those things where well someone in marketing says we have to do it, so here we are?Nigel: No, actually, it's not that at all. So definitely, we're going to take stock after this year because ten years feels like a really good point to, sort of—it's a nice round number in certain kind of number system. Mainly the reason is, a lot of my job is going and helping big enterprises just get better at using technology. And it's funny how often I just get folks going, “Oh, I read this thing,” like people who aren't on the bleeding edge, constantly discussing these things on Twitter or whatever, but the State of DevOps Report makes its way to them, and they're like, “Oh, I read a thing there about how much better it is if we standardized on one operating system. And that made a really huge difference to what we were actually doing because you had all this data in there showing that that is better.”And honestly, that's the biggest reason why I ended up doing it. It's the fact that it seems to be a tool that has made its way through to very hard to penetrate enterprise folks. And they'll read it and managers will read things that are like, “If you set clear goals for your team and get them to focus on optimizing the legacy environment, you will see returns on it.” And I'm being a little bit facetious in the tone that I'm saying because a lot of this stuff does feel obvious if you're constantly swimming in this stuff day-to-day, but it's not just the practitioners who it's just a job for in a lot of big companies. It's true, a lot of the management chain as well. They're not necessarily going out and reading up on modern agile IT management practices day-to-day, for fun; they go home and do something else.Corey: One of my favorite conferences is Gene Kim's DevOps Enterprise Summit, and the specific reason behind that is, these are very large companies that go beyond companies, in some cases, to institutions, where you have the US Air Force as a presenter one year and very large banks that are 200 years old. And every other conference, it seems, more or less involves people getting on stage, deliver conference-ware and tell stories that make people at those companies feel bad about themselves. Where it's, “We're Twitter for Pets, and this is how we deploy software,” or the ever-popular, “This is how Netflix does stuff.” Yeah, Netflix has basically no budget constraints as far as hiring engineering folks go, and lest we forget, their failure mode is someone can't watch a movie right now. It's not exactly the same thing as the ATM starts spitting out the wrong balance in the streets.And I think that there's an awful lot of discussion where people look at the stories people tell on conference stages and come away feeling bad from it. Very often, I'll see someone from a notable tech companies talk about how they do things. And, “Wow, I wish my group did things like that.” And the person next to me says, “Yeah, me too.” And I check and they work at the same company.And the stories we tell are not necessarily the stories that we live. And it's very easy to come away discouraged from these things. And that goes triply so for large enterprises that are regulated, that have significant downside risk if the technology fails them. And I love watching people getting a chance to tell those stories.Nigel: Let me jump in on that really quickly because—Corey: Please, by all means.Nigel: —one is, you know, having done four years at Google, things are a shitshow internally there, too—Corey: You're talking about it like it's prison. I like it.Nigel: —you know. [laugh]. People get horrified when they turn up and they're like, “Oh, what it's not all gleaming, perfect software artifacts, delivered from the hand of Urs.” But I think what Gene has done with DevOps Enterprise Summit is fantastic in how people share more openly their failure states, but even there—and this is an interesting result we found from a few years ago, State of DevOps Report—even those executives are being more optimistic because it's so beaten into you as the senior executive; you're putting on a public face, and even when they're trying to share the warts-and-all story, they can't help but put a little bit of a positive spin on it. Because I've had exactly the same experience there where someone's up there telling a war story, and then I look, turn to the person next to me, and they work at that same 300-year-old bank, and they're like, “Actually, it's much, much worse than this, and we didn't fix it quite as well as that.” So, I think the big tech companies have terrible inside unless they're Netflix, and the big enterprises are also terrible. But they're also—Corey: No, no, I've talked to Netflix people, too. They do terrible things internally there, too. No one talks about the fact that their internal environments are always tire fires, and there are two stories: the stories we tell publicly, and the reality. And if you don't believe me on that, look at any company in the world's billing system. As much as we all talk about agile and various implementations thereof when it comes to things that charge customers money, we're all doing waterfall.Nigel: Absolutely. [laugh].Corey: Because mistakes show when you triple-charge someone's credit card for the cost of a small country's GDP. It's a problem. I want to normalize those sorts of things more. I'm looking forward to reading this year's report, just because it's interesting to see how folks who are in environments that differ from the ones that I get to see experience in this stuff and how they talk about it.Nigel: Yeah. And so one of the big results I think there for big companies that's really interesting is that one of the, sort of, anti-patterns is having lots of different types of teams. And I kind of touched on this before about having confusing team titles being a real problem. And not being able to cross organizational boundaries quickly is really, really—you know, it's a huge inhibitor and cause, source of friction. But turns out the pattern that is actually really great is one that the Team Topologies guys have discovered.If you've been following what Matthew Skelton and Manuel Pais have been doing for a while, they've basically been documenting a pattern in software organizations of a small number of team types, of a platform team, value stream teams, complicated subtest system teams, and enabling teams. And so we worked with Manuel and Matt on this year's report and asked a whole bunch of questions to try and validate the Team Topologies model, and the results came back and they were just incredibly strong. Because I think this speaks to some of the stuff you mentioned before that no one can afford to hire an army of Kubernetes developers, and whatever the hottest technology is in five years, most big companies can't hire an army of those people either. And so the way you get scale internally before those things become commoditized is you build a small team and create the situation where they can have outsized leverage inside their organization, like get rid of all the blockers to fast flow and make their focus self-service to other people. Because if you're making all of your developers learn distributed systems operations arcane knowledge, that's not a good use of their time, either.Corey: It's really not. And I think that's something that gets lost a lot is, I've never yet seen a company beyond the very early startup stage, where the AWS bill exceeded the cost of the people working on the AWS bill. Payroll is always a larger expense than infrastructure unless you're doing something incredibly strange. And, oh, I want to save some money on the cloud bill is very often offset by the sheer amount of time that you're going to have to pay people to work on that because, contrary to what we believe as engineering hobbyists, people's time is very far from free. And it's also the opportunity cost of if you're going to work on this thing instead of something else, well, is that really the best choice? It comes down to contextualizing what technology is doing as well as with what's happening over in the world of business strategy. And without having a bridge between those, it doesn't seem to work very well.Nigel: Absolutely. It's insane. It's literally insane that, as an industry, we will optimize 5%, 3% of our infrastructure bill or application workload and yet not actually reexamine business processes that are causing your people to spend 10% of their time in synchronous meetings. You can save so much more money and achieve so much more by actually optimizing for fast flow, and getting out of the way of the people who cost lots of money.Corey: So, one last topic that I want to cover before we call it an episode. You talk to an awful lot of folks, and it's easy to point at the aspirational stories of folks doing things the right way. But let's dish for a minute. What are you seeing in terms of people not using the cloud properly? I feel like you might have a story or two on that one.Nigel: I do have a few stories. So, in this year's report, one of the things we wanted to find out of, like, are people using the cloud in the way we think of cloud; you know, elastic, consumption-based, all of these sorts of things. We use the NIST metrics, which I recognize can be a little controversial, but I think you've got to start somewhere as a certain foundation. It turns out just about everyone is using the public cloud. And when I say cloud, I'm not really talking about people's internal VMware that they rebadged as cloud; I'm talking about the public cloud providers.Everyone's using it, but almost no one is taking advantage of the functionality of the cloud. They're instead treating it like an on-premise VMware installation from the mid-2000s, they're taking six weeks to provision instances, they're importing all of their existing processes, they keep these things running for a long time if they fall over, one person is tasked with, “Hey, do you know how pet number 45 is actually doing here?” They're not really treating any of these things in the way that they're actually meant to. And I think we forget about this a lot of the time when we talk about cloud because we jump straight to cloud-native, you know, the sort of bleeding edge of folks in serverless, highly orchestrated containers. I think if you look at the actual numbers, the vast majority of cloud usage, it's still things like EC2 instances on AWS. And there's a reason: because it's a familiar paradigm for people. We're definitely going to progress past there, but I think it's easy to leave the people in the middle behind when we're talking about cloud and how to improve the ecosystem that they all operate in.Corey: Part of the problem, too, is that whenever we look at how folks are misusing cloud, it's easy to lose sight of context. People don't generally wake up and decide I'm going to do a terrible job today unless they work in, you know, Facebook's ethics department or something. Instead, it's very much a people are shaped by the constraints they're laboring under from a bunch of different angles, and they're trying to do the best with what they have. Very often, the reason that a practice or a policy exists is because, once upon a time, there was a constraint that may or may not still be there, and going forward the way that they have seemed like the best option at the time. I found that the default assumption that people are generally smart and doing the right thing with the information they have carries you a lot further, in many respects than what I did is a terrible junior consultant, which is, “Oh, what moron built this?” Invariably to said moron, and then the rest of the engagement rapidly goes downhill from there. Try and assume good faith, and if you see something that makes no sense, ask, “Why is it like this?” Rather than, “Why is it like this?” Tone counts for a lot.Nigel: It's the fundamental attribution bias. It's why we think all other drivers on the road are terrible, but we actually had a good reason for swerving into that lane.Corey: “This isn't how I would have built it. So, it's awful.”Nigel: Yeah, exactly.Corey: Yeah. And in some cases, though, there are choices that are objectively bad, but I tried to understand where they came from there. Company policy, historically, around things like data centers, trying to map one-to-one to cloud often miss some nuances. But hey, there's a reason it's called the digital transformation, not a project that we did.Nigel: [laugh]. And I think you've got to always have empathy for the people on the ground. I quite often have talked to folks who've got, like, a terrible cloud architecture with the deployment and I'm like, “Well, what happened here?” And they went, “Well, we were prepared to deploy this whole thing on AWS, but then Microsoft's salespeople got to the CTO and we got told at the last minute we're redeploying everything on Azure.” And so these people were often—you know, you're given a week or two to pivot around the decision that doesn't necessarily make any sense to them.And there may have been a perfectly good reason for the CTO to do this: they got given really good kickbacks in terms of bonuses for, like, how much they were spending on the infrastructure—I mean, discounts—but people on the ground are generally doing the best with what they can do. If they end up building crap, it's because our system, society, capitalism, everything else is at fault.Corey: [laugh]. I have to say, I'm really looking forward to seeing the observations that you wound up putting into this report as soon as it drops. I'm hoping that I get a chance to speak with you again about the findings, and then I can belligerently tell you to justify yourself. Those are my favorite follow-ups.Nigel: [unintelligible 00:37:05].Corey: If people want to get a copy of the report for themselves or learn more about you, where can they find you?Nigel: Just head straight to puppet.com, and it will be on the banner on the front of the site.Corey: Excellent. And will, of course, put a link to that in the show notes, if people can't remember puppet.com. Thank you so much for taking the time to speak with me. I really appreciate it.Nigel: Awesome. No worries. It was good to catch up.Corey: Nigel Kersten, field CTO at Puppet. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice as well as an insulting comment telling me that ‘comcastic' isn't a funny word, and tell me where you work, though we already know.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Conferencia del pastor Jose de Segovia sobre el legalismo en la iglesia, dentro del encuentro de Pasión por el Evangelio" del año 2019. (Sesión 4 "Ni legalismo ni libertinaje: el Evangelio equilibrado" de PxE 2019) .

My goal was to get my Raspberry Pi 4 to PXE boot, and I failed. A lot. Like multiple times over the course of four hours. And that's normal. That's just how technology works. We tend to talk a lot about our successes and how awesome the things we do are, but not enough about failure. Well, here you go. A whole video that ends in my failure. Enjoy! ----------------------------------------------------------------------------------------------------- Patreon: https://www.patreon.com/nedinthecloud Website: https://nedinthecloud.com Pluralsight: https://app.pluralsight.com/profile/author/edward-bellavance GitHub: https://github.com/ned1313

Let's talk about PXE booting! Before we set anything up, it's important to get a grasp on the fundamentals. In this video I am going to cover DHCP, the DORA process, and how PXE and TFTP fit into the process. It'll be a hoot! ----------------------------------------------------------------------------------------------------- Patreon: https://www.patreon.com/nedinthecloud Website: https://nedinthecloud.com Pluralsight: https://app.pluralsight.com/profile/author/edward-bellavance GitHub: https://github.com/ned1313

The RackN teams provides an in-depth overview of how DHCP and PXE boot work along with highlights in their remote booting on a Raspberry Pi

Happy 100th podcast!!  Rob Hirschfeld is the founder and CEO of RackN.  Rob has been along for many podcasts with Eric and is also a premiere podcaster himself at the L8ist Sh9y Podcast. This show introduces the freshly minted Edge Lab which is finally a way to do bare-metal provisioning for an edge scenario with the magic (and science) of Digital Rebar, K3s, and most importantly, this is a reference build to help you experiment with PxE booting and much more.   Check out the Edge Lab at https://edgelab.digital  Check out Digital Rebar at https://rebar.digital  If you want to participate in the Edge Lab but cannot afford to purchase the gear, please reach out on Twitter to @DiscoPosse and we are working on grant programs and discount opportunities to help those folks who are underrepresented in technology and who can benefit from access to these resources. 

Open source won the last decade, but what if it hadn’t? We look back at some major milestones and reflect on a world where they never existed. Special Guests: Alex Kretzschmar and Brent Gervais.

‘De meeste mensen met PXE hebben een perfect normaal leven.’ Patiënt Kjell De Bondt en prof. dr. Olivier Vanakker geven Sven Speybrouck een boeiende stoomcursus over een zeldzame, erfelijke aandoening.

NPM's CEO Bryan Bogensberger resigns, Google's new Play Pass subscription service and their Kotlin bootcamp are announced. Plus some noteworthy updates for ulauncher and ReactOS.

Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more. ##Headlines ###The Design and Implementation of the NetBSD rc.d system Abstract In this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system. Introduction NetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot. This paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions. The changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions. History There is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant. ###First impressions of Project Trident 18.12 Project Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment. +Installing The debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer. Early impressions Trident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme. The application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time. Early on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category. Conclusions I have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible. ##News Roundup PXE booting of a FreeBSD disk image I had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it. For information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) . THE BIG PICTURE Before explaining all steps and command line, here is the full big picture of the final process. ###Why I like middle mouse button paste in xterm so much In my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said: Shift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste. This sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources). In thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward. ###NetBSD Gains Hardware Accelerated Virtualization NetBSD Virtual Machine Monitor NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary. ##Beastie Bits SoloBSD 19.02-STABLE Project Trident 18.12-U5 available “Sudo Mastery, Second Edition” and Cover Art MKSANITIZER - bug detector software integration with the NetBSD userland Darn kids nowadays… back in my day we drew rude symbols like normal people. {{top two comments}} ShellCheck finds bugs in your shell scripts. Old School Sean - A history of UNIX ##Feedback/Questions Ales - OpenBSD, FreeNAS, OpenZFS questions Malcolm - Thoughts on Pgsql + ZFS thread? Brad - Boot Environments in FreeBSD Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.

Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.

Network administrators often utilize Pre-boot Execution Environment (PXE) to rapidly deploy new systems on a network easily. Golden system images can be created with all the software and settings already in place for new systems. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses some of the potential attack vectors surrounding PXE boot deployments. Full Show Notes: https://wiki.securityweekly.com/TS_Episode27

Slechts 400 mensen hebben in Nederland de ziekte PXE die ook leidt tot ernstige oogproblemen. Pseudo Xanthoma Elasticum is een verkalking van huid, ogen en bloedvaten. Het bestaande middel Etidronaat werkt opvallend effectief bij het remmen van deze verkalking. De onderzoeker en internist Wilko Spiering geeft in een interview met Chrit Wilshaus een uiteenzetting over […]

Tillverkningen av iPhone X sägs vara nära slutet efter flopp i Kina. Gruber är inte imponerad Homepod tycks vara på gång … om man bor på rätt ställe Jocke funderar på en ny iPad för att läsa på Surface studio fläktar och spelar spel. Ingen helt dum upplevelse Ett riktigt retrospelsboktips The invisible hours - Poirot för framtiden? Spacewalk! Jocke installerar coola saker. Doom VFR och lite annan VR Som avslutning patchade Apple mot Spectre och Meltdown lite bättre Länkar Länkar Sist vi körde live Tillverkningen av Iphone X slutar tidigt? Gruber är inte imponerad Mac OS X 10.3 Homepod Marshallhögtalarna Jocke har Echo E-bläck Dataskum Fredriks text om Surface studio DS4Windows - använd Dualshock-handkontroller med Windows Brütal legend Wolfenstein-boken Wolfenstein Texten om nätverkskoden i Quake 3 The invisible hours Life is strange Spacewalk Kickstartserver PXE - preboot execution environment Foreman Google cardboard Gear VR Doom VFR Spectre och Meltdown (Helt avsnitt av Kodsnack för den som verkligen vill höra mer) Tjöta med oss i Discord Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-110-stereo-kommer-som.mjukvara-senare.html.

Meet Sharon Terry, a former college chaplain and stay-at-home mom who took the medical research world by storm when her two young children were diagnosed with a rare disease known as pseudoxanthoma elasticum (PXE). In this knockout talk, Terry explains how she and her husband became citizen scientists, working midnight shifts at the lab to find the gene behind PXE and establishing mandates that require researchers to share biological samples and work together. Hosted on Acast. See acast.com/privacy for more information.

Meet Sharon Terry, a former college chaplain and stay-at-home mom who took the medical research world by storm when her two young children were diagnosed with a rare disease known as pseudoxanthoma elasticum (PXE). In this knockout talk, Terry explains how she and her husband became citizen scientists, working midnight shifts at the lab to find the gene behind PXE and establishing mandates that require researchers to share biological samples and work together.

Rencontrez Sharon Terry, une ancienne aumônière en milieu universitaire et mère au foyer qui a pris d'assault le monde de la recherche médicale lorsque ses deux jeunes enfants ont été diagnostiqués comme atteints d'une maladie rare connue sous le nom de pseudoxanthome élastique (PXE). Dans cette intervention spectaculaire, Terry explique comment elle et son mari sont devenus des scientifiques citoyens, travaillant à minuit au labo pour trouver le gène derrière le PXE et établir des mandats exigeant que les chercheurs partagent les échantillons biologiques et travaillent ensemble.

大学専属の修道女を辞めて専業主婦をしていたシャロン・テリーは、２人の幼い子どもたちが「弾力線維性仮性黄色腫（PXE）」という稀少疾患だと診断されたことがきっかけで、医学研究の世界に大きな旋風をもたらしました。この圧倒される講演の中で、テリーは夫と共に市民研究者となり、研究所で深夜まで研究してPXEの原因遺伝子を発見するとともに、研究者たちに生体サンプルを共有し協力し合う義務を確立したいきさつを語ります。

Conoce a Sharon Terry, una ex-capellana de la universidad y madre ama de casa, que se adentró en el mundo de la investigación médica cuando sus dos hijos pequeños fueron diagnosticados con una enfermedad rara conocida como el pseudoxantoma elástico o PXE. En esta charla, Terry explica cómo ella y su esposo se convirtieron en científicos ciudadanos, trabajando en turnos de medianoche en el laboratorio para encontrar el gen responsable del PXE y poner las bases de estatutos que requieren a los investigadores que compartan las muestras biológicas y trabajen juntos.

Lernen Sie Sharon Terry kennen: eine ehemalige Schulseelsorgerin und Hausfrau, die die wissenschaftliche Welt im Sturm eroberte, als ihre zwei Kinder mit der seltenen Krankheit "Pseudoxanthoma Elasticum" (PXE) diagnostiziert wurden. In diesem überwältigendem Talk erklärt Terry, wie sie und ihr Mann zu Bürgerwissenschaftlern wurden, Mitternachtsschichten in einem Labor arbeiteten, um das Gen hinter PXE zu finden und wie sie Verfügungen erarbeiteten, die Forscher dazu verpflichteten, ihre biologischen Proben auszutauschen und zusammenzuarbeiten.

Conheça Sharon Terry, ex-líder religiosa na faculdade e mãe caseira, que entrou no mundo da pesquisa médica quando as duas crianças pequenas dela foram diagnosticadas com uma doença rara conhecida como pseudoxantoma elástico (PXE). Nesta fantástica conversa, Terry explica como ela e o marido se tornaram cidadãos cientistas, trabalhando turnos de meia-noite no laboratório para encontrar o gene por trás do PXE e introduzir ordens que exigem que os pesquisadores compartilhem amostras biológicas e trabalhem juntos.

Познакомьтесь с Шэрон Терри: капеллан колледжа и мама-домохозяйка в прошлом, она взяла мир науки штурмом, когда у её двоих детей обнаружили редкое заболевание, известное как эластическая псевдоксантома (PXE). В своём шокирующем выступлении Терри рассказывает о том, как она и её супруг стали учёными-добровольцами, работающими в ночную смену в лаборатории в поисках гена PXE. Кроме того, они разработали стандарты, по требованиям которых исследователи должны сотрудничать и делиться биологическими материалами.

This week on BSDNow - It's getting close to christmas and the This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines n2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20151208172029) tedu@ worked on rebound, malloc hardening, removing legacy code “I don't usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.” “IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory” “I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It's only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes” Ifconfig txpower got similar treatment, as no modern WiFi driver supports it Support for Ethernet Trailers, RFC 893 (https://tools.ietf.org/html/rfc893), enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place Alexandr Nedvedicky (sashan@) worked on MP-Safe PF (http://undeadly.org/cgi?action=article&sid=20151207143819) “I'd like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let's switch to PF hacking.” “mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It's called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pftest() function. The pftest() function parts will be gradually unlocked as the work will progress. To make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pftest(). The pftest() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ipsend() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pfroute() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked. There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.” *** ACM Queue: Challenges of Memory Management on Modern NUMA System (http://queue.acm.org/detail.cfm?id=2852078) “Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node's local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).” So, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around There are a number of different NUMA strategies, including: Fixed, memory is always allocated from a specific bank of memory First Touch, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally Round Robin or Interleave, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access AutoNUMA, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing). The paper also introduces a new strategy: Carrefour is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower Carrefour uses three primary techniques: Memory collocation, Moving memory to a different node so that accesses will likely be local. Replication, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data). Interleaving, Moving memory such that it is distributed evenly among all nodes. FreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin. For more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT *** Is that Linux? No it is PC-BSD (http://fossforce.com/2015/12/linux-no-pc-bsd/) Larry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it's Linux. The blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background. He mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I'm burning rubber in all four gears.” The only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I'll have to add a knob back for that) *** Dual booting OS X and OpenBSD with full disk encryption (https://gist.github.com/jcs/5573685) New GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs This tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X First the HFS+ partition is shrunk to make room for a new OpenBSD partition Then the OpenBSD installer is run, and the available free space is setup as an encrypted softraid The OpenBSD installer will add itself to the EFI partition Rename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X *** Interview - Paul Goyette - pgoyette@netbsd.org (mailto:pgoyette@netbsd.org) NetBSD Testing and Modularity *** iXsystems iXsystems Wins Press and Industry Analyst Accolades in Best in Biz Awards 2015 (http://www.virtual-strategy.com/2015/12/08/ixsystems-wins-press-and-industry-analyst-accolades-best-biz-awards-2015) *** News Roundup HOWTO: L2TP/IPSec with OpenBSD (https://www.geeklan.co.uk/?p=2019) *BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN This first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it The previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now The tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec L2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed *** DragonFly 4.4 Released (http://www.dragonflybsd.org/release44/) DragonFly BSD has made its 4.4 release official this week! A lot of big changes, but some of the highlights Radeon / i915 DRM support for up to Linux Kernel 3.18 Proper collation support for named locales, shared back to FreeBSD 11-CURRENT Regex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn't there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it's a nice addition to this release.” Other noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3) An interesting tidbit is switching to the Gold linker (http://bsd.slashdot.org/story/15/12/04/2351241/dragonflybsd-44-switches-to-the-gold-linker-by-default) *** Guide to install Ajenti on Nginx with SSL on FreeBSD 10.2 (http://linoxide.com/linux-how-to/install-ajenti-nginx-ssl-freebsd-10-2/) Looking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system. The walkthrough is mostly straightforward, you'll need a FreeBSD box with root, and will need to install several packages / ports initially. Because there is no native package (yet), it guides you through using python's PIP installer to fetch and get Ajenti running. The author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD. Ajenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks. *** BSDCan 2016 CFP is up! (http://www.bsdcan.org/2016/papers.php) BSDCan is the biggest North American BSD conference, and my personal favourite The call for papers is now out, and I would like to see more first-time submitters this year If you do anything interesting with or on a BSD, please write a proposal Are the machines you run BSD on bigger or smaller than what most people have? Tell us about it Are you running a big farm that does something interesting? Is your university research using BSD? Do you have an idea for a great new subsystem or utility? Have you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us. Did you build a radar that runs NetBSD? A telescope controlled by FreeBSD? Have you run an ISP at the north pole using Jails? Do you run a usergroup and have tips to share? Have you combined the features and tools of a BSD in a new and interesting way? Don't have a talk to give? Teach a tutorial! The conference will arrange your air travel and hotel, and you'll get to spend a few great days with the best community on earth Michael W. Lucas's post about the 2015 proposals and rejections (http://blather.michaelwlucas.com/archives/2325) *** Beastie Bits OpenBSD's lightweight web server now in FreeBSD's ports tree (http://www.freshports.org/www/obhttpd/) Stephen Bourne's NYCBUG talk is online (https://www.youtube.com/watch?v=FI_bZhV7wpI) Looking for owner to FreeBSDWiki (http://freebsdwiki.net/index.php/Main_Page) HOWTO: OpenBSD Mail Server (http://frozen-geek.net/openbsd-email-server-1/) A new magic getopt library (http://www.daemonology.net/blog/2015-12-06-magic-getopt.html) PXE boot OpenBSD from OpenWRT (http://uggedal.com/journal/pxe-boot-openbsd-from-openwrt/) Supporting the OpenBSD project (http://permalink.gmane.org/gmane.os.openbsd.misc/227054) Feedback/Questions Zachary - FreeBSD Jails (http://slexy.org/view/s20pbRLRRz) Robert - Iocage help! (http://slexy.org/view/s2jGy34fy2) Kjell - Server Management (http://slexy.org/view/s20Ht8JfpL) Brian - NAS Setup (http://slexy.org/view/s2GYtvd7hU) Mike - Radius Followup (http://slexy.org/view/s21EVs6aUg) Laszlo - Best Stocking Ever (http://slexy.org/view/s205zZiJCv) ***

Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines New PAE support in OpenBSD (https://www.marc.info/?l=openbsd-cvs&m=142990524317070&w=2) OpenBSD has just added Physical Address Extention (https://en.wikipedia.org/wiki/Physical_Address_Extension) support to the i386 architecture, but it's probably not what you'd think of when you hear the term In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that Instead, this change specifically allows the system to use the No-eXecute Bit (https://en.wikipedia.org/wiki/NX_bit#OpenBSD) of the processor for the userland, further hardening the in-place memory protections Other operating systems enable the CPU feature without doing anything to the page table entries (https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table), so they do get the available memory expansion, but don't get the potential security benefit As we discussed in a previous episode (http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach), the AMD64 platform already saw some major W^X kernel and userland improvements - the i386 kernel reworking will begin shortly Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W^X that was already there The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8 *** Booting Windows in bhyve (https://twitter.com/nahannisys/status/591733319357730816) Work on FreeBSD's bhyve (http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind) continues, and a big addition is on the way Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter Graphics emulation is still in the works; this image was taken by booting headless and using RDP A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan) Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts *** MidnightBSD 0.6 released (http://www.midnightbsd.org/notes/) MidnightBSD is a smaller project we've not covered a lot on the show before It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use They also have their own, smaller version of FreeBSD ports, called "mports" If you're already using it, this new version is mainly a security and bugfix release It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions You can check their site (http://www.midnightbsd.org/about/) for more information about the project We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet *** OpenBSD rewrites the file utility (https://www.marc.info/?l=openbsd-cvs&m=142989267412968&w=4) We're all probably familiar with the traditional file (https://en.wikipedia.org/wiki/File_%28command%29) command - it's been around since the 1970s (http://darwinsys.com/file/) For anyone who doesn't know, it's used to determine what type of file something actually is This tool doesn't see a lot of development these days, and it's had its share of security issues as well Some of those security issues remain (https://www.marc.info/?l=openbsd-tech&m=141857001403570&w=2) unfixed (https://www.marc.info/?l=freebsd-security&m=142980545021888&w=2) in various BSDs even today, despite being publicly known for a while It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it When you think about it, file was technically designed to be used on untrusted files OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny This new version will, by default, run as an unprivileged user (https://www.marc.info/?l=openbsd-cvs&m=143014212727213&w=2) with no shell, and in a systrace sandbox (https://www.marc.info/?l=openbsd-cvs&m=143014276127454&w=2), strictly limiting what system calls can be made With these two things combined, it should drastically reduce the damage a malicious file could potentially do Ian Darwin, the original author of the utility, saw the commit and replied (https://www.marc.info/?l=openbsd-cvs&m=142989483913635&w=4), in what may be a moment in BSD history to remember It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version Coincidentally, the lead developer and current maintainer of file just happens to be our guest today… *** Interview - Christos Zoulas - christos@netbsd.org (mailto:christos@netbsd.org) blacklistd (https://www.youtube.com/watch?v=0UKCAsezF3Q) and NetBSD advocacy News Roundup GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/projects/list/google/gsoc2015) The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list FreeBSD's list (https://wiki.freebsd.org/SummerOfCode2015Projects) includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication OpenBSD's list (http://www.openbsdfoundation.org/gsoc2015.html) includes: asynchronous USB transfer submission from userland, ARM SD/MMC & controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD We'll be sure to keep you up to date on developments from both projects Hopefully the other BSDs will make the cut too next year *** FreeBSD on the Gumstix Duovero (http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html) If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module (https://store.gumstix.com/index.php/coms/duovero-coms.html) They actually look more like a stick of RAM than a mini-computer This article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd (https://github.com/freebsd/crochet) If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us *** EU study recommends OpenBSD (https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D) A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools This is especially important, in all countries, after the mass surveillance documents came out "[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts." The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways" Reddit, Undeadly and Hacker News also had (https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/) some (http://undeadly.org/cgi?action=article&sid=20150427093546) discussion (https://news.ycombinator.com/item?id=9445831), particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer (http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq) and M:Tier (http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual) before *** FreeBSD workflow with Git (https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html) If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too This mailing list post talks about interacting between (https://wiki.freebsd.org/GitWorkflow/GitSvn) the official source repository and the Git mirror This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved *** Feedback/Questions Sean writes in (http://slexy.org/view/s2vjh3ogvG) Bryan writes in (http://slexy.org/view/s20GMcWvKE) Sean writes in (http://slexy.org/view/s21M1imT3d) Charles writes in (http://slexy.org/view/s25ScxQSwb) ***

Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation August update (https://www.freebsdfoundation.org/press/2014augupdate.pdf) The foundation has published a new PDF detailing some of their recent activities It includes project development updates, the 10.1-RELEASE schedule and some of its new features There is also a short interview with Dru Lavigne (http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust) in the "voices from the community" section If you're into hardware, there's another section about some new FreeBSD server equipment In closing, there's an update on funding too *** NSD for an authoritative nameserver (http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/) With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup This article shows how to use NSD for an authoritative DNS nameserver It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together) All the instructions are presented very neatly, with all the little details included Less BIND means less vulnerabilities, everybody's happy *** BIND and Nginx removed from OpenBSD (http://marc.info/?l=openbsd-cvs&m=140873518514033&w=2) While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year) They've also removed nginx (http://marc.info/?l=openbsd-cvs&m=140908174910713&w=2) from the base system, in favor of the new custom HTTP daemon BIND and Nginx are still available in ports if you don't want to switch We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives *** NetBSD demo videos (https://www.youtube.com/user/tsutsuii/videos) A Japanese NetBSD developer has been uploading lots of interesting videos Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware Most of them are demoing sound or running a modern Twitter client on an ancient computer They're from the same guy that did the conference wrap-up we mentioned recently *** Interview - Shawn Webb - shawn.webb@hardenedbsd.org (mailto:shawn.webb@hardenedbsd.org) / @lattera (https://twitter.com/lattera) Address space layout randomization in FreeBSD (http://hardenedbsd.org/) Tutorial Reverse SSH tunneling (http://www.bsdnow.tv/tutorials/reverse-ssh) News Roundup Puppet master-agent installation on FreeBSD (https://deuterion.net/puppet-master-agent-installation-on-freebsd/) If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems The rest of the post explains how to set up both the master and the agent configurations *** Misc. pfSense items (http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro) We found a few miscellaneous pfSense articles this past week The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender The second one (http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/) shows how to log NAT firewall states (a good way to find out which family member has been torrenting!) In the third (http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/), you can see how to automatically back up your configuration files The fourth item (https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/) shows how to set up PXE booting with pfSense, similar to one of our tutorials *** Time Machine backups on ZFS (http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10) If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule" This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive Surprisingly simple to do, recommended for anyone with Macs on their network *** Lumina desktop preview (http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/) Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely The main developer has posted an update on the PCBSD blog with some screenshots Lots of new features have been added, many of which are documented in the post There just might be a BSD Now episode about Lumina coming up.. (cough cough) *** Feedback/Questions Gary writes in (http://slexy.org/view/s21eLBvf1l) Cedric writes in (http://slexy.org/view/s20xqTKNrf) Caldwell writes in (http://slexy.org/view/s21q428tPj) Cary writes in (http://slexy.org/view/s2uVLhqCaO) ***

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines MeetBSD 2014 is approaching (http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/) The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California MeetBSD has an "unconference" format, which means there will be both planned talks and community events All the extra details will be on their site (https://www.meetbsd.com/) soon It also has hotels and various other bits of useful information - hopefully with more info on the talks to come Of course, EuroBSDCon is coming up before then *** First experiences with OpenBSD (https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html) A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before" The author read the famous "BSD for Linux users (http://www.over-yonder.net/~fullermd/rants/bsd4linux/01)" series (that most of us have surely seen) and decided to give BSD a try He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software" From there, it talks about how he used the OpenBSD USB image and got a fully-working system He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! *** NetBSD rump kernels on bare metal (and Kansai OSC report) (https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from) When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right However, NetBSD's rump kernels - a very unique concept - make this process a lot easier This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week Also have a look back at episode 8 (http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction) for our interview about rump kernels and what exactly they do While on the topic of NetBSD, there were also a couple of very detailed reports (http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html) (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference (http://d.hatena.ne.jp/mizuno-as/20140806/1407307913) that we wanted to highlight *** OpenSSL and LibreSSL updates (https://www.openssl.org/news/secadv_20140806.txt) OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!) Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more LibreSSL released a new version (http://marc.info/?l=openbsd-tech&m=140752295222929&w=2) to address most of the vulnerabilities, but wasn't affected by some of them Whichever version of whatever SSL you use, make sure it's patched for these issues DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) *** Interview - Robert Watson - rwatson@freebsd.org (mailto:rwatson@freebsd.org) FreeBSD architecture, security research techniques, exploit mitigation Tutorial Protecting traffic with a BSD-based VPN (http://www.bsdnow.tv/tutorials/openvpn) News Roundup A FreeBSD-based CGit server (https://lechindianer.de/blog/2014/08/06/freebsd-cgit/) If you use git (like a certain host of this show) then you've probably considered setting up your own server This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend It even shows you how to set up multiple repos with key-based user separation and other cool things The author of the post is also a listener of the show, thanks for sending it in! *** Backup devices for small businesses (http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html) In this article, different methods of data storage and backup are compared After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers It also goes over some of the hardware specifics in the FreeNAS Mini *** A new Xenocara interview (http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html) As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there *** Building a high performance FreeBSD samba server (https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/) If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution? FreeBSD, ZFS and Samba obviously! The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding) It doesn't even require the newest or best hardware with the right changes, pretty cool *** Feedback/Questions An interesting Reddit thread (http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/) (or two (http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch)) PB writes in (http://slexy.org/view/s21t7L5bqO) Sean writes in (http://slexy.org/view/s20MFywDqZ) Steve writes in (http://slexy.org/view/s2Td6nq11J) Lachlan writes in (http://slexy.org/view/s215MlpJYV) Justin writes in (http://slexy.org/view/s2N4JKkoKt) ***

We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of "The Book of PF." Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines ALTQ removed from PF (http://undeadly.org/cgi?action=article&sid=20140419151959) Kicking off our big PF episode... The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. *** FreeBSD Quarterly Status Report (https://www.freebsd.org/news/status/report-2014-01-2014-03.html) The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team LOTS of details and LOTS of topics to cover, give it a read *** OpenBSD's OpenSSL rewrite continues with m2k14 (http://undeadly.org/cgi?action=article&sid=20140417184158) A mini OpenBSD hackathon (http://www.openbsd.org/hackathons.html) begins in Morocco, Africa You can follow the changes in the -current CVS log (http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/), but a lot of work (http://undeadly.org/cgi?action=article&sid=20140418063443) is mainly going towards the OpenSSL cleaning We've got two trip (http://undeadly.org/cgi?action=article&sid=20140429121423) reports (http://undeadly.org/cgi?action=article&sid=20140425115340) so far, hopefully we'll have some more to show you in a future episode You can see some of the more interesting quotes (http://opensslrampage.org/) from the tear-down or see everything (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf) Apparently (http://undeadly.org/cgi?action=article&sid=20140423045847) they are going to call the fork "LibreSSL (https://news.ycombinator.com/item?id=7623789)" .... What were the OpenSSL developers thinking (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf)? The RSA private key was used to seed the entropy! We also got some mainstream news coverage (http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/) and another post from Ted (http://www.tedunangst.com/flak/post/origins-of-libressl) about the history of the fork Definitely consider donating to the OpenBSD foundation (http://www.openbsdfoundation.org/donations.html), this fork will benefit all the other BSDs too *** NetBSD 6.1.4 and 6.0.5 released (https://blog.netbsd.org/tnf/entry/netbsd_6_1_4_and) New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes The main update is - of course - the heartbleed vulnerability Also includes fixes for other security issues and even a kernel panic... on Atari Patch your Ataris right now, this is serious business *** Interview - Peter Hansteen - peter@bsdly.net (mailto:peter@bsdly.net) / @pitrh (https://twitter.com/pitrh) The Book of PF: 3rd edition Tutorial BSD Firewalls: PF (http://www.bsdnow.tv/tutorials/pf) News Roundup New Xorg now the default in FreeBSD (https://svnweb.freebsd.org/ports?view=revision&revision=351411) For quite a while now, FreeBSD has had two versions of X11 in ports The older, stable version was the default, but you could install a newer one by having "WITHNEWXORG" in /etc/make.conf They've finally made the switch for 10-STABLE and 9-STABLE Check this wiki page (https://wiki.freebsd.org/Graphics) for more info *** GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/org2/google/gsoc2014/openbsdfoundation) The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon The FreeBSD list (https://www.google-melange.com/gsoc/org2/google/gsoc2014/freebsd) was also posted Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more Good luck to all the students participating, hopefully they become full time BSD users *** Complexity of FreeBSD VFS using ZFS as an example (http://www.hybridcluster.com/blog/complexity-freebsd-vfs-using-zfs-example-part-2/) HybridCluster posted the second part of their VFS and ZFS series This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy Of course, also watch episode 24 (http://www.bsdnow.tv/episodes/2014_02_12-the_cluster_the_cloud) for our interview with HybridCluster - they do really interesting stuff *** PCBSD weekly digest (http://blog.pcbsd.org/2014/04/weekly-feature-digest-26-the-lumina-project-and-preload/) Preload has been ported over, it's a daemon that prefetches applications PCBSD is developing their own desktop environment, Lumina (there's also an FAQ (http://blog.pcbsd.org/2014/04/quick-lumina-desktop-faq/)) It's still in active development, but you can try it out by installing from ports We'll be showing a live demo of it in a few weeks (when development settles down a bit) Some kid in Australia subjects his poor mother to being on camera (https://www.youtube.com/watch?v=ETxhbf3-z18) while she tries out PCBSD and gives her impressions of it ***

This week on the big show we'll be showing off OpenBSD's new "autoinstall" feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now - it's the place to B.. SD. This episode was brought to you by Headlines FreeBSD ASLR status update (http://0xfeedface.org/blog/lattera/2014-04-03/awesome-freebsd-aslr-progress) Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD He's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386) Work has also started on testing ASLR on ARM, using a Raspberry Pi He's giving a presentation at BSDCan this year about his ASLR work While we're on the topic of BSDCan... *** BSDCan tutorials, improving the experience (http://bsdly.blogspot.com/2014/04/bsdcan-tutorials-please-help-me-improve.html) Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials The tutorials are called "Building the network you need with PF, the OpenBSD packet filter" and "Transitioning to OpenBSD 5.5" - both scheduled to last three hours each He's requesting anyone that'll be there to go ahead and contact him, telling him exactly what you'd like to learn There's also a bit of background information about the tutorials and how he's looking to improve them If you're interested in OpenBSD and going to BSDCan this year, hit him up *** pkgsrc-2014Q1 released (http://mail-index.netbsd.org/netbsd-announce/2014/04/04/msg000202.html) The new stable branch of pkgsrc packages has been built and is ready Python 3.3 is now a "first class citizen" in pkgsrc 14255 packages for NetBSD-current/x8664, 11233 binary packages built with clang for FreeBSD 10/x8664 There's a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined They're also looking into signing packages (http://mail-index.netbsd.org/tech-pkg/2014/03/31/msg012873.html) *** Only two holes in a heck of a long time, who cares? (https://www.mail-archive.com/misc%40openbsd.org/index.html#127993) A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list He questions "what's the big deal" about OpenBSD's slogan being "Only two remote holes in the default install, in a heck of a long time!" Luckily, the community and Theo set the record straight (https://www.mail-archive.com/misc%40openbsd.org/msg128001.html) about why you should care about this Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features (https://www.mail-archive.com/misc%40openbsd.org/msg127995.html) of OpenBSD It spawned a discussion about ease of management and Linux's poor security record, definitely worth reading (https://www.mail-archive.com/misc%40openbsd.org/msg128073.html) *** Interview - Dru Lavigne - dru@freebsd.org (mailto:dru@freebsd.org) / @bsdevents (https://twitter.com/bsdevents) FreeBSD's documentation printing, documentation springs, various topics Tutorial Automatic, unattended OpenBSD installs with PXE (http://www.bsdnow.tv/tutorials/autoinstall) News Roundup pfSense 2.1.1 released (https://doc.pfsense.org/index.php/2.1.1_New_Features_and_Changes) A new version of pfSense is released, mainly to fix some security issues Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router There are also some NIC driver updates and other things (https://blog.pfsense.org/?p=1238) Of course if you want to learn more about pfSense, watch episode 25 (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) 2.1.2 is already up for testing too *** FreeBSD gets UEFI support (https://svnweb.freebsd.org/base?view=revision&revision=264095) It looks like FreeBSD's battle with UEFI may be coming to a close? Ed Maste committed a giant list of patches to enable UEFI support on x86_64 Look through the list to see all the details and information Thanks FreeBSD foundation! *** Ideas for the next DragonflyBSD release (http://lists.dragonflybsd.org/pipermail/kernel/2014-March/094909.html) Mr. Dragonfly release engineer himself, Justin Sherrill (http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug) posts some of his ideas for the upcoming release They're aiming for late May for the next version Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support Gasp, they're even considering dropping i386 *** PCBSD weekly digest (http://blog.pcbsd.org/2014/04/pc-bsd-weekly-feature-digest-24/) Lots of new PBI updates for 10.0, new runtime implementation New support for running 32 bit applications in PBI runtime New default CD and DVD player, umplayer Latest GNOME 3 and Cinnamon merged, new edge package builds *** Feedback/Questions Remy writes in (http://slexy.org/view/s273oSezFs) Jan writes in (http://slexy.org/view/s2I3H1HsVb) Eddie writes in (http://slexy.org/view/s2wUTRowzU) Zen writes in (http://slexy.org/view/s2RA0whmwz) Sean writes in (http://slexy.org/view/s2pwE20Ov6) ***

It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD automatic installation (http://undeadly.org/cgi?action=article&sid=20140106055302) A CFT (call for testing) was posted for OpenBSD's new automatic installer process Using this new system, you can spin up fully-configured OpenBSD installs very quickly It will answer all the questions for you and can put files into place and start services Great for large deployments, help test it and report your findings *** FreeNAS install guide and blog posts (https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos) A multipart series on YouTube about installing FreeNAS In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools He pronounces gigabytes as jiggabytes and it's hilarious We've also got an unrelated blog post (http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/) about a very satisfied FreeNAS user who details his setup As well as another blog post (http://devinteske.com/freenas-development/) from our old pal Devin Teske (http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities) about his recent foray into the FreeNAS development world *** FreeBSD 10.0-RC5 is out (https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html) Another, unexpected RC is out for 10.0 Minor fixes included, please help test and report any bugs You can update via freebsd-update or from source Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about It's been tagged -RELEASE (https://svnweb.freebsd.org/base?view=revision&revision=260664) in SVN already too! *** OpenBSD 5.5-beta is out (http://marc.info/?l=openbsd-cvs&m=138952598914052&w=2) Theo updated the branch status to 5.5-beta A list of changes (http://www.openbsd.org/plus.html) Help test (http://ftp.openbsd.org/pub/OpenBSD/snapshots/) and report any bugs you find Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys" Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon) *** Interview - Neel Natu & Peter Grehan - neel@freebsd.org (mailto:neel@freebsd.org) & grehan@freebsd.org (mailto:grehan@freebsd.org) BHyVe - the BSD hypervisor Tutorial Virtualization with bhyve (http://www.bsdnow.tv/tutorials/bhyve) News Roundup Hostname canonicalisation in OpenSSH (http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html) Blog post from our friend Damien Miller (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) This new feature allows clients to canonicalize unqualified domain names SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options This will help clean up some ssh configs, especially if you have many hosts Should make it into OpenSSH 6.5, which is "due really soon" *** Dragonfly on a Chromebook (http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html) Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook These couple of posts (http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html) detail some of the things he's got working so far Changes were needed to the boot process, trackpad and wifi drivers needed updating... Also includes a guide written by Dillon on how to get yours working *** Spider in a box (http://kazarka.com/index.php?section=spiderinabox) "Spiderinabox" is a new OpenBSD-based project Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way The developer is looking for testers on other operating systems! *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/) PCBSD 10 has entered into the code freeze phase They're focusing on fixing bugs now, rather than adding new features The update system got a lot of improvements PBI load times reduced by up to 40%! what!!! *** Feedback/Questions Scott writes in (http://slexy.org/view/s25zbSPtcm) Chris writes in (http://slexy.org/view/s2EarxbZz1) SW writes in (http://slexy.org/view/s2MWKxtWxF) Ole writes in (http://slexy.org/view/s20kzex2qm) Gertjan writes in (http://slexy.org/view/s2858Ph4o0) ***

We've got some special treats for you this week on the show. It's the long-awaited "installfest" segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well... and... we even have our very first viewer contest! There's a lot to get to today on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD's new testing infrastructure (https://lists.freebsd.org/pipermail/freebsd-hackers/2013-December/044009.html) A new test suite was added to FreeBSD, with 3 powerful machines available Both -CURRENT and stable/10 have got the test suite build infrastructure in place Designed to help developers test and improve major scalability across huge amounts of CPUs and RAM More details available here (http://julipedia.meroh.net/2013/12/introducing-freebsd-test-suite.html) Could the iXsystems monster server be involved...? *** OpenBSD gets signify (http://marc.info/?l=openbsd-cvs&m=138845902916897&w=2) At long last, OpenBSD gets support for signed releases! For "the world's most secure OS" it was very easy to MITM kernel patches, updates, installer isos, everything A commit to the -current tree reveals a new "signify" tool is currently being kicked around More details in a blog post (http://www.tedunangst.com/flak/post/signify) from the guy who committed it Quote: "yeah, briefly, the plan is to sign sets and packages. that's still work in progress." *** Faces of FreeBSD (http://freebsdfoundation.blogspot.ca/2013/12/faces-of-freebsd-isabell-long.html) This time they interview Isabell Long She's a volunteer staff member on the freenode IRC network In 2011, she participated in the Google Code-In contest and became involved with documentation "The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved." *** pkgsrc-2013Q4 branched (http://mail-index.netbsd.org/pkgsrc-users/2013/12/31/msg019107.html) The quarterly pkgsrc branch from NetBSD is out 13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang! Lots of numbers and stats in the announcement pkgsrc works on quite a few different OSes, not just NetBSD See our interview (http://www.bsdnow.tv/episodes/2013_11_20-collecting_shells) with Amitai Schlair for a bit about pkgsrc *** OpenBSD on Google's Compute Engine (http://marc.info/?l=openbsd-misc&m=138610199311393&w=2) Google Compute Engine is a "cloud computing" platform similar to EC2 Unfortunately, they only offer poor choices for the OS (Debian and CentOS) Recently it's been announced that there is a custom OS option It's using a WIP virtio-scsi driver, lots of things still need more work Lots of technical and networking details about the struggles to get OpenBSD working on it *** The Installfest We'll be showing you the installer of each of the main BSDs. As of the date this episode airs, we're using: FreeBSD 10.0 OpenBSD 5.4 NetBSD 6.1.2 DragonflyBSD 3.6 PCBSD 10.0 *** News Roundup Building an OpenBSD wireless access point (http://ctors.net/2013/12/30/openbsd_wireless_access_point) A neat write up we found around the internet about making an OpenBSD wifi router Goes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless Even includes a puffy sticker on the Soekris box at the end, how cute *** FreeBSD 4.X jails on 10.0 (http://blather.michaelwlucas.com/archives/1919) Blog entry from our buddy Michael Lucas (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) For whatever reason (an "in-house application"), he needed to run a FreeBSD 4 jail in FreeBSD 10 Talks about the options he had: porting software, virtualizing, dealing with slow old hardware He goes through the whole process of making an ancient jail It's "an acceptable trade-off, if it means I don't have to touch actual PHP code." *** Unscrewed: a story about OpenBSD (http://www.skeptech.org/blog/2013/01/13/unscrewed-a-story-about-openbsd/) Pretty long blog post about how a network admin used OpenBSD to save the day To set the tone, "It was 5am, and the network was down" Great war story about replacing expensive routers and networking equipment with cheaper hardware and BSD Mentions a lot of the built in tools and how OpenBSD is great for routers and high security applications *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-2/) 10.0-RC3 is out and ready to be tested New detection of ATI Hybrid Graphics, they're working on nVidia next Re-classifying Linux jails as unsupported / experimental *** Feedback/Questions Daniel writes in (http://slexy.org/view/s2uns1hMml) Erik writes in (http://slexy.org/view/s2MeJNCCiu) SW writes in (http://slexy.org/view/s21fBXkP2K) [Bostjan writes in[(http://slexy.org/view/s20N9bfkum) Samuel writes in (http://slexy.org/view/s20FU9wUO5) ***

Kon-Boot meets PXE, drunken security rants, raves, and more!

While at the Connections conference in Las Vegas, Richard and Greg talked to Chris Avis about Windows Deployment Services (WDS). WDS replaces Remote Installation Services (RIS) to provide automated installation of operating systems onto bare-install machines using network boot (PXE).