Podcasts about rc2

Featuring music from All Too Human, Creation's End, Demon, Electric Mud (DE), Explorer's Club, Flint, Genetics, Habu, Jaugernaut (US-WA), Lie Heavy, Monnaie De Singe, Nebula (US-CA), Puzzle (US-IL), RC2, Saraya, Symphonic Slam, plus “Spotlight Sets” devoted to Black Country Communion and Kraan. Do you enjoy Prog-Scure? If so, perhaps you might consider helping me to […]

Welcome to your weekly UAS News Update. We have four stories for you this week. First, the DJI Mavic 4 Pro's launch date, specs, and pricing have been leaked. Second, a research team developed a battery that lets drones fly in extreme cold. Third, a missing woman in Wisconsin was found quickly, thanks to a drone. And finally, President Trump nominates a new FAA Administrator.And first up this week, we have exciting leaked information about the DJI Mavic 4 Pro. According to sources, the drone is set to launch on Thursday, April 24th, 2025. Expect an official teaser from DJI around April 17th. This is pretty much in line with previous leaks, giving us confidence in this date.The Mavic 4 Pro will boast three cameras with focal lengths of 28mm, 70mm, and 168mm. That's 2.5x and 6x which is slightly different from the current 3x/7x configuration. It will reportedly record in 6K, with a larger sensor than the Mavic 3, promising even better image quality. The gimbal is getting a major redesign, with 360-degree multidirectional movement. An unexpected feature... The Mavic 4 Pro will reportedly feature an electronic ND filter system so no more carrying ND filters around. If that is true, I will be impressed!DJI is claiming a flight time of 52 minutes. As far as charging: three batteries in only 90 minutes, aligning with the leaked 240W charger specs. And it looks like a new controller is coming – the DJI RC Pro 2, featuring a 7-inch tilting touchscreen.Price-wise, the leaks suggest the Mavic 4 Pro with the DJI RC2 will be $2,250. The Fly More Combo with the RC2 is priced at $3,200. And the top-tier 512GB Creator Combo, including the new DJI RC Pro 2 Controller, will cost you $4,400. Next up, a research team from the Dalian Institute of Chemical Physics has made a breakthrough in battery technology. They've successfully flown a hexacopter drone in temperatures as low as -32.8 degrees Fahrenheit, or -36 degrees Celsius. This is a big deal because standard lithium-ion batteries struggle in extreme cold, often losing 30% to 50% of their capacity.This new battery, however, retains over 90% of its nominal capacity at -40 degrees Fahrenheit, with endurance loss under 10%. Beyond drones, this tech could also benefit electric vehicles and remote power stations.And in our third story, a real-world drones-for-good story! In Wisconsin Rapids, Wisconsin, a 59-year-old woman was quickly located by a drone after ground searches failed. She had been outdoors for about three hours and was unable to stand. Rescuers reached her within one minute of detection, just before a storm rolled in. The interesting part here is that the Wisconsin Rapids Police Department didn't own the drone. They relied on Wings of Hope, a non-profit organization. This highlights the financial challenges many smaller departments face in acquiring this life-saving technology. As we see affordable drones becoming harder to get because of regulation, this might prevent small departments from getting ANY drones at all.Finally, this week, the White House nominated Bryan Bedford, CEO of Republic Airways, to head the Federal Aviation Administration. Bedford, a pilot with over 30 years of experience, faces significant challenges if confirmed. These include decisions on Boeing 737 MAX production, approval of new 737 variants, and addressing a shortage of approximately 3,500 air traffic controllers.https://dronexl.co/2025/03/19/dji-mavic-4-pro-launch-date-features-prices/https://dronexl.co/2025/03/17/chinas-breakthrough-battery-powers-drone/https://dronexl.co/2025/03/17/drone-missing-woman-wisconsin-rapids/https://transportation.house.gov/news/documentsingle.aspx?DocumentID=408316#:~:text=Joint%20statement%20of%20Transportation%20and,Administrator%20of%20the%20Federal%20Aviation

video: https://youtu.be/ZM_CqPmI7cQ Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, we have a lot to talk about. We have a new terminal emulator that's getting a lot of attention lately with Ghostty. And also we have two distros to talk about with their latest releases, one being CachyOS and the other one, Nobara Linux. And we're also gonna be talking about the latest release candidate for GIMP with GIMP 3.0 RC2. All of this and more on This Week in Linux, the weekly news show that keeps you updated with what's going on in the Linux and open source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/c1236b17-f424-46e5-8f79-7aebe0ae56c4.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:38 Ghostty Terminal 1.0 07:31 CachyOS December 2024 Release 09:36 Nobara Linux 41 Released 11:53 Sandfly Security, agentless security platform [ad] 13:16 GIMP 3.0 RC2 Released 16:50 OpenShot 3.3 Released 22:43 Kdenlive 24.12 & Preview for 2025 29:12 Linux Gamers Banned in Marvel Rivals but ends well 34:09 Bottles Switching to Rust 36:43 Support the show Links: Ghostty Terminal 1.0 https://ghostty.org/ (https://ghostty.org/) https://www.omgubuntu.co.uk/2024/12/ghostty-terminal-linux-open-source-release (https://www.omgubuntu.co.uk/2024/12/ghostty-terminal-linux-open-source-release) CachyOS December 2024 Release https://cachyos.org/blog/2412-december-release/ (https://cachyos.org/blog/2412-december-release/) Nobara Linux 41 Released https://nobaraproject.org/2025/01/01/january-01-2025/ (https://nobaraproject.org/2025/01/01/january-01-2025/) Sandfly Security, agentless security platform [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) GIMP 3.0 RC2 Released https://www.gimp.org/news/2024/12/27/gimp-3-0-RC2-released/ (https://www.gimp.org/news/2024/12/27/gimp-3-0-RC2-released/) OpenShot 3.3 Released https://www.openshot.org/blog/2024/12/22/newopenshotrelease_330/ (https://www.openshot.org/blog/2024/12/22/new_openshot_release_330/) Kdenlive 24.12 & Preview for 2025 https://kdenlive.org/en/2024/12/kdenlive-24-12-0-released/ (https://kdenlive.org/en/2024/12/kdenlive-24-12-0-released/) https://kdenlive.org/en/2024/12/kdenlive-new-year-preview/ (https://kdenlive.org/en/2024/12/kdenlive-new-year-preview/) Linux Gamers Banned in Marvel Rivals but ends well https://www.gamingonlinux.com/2025/01/marvel-rivals-team-issue-a-statement-on-recent-bans-for-steam-deck-and-macos-players/ (https://www.gamingonlinux.com/2025/01/marvel-rivals-team-issue-a-statement-on-recent-bans-for-steam-deck-and-macos-players/) https://store.steampowered.com/app/2767030/Marvel_Rivals/ (https://store.steampowered.com/app/2767030/Marvel_Rivals/) Bottles Switching to Rust https://usebottles.com/posts/2024-12-27-rust-libcosmic-next/ (https://usebottles.com/posts/2024-12-27-rust-libcosmic-next/) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

Au programme de l'actu des nouvelles technologies et de l'accessibilité cette semaine : Du côté des applications et du web NVDA 2024.2rc1 puis RC2 disponibles, version finale en vue. Un moyen, peut-être très temporaire d'utiliser les voix SAPI 5 de Microsoft avec d'autres lecteurs d'écran que le Narrateur. Microsoft travaille sur de l'audiodescription automatique via IA.. Le site games-access.net recrute des personnes motivés pour remplir leurs site. Sur Android, Chrome peut désormais lire des pages web à haute voix. Zerocam pour iOS, une alternative intéressante à l'appareil photo d'Apple. Un robot conversationnel dédié à l'accessibilité chez Microsoft (en anglais). iOS 18 : Apple Pay devient disponible sur Chrome et les autres navigateurs sur Mac/PC. Reaper Accessibility Hoard : des ressources pour les utilisateurs aveugles de Reaper (MAO, Musique Assistée par Ordinateur). La version 12.0.5 d'Ableton Live apporte des correctifs d'accessibilité. UEFA EURO 2024 officiel pour iPhone. NVGT - un moteur opensource pour créer des jeux audio : . Le coup de coeur de Philippe La chaine Youtube de Yann Quenet et son deuxième tour du monde à bord de “Baluchon”, un “nano-voilier” de 4 mètres. Remerciements Cette semaine, nous remercions Arnaud, Guy, Cindy, Elène et Ultra-son pour leurs infos ou leur dons. Si vous souhaitez vous aussi nous envoyer de l'info ou nous soutenir : Pour nous contactez ou nous envoyez des infos, passez par le formulaire de contact sur le site. Pour faire un don sur PayPal ou en cryptomonaie c'est à l'adresse : oxytude.org/don. Faites vos achats sur Amazon en passant par notre lien affilié oxytude.org/amazon., ça nous aide sans augmenter le prix de vos achats Pour animer cet épisode Alain, Fabrice et Philippe.

You hang one pawn, then eight moves later you hang another, and then your opponent easily wins the game while you're still processing where you went wrong. This is all too common at the club level. In addition, Neal dives into the Listener Mailbag. Game Referenced: Neal vs. 1490 (G/90;d10) 1. d4 d5 2. Bf4 Bf5 3. e3 e6 4. Bd3 Bd6 5. Bg3 Nf6 6. Bxf5 exf5 7. Qf3 Qd7 8. Bxd6 Qxd6 9. c3 Qd7 10. Qe2 O-O 11. Nf3 Nc6 12. O-O Rfe8 13. Qc2 Qd6 14. Qxf5 Ne7 15. Qc2 Ng6 16. Nbd2 Ng4 17. Rae1 Re6 18. h3 Nf6 19. c4 c5 20. cxd5 Qxd5 21. b3 Ne4 22. Nxe4 Rxe4 23. Qxc5 Qd8 24. Rc1 h6 25. Rc2 b6 26. Qc7 Qe7 27. Qxe7 Rxe7 28. Rfc1 1-0

In this episode,  @Farfa  &  @JoshuaSchmidtYGO  discuss how to side deck for going 1st and 2nd as well as some obvious and not so obvious tips and tricks to help your deck building. We also go over some arguments and thoughts over the concept of side decking like is the side decking unfair? Is best of 3 really the best way to play Yu-Gi-Oh!? Are there alternatives and what could a best of 2 look like? 0:00 Yapping, RC2 and Accessories 25:20 Intro to Side Decking 30:20 Tips for Side Decking 51:00 Smokescreening 1:00:30 Thought Experiments

Today's Topics:1. Sound Signature Review 6.151: the Surefire SOCOM556-RC3 on the standard 10.3-in MK18. Two mounts. 3-Prong and closed-tine WARCOMP. Same old conclusion? No, actually. Technical discussion of this white paper published last week. (00:07:03)2. Research Supplement 6.152: Surefire RC2 vs. RC3 - What Changed? The Quietest 5.56 Rifle Silencers - Taming the MK18, Part 5. We do a deep dive into the technologies in the RC2 and RC3 for PEW Science Members, and give actionable performance data for field use. (00:51:04)Sponsored by - High End Armament Technology, Top Gun Range Houston, Legion Athletics, and the PEW Science Laboratory!Legion Athletics: use code pewscience for 20% off your first order and double points!Ammo from True Shot: Click Here! (use code pewscience for $20 off the A-Zone program)Magpul: Use code PSTEN to receive $10 off your order of $100 or more at Magpul

Today's Topics:1. Sound Signature Review 6.144 – the Surefire SOCOM556-MINI2 on the 14.5 M4A1 midgas system. Two mounts – two tests! 3-Prong and WARCOMP. Technical discussion of the white paper published 06-MAR-2024. (00:07:45)2. Mini field case study. MINI2 on the HK 416? Yes. Compared with the RC2? Yes. Field report from this past weekend. We took the feedback from 6.144 and put it into practice, ourselves. Is the Surefire 556-MINI2 low back pressure? Well, no. Does it have lower back pressure than the RC2? Well, yes. (00:58:36)Sponsored by - High End Armament Technology, Top Gun Range Houston, Legion Athletics, and the PEW Science Laboratory!Legion Athletics: use code pewscience for 20% off your first order and double points!Ammo from True Shot: Click Here! (use code pewscience for $20 off the A-Zone program)Magpul: Use code PSTEN to receive $10 off your order of $100 or more at Magpul

Java Monthly serisininin 15. bölümü ile karşınızdayız, biz podcasti çekerken çok keyif aldık. Umarım sizlerde dinlerken keyif alırsınız. Konuklarımız Hüseyin Akdoğan, Altuğ Bilgin Altıntaş, Özlem Güncan, Nesrin Aşan Bölümün konu başlıkları Java memory management (23 kasım da Java'da bellek yönetimi ile ilgili incelikleri meetup duyurusu Altuğ Bilgin Altıntaş) etkinlik link:https://t.co/pUDbIkv5X3 java champion nasıl olunur? New Oracle open source project released: Quicksql java21 Spring Boot 3.2.0-RC2 available now Quarkus 3.5.0 released - Java 21, OIDC enhancements (Official support for Java 21) 09 Kasım Quarkus 3.5.1 released - Maintenance release Helidon 4 released (Detay) Micronaut Framework 4.1.6 released! Simplifying Persistence Integration with Jakarta EE Data Babylon is #OpenJDK's newest big project javaday de konuşması olmak isteyenler için duyuru (Call for Papers for which will take place in İstanbul on May 11, 2024 is now open. The deadline for submitting a proposal is the 31th of  December 2023! https://www.papercall.io/javaday-2024)

Gracias por acompañarnos en WP A DAY, tu fuente de Inteligencia Artificial para conocer las últimas noticias y actualizaciones en el mundo de WordPress . Hoy es domingo 5 de noviembre de 2023. En las noticias que te traemos hoy, tenemos unas cuantas historias interesantes. En primer lugar, WordPress 6.4 Release Candidate 3 está lista para descargar. Recuerda que esta versión está en desarrollo y no se recomienda instalarla en sitios web en producción o críticos. Se sugiere probarla en un servidor y sitio de prueba. Esta versión incluye más de 25 problemas resueltos desde RC2. Además, se busca la participación de personas subrepresentadas en el proyecto. También se invita a contribuir en pruebas, búsqueda de vulnerabilidades, actualización de temas y complementos, documentación y traducción. La fecha de lanzamiento de WordPress 6.4 es el 7 de noviembre de 2023. Leélo todo acerca de esta historia en wordpress.org. Y siguiendo con la actualidad, Nick Diego, desarrollador y colaborador principal de Automattic, creó un plugin llamado Enable Button Icons que permite agregar íconos personalizados al bloque Button en WordPress. Este plugin, disponible en GitHub, es un ejemplo de cómo extender ligeramente los bloques principales de WordPress para agregar características adicionales. Diego se inspiró en otro plugin que agrega ajustes al bloque de imagen para mostrar diferentes imágenes según el ancho de la pantalla. Aunque el plugin funciona bien, Diego no planea agregarlo al directorio oficial de WordPress y anima a otros a modificarlo según sus necesidades. Amplía tus conocimientos en wptavern.com. Y para finalizar, un artículo que habla sobre la integración de la inteligencia artificial (IA) con WordPress, especialmente a través de la generación de contenido y herramientas de aplicación limitada. Se menciona que la herramienta Convoworks ofrece una integración profunda con WordPress y brinda soporte para funciones de OpenAI, lo que permite que un asistente de IA interactúe genuinamente con el sistema. Se explica que las funciones de OpenAI permiten que los bots envíen comandos al código en forma de respuestas de llamadas a funciones. El artículo concluye destacando el potencial de estos sistemas integrativos y menciona que se espera un mayor desarrollo de contextos dinámicos y definiciones de tareas en el futuro. Para conocer más sobre esto, visita: convoworks.com. Esto concluye nuestras noticias de hoy. Si te gustó este episodio, suscríbete al podcast y deje una reseña. Para obtener la transcripción y los enlaces a los artículos mencionados, visita Blogpocket.com. Gracias por escucharnos y nos vemos la próxima semana.

Hola y bienvenido a WP A DAY, tu fuente generada algorítmicamente para conocer las últimas noticias y actualizaciones en el ámbito de WordPress. Hoy es 29 de octubre de 2023. En las noticias de hoy, tenemos un puñado de noticias interesantes. Para abrir boca, la versión 16.9 de Gutenberg ha sido lanzada e incluye varias mejoras, correcciones de errores y avances en características de la Fase 3. Algunos aspectos destacados incluyen la posibilidad de renombrar la mayoría de los bloques, duplicar y renombrar patrones, y la adición de nuevas categorías de medios como audio y video. También se han realizado mejoras en el control de diseño Dimensions, se han agregado unidades de tamaño CSS Level 4, y ahora se muestra la paginación en las llamadas getEntityRecords(). Se han solucionado numerosos errores y se han realizado otras mejoras. Amplía tus conocimientos en make.wordpress.org. Y siguiendo con la actualidad, la segunda versión de prueba (RC2) para WordPress 6.4 ya está disponible. Recuerda no instalar ni probar esta versión en sitios web de producción o misiones críticas. Se recomienda evaluar RC2 en un servidor de prueba y sitio. Puedes probar WordPress 6.4 RC2 de tres maneras: instalando y activando el plugin WordPress Beta Tester, descargando la versión RC2 e instalándola en un sitio de WordPress, o usando el comando WP-CLI "wp core update --version=6.4-RC2". Se han resuelto más de 25 problemas desde RC1. Si eres desarrollador, se agradece tu contribución en pruebas, detección de vulnerabilidades, actualización de temas y plugins, y traducción de WordPress a otros idiomas. La versión final de WordPress 6.4 será lanzada el 7 de noviembre de 2023. Accede a toda la info en wordpress.org. Y para finalizar, texts.com es una aplicación que reúne todos tus chats de diferentes plataformas como iMessage, WhatsApp, Instagram, Signal, Discord, entre otros, en un solo lugar. Además de ofrecer una gran comodidad, la aplicación también cuenta con cifrado de extremo a extremo y funciones adicionales como programar mensajes para enviar cuando el destinatario esté despierto. Automattic adquiere Texts.com y su fundador se une al equipo. Un paso más hacia el futuro de la mensajería. Puedes unirte a la lista de espera para probar la aplicación. Tienes toda la información en wordpress.com. Esto resume las noticias de hoy sobre las actualizaciones de WordPress. Asegúrate de consultar nuestra sección de enlaces relacionados para obtener más información sobre estas historias. Si disfrutaste este episodio, díselo a tus amigos. Para obtener la transcripción y los enlaces a las publicaciones mencionadas en este programa, visita Blogpocket.com. Gracias por escucharnos y nos vemos en el próximo episodio. ¡Te deseo una maravillosa semana!.

And, so, if you could pick one or two people who have contributed most to our online security, who would it be? Ron Rivest? Shafi Goldwasser? Ralph Merkle? Marty Hellman? Whitfield Diffie? Neal Koblitz? Well, in terms of the number of data bytes protected, that prize is likely to go to Joan Daemen and Vincent Rijmen, and who created the Rijndael method that became standardized by NIST as AES (Advanced Encryption Standard). If you are interested, Rijndael (“rain-doll”) comes from the names of its creators: Rijmen and Daemen (but don't ask me about the rogue “l” at the end). And, so, Joan Daemen was awarded the Levchin Prize at the Real World Symposium conference in 2016: Now, his co-researcher, Vincent Rijmen — a Professor at KU Leuven — has been awarded the Levchin Prize at the Real-World Crypto Symposium [here]: This follows illustrious past winners, including Paul Kocher (for work on SSL and side-channels), Dan Coppersmith (on cryptoanalysis), Neal Koblitz and Victor Miller (for their co-invention of ECC) and Ralph Merkle (for work on digital signatures and hashing trees). Vincent's track record in high-quality research work is exceptional and especially in the creation of the Rijndael approach to symmetric key encryption [here]: Before AES, we had many symmetric key encryption methods, including DES, 3DES, TwoFish, BlowFish, RC4, and CAST. But AES came along and replaced these. Overall, ChaCha20 is the only real alternative to AES, and where it is used in virtually every web connection that we have and is by far the most popular method in encrypting data. And, it has stood the test of time — with no known significant vulnerabilities in the method itself. Whilst we might use weak keys and have poor implementations, Rijndael has stood up well. AES method With AES, we use symmetric key encryption, and where Bob and Alice share the same secret key: In 2000/2001, NIST ran a competition on the next-generation symmetric key method, and Rijndael won. But in second place was Serpent, which was created by Ross Anderson, Eli Biham, and Lars Knudsen. Let's have a look at the competition and then outline an implementation of Serpent in Go lang. In the end, it was the speed of Rijndael that won over the enhanced security of Serpent. If NIST had seen security as more important, we might now be using Serpent than Rijndael for AES. NIST created the race for AES (Advanced Encryption Standard). It would be a prize that the best in the industry would join, and the winner would virtually provide the core of the industry. So, in 1997, NIST announced the open challenge for a block cipher that could support 128-bit, 192-bit, and 256-bit encryption keys. The key evaluation factors were: Security: They would rate the actual security of the method against the others submitted. This would method the entropy in the ciphertext — and show that it was random for a range of input data. The mathematical foundation of the method. A public evaluation of the methods and associated attacks. Cost: The method would provide a non-exclusive, royalty-free basis licence across the world; It would be computationally and memory efficient. Algorithm and implementation characteristics: It would be flexible in its approach, and possibly offer different block sizes, key sizes, convertible into a stream cipher, and so on. Be ready for both hardware and software implementation for a range of platforms. Be simple to implement. Round 1 The call was issued on 12 Sept 1997 with a deadline of June 1998, and a range of leading industry players rushed to either create methods or polish down their existing ones. NIST announced the shortlist of candidates at a conference in August 1998, and which included some of the key leaders in the field, such as Ron Rivest, Bruce Schneier, and Ross Anderson (University of Cambridge) [report]: Australia LOKI97 (Lawrie Brown, Josef Pieprzyk, Jennifer Seberry). Belgium RIJNDAEL (Joan Daemen, Vincent Rijmen). Canada: CAST-256 (Entrust Technologies, Inc), DEAL (Richard Outerbridge, Lars Knudsen). Costa Rica FROG (TecApro Internacional S.A.). France DFC (Centre National pour la Recherche Scientifique). Germany MAGENTA (Deutsche Telekom AG). Japan E2 (Nippon Telegraph and Telephone Corporation) Korea CRYPTON (Future Systems, Inc.) USA: HPC (Rich Schroeppel), MARS IBM, RC6(TM) RSA Laboratories [try here], SAFER+ Cylink Corporation, TWOFISH (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson) [try here]. UK, Israel, Norway SERPENT (Ross Anderson, Eli Biham, Lars Knudsen). One country, the USA, had five short-listed candidates, and Canada has two. The odds were thus on the USA to come through in the end and define the standard. The event, too, was a meeting of the stars of the industry. Ron Rivest outlined that RC6 was based on RC5 but highlighted its simplicity, speed, and security. Bruce Schneier outlined that TWOFISH had taken a performance-driven approach to its design, and Eli Biham outlined that SERPENT and taken an ultra-conservative philosophy for security in order for it to be secure for decades. Round 2 And so the second conference was arranged for 23 March 1999, after which, on 9 August 1999, the five AES finalists were announced: Belgium RIJNDAEL (Joan Daemen, Vincent Rijmen). USA: MARS IBM, RC6(TM) RSA Laboratories, TWOFISH (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson) UK, Israel, Norway SERPENT (Ross Anderson, Eli Biham, Lars Knudsen). Canada: CAST-256 (Entrust Technologies, Inc), The big hitters were now together in the final, and the money was on them winning through. Ron Rivest, Ross Anderson and Bruce Schiener all made it through, and with half of the candidates being sourced from the USA, the money was on MARS, TWOFISH or RC6 winning the coveted prize. While the UK and Canada both had a strong track record in the field, it was the nation of Belgium that surprised some and had now pushed itself into the final [here]. While the other cryptography methods which tripped off the tongue, the RIJNDAEL method took a bit of getting used to, with its name coming from the surnames of the creators: Vincent Rijmen and Joan Daemen. Ron Rivest — the co-creator of RSA, had a long track record of producing industry-standard symmetric key methods, including RC2, and RC5, along with creating one of the most widely used stream cipher methods: RC4. His name was on standard hashing methods too, including MD2, MD4, MD5, and MD6. Bruce Schneier, too, was one of the stars of the industry, with a long track record of creating useful methods, including TWOFISH and BLOWFISH. Final After nearly two years of review, NIST opened up to comments on the method, which ran until May 2000. A number of submissions were taken, and the finalist seemed to be free from attacks, with only a few simplified method attacks being possible: Table 1: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4863838/ As we can see in Table 1, the methods had different numbers of rounds: 16 (Twofish), 32 (Serpent), 10, 12, or 14 (Rijndael), 20 (RC6), and 16 (MARS). Rijndael had a different number of rounds for different key sizes, with 10 rounds for 128-bit keys and 14 for 256-bit keys. Its reduced number of rounds made it a strong candidate for being a winner. In the AES conference to decide the winner, Rijndael received 86 votes, Serpent got 59 votes, Twofish 31 votes, RC6 23 votes, and MARS 13 votes. Although Rijndael and Serpent were similar, and where both used S-boxes, Rijndael had fewer rounds and was faster, but Serpent had better security. The NIST scoring was: Conclusions AES has advanced cybersecurity more that virtually all the other methods put together. Without it, the Internet would be a rats-nest of spying, person-in-the-middle attacks, and, would be a complete mess.

Blog: https://medium.com/asecuritysite-when-bob-met-alice/tetra-burst-42773a490b35  Introduction Anyone can create a cipher. Basically, Bob and Alice do some modulo maths and could encrypt their secret messages into ciphertext by multiplying by 10 and adding 5, and then to decrypt back into plaintext, they would just subtract the ciphertext by 5 and divide by 10. The maths involved could then be defined by a Galois Field (GF)— and which is named after Évariste Galois. Bob and Alice could then keep their method secret from Eve (their adversary), and where they believe their method is secure and thus do not ask Trent to evaluate its security. But Eve is sneaky and tries lots of different ways to crack the cipher. Eventually, after trying to crack the ciphertext, she discovers the method, and can then crack all the future (and, possibly, previous) ciphers. Bob and Alice then carry on using the secret cipher method and would then have no way of knowing that Eve now knows their method. This approach is often known as “cooking your own crypto”, and is not recommended in most implementations. Along with this, as Bob and Alice try to hide their method from Eve, the approach is “Security by obfuscation” rather than “Security-by-design”. Cooking your own crypto There are many cases of propriety cryptography methods being used in production. In 2013, for example, researchers at the University of Birmingham found flaws in the key fobs related to the Volkswagen group vehicles. In fact, the encryption used in the Swiss-made Megamos transponder was so weak that an intruder only needed to listen to two transmitted messages from the fob in order to crack the key. The vulnerability related to the poor, proprietary cryptographic methods used by the device, and where the researchers found they could generate the transponder's 96-bit secret key and start the car in less than half an hour. The vulnerability has been well known since 2012, and code to exploit the flaw has circulated online since 2009. Yet, at the time, there was no product recall for the dozens of models that were affected, including Audi, Porsche, Bentley and Lamborghini, Nissan and Volvo. The research team were even stopped from publishing their work through the threat of legal action from Volkswagen. Testing, Evaluation and Standardization Along with the risk of discovering a secret method, the other major problem is that the method used to create a cipher is when it is not rigorously reviewed by experts. This can take years of reviewing and testing — both in the formal theory and in practice. Many companies, too, have bug bounties and which try to discover vulnerabilities in their code. To overcome this, NIST has created open competitions for the standardization of encryption methods. These have included standards related to symmetric key encryption (AES), hashing methods (SHA-3) and post-quantum cryptography (PQC). Once rigorously evaluated, the industry can then follow the standards defined, and where proprietary methods and implementations are often not trusted. With symmetric-key methods (where the same key is used to both encrypt and decrypt), at one time, we used a wide range of methods, such as DES, 3DES, RC2, RC4, Blowfish, and Twofish. To overcome this, NIST set up an operation standardization process for the Advanced Encryption Standard (AES). In the end, and after extensive testing and performance analysis, the Rijndael method was selected. It is now used in most systems, with either a 128-bit, a 192-bit or 256-bit encryption key. Overall, the larger the key size, the more difficult it is to brute force the key. The TETRA standard This week it has been reported that the TETRA (TErrestrial Trunked RAdio) standard [here] has a number of vulnerabilities in its cryptography. Overall, TETRA is used by many police and military forces across the world for encrypted radio. These vulnerabilities have existed for over a decade and could have led to the leakage of sensitive information. These vulnerabilities have been discovered by Midnight Blue and will be presented as “Redacted Telecom Talk” at Black Hat 2023 on 9 August 2023 [here]. As the work is so sensitive, there are many issues related to its disclosure, so the full details of the talk have not been released. But, it has involved over 18 months of responsible disclosure related to the cracking of TETRA-powered radios purchased from eBay. TETRA was first standardised by the European Telecommunications Standards Institute (ETSI) in 1996 and used by many radio manufacturers, such as Motorola and Airbus. It does not have open-source software and relies on cryptography which is secret and proprietary. TEA1 — Intentionally weak crypto Goverments around the world have generally used export controls on cryptography — in order to reduce security levels so that their own law enforcement agents have a good chance to crack encrypted traffic outside their own borders. One of the most famous was related to Netscape and who created the original version of TLS (Transport Layer Security) that created a secure channel for Web pages — the HTTPs that we see on most of our Web accesses now. This, though, had reduced security levels because of export control — with the RSA method used set at only 512 bits (and which is now easily crackable). As this key was used to pass the encryption key that was used in the secure tunnel, it meant that agencies could break the communications channel for HTTPs communications. We have since paid for this weakening —and with vulnerabilities such as Freak and BEAST. The vulnerability in TETRA, too, relates to similar issues and where the cryptography was reduced to comply with export controls. Within TERTA, the TEA1 method reduces the key size down to 80 bits, and, along with other vulnerabilities, allows the encrypted traffic to be cracked within minutes on a standard laptop. Along with this, researchers found other vulnerabilities with TETRA methods that released sensitive information — including within historical communications. The core vulnerability involved a jump-off from the main interface on the radio, and then which followed through with running malicious code execution on the process and then onto the signal processor and wifi hardware. This main chip on the device then contains a secure enclave, which stores the main encryption keys. The team were able to access this chip and discover the cryptography methods used and associated artefacts. For this, they have dubbed the vulnerability TETRA:BURST [here]: The reduced security method of TEA1 was discovered as having an encryption key of just 80 bits (normally, we would use a 128-bit key size, at least). A key size of 80 bits puts it within a range which can be cracked using GPU clusters. But, the research team found a “secret reduction step” which supported lower levels of randomization for the encryption key and which significantly reduced the key strength. Using this, the team were able to crack the communication with consumer-level hardware and with inexpensive radio equipment. Ultimately, the researchers define the attack as fairly trivial to implement. Vulnerabilities discovered A number of CVEs have already been defined for the vulnerabilities. These are [here]: CVE-2022–24401. This involved the Air Interface Encryption (AIE) keystream generator allows for decryption oracle attacks. CVE-2022–24402. This relates to the backdoor of the 80-bit key on the TEA1 algorithm — and which allows a trivial cipher crack. CVE-2022–24404. This involves weaknesses in the AIE for malleability attacks. CVE-2022–24403. This is a weak cryptographic scheme that allows attackers to deanonymize and track users. CVE-2022–24400. This allows attackers to set the Derived Cypher Key (DCK) to 0. On the CVE database [here], these vulnerabilities are marked as “** RESERVED **” and will be populated soon. Conclusions What we have here is “Security by obscurity” and not “Security by design”. It is difficult to keep anything a secret these days, and, as much as possible, methods should be open to assessment. Along with this, the reduction in the security level for TEA1 is causing major problems — just the Netscape restriction on TLS left us with a security legacy that took decades to address.

Our 50th episode! So what?! Eddie joins AJ and Omar to discuss 1990's RoboCop 2, directed by Irvin Kershner. The boys celebrate their 50th episode by taking some Nuke and watching RC2, the sequel to our first ever pod episode, RoboCop. Discussion includes topics like society, art, politics, religion, The MAD GOD Phil Tippett, BEST FILMS of 2022, and much more!

A daily update on what's happening in the Rocket Pool community on Discord, Twitter, Reddit, and the DAO forum. Today's episode covers: Coinbase gets a Wells notice, Smartnode 1.9.0-RC2 is released, and joe makes the first Proteus v1.1. Podcast RSS: https://anchor.fm/s/cd29a3d8/podcast/rss Anchor.fm: https://anchor.fm/rocket-fuel Spotify: https://open.spotify.com/show/0Mvta9d2MsKq2u62w8RSoo Apple Podcasts: https://podcasts.apple.com/us/podcast/rocket-fuel/id1655014529 0:00 - Welcome 0:20 - Coinbase Wells notice https://discord.com/channels/405159462932971535/405163713063288832/1088211844986044466 3:13 - Smartnode v1.9.0-RC2 is out https://discord.com/channels/405159462932971535/918351974406172723/1088321581211734026 5:24 - Joe's first Proteus v1.1 is here https://discord.com/channels/405159462932971535/405163713063288832/1088327799846228049 7:00 - Deukey finishes the Korean translation of Jasper's paper https://mirror.xyz/deukey.eth/SaTnGyKOhjxnH-zXNd_SMax7Rgd-5blWk0wnYphCPno 7:53 - Jasper talks about integrations on Layer 2s https://twitter.com/jasper_eth/status/1638301642880630786 https://twitter.com/argenthq/status/1638490053205807166 10:16 - Object returns https://discord.com/channels/405159462932971535/405163713063288832/1088227591405699113 11:20 - Community work - Fornax worked on letting the smartnode use the ENS avatar https://github.com/rocket-pool/smartnode/pull/327 12:09 - Trading tries to claim the ARB airdrop https://discord.com/channels/405159462932971535/405163713063288832/1088446893236953158

Mark “Murch” Erhardt and Mike Schmidt are joined by Bastien Teinturier and Joost Jager to discuss Newsletter #224. News Mempool consistency (3:15) BIP324 message identifiers (17:55) LN routing failure attribution (21:24) Anchor outputs workaround (33:08) Releases and release candidates LND 0.15.4-beta (42:27) Bitcoin Core 24.0 RC2 (51:36) Notable code and documentation changes Bitcoin Core #23927 (52:50) Bitcoin Core #25957 (55:18) Bitcoin Core #23578 (56:42) Core Lightning #5646 (57:53) LND #6517 (1:01:18) LND #7001 (1:03:52) LND #6831 (1:05:58) LND 609cc8b (1:08:42) Rust Bitcoin #957 (1:09:15) BDK #779 (1:10:08)

Show Notes With .NET 7 around the corner, we're putting the finishing touches on everything in preparation - tune in to find out more! David, James, and Matt will fill you in on all the details plus the latest in Visual Studio and Azure news! New releases .NET MAUI support for .NET 7 RC2 (https://devblogs.microsoft.com/dotnet/dotnet-maui-rc2/?WT.mc_id=dotnet-79812-masoucou) On.NET with David with .NET MAUI for .NET 7 (https://www.youtube.com/watch?v=VV6DnxVyIOo) Draw all over your maps (https://www.andreasnesheim.no/creating-outlined-map-polygons-in-net-maui/) .NET MAUI support for XCode 14 (https://devblogs.microsoft.com/dotnet/dotnet-maui-xcode14/?WT.mc_id=dotnet-79812-masoucou) .NET 7 RC2 (https://devblogs.microsoft.com/dotnet/announcing-dotnet-7-rc-2/?WT.mc_id=dotnet-79812-masoucou) VS Mac 17.4 P2.1 (https://devblogs.microsoft.com/visualstudio/visual-studio-for-mac-17-4-preview-2-1-is-now-available/?WT.mc_id=dotnet-79812-masoucou) .NET MAUI Community Toolkit v1.3 (https://devblogs.microsoft.com/dotnet/announcing-the-dotnet-maui-community-toolkit-v13/?WT.mc_id=dotnet-79812-masoucou) Latest News Microsoft Teams Infrastructure and ACS migration to .NET 6 (https://devblogs.microsoft.com/dotnet/microsoft-teams-infrastructure-and-azure-communication-services-journey-to-dotnet-6/?WT.mc_id=dotnet-79812-masoucou) Microsoft Commerce migration to .NET 6 (https://devblogs.microsoft.com/dotnet/microsoft-commerce-dotnet-6-migration-journey/?WT.mc_id=dotnet-79812-masoucou) Bing Ads Campaigns migration to .NET 6 (https://devblogs.microsoft.com/dotnet/bing-ads-campaign-platform-journey-to-dotnet-6/?WT.mc_id=dotnet-79812-masoucou) Compare files in Visual Studio (https://devblogs.microsoft.com/visualstudio/comparing-files-in-visual-studio/?WT.mc_id=dotnet-79812-masoucou) .NET Conf is coming up! (https://dotnetconf.net) The .NET Conf Student Zone (https://techcommunity.microsoft.com/t5/educator-developer-blog/net-conference-student-zone-7th-nov-2022/ba-p/3655584) Azure News All the goodness for .NET 7 in Azure Functions and App Service (https://techcommunity.microsoft.com/t5/apps-on-azure-blog/azure-functions-2022-update/ba-p/3648731?WT.mc_id=dotnet-79812-masoucou) Azure Service of the Month Azure App Configuration (https://learn.microsoft.com/en-us/azure/azure-app-configuration/?WT.mc_id=dotnet-79812-masoucou) Follow Us: * James: Twitter (https://twitter.com/jamesmontemagno), Blog (https://montemagno.com), GitHub (http://github.com/jamesmontemagno), Merge Conflict Podcast (http://mergeconflict.fm) * Matt: Twitter (https://twitter.com/codemillmatt), Blog (https://codemilltech.com), GitHub (https://github.com/codemillmatt) * David: Twitter (https://twitter.com/davidortinau), Github (https://github.com/davidortinau)

Mark “Murch” Erhardt and Mike Schmidt are joined by John Light and Gregory Sanders to discuss Newsletter #222. News Block parsing bug affecting BTCD and LND (0:10) Transaction replacement option (5:34) Validity rollups research (18:02) MuSig2 security vulnerability (52:00) Minimum relayable transaction size (55:55) BIP324 update (1:01:52) Changes to services and client software btcd v0.23.2 released (1:05:30) ZEBEDEE announces hosted channel libraries (1:06:30) Cashu launches with Lightning support (1:08:47) Address explorer Spiral launches (1:13:10) BitGo announces Lightning support (1:16:15) ZeroSync project launches (1:17:42) Releases and release candidates Bitcoin Core 24.0 RC2 (1:20:16) LND 0.15.3-beta (1:21:22) Notable code and documentation changes Bitcoin Core #23549 (1:21:38) Bitcoin Core #25412 (1:23:29) LND #6956 (1:23:49) LND #7004 (1:25:31) LDK #1625 (1:25:54)

In this episode of Scaling Postgres, we discuss the Postgres 15 RC2, optimizing shared buffers, how to secure your database connections and blog posts from PGSQL Phriday. Subscribe at https://www.scalingpostgres.com to get notified of new episodes. Links for this episode: https://www.postgresql.org/about/news/postgresql-15-rc-2-released-2521/ https://www.enterprisedb.com/blog/harnessing-shared-buffers-and-reaping-performance-benefits-part-1 https://innerjoin.bit.io/the-majority-of-postgresql-servers-on-the-internet-are-insecure-f1e5ea4b3da3 https://www.softwareandbooz.com/pgsql-phriday-001-invite/ https://andreas.scherbaum.la/blog/archives/1121-PGSQL-Phriday-001-Two-truths-and-a-lie.html https://mydbanotebook.org/post/2-it-depends-and-1-must/ https://andyatkinson.com/blog/2022/10/07/pgsqlphriday-2-truths-lie https://www.scarydba.com/2022/10/07/pgsql-phriday-001-two-truths-and-a-lie/ https://sqlasylum.wordpress.com/2022/10/07/pgsqlphriday-001-truth-and-lies/ https://hakibenita.com/future-proof-sql https://www.cybertec-postgresql.com/en/vacuum-does-not-shrink-my-postgresql-table/ https://j-carson.github.io/2022/10/02/brin/ https://pganalyze.com/blog/5mins-postgres-BRIN-index https://www.percona.com/blog/postgresql-15-new-features-to-be-excited-about/ https://supabase.com/blog/postgres-wasm http://blog.cleverelephant.ca/2022/10/postgresql-links.html https://postgrespro.com/blog/pgsql/5969770 https://www.citusdata.com/blog/2022/09/30/how-to-add-more-environments-to-postgres-ci/ https://proopensource.it/blog/learning-postgresql https://postgres.fm/episodes/102-query-optimization https://postgresql.life/post/joseph_sciarrino/ https://www.rubberduckdevshow.com/episodes/60-beginners-journey-with-codewithjulie/  

Today's Topics:1. PEW Science SCAR Project Update #8 – Using the Mototech SCARburator with the Surefire SOCOM762-RC (not RC2) and the SOCOM-MIN2. (00:07:23)2. Sound Signature Review 6.87 – Resilient Suppressors RSP on the HK P30L semiauto full-size 9mm pistol. Technical discussion. Boy, was this neat! (00:45:21)3. Testing keeps happening and we keep moving further down the path of grassroots funded research. PEW Science is working hard for you – and your support helps a lot! (01:07:57)Sponsored by - High End Armament Technology!Ammo from True Shot: Click Here! (use code pewscience for $20 off the A-Zone program)

On today's episode Joe Porrazzo and Steve Barendt from Rain Bird share about the unique RC2 controller and how it is an absolute game-changer for the irrigation industry. With Quick Pair technology and the Rain Bird® mobile app, you will have instant access to customize a watering schedule from anywhere! The mobile-first interface provides homeowners with the convenience they have come to expect while offering contractors the easiest and fastest programming experience available. Building upon Rain Bird's legacy, the RC2 controller delivers the expertise of an irrigation company and the vision of a leader to  save time, water and money. Tune in to hear about the RC2 controller and what else is new at Rain Bird.  The Resource Center at GreenIndustryPodcast.com Rainbird.com/connected GetJobber.com/Paul Register for the 2022 Equip Exposition here:  Equip Exposition Registration (Coupon Code: PAUL saves 50% off) Get Roll by ADP The Landscaping Bookkeepers Website Services: Pure Marketing Team Kujo.com (Pauls10 Saves 10%) Ballard-inc.com (Coupon Code: PAUL Saves 10%) Quickbooks Online Paul's Audiobooks: Cut That Grass and Make That Cash 101 Proven Ways to Increase Efficiency and Make More Money in Lawn Care Best Business Practices for Landscapers Follow us on YouTube: Green Industry Podcast Paul Jamison Follow us on Instagram: @greenindustrypodcast @pauljamison Follow us on TikTok: @pauljamison Follow us on Facebook: @greenindustrypodcast    

News WordPress 6.0 Beta 3 is now available for testing. These releases are moving along and testers are needed for the most recent release. If you would like to check out the release schedule you can go over to make.wordpress.org. It was just announced that Matt Mullenweg will be speaking at WordCamp Europe in Porto, Portugal June 2-4 2022. If you plan on attending this event you may want to listen to a podcast from Delicious Brains that gives some great ideas on how to make the most of your WordCamp visit. WooCommerce WooCommerce has released 6.5 RC2. This puts them on track for the May 10, 2022 release date. Testers are needed for this release as well. From Our Contributors and Producers Sarah Gooding over at WPTavern writes about how the WordPress subreddit blew up this week with reports of MemberPress locking users out of the plugin's admin if they do not renew their subscriptions. MemberPress is a popular membership plugin for WordPress that does not have a free version available. They do clearly outline the subscription policy but cutting off access to the plugin's admin screens leaves users without the ability to manage the membership functions of their sites once their subscriptions lapse. It will be interesting to see if this “change” impacts their customer base. David Vongries tweeted that he is looking for a new home for Kirki. If you are looking to venture into the Gutenberg product market this may be a great opportunity for you. Reach out to David if you're interested. Amber Hinds also tweeted about two plugins that need to be rehomed. They have become a distraction from the main focus on accessibility. Go check out the thread on Twitter and reach out to Amber if you're interested in her plugins. MasterWP has announced their WordCamp US 2022 Travel Sponsorship Program. Rob Howard explains how to apply. Go check out his blog post to apply to be a speaker to WordCamp US and possibly receive sponsorship. If you would like to contribute to helping send somebody to WordCamp you can head on over to DonateWC. Chima Mmeje was interviewed over on the Matt Report about how and why to raise your freelance rates. Go listen to this interview to discover how entrepreneurs can raise rates through grit, perseverance, confidence, and ultimately discovering self-worth. Next up: Block Editor Dev Minute by Aurooba Thanks to all of the members who shared these links today: Daniel SchutzsmithEric Karkovack

2022-03-15 Weekly News - Episode 139Watch the video version on YouTube at https://youtu.be/tmx5csCovncHosts: Eric Peterson - Senior Developer at Ortus SolutionsDaniel Garcia - Software Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-en out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our Repos https://github.com/coldbox/coldbox-platform https://github.com/Ortus-Solutions/ContentBox/ https://github.com/Ortus-Solutions/commandbox/ https://github.com/ortus-solutions/docker-commandbox https://github.com/Ortus-Solutions/testbox/ https://github.com/coldbox-modules/qb/ https://github.com/coldbox-modules/quick/ https://github.com/coldbox-modules/cbwire https://github.com/Ortus-Solutions/DocBox Star all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)  Patreon SupportWe have 36 patreons providing 96% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsLucee 5.3.9.108 Release Candidate 2The Lucee team is proud to announce RC2, which consists of bug fixes and regressions.All things going well and subject to any regression, we plan to release a STABLE version on Friday the 25th of March, 2022https://dev.lucee.org/t/5-3-9-108-release-candidate-2/9795Built with ColdFusion CFMLThis repo is a community repo to list and showcase companies, sites and technologies powered by ColdFusion (CFML) and several Ortus Products.To contribute, fork and star the project. Then add your own organization file in the orgs directory and then append the name of that file ( excluding the extension ), into the cfml-rocks.json array of orgs. You may use the schema below for reference. Send us your pull request and once validated, we will add it to the repo and site.https://github.com/Ortus-Solutions/built-with-cfml-box/Ortus Webinar - March - ForgeBoxication with Gavin PickinMarch 25th, 2022 Time: 11:00 AM Central Time (US and Canada)ForgeBox is CFML's package management system, and in this webinar you will learn how you can use it with any cfml app you have. You'll learn how to use ForgeBox packaged in your app, commit your own code to ForgeBox, and if we have time we might even make your code into a ColdBox module.Register today: https://us02web.zoom.us/meeting/register/tZwkduGurDgoHNf4sljBngAFLpoNSNLkzom3 More Webinars: https://www.ortussolutions.com/events/webinars Ortus Webinar - April - cbSecurity: Passwords, Tokens, and JWTs with Eric PetersonApril 29th, 202211:00 AM Central Time (US and Canada)Learn how to integrate cbSecurity into your application whether you are using passwords, API tokens, JWTs, or a combination of all three!More Webinars: https://www.ortussolutions.com/events/webinars Hawaii CFUG User Group - Moving your Legacy ColdFusion application to Modern CFML with Mark TakataMarch 24th, 20221:00pm Hawaiian Time - 4:00pm PDTWe've all seen old legacy code in our ColdFusion applications.How do you move that legacy code to modern CFML with easier maintenance and deployment, fewer bugs, and streamlined code?Why Move to Modern CFMLMost of us understand that moving our legacy applications to modern CFML is smart. Easier Maintenance Rapid Deployment Fewer Bugs Modern, Responsive Front-End https://hawaiicoldfusionusergroup.adobeconnect.com/legacy/ Happy Birthday Docker - Docker Community All HandsThursday, March 31, 2022 | 8:00am - 11:00am PTJoin us in celebrating Docker's 9th birthday at our next Community All Hands! This virtual event is a unique opportunity for the community to come together with Docker staff to learn, share and collaborate about all things Docker.https://www.docker.com/event-community-all-hands Adobe Workshops and WebinarsJoin the Adobe ColdFusion Workshop to learn how you and your agency can leverage ColdFusion to create amazing web content. This one-day training will cover all facets of Adobe ColdFusion that developers need to build applications that can run across multiple cloud providers or on-premiseTHURSDAY, MARCH 24, 202210:00 AM PDTColdFusion Standard vs EnterpriseMark Takatahttps://coldfusion-standard-vs-enterprise.meetus.adobeevents.com/WEDNESDAY, MARCH 30, 20229:00 AM EDTAdobe ColdFusion WorkshopBrian Sappeyhttps://workshop-coldfusion-adobe.meetus.adobeevents.com/THURSDAY, APRIL 21, 20229:00 AM CETAdobe ColdFusion WorkshopDamien Bruyndonckx (Brew-en-dohnx) https://adobe-workshop-coldfusion.meetus.adobeevents.com/THURSDAY, APRIL 21, 202210:00 AM PDTAdobe ColdFusion TruthsMark Takatahttps://adobe-coldfusion-truths.meetus.adobeevents.com/FREE :)Full list - https://meetus.adobeevents.com/coldfusion/ Conferences and TrainingDocker Community All HandsThursday, March 31, 2022 | 8:00am - 11:00am PTJoin us in celebrating Docker's 9th birthday at our next Community All Hands! This virtual event is a unique opportunity for the community to come together with Docker staff to learn, share and collaborate about all things Docker.https://www.docker.com/event-community-all-hands  DevNexus 2022 - The largest Java conference in the USApril 12-14, 2022Atlanta, GABrad & Luis will be speakingLuis - Alpine.js: Declare and React with SimplicityBrad - What's a Pull Request? (Contributing to Open Source)https://devnexus.com/DockerConMay 10, 2022Free Online Virtual ConferenceDockerCon will be a free, immersive online experience complete with Docker product demos , breakout sessions, deep technical sessions from Docker and our partners, Docker experts, Docker Captains, our community and luminaries from across the industry and much more. Don't miss your chance to gather and connect with colleagues from around the world at the largest developer conference of the year. Sign up to pre-register for DockerCon 2022!https://www.docker.com/dockercon/ US VueJS ConfFORT LAUDERDALE, FL • JUNE 8-10, 2022Beach. Code. Vue.Workshop day: June 8Main Conference: June 9-10https://us.vuejs.org/ Into The Box 2022Solid Dates - September 27-30Call For Speakers and blog post coming soon!Into the Box Latam 2022Tentative dates - Dec 1-2CF SummitStill waiting on news from Adobe.CFCampStill waiting as well.More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets, and Videos of the Week3/8/22 - Tweet - Brad Wood - RabbitSDK UpdatesWhile doing some client work with RabbitMQ's delayed message plugin, I've added proper exchange management methods to the CFML #RabbitMQ SDK.  Now you can declare, bindm, unbind, and delete exchanges. https://forgebox.io/view/rabbitsdkhttps://twitter.com/bdw429s/status/1501294538052231171https://twitter.com/bdw429s3/9/22 - Tweet - Brad Wood - Slatwall No Longer Open Source#TIL The ColdFusion Slatwall Commerce platform was acquired by another company about 6 mo ago and is no longer open source.  Anyone using it and affected?  Looks like Ortus needs to dust off our cbCommerce module! #CFMLhttps://twitter.com/bdw429s/status/1501653592960380930https://twitter.com/bdw429s3/10/22 - Blog - Ben Nadel - FusionReactor APM Gives Me Peace-of-Mind Over In-Memory Caching In ColdFusionAs part of the operation of my ColdFusion application (ie, this blog), I cache a lot of data in-memory. Some of that data is cached up-front in the onApplicationStart() ColdFusion application life-cycle event handler; but, most of it is cached on-the-fly using the double-check locking pattern that I discussed recently. Unfortunately, I have no idea how much "data costs" to store in memory (meaning, how much room it takes up). So, I've always been a bit uneasy knowing that I may one day slam into a hard memory limit. But, all worry is gone now that I've installed FusionReactor's Application Performance Monitor (APM). I can now clearly see how much RAM I've used; and, more importantly, how much dang RAM I have left to play with.https://www.bennadel.com/blog/4225-fusionreactor-apm-gives-me-peace-of-mind-over-in-memory-caching-in-coldfusion.htm3/15/22 - Blog - Ben Nadel - Adding Strict-Transport-Security (HSTS) HTTP Header In ColdFusion 2021For years, I've been using Foundeo's HackMyCF security product on my server to help me keep my ColdFusion applications secure and up-to-date. Security is one of those feature that tends to rot over time. So, it's nice to have someone constantly nagging you about actively updating your platform. This morning, I'm finally adding the HTTP Strict-Transport-Security response header (often abbreviated as HSTS) to my ColdFusion blog so that browsers will force connections to be made using HTTPS, never HTTP.https://www.bennadel.com/blog/4228-adding-strict-transport-security-hsts-http-header-in-coldfusion-2021.htm3/14/22 - Blog - Ben Nadel - Serving A Bypassable "Down For Maintenance" Page In ColdFusion 2021In the vast majority of cases, updates to my ColdFusion blog can be made while the site is online. Sometimes, however, if those changes are not backwards compatible, or require too much cross-file coordination, there's no way that I can start making changes without causing errors in the user experience (UX). In such cases, I need to temporarily block access to the site using a "Down for Maintenance" page. But, I still need to access the site in order to monitor and test the changes. As such, this maintenance page needs to be conditionally bypassable. Luckily, all of this is really easy in ColdFusion.https://www.bennadel.com/blog/4227-serving-a-bypassable-down-for-maintenance-page-in-coldfusion-2021.htmColdBox Fail Fast - https://coldbox.ortusbooks.com/getting-started/configuration/bootstrapper-application.cfc#composition CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 57 ColdFusion positions from 34 companies across 32 locations in 5 Countries.2 new jobs listedFull-Time - Senior Coldfusion Developer |LATAM| at Colon, PAMar 11https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-Coldfusion-Developer-LATAM-at-Colon-PA/11442Contract - Mid Level CF developer at Remote - AustraliaMar 15https://www.getcfmljobs.com/jobs/index.cfm/australia/mid-cfdev-remote/11443Other Job LinksOrtus Solutionshttps://www.ortussolutions.com/about-us/careers Everett Community Collegehttps://employment.everettcc.edu/postings/5300 The Consortium, Inchttps://jobs.crelate.com/portal/consortium/job/ok4b6rcj95g1rhscawespxcdjy ForgeBox Module of the WeekGeoLocation By IP by Ortus SolutionsGeoLocation By IP. Look up and cache a user's countryCode, countryName, regionName, cityName, , zipCode, latitude, longitude, and timeZone by IP address.https://forgebox.io/view/GeoLocation-lookup-by-IP “This code comes with no warranties, promises, or rainbows. In fact, it will probably kick your cat.” - Brad WoodVS Code Hint Tips and Tricks of the WeekGit TrimA command to quickly remove merged, pruned, untracked, or stale branches within a repository.https://github.com/jasonmccreary/git-trimThank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website https://community.ortussolutions.com/ Patreons John Wilson - Synaptrix  Eric Hoffman Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger Dan Card Jonathan Perret Jeffry McGee - Sunstar Media6 Dean Maunder Joseph Lamoree Don Bellamy Jan Jannek Laksma Tirtohadi Carl Von Stetten Jeremy Adams Didier Lesnicki Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel  Brett DeLine Kai Koenig Charlie Arehart Jonas Eriksson Jason Daiger Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge John Whish Kevin Wright Peter Amiri You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors ★ Support this podcast on Patreon ★

WooCommerce 6.3 RC2, Woo Blocks 7.1, new guidelines and random chatter about WooCommerce and Shopify on Twitter

Tips this week include: • The DIY SEO Quick Checks are in progress for a solid SEO foundation • The first few DIY SEO live workshops have been scheduled • Update on the Ecomm Coalition • Progress on getting into TikTok • 2022 Site Success Goals live session replay is ready for BB Hubbers • Upcoming chat for Hubbers this week on Content as Product • New tutorial for how to create and delete a WordPress user • What was in the WordPress 5.8.3 security release • The difference in minor and major WP updates • Why I can't sleep without my sites being on the Cloudflare Pro plan • Why I had to wait for the WP 5.9 RC2 dropping today to make new Gutenberg tutorials • Why we're not using the IndexNow plugin and what may be coming • What's up with hosts having increased downtime lately • YouTube is testing a custom message for the Super Thanks program to pay creators • How Opera aiming to be the top Web 3 browser directly impacts your bottom line • THE most important Web 3 acronym you need to know

WooCommerce Blocks 6.2.0, WooCommerce 5.9 RC2, Action Scheduler and Facebook for WooCommerce 2.6.6.

Investing in cryptocurrencies has gained momentum since the last year in India and everyone is intrigued by what digital currency holds for them. This week's podcast describes Methods of acquiring cryptocurrency, and the taxes chargeable on the income from cryptocurrency.  Audio Source: An article published on the Tax India Online in August 2021 https://taxindiaonline.com/RC2/inside2.php3?filename=bnews_detail.php3&newsid=41783  Authors: Ravi Raghavan, Sr. Partner (LKS), Parvathy R. Kartha, Sr. Associate (LKS), and Laksh Manocha, Associate (LKS)  Voice: Neelambera Sandeepan, Joint Partner (LKS)  www.lakshmisri.com

Agradece a este podcast tantas horas de entretenimiento y disfruta de episodios exclusivos como éste. ¡Apóyale en iVoox! Se van de viaje. Juan Tamajón y David Pintos efectuarán un viaje veraniego, David por Italia y Juan por varios países europeos y americanos. En el periplo de los dos subterráneos escucharéis música de las bandas y artistas italianos Alberto Rigoni, Redy Groovers, The Ikan Method y Hora Prima; y de los grupos nacionales e internacionales The Imperial Flea Circus, Syndone, 35 Tapes, GorMusik, RC2 y Aglarion. No te pierdas este fabuloso Outtakes repleto de auténticas joyas con la que cerramos la temporada tres. Relájate y déjate llevar por la magia de la mejor música del mundo. www.subterranea.eu Escucha este episodio completo y accede a todo el contenido exclusivo de Subterranea Podcast. Descubre antes que nadie los nuevos episodios, y participa en la comunidad exclusiva de oyentes en https://go.ivoox.com/sq/17710

Product filtering by attributes, Woo 5.9 RC2, widgets in WordPress 5.8, full site editing program testing call, and the Request a Quote plugin released.

Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Juan Pedro Araque Espinosa (Youtube Chanel: Commit that Line) Michael #1: State of the community (via Jet Brains) This report presents the combined results of the fifth annual Developer Ecosystem Survey conducted by JetBrains Not just Python, but all of us Python is more popular than Java in terms of overall usage, while Java is more popular than Python as a main language. The 5 fastest growing languages are Python, TypeScript, Kotlin, SQL, and Go. A majority of the respondents (71%) develop for web backend. Does fall into the trap of “Hi, I'm a CSS developer, nice to meet you” though Women are more likely than men to be involved in data analysis, machine learning, and UX/UI design or research. Women are less likely than men to be involved in infrastructure development and DevOps, system administration, or Deployment. Brian #2: Cornell - record & replay mock server Suggested by Yael Mintz (and it's her project) Introduction blog post “Cornell makes it dead simple, via its record and replay features to perform end-to-end testing in a fast and isolated testing environment. When your application integrates with multiple web-based services, end-to-end testing is crucial before deploying to production. Mocking is often a tedious task. It becomes even more tiresome when working with multiple APIs from multiple vendors. vcrpy is an awesome library that records and replays HTTP interactions for unit tests. Its output is saved to reusable "cassette" files. By wrapping vcrpy with Flask, Cornell provides a lightweight record and replay server that can be easily used during distributed system testing and simulate all HTTP traffic needed for your tests.” Juanpe #3: Factory boy (with Pydantic by chance) Factory_boy allows creating factories to generate objects that could be used as text fixtures Briefly mentioned in the past in episode 193 A factory takes a base object and allows to very easily and naturally define default values for each field of the object. One can have many factories for the same object that could be used define different types of fixtures of the same object It works with ORM objects (Django, Mongo, SQLAlchemy…) If you have a project that uses Pydantic to define your objects, factory boy also supports Pydantic although it is not documented and does it by a side effect Internally factory boy generates a parameters dictionary that that is unpacked when constructing the model at hands. This works perfectly with pydantic and can be used to generate pydantic objects on the fly with the full power of factory boy Michael #4: pyinstrument Call stack profiler for Python. Shows you why your code is slow! Instead of writing python script.py, type pyinstrument script.py Your script will run as normal, and at the end (or when you press ^C), Pyinstrument will output a colored summary showing where most of the time was spent. Async support! Pyinstrument now detects when an async task hits an await, and tracks time spent outside of the async context under this await. Pyinstrument also has a Python API. Just surround your code with Pyinstrument Nice middleware examples for Flask & Django Brian #5: Python 3.10 is now in Release Candidate phase. RC1 just released. RC2 planned for 2021-09-06 official release is planned for 2021-10-04 It is strongly encourage maintainers of third-party Python projects to prepare their projects for 3.10 compatibility during this phase Reminder of major changes: PEP 623 -- Deprecate and prepare for the removal of the wstr member in PyUnicodeObject. PEP 604 -- Allow writing union types as X | Y PEP 612 -- Parameter Specification Variables PEP 626 -- Precise line numbers for debugging and other tools. PEP 618 -- Add Optional Length-Checking To zip. bpo-12782: Parenthesized context managers are now officially allowed. PEP 632 -- Deprecate distutils module. PEP 613 -- Explicit Type Aliases PEP 634 -- Structural Pattern Matching: Specification PEP 635 -- Structural Pattern Matching: Motivation and Rationale PEP 636 -- Structural Pattern Matching: Tutorial PEP 644 -- Require OpenSSL 1.1.1 or newer PEP 624 -- Remove Py_UNICODE encoder APIs PEP 597 -- Add optional EncodingWarning Juanpe #6: time-machine Time-machine mock datetime and time related calls globally noticeably faster than other well known tools like freezgun. The mocking is achieved by replacing the c-level calls by whatever value we want which means the library does not need to mock individual imports. Mocking datetime cannot be done with patch.object and needs to be patched everywhere it is used which can turn mocking everything into a tedious (and/or slow) process. Datetime methods (now, today, utcnow…) can be mocked by setting a frozen time or by letting the time tick since the mock call is made. It provides a simple context manager to use it as well as pytest fixture that makes using it very simple from datetime import datetime import time_machine @time_machine.travel("2021-01-01 21:00") def test_in_the_past(): assert datetime.now() == datetime(2021, 1, 1, 21, 0) --------------------------------- # The time_machine fixture can also be used with pytest def test_in_the_past(time_machine): time_machine.move_to(datetime(2021, 1, 1, 21, 0)) assert datetime.now() == datetime(2021, 1, 1, 21, 0) Extras Michael Credit-card stealing malware found in official Python repository and Software downloaded 30,000 times from PyPI ransacked developers' machines (via Joe Riedly) Brian Flavors of TDD - Test & Code episode 162 Working on tox and CI chapter of 2nd edition of pytest book, hoping that to be released within the next week. Joke JavaScript Developer Bouncing from framework to framework

S'mae... Dych chi'n gwrando ar Pigion - podlediad wythnosol Radio Cymru i'r rhai sy'n dysgu ac sydd wedi dysgu Cymraeg. Tomos Morse dw i, ac i ddechrau'r wythnos yma … LISA ANGHARAD Dych chi wedi bod ar wyliau y tu allan i Gymru a chlywed pobl yn siarad Cymraeg? Yn ôl cyflwynydd y rhaglen deledu Cynefin, Sion Thomas Owen, mae hyn yn digwydd iddo fe bob tro mae'n mynd i ffwrdd. Fe oedd gwestai Lisa Angharad fore Gwener ar RC2, a dyma i chi ychydig o'r hanesion rannodd e am ei wyliau.... Cyflwynydd Presenter Mam-gu Nain Mo'yn Eisiau Cnoi Brathu Anghyfarwydd Unfamiliar CARYL AC ALUN Sion Thomas Owen oedd hwnna'n sôn am ddod ar draws pobl o Gymru ar ei wyliau. Cyflwynydd newydd Sioe Frecwast Bore Sul ar RC2, Miriain Iwerydd, oedd gwestai arbennig Caryl ac Alun yr wythnos yma. Mae'n debyg bod Mirain yn hoff iawn o fisgedi a dyma hi'n dewis ei hoff rai... Mae'n debyg Apparently STIWDIO Dych chi'n cytuno gyda dewis Mirain? Mae'n rhaid dweud bod y bisged siocled tywyll yn swnio'n hyfryd! Mae Oriel Môn, oriel gelf ger Llangefni ar Ynys Môn, yn 30 oed eleni ac i nodi'r penblwydd hwnnw cafodd Nia Roberts sgwrs gydag artist o Fôn, Iwan Gwyn Parry, ar Stiwdio nos Lun. Cafodd yr oriel ei hagor yn wreiddiol er mwyn dangos gwaith yr artist bywyd gwyllt Charles Tunnicliffe, ac mae Iwan yn cofio gweld Tunnicliffe wrth ei waith pan oedd Iwan yn blentyn bach. Pa effaith cafodd hynny ar ei yrfa fel artist tybed...? Oriel gelf Art gallery Cyffredin Common Ymwybodol Aware Dylanwad Influence Trobwynt Turning point Isymwybod Sub-conscious Efelychu To emulate Esblygu To evolve Unigryw Unique Ewyllys Will Cenhedlaeth Generation MOEL Mae Iwan Gwyn Parri wir yn gobeithio bydd e'n berchen ar y darlun hwnnw rywdro on'd yw e? Mae gan Aled Hughes bodlediad gwych o'r enw Moel sy'n trafod pob math o bynciau gwahanol - a'r tro hwn, Ffilmiau Mawr Hollywood oedd yn cael sylw ac yn y clip hwn mae'n trafod ‘Gone with The Wind'... Moel Bald Oedi To delay Dal allan Caught out Heb ‘di Ddim wedi Anhygoel Incredible Ail-adeiladu To rebuild Enfawr Huge Y meddylfryd Mentality SARA GIBSON Ac o bodlediad ‘Moel' i glip sy'n sôn am steiliau gwallt. Sara Gibson oedd yn cyflwyno rhaglen Aled ar Radio Cymru wythnos diwetha a chafodd hi air gyda'r barbwr Jason Parry o Gaernarfon am ddylanwad pêl-droedwyr ar ffasiwn gwallt dynion. Enghraifft Example Yn gyffredinol Generally Ers talwm In the past Poblogaidd Popular Be ddiawl...? What on earth...? SIOE FAWR SHAN Ie, diddorol on'd ife - dw i'n siŵr eich bod yn cofio i lawer o blant ifanc Cymru liwio eu gwalltiau yn wyn er mwyn efelychu Aaron Ramsey pan oedd yn chwarae i Gymru yn Euros 2016. Roedd y Sioe Fawr, neu'r Sioe Frenhinol, ar ffurf wahanol eleni – ac er nad oedd posib mynd i Lanelwedd i fwynhau'r Sioe, roedd digon o adloniant amaethyddol yn digwydd, ac yn cael ei rannu ar Radio Cymru. A dyw'r sioe ddim yn sioe heb Shan Cothi nac yw? Dyma ran o sgwrs Shan gyda Melanie Owen am… beth arall… ond ceffylau!! Y Sioe Frenhinol The Royal (Welsh) Show Amaethyddol Agricultural Tanio diddordeb To spark an interest Tanllyd Fiery Ymddiried ynddyn nhw Trust in them Hyblyg Flexible Y sylw The attention Pencampwriaethau Championships Pedoli To shoe Berwedig Boiling Prydferth Beautiful

S'mae... Dych chi'n gwrando ar Pigion - podlediad wythnosol Radio Cymru i'r rhai sy'n dysgu ac sydd wedi dysgu Cymraeg. Tomos Morse dw i, ac i ddechrau'r wythnos yma …” Sioe Frecwast Caryl a Huw Mae Caryl Parry Jones a Huw Stephens yn cyflwyno'r sioe frecwast bob bore ar RC2 – a does dim byd gwell nac oes yna, na dechra'r bore gyda llond trol o chwerthin. A dyna'n union ddigwyddodd wythnos diwetha wrth i'r criw ymarfer eu hacenion Americanaidd… Cyflwyno Presenting LLond troll o chwerthin A barrel load of laughs Acenion Accents Sylwi To notice Albanaidd Scotttish Bore Cothi Da, ond pwy sy'n dweud Kipper Tie y dyddiau hyn tybed? Mae Shan Cothi yn lico ei bwyd! Mae hi'n caru bwyta a siarad am fwyd, a'r wythnos yma cafodd hi gwmni Lisa Fearn ar ei rhaglen i sôn am ‘smwddis'… Daioni Goodness Maeth Nutrition Chwalu To shatter Llyfn Smooth Ansawdd Texture Cymhleth Complicated Mwyar Berries Di-siwgr Sugar free Ysbigoglys Spinach Y rhwydda yr hawdda Clip Troi'r Tir Lisa Fearn yn fan'na dweud bod mefus yn un o'r cynhwysion mwya poblogiadd yn y smwddis a mefus oedd ar fwydlen Terwyn Davies a chriw Troi'r Tir – wel, wedi'r cyfan mae Wimbledon newydd ddod i ben! Tipyn o sylw A bit of attention Pencampwriaeth Championship Trigolion Residents Cyfryngau cymdeithasol Social media Cefdir blaenorol Previous background Datblygu To develop Croesffordd Crossroad Fesul pwysau According to weight Cofio Bwyd a Diod A dw i'n siwr gwnaeth Shan fwynhau Cofio yr wthnos yma – achos y pwnc oedd… Bwyd a Diod. Tybed ai bwyd iach fydd yn cael sylw'r rhaglen yma yn ogystal? Er gwaetha In spite of Pob ymdrech Every attempt Mymryn o lonydd A little peace and quiet Am wn i As far as I know Cyffwrdd To touch Clip Cerddwr Cudd Ie, mae bwydo plant yn gallu bod yn her weithiau on'd yw e? Ble roedd Cerddwr Cudd Catrin Angharad yr wythnos yma? Dyma hi'n ein hatgoffa ni o'r cliws cyn datgelu'r lleoliad… Datgelu To reveal Cerddwr cudd Secret walker Her Challenge Golygu To mean Dyfalu To guess Digon o ryfeddod Wonderful Coelio Credu Llamidyddion Porpoises Prin Rare Denu To attract Clip Geraint Lloyd Leah a Sïan Mae Pen Llŷn yn swnio'n lle gwych i fod ynddo fe yn ystod gwyliau'r haf on'd yw e? Mae Sïan Eluned yn ferch ysgol o'r Felinheli ger Caernarfon ac mae hi'n cystadlu mewn sioeau harddwch – ond dim rhai cyffredin, fel eglurodd ei mam, Leah, wrth Geraint Lloyd Harddwch Beauty Cymuned Community Elusennau Charities Yn gyfarwydd â Familiar with Colur Make up Gwirfoddol Voluntary

WooCommerce 5.5 and Vulnerability Fix Release, Membership Sites with WPQuickStart Released from Nexcess amd WordPress 5.8 RC2

00:00:18 Flo Health Hiring Event! (подробнее в конце страницы) 00:01:05 Build your own refinement types in Scala 3 00:20:04 Scala 3.0.1 Scala 3.0.1-RC2 - backports of critical bugfixes Scala 3.0.1 00:24:05 Idea w emacs hotkeys 00:32:25 IntelliJ Scala Plugin 2021.2 EAP: Package Search Integration 00:35:25 Fully automated luxury pipeline for updating dependencies in Scala projects with Missinglink 00:37:55 MonitorControl 00:48:35 How to write a fire shader (Scala.js / WebGL 2.0) 00:54:55 FP Makes Big Things twit by Daniel Spiewak Доклад от Юры по теме: Production-ready functional programming 01:02:35 tpolecat/pool-party Flo Health Hiring Event31 июля компания Flo Health проведет онлайн hiring event для Senior Backend Engineers в офисы в Минске и Вильнюсе, с возможностью релокации в Литву. Кандидатам с большим опытом работы с другими back-end языками программирования и заинтересованным в переходе на Scala/Python компания предложит обучение. Ссылка на регистрацию, если ты Senior Scala Engineer или хочешь перейти на Scala. Ссылка на регистрацию, если ты Senior Python Engineer или хочешь перейти на Python. Ссылка на регистрацию, если ты Senior Data Engineer Зарплата для Минска 3900-6000 € на руки, для Литвы 3000-4500 € на руки. Более подробно можно почитать в телеграмм канале Голоса выпуска: Юрий Бадальянц, Евгений Токарев, Вадим Челышов, Григорий Помадчин

This is Last Week in .NET for the week that ended 17 October 2020. Lots of releases and CVE fixes last week, so let's get to it.

WP Builds Newsletter #41 - WordPress 5.0 RC2, Plugin vulnerabilities and FBI takes down ad fraud network

WP Builds Newsletter #41 - WordPress 5.0 RC2, Plugin vulnerabilities and FBI takes down ad fraud network

TrueOS stable 17.12 is out, we have an OpenBSD workstation guide for you, learnings from the PDP-11, FreeBSD 2017 Releng recap and Duo SSH. This episode was brought to you by Headlines TrueOS stable release 17.12 (https://www.trueos.org/blog/trueos-17-12-release/) We are pleased to announce a new release of the 6-month STABLE version of TrueOS! This release cycle focused on lots of cleanup and stabilization of the distinguishing features of TrueOS: OpenRC, boot speed, removable-device management, SysAdm API integrations, Lumina improvements, and more. We have also been working quite a bit on the server offering of TrueOS, and are pleased to provide new text-based server images with support for Virtualization systems such as bhyve! This allows for simple server deployments which also take advantage of the TrueOS improvements to FreeBSD such as: Sane service management and status reporting with OpenRC Reliable, non-interactive system update mechanism with fail-safe boot environment support. Graphical management of remote TrueOS servers through SysAdm (also provides a reliable API for administrating systems remotely). LibreSSL for all base SSL support. Base system managed via packages (allows for additional fine-tuning). Base system is smaller due to the removal of the old GCC version in base. Any compiler and/or version may be installed and used via packages as desired. Support for newer graphics drivers and chipsets (graphics, networking, wifi, and more) TrueOS Version 17.12 (2017, December) is now available for download from the TrueOS website. Both the STABLE and UNSTABLE package repositories have also been updated in-sync with each other, so current users only need to follow the prompts about updating their system to run the new release. We are also pleased to announce the availability of TrueOS Sponsorships! If you would like to help contribute to the project financially we now have the ability to accept both one-time donations as well as recurring monthly donations which wil help us advocate for TrueOS around the world. Thank you all for using and supporting TrueOS! Notable Changes: Over 1100 OpenRC services have been created for 3rd-party packages. This should ensure the functionality of nearly all available 3rd-party packages that install/use their own services. The OpenRC services for FreeBSD itself have been overhauled, resulting in significantly shorter boot times. Separate install images for desktops and servers (server image uses a text/console installer) Bhyve support for TrueOS Server Install FreeBSD base is synced with 12.0-CURRENT as of December 4th, 2017 (Github commit: 209d01f) FreeBSD ports tree is synced as of November 30th (pre-FLAVOR changes) Lumina Desktop has been updated/developed from 1.3.0 to 1.4.1 PCDM now supports multiple simultaneous graphical sessions Removable devices are now managed through the “automounter” service. Devices are “announced” as available to the system via *.desktop shortcuts in /media. These shortcuts also contain a variety of optional “Actions” that may be performed on the device. Devices are only mounted while they are being used (such as when browsing via the command line or a file manager). Devices are automatically unmounted as soon as they stop being accessed. Integrated support for all major filesystems (UFS, EXT, FAT, NTFS, ExFAT, etc..) NOTE: The Lumina desktop is the only one which supports this functionality at the present time. The TrueOS update system has moved to an “active” update backend. This means that the user will need to actually start the update process by clicking the “Update Now” button in SysAdm, Lumina, or PCDM (as well as the command-line option). The staging of the update files is still performed automatically by default but this (and many other options) can be easily changed in the “Update Manager” settings as desired. Known Errata: [VirtualBox] Running FreeBSD within a VirtualBox VM is known to occasionally receive non-existent mouse clicks – particularly when using a scroll wheel or two-finger scroll. Quick Links: TrueOS Forums (https://discourse.trueos.org/) TrueOS Bugs (https://github.com/trueos/trueos-core/issues) TrueOS Handbook (https://www.trueos.org/handbook/trueos.html) TrueOS Community Chat on Telegram (https://t.me/TrueOSCommunity) *** OpenBSD Workstation Guide (https://begriffs.com/posts/2017-05-17-linux-workstation-guide.html) Design Goals User actions should complete instantaneously. While I understand if compiling code and rendering videos takes time, opening programs and moving windows should have no observable delay. The system should use minimalist tools. Corollary: cache data offline when possible. Everything from OpenStreetMaps to StackExchange can be stored locally. No reason to repeatedly hit the internet to query them. This also improves privacy because the initial download is indiscriminate and doesn't reveal personal queries or patterns of computer activity. No idling program should use a perceptible amount of CPU. Why does CalendarAgent on my Macbook sometimes use 150% CPU for fifteen minutes? Who knows. Why are background ChromeHelpers chugging along at upper-single-digit CPU? I didn't realize that holding a rendered DOM could be so challenging. Avoid interpreted languages, web-based desktop apps, and JavaScript garbage. There, I said it. Take your Electron apps with you to /dev/null! Stability. Old fashioned programs on a conservative OS on quality mainstream hardware. There are enough challenges to tackle without a bleeding edge system being one of them. Delegate to quality hardware components. Why use a janky ncurses software audio mixer when you can use…an actual audio mixer? Hardware privacy. No cameras or microphones that I can't physically disconnect. Also real hardware protection for cryptographic keys. Software privacy. Commercial software and operating systems have gotten so terrible about this. I even catch Mac command line tools trying to call Google Analytics. Sorry homebrew, your cute emojis don't make up for the surveillance. The Hardware Core To get the best hardware for the money I'm opting for a desktop computer. Haven't had one since the early 2000s and it feels anachronistic, but it will outperform a laptop of similar cost. After much searching, I found the HP Z240 Tower Workstation. It's no-nonsense and supports exactly the customizations I was looking for: No operating system pre-loaded (Cut out the “Windows tax”) Intel Xeon E3-1270 v6 processor (Supports ECC ram) 16 GB (2x8 GB) DDR4-2400 ECC Unbuffered memory (2400Mhz is the full memory clock speed supported by the Xeon) 256 GB HP Z Turbo Drive G2 PCIe SSD (Uses NVMe rather than SATA for faster throughput, supported by nvme(4)) No graphics card (We'll add our own) Intel® Ethernet I210-T1 PCIe (Supported by em(4)) A modest discrete video card will enable 2D Glamor acceleration on X11. The Radeon HD 6450 (sold separately) is fanless and listed as supported by radeon(4). Why build a solid computer and not protect it? Externally, the APC BR1300G UPS will protect the system from power surges and abrupt shutdowns. Peripherals The Matias Ergo Pro uses mechanical switches for that old fashioned clicky sound. It also includes dedicated buttons along the side for copying and pasting. Why is that cool? Well, it improves secondary selection, a technique that Sun computers used but time forgot. Since we're talking about a home office workstation, you may want a printer. The higher quality printers speak PostScript and PDF natively. Unix machines connect to them on TCP port 9100 and send PostScript commands directly. (You can print via telnet if you know the commands!) The Brother HL-L5100DN is a duplex LaserJet which allows that “raw” TCP printing. Audio/Video I know a lot of people enjoy surrounding themselves with a wall of monitors like they're in the heart of NASA Mission Control, but I find multi-monitor setups slightly disorienting. It introduces an extra bit of cognitive overhead to determine which monitor is for what exactly. That's why I'd go with a modest, crisp Dell UltraSharp 24" U2417H. It's 1080p and yeah there are 4k monitors nowadays, but text and icons are small enough as it is for me! If I ever considered a second monitor it would be e-ink for comfortably reading electronic copies of books or long articles. The price is currently too high to justify the purchase, but the most promising monitor seems to be the Dasung Paperlike. In the other direction, video input, it's more flexible to use a general-purpose HDMI capture box like the Rongyuxuan than settle on a particular webcam. This allows hooking up a real camera, or any other video device. Although the motherboard for this system has built-in audio, we should use a card with better OpenBSD support. The WBTUO PCIe card uses a C-Media CMI8768 chipset, handled by cmpci(4). The card provides S/PDIFF in and out ports if you ever want to use an external DAC or ADC. The way to connect it with other things is with a dedicated hardware mixer. The Behringer Xenyx 802 has all the connections needed, and the ability to route audio to and from the computer and a variety of devices at once. The mixer may seem an odd peripheral, but I want to mix the computer with an old fashioned CD player, ham radio gear, and amplifier so this unifies the audio setup. When doing remote pair programming or video team meetings it's nice to have a quality microphone. The best ones for this kind of work are directional, with a cardioid reception pattern. The MXL 770 condenser mic is perfect, and uses a powered XLR connection supplied by the mixer. Backups We're going dead simple and old-school, back to tapes. There are a set of tape standards called LTO-n. As n increases the tape capacity gets bigger, but the tape drive gets more expensive. In my opinion the best balance these days for the home user is LTO-3. You can usually find an HP Ultrium 960 LTO-3 on eBay for 150 dollars. The cartridges hold 800GB and are about 15 dollars apiece. Hard drives keep coming down in price, but these tapes are very cheap and simpler than keeping a bunch of disk drives. Also tape has proven longevity, and good recoverability. To use old fashioned tech like this you need a SCSI host bus adapter like the Adaptec 29320LPE, supported by ahd(4). Cryptography You don't want to generate and store secret keys on a general purpose network attached computer. The attack surface is a mile wide. Generating or manipulating “offline” secret keys needs to happen on a separate computer with no network access. Little boards like the Raspberry Pi would be good except they use ARM processors (incompatible with Tails OS) and have wifi. The JaguarBoard is a small x86 machine with no wireless capability. Just switch the keyboard and monitor over to this machine for your “cleanroom.” jaguar board: Generating keys requires entropy. The Linux kernel on Tails samples system properties to generate randomness, but why not help it out with a dedicated true random number generator (TRNG)? Bit Babbler supplies pure randomness at a high bitrate through USB. (OneRNG works better on the OpenBSD main system, via uonerng(4).) bit babbler: This little computer will save its results onto a OpenPGP Smartcard V2.1. This card provides write-only access to keys, and computes cryptographic primitives internally to sign and encrypt messages. To use it with a regular computer, hook up a Cherry ST2000 card reader. This reader has a PIN pad built in, so no keylogger on the main computer could even obtain your decryption PIN. The Software We take the beefed up hardware above and pair it with ninja-fast software written in C. Some text-based, others raw X11 graphical apps unencumbered by ties to any specific window manager. I'd advise OpenBSD for the underlying operating system, not a Linux. OpenBSD has greater internal consistency, their man pages are impeccable, and they make it a priority to prune old code to keep the system minimal. What Have We Learned from the PDP-11? (https://dave.cheney.net/2017/12/04/what-have-we-learned-from-the-pdp-11) The paper I have chosen tonight is a retrospective on a computer design. It is one of a series of papers by Gordon Bell, and various co-authors, spanning the design, growth, and eventual replacement of the companies iconic line of PDP-11 mini computers. This year represents the 60th anniversary of the founding of the company that produced the PDP-11. It is also 40 years since this paper was written, so I thought it would be entertaining to review Bell's retrospective through the lens of our own 20/20 hindsight. To set the scene for this paper, first we should talk a little about the company that produced the PDP-11, the Digital Equipment Corporation of Maynard, Massachusetts. Better known as DEC. It's also worth noting that the name PDP is an acronym for “Programmed Data Processor”, as at the time, computers had a reputation of being large, complicated, and expensive machines, and DEC's venture capitalists would not support them if they built a “computer” A computer is not solely determined by its architecture; it reflects the technological, economic, and human aspects of the environment in which it was designed and built. […] The finished computer is a product of the total design environment. “Right from the get go, Bell is letting us know that the success of any computer project is not abstractly building the best computer but building the right computer, and that takes context.” It is the nature of computer engineering to be goal-oriented, with pressure to produce deliverable products. It is therefore difficult to plan for an extensive lifetime. Because of the open nature of the PDP-11, anything which interpreted the instructions according to the processor specification, was a PDP-11, so there had been a rush within DEC, once it was clear that the PDP-11 market was heating up, to build implementations; you had different groups building fast, expensive ones and cost reduced slower ones The first weakness of minicomputers was their limited addressing capability. The biggest (and most common) mistake that can be made in a computer design is that of not providing enough address bits for memory addressing and management. A second weakness of minicomputers was their tendency not to have enough registers. This was corrected for the PDP-11 by providing eight 16-bit registers. Later, six 32-bit registers were added for floating-point arithmetic. […] More registers would increase the multiprogramming context switch time and confuse the user. “It's also interesting to note Bell's concern that additional registers would confuse the user. In the early 1970's the assumption that the machine would be programmed directly in assembly was still the prevailing mindset.” A third weakness of minicomputers was their lack of hardware stack capability. In the PDP-11, this was solved with the autoincrement/autodecrement addressing mechanism. This solution is unique to the PDP-11 and has proven to be exceptionally useful. (In fact, it has been copied by other designers.) “Nowadays it's hard to imagine hardware that doesn't have a notion of a stack, but consider that a stack isn't important if you don't need recursion.” “The design for the PDP-11 was laid down in 1969 and if we look at the programming languages of the time, FORTRAN and COBOL, neither supported recursive function calls. The function call sequence would often store the return address at a blank word at the start of the procedure making recursion impossible.” A fourth weakness, limited interrupt capability and slow context switching, was essentially solved with the device of UNIBUS interrupt vectors, which direct device interrupts. The basic mechanism is very fast, requiring only four memory cycles from the time an interrupt request is issued until the first instruction of the interrupt routine begins execution. A fifth weakness of prior minicomputers, inadequate character-handling capability, was met in the PDP-11 by providing direct byte addressing capability. “Strings and character handling were of increasing importance during the 1960's as scientific and business computing converged. The predominant character encodings at the time were 6 bit character sets which provided just enough space for upper case letters, the digits 0 to 9, space, and a few punctuation characters sufficient for printing financial reports.” “Because memory was so expensive, placing one 6 bit character into a 12 or 18 bit word was simply unacceptable so characters would be packed into words. This proved efficient for storage, but complex for operations like move, compare, and concatenate, which had to account for a character appearing in the top or bottom of the word, expending valuable words of program storage to cope.” “The problem was addressed in the PDP-11 by allowing the machine to operate on memory as both a 16-bit word, and the increasingly popular 8-bit byte. The expenditure of 2 additional bits per character was felt to be worth it for simpler string handling, and also eased the adoption of the increasingly popular 7-bit ASCII standard of which DEC were a proponent at the time. Bell concludes this point with the throw away line:” Although string instructions are not yet provided in the hardware, the common string operations (move, compare, concatenate) can be programmed with very short loops. A sixth weakness, the inability to use read-only memories, was avoided in the PDP-11. Most code written for the PDP-11 tends to be pure and reentrant without special effort by the programmer, allowing a read-only memory (ROM) to be used directly. A seventh weakness, one common to many minicomputers, was primitive I/O capabilities. A ninth weakness of minicomputers was the high cost of programming them. Many users program in assembly language, without the comfortable environment of editors, file systems, and debuggers available on bigger systems. The PDP-11 does not seem to have overcome this weakness, although it appears that more complex systems are being built successfully with the PDP-11 than with its predecessors, the PDP-8 and PDP-15. The problems faced by computer designers can usually be attributed to one of two causes: inexperience or second-systemitis Before the PDP-11, there was no UNIX. Before the PDP-11, there was no C, this is the computer that C was designed on. If you want to know why the classical C int is 16 bits wide, it's because of the PDP-11. UNIX bought us ideas such as pipes, everything is a file, and interactive computing. UNIX, which had arrived at Berkley in 1974 aboard a tape carried by Ken Thompson, would evolve into the west coast flavoured Berkley Systems Distribution. Berkeley UNIX had been ported to the VAX by the start of the 1980's and was thriving as the counter cultural alternative to DEC's own VMS operating system. Berkeley UNIX spawned a new generation of hackers who would go on to form companies like Sun micro systems, and languages like Self, which lead directly to the development of Java. UNIX was ported to a bewildering array of computer systems during the 80's and the fallout from the UNIX wars gave us the various BSD operating systems who continue to this day. The article, and the papers it is summarizing, contain a lot more than we could possibly dig into even if we dedicated the entire show to the topic *** News Roundup Two-factor authentication SSH with Duo in FreeBSD 11 (https://www.teachnix.com/2017/11/29/configuring-two-factor-authentication-on-freebsd-with-duo/) This setup uses an SSH key as the first factor of authentication. Please watch Part 1 on setting up SSH keys and how to scp it to your server. Video guide (https://www.youtube.com/watch?v=E5EuvF-iaV0) Register for a free account at Duo.com Install the Duo package on your FreeBSD server pkg install -y duo Log into the Duo site > Applications > Protect an Application > Search for Unix application > Protect this Application This will generate the keys we need to configure Duo. Edit the Duo config file using the course notes template vi /usr/local/etc/pam_duo.conf Example config [duo] ; Duo integration key ikey = Integration key goes here ; Duo secret key skey = Secret key goes here ; Duo API host host = API hostname goes here Change the permissions of the Duo config file. If the permissions are not correct then the service will not function properly. chmod 600 /usr/local/etc/pam_duo.conf Edit the SSHD config file using the course notes template vi /etc/ssh/sshd_config Example config ListenAddress 0.0.0.0 Port 22 PasswordAuthentication no UsePAM yes ChallengeResponseAuthentication yes UseDNS no PermitRootLogin yes AuthenticationMethods publickey,keyboard-interactive Edit PAM to configure SSHD for Duo using the course notes template Example config ``` # auth auth sufficient pamopie.so nowarn nofakeprompts auth requisite pamopieaccess.so nowarn allowlocal auth required /usr/local/lib/security/pamduo.so # session # session optional pamssh.so wantagent session required pam_permit.so # password # password sufficient pamkrb5.so nowarn tryfirstpass password required pamunix.so nowarn tryfirstpass ``` Restart the sshd service service sshd restart SSH into your FreeBSD server and follow the link it outputs to enroll your phone with Duo. ssh server.example.com SSH into your server again ssh server.example.com Choose your preferred method and it should log you into your server. FreeBSD 2017 Release Engineering Recap (https://www.freebsdfoundation.org/blog/2017-release-engineering-recap/) This past year was undoubtedly a rather busy and successful year for the Release Engineering Team. Throughout the year, development snapshot builds for FreeBSD-CURRENT and supported FreeBSD-STABLE branches were continually provided. In addition, work to package the base system using pkg(8) continued throughout the year and remains ongoing. The FreeBSD Release Engineering Team worked on the FreeBSD 11.1-RELEASE, with the code slush starting mid-May. The FreeBSD 11.1-RELEASE cycle stayed on schedule, with the final release build starting July 21, and the final release announcement following on July 25, building upon the stability and reliability of 11.0-RELEASE. Milestones during the 11.1-RELEASE cycle can be found on the 11.1 schedule page (https://www.freebsd.org/releases/11.1R/schedule.html). The final announcement is available here (https://www.freebsd.org/releases/11.1R/announce.html). The FreeBSD Release Engineering Team started the FreeBSD 10.4-RELEASE cycle, led by Marius Strobl. The FreeBSD 10.4-RELEASE cycle continued on schedule, with the only adjustments to the schedule being the addition of BETA4 and the removal of RC3. FreeBSD 10.4-RELEASE builds upon the stability and reliability of FreeBSD 10.3-RELEASE, and is planned to be the final release from the stable/10 branch. Milestones during the 10.4-RELEASE cycle can be found on the 10.4 schedule page (https://www.freebsd.org/releases/10.4R/schedule.html). The final announcement is available here (https://www.freebsd.org/releases/10.4R/announce.html). In addition to these releases, support for additional arm single-board computer images were added, notably Raspberry Pi 3 and Pine64. Additionally, release-related documentation effective 12.0-RELEASE and later has been moved from the base system repository to the documentation repository, making it possible to update related documentation as necessary post-release. Additionally, the FreeBSD Release Engineering article in the Project Handbook had been rewritten to outline current practices used by the Release Engineering Team. For more information on the procedures and processes the FreeBSD Release Engineering Team follows, the new article is available here and continually updated as procedures change. Finally, following the availability of FreeBSD 11.1-RELEASE, Glen Barber attended the September Developer Summit hosted at vBSDCon in Reston, VA, USA, where he gave a brief talk comprising of several points relating directly to the 11.1-RELEASE cycle. In particular, some of the points covered included what he felt went well during the release cycle, what did not go as well as it could have, and what we, as a Project, could do better to improve the release process. The slides from the talk are available in the FreeBSD Wiki. During the question and answer time following the talk, some questions asked included: Q: Should developers use the ‘Relnotes' tag in the Subversion commit template more loosely, at risk of an increase in false positives. A: When asked when the tag in the template was initially added, the answer would have been “no”, however in hindsight it is easier to sift through the false positives, than to comb through months or years of commit logs. Q: What issues are present preventing moving release-related documentation to the documentation repository? A: There were some rendering issues last time it was investigated, but it is really nothing more than taking the time to fix those issues. (Note, that since this talk, the migration of the documentation in question had moved.) Q: Does it make sense to extend the timeframe between milestone builds during a release cycle from one week to two weeks, to allow more time for testing, for example, RC1 versus RC2? A: No. It would extend the length of the release cycle with no real benefit between milestones since as we draw nearer to the end of a given release cycle, the number of changes to that code base significantly reduce. FLIMP - GIMP Exploit on FreeBSD (https://flimp.fuzzing-project.org) In 2014, when starting the Fuzzing Project (https://fuzzing-project.org/), Hanno Böck did some primitive fuzzing on GIMP and reported two bugs. They weren't fixed and were forgotten in the public bug tracker. Recently Tobias Stöckmann found one of these bugs (https://bugzilla.gnome.org/show_bug.cgi?id=739133) (CVE-2017-17785) and figured out that it's easy to exploit. What kind of bug is that? It's a classic heap buffer overflow in the FLIC parser. FLIC is a file format for animations and was introduced by Autodesk Animator. How does the exploit work? Tobias has created a detailed writeup (https://flimp.fuzzing-project.org/exploit.html). The exploit doesn't work for me! We figured out it's unreliable and the memory addresses are depending on many circumstances. The exploit ZIP comes with two variations using different memory addresses. Try both of them. We also noticed putting the files in a subdirectory sometimes made the exploit work. Anything more to tell about the GIMP? There's a wide variety of graphics formats. GIMP tries to support many of them, including many legacy formats that nobody is using any more today. While this has obvious advantages - you can access the old images you may find on a backup CD from 1995 - it comes with risks. Support for many obscure file formats means many parsers that hardly anyone ever looks at. So... what about the other parsers? The second bug (https://bugzilla.gnome.org/show_bug.cgi?id=739134) (CVE-2017-17786), which is a simple overread, was in the TGA parser. Furthermore we found buffer overreads in the XCF parser (https://bugzilla.gnome.org/show_bug.cgi?id=790783) (CVE-2017-17788), the Gimp Brush (GBR) parser (https://bugzilla.gnome.org/show_bug.cgi?id=790784) (CVE-2017-17784) and the Paint Shop Pro (PSP) parser (https://bugzilla.gnome.org/show_bug.cgi?id=790849) (CVE-2017-17789). We found another Heap buffer overflow (https://bugzilla.gnome.org/show_bug.cgi?id=790849) in the Paint Shop Pro parser (CVE-2017-17787) which is probably also exploitable. In other words: The GIMP import parsers are full of memory safety bugs. What should happen? First of all obviously all known memory safety bugs should be fixed. Furthermore we believe the way GIMP plugins work is not ideal for security testing. The plug-ins are separate executables, however they can't be executed on their own, as they communicate with the main GIMP process. Ideally either these plug-ins should be changed in a way that allows running them directly from the command line or - even better - they should be turned into libraries. The latter would also have the advantage of making the parser code useable for other software projects. Finally it might be a good idea to sandbox the import parsers. Dell FS12-NV7 Review – Bargain FreeBSD/ZFS box (http://blog.frankleonhardt.com/2017/dell-fs12-nv7-review-bargain-freebsdzfs-box/) It seems just about everyone selling refurbished data centre kit has a load of Dell FS12-NV7's to flog. Dell FS-what? You won't find them in the Dell catalogue, that's for sure. They look a bit like C2100s of some vintage, and they have a lot in common. But on closer inspection they're obviously a “special” for an important customer. Given the number of them knocking around, it's obviously a customer with big data, centres stuffed full of servers with a lot of processing to do. Here's a hint: It's not Google or Amazon. So, should you be buying a weirdo box with no documentation whatsoever? I'd say yes, definitely. If you're interests are anything like mine. In a 2U box you can get twin 4-core CPUs and 64Gb of RAM for £150 or less. What's not to like? Ah yes, the complete lack of documentation. Over the next few weeks I intend to cover that. And to start off this is my first PC review for nearly twenty years. As I mentioned, it's a 2U full length heavy metal box on rails. On the back there are the usual I/O ports: a 9-way RS-232, VGA, two 1Gb Ethernet, two USB2 and a PS/2 keyboard and mouse. The front is taken up by twelve 3.5″ hard drive bays, with the status lights and power button on one of the mounting ears to make room. Unlike other Dell servers, all the connections are on the back, only. So, in summary, you're getting a lot for your money if its the kind of thing you want. It's ideal as a high-performance Unix box with plenty of drive bays (preferably running BSD and ZFS). In this configuration it really shifts. Major bang-per-buck. Another idea I've had is using it for a flight simulator. That's a lot of RAM and processors for the money. If you forego the SAS controllers in the PCIe slots and dump in a decent graphics card and sound board, it's hard to see what's could be better (and you get jet engine sound effects without a speaker). So who should buy one of these? BSD geeks is the obvious answer. With a bit of tweaking they're a dream. It can build-absolutely-everything in 20-30 minutes. For storage you can put fast SAS drives in and it goes like the wind, even at 3Gb bandwidth per drive. I don't know if it works with FreeNAS but I can't see why not – I'm using mostly FreeBSD 11.1 and the generic kernel is fine. And if you want to run a load of weird operating systems (like Windows XP) in VM format, it seems to work very well with the Xen hypervisor and Dom0 under FreeBSD. Or CentOS if you prefer. So I shall end this review in true PCW style: Pros: Cheap Lots of CPUs, Lots of RAM Lots of HD slots Great for BSD/ZFS or VMs Cons: Noisy no AES-NI SAS needs upgrading Limited PCI slots As I've mentioned, the noise and SAS are easy and relatively cheap to fix, and thanks to BitCoin miners, even the PCI slot problem can be sorted. I'll talk about this in a later post. Beastie Bits Reflections on Hackathons (https://undeadly.org/cgi?action=article;sid=20171126090055) 7-Part Video Crash Course on SaltStack For FreeBSD (https://www.youtube.com/watch?v=HijG0hWebZk&list=PL5yV8umka8YQOr1wm719In5LITdGzQMOF) The LLVM Thread Sanitizer has been ported to NetBSD (https://blog.netbsd.org/tnf/entry/the_llvm_thread_sanitizer_has) The First Unix Port (1998) (http://bitsavers.informatik.uni-stuttgart.de/bits/Interdata/32bit/unix/univWollongong_v6/miller.pdf) arm64 platform now officially supported [and has syspatch(8)] (https://undeadly.org/cgi?action=article;sid=20171208082238) BSDCan 2018 Call for Participation (https://www.freebsdfoundation.org/news-and-events/call-for-papers/bsdcan-2018-call-for-participation/) AsiaBSDCon 2018 Call for Papers (https://www.freebsdfoundation.org/news-and-events/call-for-papers/asiabsdcon-2018-call-for-papers/) *** Feedback/Questions Shawn - DragonFlyBSD vagrant images (http://dpaste.com/3PRPJHG#wrap) Ben - undermydesk (http://dpaste.com/0AZ32ZB#wrap) Ken - Conferences (http://dpaste.com/3E8FQC6#wrap) Ben - ssh keys (http://dpaste.com/0E4538Q#wrap) SSH Chaining (https://www.bsdnow.tv/tutorials/ssh-chaining) ***

We look at how Netflix serves 100 Gbps from an Open Connect Appliance, read through the 2nd quarter FreeBSD status report, show you a freebsd-update speedup via nginx reverse proxy, and customize your OpenBSD default shell. This episode was brought to you by Headlines Serving 100 Gbps from an Open Connect Appliance (https://medium.com/netflix-techblog/serving-100-gbps-from-an-open-connect-appliance-cdb51dda3b99) In the summer of 2015, the Netflix Open Connect CDN team decided to take on an ambitious project. The goal was to leverage the new 100GbE network interface technology just coming to market in order to be able to serve at 100 Gbps from a single FreeBSD-based Open Connect Appliance (OCA) using NVM Express (NVMe)-based storage. At the time, the bulk of our flash storage-based appliances were close to being CPU limited serving at 40 Gbps using single-socket Xeon E5–2697v2. The first step was to find the CPU bottlenecks in the existing platform while we waited for newer CPUs from Intel, newer motherboards with PCIe Gen3 x16 slots that could run the new Mellanox 100GbE NICs at full speed, and for systems with NVMe drives. Fake NUMA Normally, most of an OCA's content is served from disk, with only 10–20% of the most popular titles being served from memory (see our previous blog, Content Popularity for Open Connect (https://medium.com/@NetflixTechBlog/content-popularity-for-open-connect-b86d56f613b) for details). However, our early pre-NVMe prototypes were limited by disk bandwidth. So we set up a contrived experiment where we served only the very most popular content on a test server. This allowed all content to fit in RAM and therefore avoid the temporary disk bottleneck. Surprisingly, the performance actually dropped from being CPU limited at 40 Gbps to being CPU limited at only 22 Gbps! The ultimate solution we came up with is what we call “Fake NUMA”. This approach takes advantage of the fact that there is one set of page queues per NUMA domain. All we had to do was to lie to the system and tell it that we have one Fake NUMA domain for every 2 CPUs. After we did this, our lock contention nearly disappeared and we were able to serve at 52 Gbps (limited by the PCIe Gen3 x8 slot) with substantial CPU idle time. After we had newer prototype machines, with an Intel Xeon E5 2697v3 CPU, PCIe Gen3 x16 slots for 100GbE NIC, and more disk storage (4 NVMe or 44 SATA SSD drives), we hit another bottleneck, also related to a lock on a global list. We were stuck at around 60 Gbps on this new hardware, and we were constrained by pbufs. Our first problem was that the list was too small. We were spending a lot of time waiting for pbufs. This was easily fixed by increasing the number of pbufs allocated at boot time by increasing the kern.nswbuf tunable. However, this update revealed the next problem, which was lock contention on the global pbuf mutex. To solve this, we changed the vnode pager (which handles paging to files, rather than the swap partition, and hence handles all sendfile() I/O) to use the normal kernel zone allocator. This change removed the lock contention, and boosted our performance into the 70 Gbps range. As noted above, we make heavy use of the VM page queues, especially the inactive queue. Eventually, the system runs short of memory and these queues need to be scanned by the page daemon to free up memory. At full load, this was happening roughly twice per minute. When this happened, all NGINX processes would go to sleep in vm_wait() and the system would stop serving traffic while the pageout daemon worked to scan pages, often for several seconds. This problem is actually made progressively worse as one adds NUMA domains, because there is one pageout daemon per NUMA domain, but the page deficit that it is trying to clear is calculated globally. So if the vm pageout daemon decides to clean, say 1GB of memory and there are 16 domains, each of the 16 pageout daemons will individually attempt to clean 1GB of memory. To solve this problem, we decided to proactively scan the VM page queues. In the sendfile path, when allocating a page for I/O, we run the pageout code several times per second on each VM domain. The pageout code is run in its lightest-weight mode in the context of one unlucky NGINX process. Other NGINX processes continue to run and serve traffic while this is happening, so we can avoid bursts of pager activity that blocks traffic serving. Proactive scanning allowed us to serve at roughly 80 Gbps on the prototype hardware. Hans Petter Selasky, Mellanox's 100GbE driver developer, came up with an innovative solution to our problem. Most modern NICs will supply an Receive Side Scaling (RSS) hash result to the host. RSS is a standard developed by Microsoft wherein TCP/IP traffic is hashed by source and destination IP address and/or TCP source and destination ports. The RSS hash result will almost always uniquely identify a TCP connection. Hans' idea was that rather than just passing the packets to the LRO engine as they arrive from the network, we should hold the packets in a large batch, and then sort the batch of packets by RSS hash result (and original time of arrival, to keep them in order). After the packets are sorted, packets from the same connection are adjacent even when they arrive widely separated in time. Therefore, when the packets are passed to the FreeBSD LRO routine, it can aggregate them. With this new LRO code, we were able to achieve an LRO aggregation rate of over 2 packets per aggregation, and were able to serve at well over 90 Gbps for the first time on our prototype hardware for mostly unencrypted traffic. So the job was done. Or was it? The next goal was to achieve 100 Gbps while serving only TLS-encrypted streams. By this point, we were using hardware which closely resembles today's 100GbE flash storage-based OCAs: four NVMe PCIe Gen3 x4 drives, 100GbE ethernet, Xeon E5v4 2697A CPU. With the improvements described in the Protecting Netflix Viewing Privacy at Scale blog entry, we were able to serve TLS-only traffic at roughly 58 Gbps. In the lock contention problems we'd observed above, the cause of any increased CPU use was relatively apparent from normal system level tools like flame graphs, DTrace, or lockstat. The 58 Gbps limit was comparatively strange. As before, the CPU use would increase linearly as we approached the 58 Gbps limit, but then as we neared the limit, the CPU use would increase almost exponentially. Flame graphs just showed everything taking longer, with no apparent hotspots. We finally had a hunch that we were limited by our system's memory bandwidth. We used the Intel® Performance Counter Monitor Tools to measure the memory bandwidth we were consuming at peak load. We then wrote a simple memory thrashing benchmark that used one thread per core to copy between large memory chunks that did not fit into cache. According to the PCM tools, this benchmark consumed the same amount of memory bandwidth as our OCA's TLS-serving workload. So it was clear that we were memory limited. At this point, we became focused on reducing memory bandwidth usage. To assist with this, we began using the Intel VTune profiling tools to identify memory loads and stores, and to identify cache misses. Because we are using sendfile() to serve data, encryption is done from the virtual memory page cache into connection-specific encryption buffers. This preserves the normal FreeBSD page cache in order to allow serving of hot data from memory to many connections. One of the first things that stood out to us was that the ISA-L encryption library was using half again as much memory bandwidth for memory reads as it was for memory writes. From looking at VTune profiling information, we saw that ISA-L was somehow reading both the source and destination buffers, rather than just writing to the destination buffer. We realized that this was because the AVX instructions used by ISA-L for encryption on our CPUs worked on 256-bit (32-byte) quantities, whereas the cache line size was 512-bits (64 bytes)?—?thus triggering the system to do read-modify-writes when data was written. The problem is that the the CPU will normally access the memory system in 64 byte cache line-sized chunks, reading an entire 64 bytes to access even just a single byte. After a quick email exchange with the ISA-L team, they provided us with a new version of the library that used non-temporal instructions when storing encryption results. Non-temporals bypass the cache, and allow the CPU direct access to memory. This meant that the CPU was no longer reading from the destination buffers, and so this increased our bandwidth from 58 Gbps to 65 Gbps. At 100 Gbps, we're moving about 12.5 GB/s of 4K pages through our system unencrypted. Adding encryption doubles that to 25 GB/s worth of 4K pages. That's about 6.25 Million mbufs per second. When you add in the extra 2 mbufs used by the crypto code for TLS metadata at the beginning and end of each TLS record, that works out to another 1.6M mbufs/sec, for a total of about 8M mbufs/second. With roughly 2 cache line accesses per mbuf, that's 128 bytes * 8M, which is 1 GB/s (8 Gbps) of data that is accessed at multiple layers of the stack (alloc, free, crypto, TCP, socket buffers, drivers, etc). At this point, we're able to serve 100% TLS traffic comfortably at 90 Gbps using the default FreeBSD TCP stack. However, the goalposts keep moving. We've found that when we use more advanced TCP algorithms, such as RACK and BBR, we are still a bit short of our goal. We have several ideas that we are currently pursuing, which range from optimizing the new TCP code to increasing the efficiency of LRO to trying to do encryption closer to the transfer of the data (either from the disk, or to the NIC) so as to take better advantage of Intel's DDIO and save memory bandwidth. FreeBSD April to June 2017 Status Report (https://www.freebsd.org/news/status/report-2017-04-2017-06.html) FreeBSD Team Reports FreeBSD Release Engineering Team Ports Collection The FreeBSD Core Team The FreeBSD Foundation The Postmaster Team Projects 64-bit Inode Numbers Capability-Based Network Communication for Capsicum/CloudABI Ceph on FreeBSD DTS Updates Kernel Coda revival FreeBSD Driver for the Annapurna Labs ENA Intel 10G Driver Update pNFS Server Plan B Architectures FreeBSD on Marvell Armada38x FreeBSD/arm64 Userland Programs DTC Using LLVM's LLD Linker as FreeBSD's System Linker Ports A New USES Macro for Porting Cargo-Based Rust Applications GCC (GNU Compiler Collection) GNOME on FreeBSD KDE on FreeBSD New Port: FRRouting PHP Ports: Help Improving QA Rust sndio Support in the FreeBSD Ports Collection TensorFlow Updating Port Metadata for non-x86 Architectures Xfce on FreeBSD Documentation Absolute FreeBSD, 3rd Edition Doc Version Strings Improved by Their Absence New Xen Handbook Section Miscellaneous BSD Meetups at Rennes (France) Third-Party Projects HardenedBSD DPDK, VPP, and the future of pfSense @ the DPDK Summit (https://www.pscp.tv/DPDKProject/1dRKZnleWbmKB?t=5h1m0s) The DPDK (Data Plane Development Kit) conference included a short update from the pfSense project The video starts with a quick introduction to pfSense and the company behind it It covers the issues they ran into trying to scale to 10gbps and beyond, and some of the solutions they tried: libuinet, netmap, packet-journey Then they discovered VPP (Vector Packet Processing) The video then covers the architecture of the new pfSense pfSense has launched of EC2, on Azure soon, and will launch support for the new Atom C3000 and Xeon hardware with built-in QAT (Quick-Assist crypto offload) in November The future: 100gbps, MPLS, VXLANs, and ARM64 hardware support *** News Roundup Local nginx reverse proxy cache for freebsd-update (https://wiki.freebsd.org/VladimirKrstulja/Guides/FreeBSDUpdateReverseProxy) Vladimir Krstulja has created this interesting tutorial on the FreeBSD wiki about a freebsd-update reverse proxy cache Either because you're a good netizen and don't want to repeatedly hammer the FreeBSD mirrors to upgrade all your systems, or you want to benefit from the speed of having a local "mirror" (cache, more precisely), running a freebsd update reverse proxy cache with, say, nginx is dead simple. 1. Install nginx somewhere 2. Configure nginx for a subdomain, say, freebsd-update.example.com 3. On all your hosts, in all your jails, configure /etc/freebsd-update.conf for new ServerName And... that's it. Running freebsd-update will use the ServerName domain which is your reverse nginx proxy. Note the comment about using a "nearby" server is not quite true. FreeBSD update mirrors are frequently slow and running such a reverse proxy cache significantly speeds things up. Caveats: This is a simple cache. That means it doesn't consider the files as a whole repository, which in turn means updates to your cache are not atomic. It'd be advised to nuke your cache before your update run, as its point is only to retain the files in a local cache for some short period of time required for all your machines to be updated. ClonOS is a free, open-source FreeBSD-based platform for virtual environment creation and management (https://clonos.tekroutine.com/) The operating system uses FreeBSD's development branch (12.0-CURRENT) as its base. ClonOS uses ZFS as the default file system and includes web-based administration tools for managing virtual machines and jails. The project's website also mentions the availability of templates for quickly setting up new containers and web-based VNC access to jails. Puppet, we are told, can be used for configuration management. ClonOS can be downloaded as a disk image file (IMG) or as an optical media image (ISO). I downloaded the ISO file which is 1.6GB in size. Booting from ClonOS's media displays a text console asking us to select the type of text terminal we are using. There are four options and most people can probably safely take the default, xterm, option. The operating system, on the surface, appears to be a full installation of FreeBSD 12. The usual collection of FreeBSD packages are available, including manual pages, a compiler and the typical selection of UNIX command line utilities. The operating system uses ZFS as its file system and uses approximately 3.3GB of disk space. ClonOS requires about 50MB of active memory and 143MB of wired memory before any services or jails are created. Most of the key features of ClonOS, the parts which set it apart from vanilla FreeBSD, can be accessed through a web-based control panel. When we connect to this control panel, over a plain HTTP connection, using our web browser, we are not prompted for an account name or password. The web-based interface has a straight forward layout. Down the left side of the browser window we find categories of options and controls. Over on the right side of the window are the specific options or controls available in the selected category. At the top of the page there is a drop-down menu where we can toggle the displayed language between English and Russian, with English being the default. There are twelve option screens we can access in the ClonOS interface and I want to quickly give a summary of each one: Overview - this page shows a top-level status summary. The page lists the number of jails and nodes in the system. We are also shown the number of available CPU cores and available RAM on the system. Jail containers - this page allows us to create and delete jails. We can also change some basic jail settings on this page, adjusting the network configuration and hostname. Plus we can click a button to open a VNC window that allows us to access the jail's command line interface. Template for jails - provides a list of available jail templates. Each template is listed with its name and a brief description. For example, we have a Wordpress template and a bittorrent template. We can click a listed template to create a new jail with a vanilla installation of the selected software included. We cannot download or create new templates from this page. Bhyve VMs - this page is very much like the Jails containers page, but concerns the creation of new virtual machines and managing them. Virtual Private Network - allows for the management of subnets Authkeys - upload security keys for something, but it is not clear for what these keys will be used. Storage media - upload ISO files that will be used when creating virtual machines and installing an operating system in the new virtual environment. FreeBSD Bases - I think this page downloads and builds source code for alternative versions of FreeBSD, but I am unsure and could not find any associated documentation for this page. FreeBSD Sources - download source code for various versions of FreeBSD. TaskLog - browse logs of events, particularly actions concerning jails. SQLite admin - this page says it will open an interface for managing a SQLite database. Clicking link on the page gives a file not found error. Settings - this page simply displays a message saying the settings page has not been implemented yet. While playing with ClonOS, I wanted to perform a couple of simple tasks. I wanted to use the Wordpress template to set up a blog inside a jail. I wanted a generic, empty jail in which I could play and run commands without harming the rest of the operating system. I also wanted to try installing an operating system other than FreeBSD inside a Bhyve virtual environment. I thought this would give me a pretty good idea of how quick and easy ClonOS would make common tasks. Conclusions ClonOS appears to be in its early stages of development, more of a feature preview or proof-of-concept than a polished product. A few of the settings pages have not been finished yet, the web-based controls for jails are unable to create jails that connect to the network and I was unable to upload even small ISO files to create virtual machines. The project's website mentions working with Puppet to handle system configuration, but I did not encounter any Puppet options. There also does not appear to be any documentation on using Puppet on the ClonOS platform. One of the biggest concerns I had was the lack of security on ClonOS. The web-based control panel and terminal both automatically login as the root user. Passwords we create for our accounts are ignored and we cannot logout of the local terminal. This means anyone with physical access to the server automatically gains root access and, in addition, anyone on our local network gets access to the web-based admin panel. As it stands, it would not be safe to install ClonOS on a shared network. Some of the ideas present are good ones. I like the idea of jail templates and have used them on other systems. The graphical Bhyve tools could be useful too, if the limitations of the ISO manager are sorted out. But right now, ClonOS still has a way to go before it is likely to be safe or practical to use. Customize ksh display for OpenBSD (http://nanxiao.me/en/customize-ksh-display-for-openbsd/) The default shell for OpenBSD is ksh, and it looks a little monotonous. To make its user-experience more friendly, I need to do some customizations: (1) Modify the “Prompt String” to display the user name and current directory: PS1='$USER:$PWD# ' (2) Install colorls package: pkg_add colorls Use it to replace the shipped ls command: alias ls='colorls -G' (3) Change LSCOLORS environmental variable to make your favorite color. For example, I don't want the directory is displayed in default blue, change it to magenta: LSCOLORS=fxexcxdxbxegedabagacad For detailed explanation of LSCOLORS, please refer manual of colorls. This is my final modification of .profile: PS1='$USER:$PWD# ' export PS1 LSCOLORS=fxexcxdxbxegedabagacad export LSCOLORS alias ls='colorls -G' DragonFly 5 release candidate (https://www.dragonflydigest.com/2017/10/02/20295.html) Commit (http://lists.dragonflybsd.org/pipermail/commits/2017-September/626463.html) I tagged DragonFly 5.0 (commit message list in that link) over the weekend, and there's a 5.0 release candidate for download (http://mirror-master.dragonflybsd.org/iso-images/). It's RC2 because the recent Radeon changes had to be taken out. (http://lists.dragonflybsd.org/pipermail/commits/2017-September/626476.html) Beastie Bits Faster forwarding (http://www.grenadille.net/post/2017/08/21/Faster-forwarding) DRM-Next-Kmod hits the ports tree (http://www.freshports.org/graphics/drm-next-kmod/) OpenBSD Community Goes Platinum (https://undeadly.org/cgi?action=article;sid=20170829025446) Setting up iSCSI on TrueOS and FreeBSD12 (https://www.youtube.com/watch?v=4myESLZPXBU) *** Feedback/Questions Christopher - Virtualizing FreeNAS (http://dpaste.com/38G99CK#wrap) Van - Tar Question (http://dpaste.com/3MEPD3S#wrap) Joe - Book Reviews (http://dpaste.com/0T623Z6#wrap) ***

IdentityServer4 is all grown up! While at NDC in London, Carl and Richard sat down with Brock Allen and Dominick Baier to discuss their amazing open source product, IdentityServer. The conversation starts out where it left off last year, getting to the point of shipping IdentityServer with ASP.NET RC1. But literally a few hours later, RC2 was announced with serious breaking changes. The challenge of building software in the open! Dom and Brock talk through an implementation of IdentityServer using different federation sources, handling multi-tenancy and more. This is the right way to do identity!Support this podcast at — https://redcircle.com/net-rocks/donations

IdentityServer4 is all grown up! While at NDC in London, Carl and Richard sat down with Brock Allen and Dominick Baier to discuss their amazing open source product, IdentityServer. The conversation starts out where it left off last year, getting to the point of shipping IdentityServer with ASP.NET RC1. But literally a few hours later, RC2 was announced with serious breaking changes. The challenge of building software in the open! Dom and Brock talk through an implementation of IdentityServer using different federation sources, handling multi-tenancy and more. This is the right way to do identity!Support this podcast at — https://redcircle.com/net-rocks/donations

This week on BSDNow, we're going to be hearing about Allan's trip to EuroBSDCon, plus an Interview about “Bro on BSD”! Stay tuned, for your place to This episode was brought to you by Headlines EuroBSDCon 2016 Wrapup Ollivier Robert's Photos from EuroBSDCon (https://assets.keltia.net/photos/EuroBSDCon-2016/) Get your BSDNow die-cut stickers (http://www.jupiterbroadcasting.com/stickers/) NetBSD for newbies - Develop your own Power PC (http://discusscomputerx.blogspot.com/2016/09/netbsd-for-noobies-your-power-laptop.html) We don't get to feature too many stories on NetBSD being deployed as a Power PC (Not PowerPC, you know, a Powerful “PC”), so we jumped at this one. Specifically it starts off with some of the pre-req's that you'll need to get started, such as NetBSD 7.0.1 / amd64, along with some information about which wireless nics you may be using. (NetBSD like other BSD's will give a driver based device name for network interfaces) From there, instructions on how to write your WPA_supplicant config are provided, in order for us to fetch the NetBSD sources and convert to their -STABLE branch. After doing a CVS checkout of the sources, he then provides a walkthrough of doing a kernel compile / install, however it mentions changing the config, but doesn't provide an example of what options were changed. Perhaps to remove drivers we don't need? At this point the rest of the “desktop” setup is pretty straight forward. Some packages are added such as openbox, lxappearance, firefox, etc. To get working sound, firefox requires pulseaudio, which in turn needs dbus, so instructions on getting that service up and running are provided as well. When it's all said and done, you'll end up with your shiny new NetBSD -STABLE desktop (or laptop), bragging rights achieved! *** More about OpenSMTPD 6.0.0 (https://www.poolp.org/tech/posts/2016/09/12/opensmtpd-6-0-0-released/) OpenSMTPd 6.0.0 has just been released “and it's quite different from former releases.” “Unlike most of our releases, it comes out with almost no new feature.”, “Turns out most of the changes are not visible.” Changelog: new fork+reexec model so each process has its own randomized memory space logging format has been reworked a "multi-line response" bug in the LMTP delivery backend has been fixed connections concurrency limits have been bumped artificial delaying in remote sessions have been reduced dhparams option has been removed dhe option has been added, supporting auto and legacy modes smtp engine has been simplified various cosmetic changes, code cleanup and documentation improvement “The OpenSMTPD bootstrap process was quite simple: Upon executation, the parent process would read configuration, build a memory representation of it and would then create a bunch of socketpair() before fork()-ing all of its child processes.” The problem is that this does not take advantage of the new address randomization feature. Each child will have the same memory layout, copied from the parent process “So deraadt@ suggested that if OpenSMTPD would not just fork() children but instead fork() them and reexecute the smtpd binary, then each of the children would have its own randomized memory space.” “The idea itself is neat, however not so trivial to implement because when we reexec the whole "inherit configuration and descriptors" part goes away. It's not just fork and exec, it's fork and exec and figure a way for the parent to pass back all the information and descriptors back to the new post-fork instance so it is the new instance that allocates memory and decides where the information goes.” *** Upgrade a FreeBSD 10.3 Installation with ZFS on Root and Full Disk Encryption to 11.0 (http://ftfl.ca/blog/2016-09-17-zfs-fde-one-pool-conversion.html) While FreeBSD 11.0 is not out yet, Joseph Mingrone has helped me work out and test the instructions for upgrading a FreeBSD 10.3 ZFS on full disk encryption setup (bootpool + zpool) to the new GELIBoot feature, which does not require any unencrypted partitions, just the 128kb bootcode Note: Do not upgrade to FreeBSD 11.0 yet. While some images have landed on the FTP server, they do not contain the final openssl fix and are going to be recreated. Currently, GELIBoot does not support key files, so the first step is to reencrypt the master key with only a passphrase. Next, to avoid GELIBoot picking up encrypted partitions that it does not support, or partitions you do not want decrypted at boot, only partitions with the GELIBoot flag are decrypted, so set the flag on your root partition Then, move the loader, kernel, and other files into /boot on the root filesystem, instead of them living on the bootpool. This allows the kernel to be versioned with boot environments, and is the main purpose of this work Then, install the newer gptzfsboot, as this is required to support GELIBoot The old 2gb bootpool partition is then purposely mislabeled as freebsd-vinum, so it is not picked up by the boot blocks. Later, if the upgrade is successful, this partition can be deleted, and used as addition swap or something In order to boot correctly, you want all boot environments to have the ‘canmount' ZFS property set to ‘noauto' Thank you to Joseph for taking the time to prod me for the information required to write this up, and for testing it and finding all of the issues *** Interview - Michael Shirk - mshirk@daemon-security.com (mailto:mshirk@daemon-security.com) / @shirkdog (https://twitter.com/shirkdog) Running Bro on BSD *** News Roundup FreeBSD based distro for virtual hosting platform and appliance (https://clonos.tekroutine.com/) An interesting new FreeBSD-based project as shown up online, called “ClonOS”, which bills itself as a “free open-source FreeBSD-based platform for virtual environments creation and management” It looks to be leveraging an impressive list of technologies, including Bhyve, Xen, Jails and CBSD / Puppet for management tasks. Among its list of features: ZFS features support; VM cloning, export, import Ethernet SoftSwitch for separated networking jails for lightweight container VNC terminal for VM/containers Templates for VM/containers Configuration management/helpers Multi-node operation Multi-Node? Color me intrigued! Right now it appears to be under heavy development, but we'll reach out to the developer to see if we can get an interview lined up at some point! The Raspberry PI Platform and The Challenges of Developing FreeBSD (https://bsdmag.org/oleksandr_rybalko/) BSDMag recently did an interview with FreeBSD developer Olesandr Rybalko! Oleksandr lives in the Ukraine, and while you may not have heard of him, he has worked on some cool projects for FreeBSD including the new “vt” console driver (Which a lot of people are using now), and ARM/MIPS support. The interview covers some of the work he's done to get the PI support working with FreeBSD: I think, my main help here was a USB OTG driver, which I wrote before for another device (Ralink RT3052), then port it to R-Pi. But it was rewritten by Hans Peter Selasky. I do not know so much about USB as Hans knows. Another useful part of my help is Xorg support. I did a simple Xorg video driver which uses framebuffer exported by virtual terminal subsystem. That is help to many guys to start use RPi as a simple desktop system. He was also asked the question “Why would FreeBSD be good fit for ARM?” FreeBSD is very powerful as a network server. All modern network features in one box, with very fast processing. Another good side of FreeBSD is modularity. It is not required to write code to use some driver that was already written for another system, you can just define it in configuration files (kernel config, kernel hints, FDT). So if you want build a nice, R-Pi based, home server – use FreeBSD. If you want to play with devices attached to R-Pi's GPIO – use FreeBSD. He also discusses his work on the ZRouter project, which is a very light-weight platform for tiny routers / embedded devices. But lastly the RPI comes up again, specifically asking him how interested individuals can get involved. Specifically the wiki.freebsd.org is a great reference point for those intested in getting started with FreeBSD on embedded. The warm community is also a plus! Trying out the FreeBSD powered TrueOS (http://www.phoronix.com/scan.php?page=news_item&px=TrueOS-First-Spin) The folks over at Phoronix have done an early look at the new TrueOS desktop images and given some of their thoughts. First up he gives props to the installer, noting that: The TrueOS desktop installer is basically the same as from the PC-BSD days, just re-branded. Still one of the easiest BSD graphical installers I've dealt with and makes it a breeze for setting up a FreeBSD-on-ZFS system by default. After that they took it for a minimal spin, and thing mostly seem to be working. He mentions some of the default apps (Such as qupzilla and trojita) aren't their favorite, but Lumina has come quite a ways for 1.0, despite a few rough edges still. (We are in the process of changing those default e-mail / browser apps) Lastly the article mentions that it's time to do a more full BSD round-up to see the state of installation of them, which we happen to have next! Trying out 8 BSDs on a modern PC (http://www.phoronix.com/scan.php?page=article&item=trying-8-bsds&num=1) First up was TrueOS again, which no major changes there, easy install and done. From there he tries out DragonFlyBSD, which he mentions that while the installer isn't as easy, it is still one of his favorite BSD's, working with all the hardware they've thrown at it. Next up was GhostBSD, which also has an Easy-To-Use graphical installer similar to TrueOS that made it quick to get loaded and up to the Mate desktop. Also tested was FreeBSD 11.0-RC2, which he mentions was easy to installed, and once done then ‘pkg' could be used to easily get the setup he wanted setup. Turning over to page two we get to the naughty list of BSD's he had troubles with. First up was OpenBSD which he tried 6.0. After installation and first boot, the display kept ‘disappearing' which meant he couldn't get IP information to try SSH'ing into the box. Perhaps a display driver error? NetBSD 7 was up next, where the installer couldn't get past a root device prompt. Most likely trouble finding the install media, which was the same story with MightnightBSD as well. Also tested was “PacBSD” (Formerly ArchBSD) which he did manage to get installed, but not after major fighting with the process. After the process he ran into some issues getting packages up and running, but mentions it may have been bad timing due to them moving to a new server at the time. *** IllumOS imports a modified FreeBSD boot loader to replace grub 0.97 (https://www.listbox.com/member/archive/182181/2016/09/sort/time_rev/page/1/entry/0:1/20160923124232:B7978ED4-81AC-11E6-A6DA-02E3F010038B/) Toomas Soome's work to port the FreeBSD boot loader to IllumOS has been merged into illumos-gate, the upstream repository for all IllumOS distributions Toomas' work has also resulted in a number of commits to FreeBSD, and code sharing in both directions Toomas helped me a lot with the building of the ZFS boot environment listing menu, even though on IllumOS they use a configuration file to list the BEs, rather than interrogating the live zpool like we do in FreeBSD Toomas' work to improve msdosfs and the block cache to speed up booting IllumOS also greatly helped FreeBSD This work means IllumOS can now boot from a RAID-Z (the old grub they used could not), and if the work Toomas has done on FreeBSD is any indication, support for almost all other zpool features is also on the way This work also sets IllumOS on a path to eventually having UEFI boot as well It is good to see this work happening, FreeBSD technology being reused elsewhere, but also the improvements being made for IllumOS are coming back to FreeBSD, often landing upstream first, to make merging them into IllumOS easier. The mailing list post describes how to convert existing systems away from grub, as well as how to opt to remain on grub for a while longer. Grub 0.97 is expected to be removed from IllumOS within a year. *** Beastie Bits A demo of booting CentOS and Windows 10 in FreeBSD Bhyve through VNC headless (https://www.youtube.com/watch?v=8YQQfXqtyaA) This year's anemic output (http://blather.michaelwlucas.com/archives/2762) “PAM Mastery” ebook now out (http://blather.michaelwlucas.com/archives/2771) How-to Install OpenBSD 6.0 plus XFCE desktop and basic applications (https://www.youtube.com/watch?v=oC5D9fenQBs) *** Feedback/Questions Piotr - LibreBoot (http://pastebin.com/yniniNpV) Alan - FreeBSD and PC-BSD (http://pastebin.com/dCNX0yF7) Eduardo - Newcomers (http://pastebin.com/LndNeAYb) Greg - ZFS ACL's (http://pastebin.com/F0y6L6NK) Brian - Laptop Recs (http://pastebin.com/sqMPJGMM) ***

This week on BSDNow, Allan is back from his UK trip and we'll get to hear his thoughts on the developer summit. That plus all the This episode was brought to you by Headlines FreeBSD 11.0-RC1 Available (https://lists.freebsd.org/pipermail/freebsd-stable/2016-August/085277.html) FreeBSD is marching onwards to 11.0, and with it the first RC1 was released. In addition to the usual amd64 architectures, you may want to give it a whirl on your various ARM boards as well, as it includes images for the following systems: 11.0-RC1 amd64 GENERIC 11.0-RC1 i386 GENERIC 11.0-RC1 powerpc GENERIC 11.0-RC1 powerpc64 GENERIC64 11.0-RC1 sparc64 GENERIC 11.0-RC1 armv6 BANANAPI 11.0-RC1 armv6 BEAGLEBONE 11.0-RC1 armv6 CUBIEBOARD 11.0-RC1 armv6 CUBIEBOARD2 11.0-RC1 armv6 CUBOX-HUMMINGBOARD 11.0-RC1 armv6 GUMSTIX 11.0-RC1 armv6 RPI-B 11.0-RC1 armv6 RPI2 11.0-RC1 armv6 PANDABOARD 11.0-RC1 armv6 WANDBOARD 11.0-RC1 aarch64 GENERIC For those wondering the list of changes between this and BETA4, we have that as well: A NULL pointer dereference in IPSEC has been fixed. Support for SSH Protocol 1 has been removed. OpenSSH DSA keys have been disabled by default. Users upgrading from prior FreeBSD versions are urged to update their SSH keys to RSA or ECDSA keys before upgrading to 11.0-RC1. PCI-e hotplug on bridges with power controllers has been disabled. A loader tunable (hw.pci.enablepciehp) to disable PCI-e HotPlug has been added. A VESA panic on suspend has been fixed. Google Compute Engine image publication has been fixed. An AES-ICM heap corruption typo bug has been fixed. A regression in pf.conf while parsing the 'interval' keyword has been fixed. A ZFS/VFS deadlock has been fixed. RC2 is delayed while some issues are sorted out (https://lists.freebsd.org/pipermail/freebsd-stable/2016-August/085323.html) RC2 is looming large, but was pushed back a few days while the following bugs are sorted out: Issue with IPv6 UDP traffic being sent from wrong MAC address Layer2 violation with IPv6 *** OpenBSD just added initial support for the RaspberryPi 2 and 3 devices (https://marc.info/?l=openbsd-cvs&m=147059203101111&w=2) It's a good time to be an ARM and BSD enthusiast. In addition to all the ARM images in FreeBSD 11.0, we also have word that initial support for RPi2 and RPi3 has started to land in OpenBSD. Mark Kettenis has posted the following with his Commit: Initial support for Raspberry Pi 2/3. All the hard work done by patrick@, I just cleaned things up a bit. Any bugs introduced in that process are entirely mine. This doesn't work yet. But when it does, you'll need recent firmware from the Raspberry Pi Foundation git repository at: https://github.com/raspberrypi/firmware The device tree for the Raspberry Pi is somewhat in flux as bits and pieces to support the Raspberry Pi 2 and 3 are committed to the mainline Linux kernel.“ + Exciting news! We will of course keep you informed as to when we have images to play with. Running OpenBSD / PF on a RPi does sound intriguing. drm-4.8-rc2 tagged in drm-next (https://lists.freebsd.org/pipermail/freebsd-x11/2016-August/017840.html) Remember when FreeBSD lagged so far behind in Graphics support? Well, those days are rapidly coming to an end. Matt Macy has posted an update to the FreeBSD X11 list with news of his DRM branch being caught up all the way to Linux 4.8-RC2 now. This is a huge accomplishment, with Matt commenting: As of this moment sys/dev/drm in the drm-next tree is sync with https://github.com/torvalds/linux drivers/gpu/drm (albeit only for the subset of drivers that FreeBSD supports - i915, radeon, and amdgpu). I feel this is a bit of a milestone as it means that it is possible that in the future graphics support on FreeBSD could proceed in lockstep with Linux. For those who want to try out the latest support, you can build from his branch at the following GitHub location: (https://github.com/FreeBSDDesktop/freebsd-base-graphics) Or, if compiling isn't your thing, TrueOS (The re-branded PC-BSD) will be releasing the a new ISO based upon his update to Linux 4.7 in the coming days, with 4.8-RC2 to follow in the next week or two. *** Installing FreeBSD for Raspberry Pi (https://www.freebsdfoundation.org/freebsd/how-to-guides/installing-freebsd-for-raspberry-pi/) People have been running FreeBSD on various RPi devices for a while now, however there are still a lot of people who probably need a hand to get boot-strapped on their RPi system. The FreeBSD foundation has put together a nice tutorial which walks even the most novice user through getting FreeBSD up and running. In particular this could become a good way for students or other FreeBSD newcomers to try out the OS on a relatively low-cost platform outside of a VM. The tutorial starts of with a check-list of the specific items you'll need to get started, for RPi 1 (a/b) or RPi 2 hardware. From there, instructions on how to get the downloaded images onto a sdcard are provided, including Mac and Windows image burning details. With this done, it's really only a matter of plugging in your device to be presented with your new RPi + FreeBSD system. The most important details (the default username/password) at also provided, so don't skim too quickly. *** Interview - Drew Gurkowski Foundation Intern: First time FreeBSD User and Writing Tutorials *** News Roundup FreeBSD's ipfw gets a NAT64 implementation (https://svnweb.freebsd.org/base?view=revision&revision=304046) A new feature has been added to FreeBSD's native firewall, ipfw2 The new loadable module implements stateless and stateful NAT64 “Stateless translation is appropriate when a NAT64 translator is used in front of IPv4-only servers to allow them to be reached by remote IPv6-only clients.” With this setup, you map specific IPv6 addresses to the corresponding IPv4 address, allowing IPv4 only servers to be reachable on the v6 network. “Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.” This configuration allows many IPv6 only clients to reach the “legacy” internet. The FreeBSD cluster has been waiting for this feature for a while, because they have limited IP addresses, but many service jails that require access to services like GitHub that are not IPv6 enabled. The work was sponsored by Yandex, the Russian search engine and long time FreeBSD user Example configurations for both types are included in the commit message If you would find this feature useful, please take the time to set it up and document the steps and contribute that to the FreeBSD Handbook. *** Update on using LLVM's lld linker in the FreeBSD base system (https://lists.freebsd.org/pipermail/freebsd-toolchain/2016-August/002240.html) Ed Maste has written a lengthy update on the progress being made towards using LLVM's lld linker as a replacement for GNU's ‘ld'. Ed starts off by giving us some of the potential benefits of using lld vs the 2.17.50 ‘ld' version FreeBSD currently uses: AArch64 (arm64) support Link Time Optimization (LTO) New ABI support Other linker optimization Much faster link times Maintained code base Ed also gives us an update on several of the major blockers: Since the last update in March several lld developers have implemented much of the missing functionality. The main blockers were symbol version support and expression evaluation in the linker script expression parser. Both are now nearly complete“ A detailed plan was also articulated in respect to switching over: Update lld along with the Clang/LLVM 3.9 update that dim@ is working on. Add the bmake build infrastructure, installing as /usr/bin/ld.lld on the same architectures that use Clang (amd64, arm, arm64, i386). I don't think there's a need for a WITH_LLD src.conf knob, but will add one if desired. Update lld again (most likely to a snapshot from upstream SVN) once it is able to link an unmodified FreeBSD kernel. Modify the boot loader and kernel builds to avoid using features not implemented by lld. Introduce a WITHLLDAS_LD knob to have /usr/bin/ld be a ld.lld hardlink instead of /usr/bin/ld.bfd. Request ports exp-runs and issue a call for testing with 3rd party software. Fix issues found during this process. Switch /usr/bin/ld to ld.lld by default in head for the Clang-using architectures. Add a WITHOUTLLDAS_LD knob to switch back to GNU ld. *** How to install FreeBSD with ZFS filesystem on DigitalOcean (https://github.com/fxlv/docs/blob/master/freebsd/freebsd-with-zfs-digitalocean.md) I know we've mentioned using FreeBSD + ZFS on digital ocean in the past, but today we have a nice HowTo by Kaspars Mickevics (fxlv) on GitHub. Before getting started, kaspars mentions some pre-reqs. First up he recommends starting with a Minimum of 2GB of RAM. (The $20/mo droplet). This is to ensure you have plenty of cushion to avoid running out of memory during the process. It is possible to use ZFS with less, but depending on your desired workload this does make sense. From there, checking out “mfsBSD” is discussed, along with details on how to make it suitable for a DO installation. (Mostly just disabling DHCP for the network device) For good measure ‘pkg-static' is also included. With that done, using mfsBSD you will create a tar file, which is then extracted on top of the running system. After rebooting, you will be able to run “bsdinstall” and proceed to installing / formatting your disk with ZFS as normal. A good tutorial, something I may need to do here in the near future. User manages to get OpenBSD and FreeBSD working with Libreboot (https://lists.nongnu.org/archive/html/libreboot/2016-08/msg00058.html) In a short drive-by post to the Libreboot mailing list Piotr Kubaj gives a quick notice that he managed to get OpenBSD and FreeBSD both booting. > I know GNU people don't like BSD, so let me make it quick :) > > > I've succeeded in booting FreeBSD 11.0-RC1 using txt mode on my X200 > with the newest Libreboot. > > To get installer to boot, I used: > kfreebsd (usb0,gpt3)/boot/kernel/kernel > set FreeBSD.vfs.mountfrom=ufs:/dev/da1p3 > boot > > I didn't try to install yet. > The trick looks relatively simple (looks like GRUB), manually loading the kernel with ‘kfreebsd' and then setting the vfs.root.mountfrom variable to find the USB stick. In an update he also mentions booting OpenBSD with ‘kopenbsd' instead of ‘kfreebsd' (again GRUB syntax) Now somebody will need to test installation of the system (he didn't) and see what other issues may crop up in running BSD on a free BIOS. *** Beastie Bits: The ACPICA (ACPI Component Architecture) coding language AML now in DragonFly BSD (http://lists.dragonflybsd.org/pipermail/commits/2016-July/624192.html) Release announcement for 4.3BSD Tahoe from 1988 (https://groups.google.com/forum/#!topic/comp.sys.tahoe/50ManvdM1-s) Feedback/Questions Mike - Jail Uptime (http://pastebin.com/FLpybL6D) Greg - Router Hardware (http://pastebin.com/RGuayhB3) Kristof writes in (http://pastebin.com/NT4zmHiG) Ty - Updates and Logs (http://pastebin.com/CtetZdFg) Benjamin - MTA Bug (http://pastebin.com/Qq3VbQG2) ***

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved This episode was brought to you by Headlines Multiple Bugs in OpenBSD Kernel (http://marc.info/?l=oss-security&m=146853062403622&w=2) Its patch Wednesday! (OR last Thursday if you were watching the mailing lists) Jesse Hertz and Tim Newsham (part of the NCC Group calling themselves project Triforce) have been working with the OpenBSD team to fix some newly discovered bugs in the kernel using fuzzing. Specifically they were able to track down several potential methods to corrupt memory or panic the kernel: mmap_panic: Malicious calls to mmap() can trigger an allocation panic or trigger memory corruption. kevent_panic: Any user can panic the kernel with the kevent system call. thrsleeppanic: Any user can panic the kernel with the _thrsleep system Call. thrsigdivertpanic: Any user can panic the kernel with the _thrsigdivert system call. ufsgetdentspanic: Any user can panic the kernel with the getdents system call. mount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when mounting a tmpfs filesystem. unmount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when unmounting a filesystem. tmpfsmknodpanic: Root can panic kernel with mknod on a tmpfs filesystem. This was a great find, and we have a link to more of the results, if you would like to explore them in more detail. NCC Group OpenBSD Kernel fuzzing results (http://www.openwall.com/lists/oss-security/2016/07/14/5) Would like to see more work like this done in all of the BSDs *** Running CockroachDB in a FreeBSD Jail (https://www.cockroachlabs.com/blog/critters-in-a-jar-running-cockroachdb-in-a-freebsd-jail/) The developers behind CockroachDB have written up a nice walkthrough of getting their software to run inside FreeBSD jails. “Manually encapsulating CockroachDB using Linux cgroups is no easy task, which is why tools like Docker exist in the first place. By comparison, running server processes natively in FreeBSD jails is straightforward and robust.” The walkthrough begins with compiling CockroachDB straight from source (A port is pending), which is pretty easy relying upon bash / git / gmake and GO. With the compile finished, the next step will be mounting linprocfs, although that may be going away in the future: “(Note: Linux compatibility files / packages / libraries are not needed further. CockroachDB uses Linux's procfs to inspect system properties via gosigar. If/when gosigar evolves to read FreeBSD properties natively, CockroachDB will not need linprocfs any more.)” With the initial setup complete, the walkthrough then takes us through the process of creating the rc.d script (Which should be included with the port) and ultimately setting up ezjail and deploying CockroachDB within. With the word getting out about jails and their functionality, we hope to see more projects also provide walkthroughs and FreeBSD support natively. Kudos to the CockroachDB team! *** Usermount bugs (https://marc.info/?l=openbsd-announce&m=146854517406640&w=2) kern.usermount, (vfs.usermount on FreeBSD) is a sysctl that can be enabled to allow an unprivileged user to mount filesystems. It is very useful for allowing non-root users to mount a USB stick or other external media. It is not without its dangers though: > “kern.usermount=1 is unsafe for everyone, since it allows any non-pledged program to call the mount/umount system calls. There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely.” In OpenBSD 6.0 and forward, the setting will no longer work, and root privileges will be required to mount a filesystem If there is a bug in the filesystem driver, the user could potentially exploit that and root the system > “In addition to the patched bugs, several panics were discovered by NCC that can be triggered by root or users with the usermount option set. These bugs are not getting patched because we believe they are only the tip of the iceberg. The mount system call exposes too much code to userland to be considered secure” This is a very pragmatic way of dealing with these issues, as it is not really possible to be sure that EVERY bug has been fixed, and that this feature is no longer an exploit vector usermount being removed from OpenBSD (http://undeadly.org/cgi?action=article&sid=20160715125022) I use this facility in FreeBSD extensively, combined with ZFS permission delegation, to allow non-root users to create and mount new ZFS datasets, and to do replication without requiring any root access There are some safety belts, for instance: the user must own the directory that the new filesystem will be mounted to, so they can't mount to /etc and replace the password file with their own *** Let's Encrypt client from BSD in C (https://kristaps.bsd.lv/letskencrypt/) File this one under the category of “It's about time!”, but Kristaps (Who we've interviewed in the past) has released some new software for interacting with letsencrypt. The header for the project site sums it up nicely: “Be up-front about security: OpenSSL is known to have issues, you can't trust what comes down the pipe, and your private key's integrity is a hard requirement. Not a situation where you can be careless. letskencrypt is a client for Let's Encrypt users, but one designed for security. No Python. No Ruby. No Bash.A straightforward, open source implementation in C that isolates each step of the sequence.” What specifically does it isolate you ask? Right now it is broken down into 6 steps: read and parse an account and domain private key authenticate with the Let's Encrypt server authorise each domain listed for the certificate submit the X509 request receive and serialise the signed X509 certificate request, receive, and serialise the certificate chain from the issuer I don't know about all of you, but I'm going to be switching over one of my systems this weekend. *** News Roundup Videos from the FOSDEM BSD Dev room are now online (https://video.fosdem.org/2016/k4601/) The videos from the BSD Dev room at FOSDEM have been stealthily posted online at some point since last I checked The videos are individually linked from the talks on the Schedule (https://archive.fosdem.org/2016/schedule/track/bsd/) The talk pages also include the slides, which can help you to follow along *** FreeBSD on Jetson TK1 (http://kernelnomicon.org/?p=628) The nVidia Jetson TK1 is a medium sized ARM device that is a big more than your standard Raspberry Pi The device has: NVIDIA 4-Plus-1™ Quad-Core ARM® Cortex™-A15 CPU (2.3 GHz) NVIDIA Kepler GPU with 192 CUDA Cores 2 GB DDR3L x16 Memory with 64-bit Width 16 GB 4.51 eMMC Memory 1 Half Mini-PCIE Slot 1 Full-Size SD/MMC Connector 1 Full-Size HDMI Port 1 USB 2.0 Port, Micro AB 1 USB 3.0 Port, A 1 RS232 Serial Port 1 ALC5639 Realtek Audio Codec with Mic In and Line Out 1 RTL8111GS Realtek GigE LAN 1 SATA Data Port SPI 4 MByte Boot Flash The following signals are available through an expansion port: DP/LVDS Touch SPI 1x4 + 1x1 CSI-2 GPIOs UART HSIC i2c The device costs $192 USD from nVidia or Amazon Oleksandr Tymoshenko (gonzo@freebsd.org) has a post describing what it takes to get FreeBSD running on the Jetson TK1 > “First of all – my TK1 didn't have U-Boot. Type of bootloader depends on the version of Linux4Tegra TK1 comes with. Mine had L4T R19, with some kind of “not u-boot” bootloader.” They tried using the provided tool, compiled on FreeBSD since it uses libusb, but it gave an error. Falling back to trying from Ubuntu, they got the same error. They then flashed the TK1 with newer firmware, and suddenly, uboot is available. The post then walks through pxe booting FreeBSD on the TK1 The guide then walks through replacing the UBoot with a version compatible with UBLDR, for more features We'll have to wait for another post to get FreeBSD burned onto the device, but at this point, you can reliably boot it without any user interaction I have one of these devices, so I am very interested in this work *** Why we use OpenBSD at VidiGaurd (https://blog.vidiguard.com/why-we-use-openbsd-at-vidiguard-4521f217b2b7#.9r86v742v) VidiGuard (Which makes autonomous drone solutions for security monitoring) has posted an interesting write-up on why they use OpenBSD. Specifically they start by mentioning while they are in business to provide physical security, they just as equally value their data security, especially their customer data. They name 4 specific features that matter to them, starting with Uncompromising Quality and Security: “Over the past 20 years, OpenBSD's focus on uncompromising quality and code correctness has yielded an operating system second-to-none. Code auditing and review is core to the project's development process. The team's focus on security includes integrated cryptography, new security mitigation techniques, and an optional-security-is-no-security stance, making it arguably the most secure operating system available today. This approach pays off in the form of only a few security updates for a given release, compared to other operating systems that might release a handful of updates every week.” High praise indeed! They also mention the sane-defaults, documentation and last but not least, the license as also winning factors in making OpenBSD their operating system of choice. Thanks to VidiGuard for publically detailing the use of BSD, and we hope to see other business follow suit! *** "You can (and should) slow down and learn how things work" – Interview with Dru Lavigne (https://bsdmag.org/dru_lavigne/) If you've been around the BSD community for any length of time, you no doubt have heard of Dru Lavigne (Or perhaps own one of her books!) She was recently interviewed by Luca Ferrari for BSD Magazine and you may find it a fascinating read. The 2nd question asked sounded a lot like our opener to an interview (How did you get into BSD) “ In the mid 90s, I went back to school to learn network and system administration. As graduation grew near and I started looking for a work, I noticed that all the interesting jobs wanted Unix skills. Wanting to increase my skills, and not having any money, I did an Internet search for “Free Unix”. The first hit was freebsd.org. I went to the website and started reading the Handbook and thought “I can do this”. Since I only had access to one computer and wanted to ramp up my skills quickly, I printed out the installation and networking chapters of the Handbook. I replaced the current operating system with FreeBSD and forced myself to learn how to do everything I needed to do on that computer in FreeBSD. It was a painful (and scary) few weeks as I figured out how to transition the family's workflow to FreeBSD, but it was also exhilarating to learn that “yes, I can do this!. Since then, I've had the opportunity to try out or administer the other BSDs, several Linux distros, SCO, and Solaris. I found that the layout, logic, and release engineering process of the BSDs makes the most sense to me and I'm happiest when on a BSD system.” When asked, Dru also had a good response to what challenges potential new UNIX or BSD users may face: “Students who haven't been exposed to open source before are used to thinking of technology in terms of a purchasable brand consisting of “black boxes” that are supposed to “just work”, without having to think about how they work. You can (and should) slow down and learn how things work. It can be a mind shift to learn that the freedom to use and change how something works does exist, and isn't considered stealing. And that learning how something works, while hard, can be fun. BSD culture, in particular, is well suited for those who have the time and temperament to dive into how things work. With over 40 years of freely available source and commit messages, you can dive as deep as you want into learning how things came to be, how they evolved over the years, how they work now, and how they can be improved. There is a diverse range of stuff to choose from: from user tools to networking to memory management to hardware drivers to security mechanisms and so on. There is also a culture of sharing and learning and encouragement for users who demonstrate that they have done their homework and have their own ideas to contribute.” The interview is quite long, and Dru provides fantastic insights into more aspects of BSD in general. Well worth your time to read! *** Beastie Bits: Ed Maste is seeking testing 'withoutgpldtc' (https://twitter.com/ed_maste/status/755474764479672321) “PAM Mastery” tech reviewers wanted (http://blather.michaelwlucas.com/archives/2717) OPNsense 16.7 RC2 (https://opnsense.org/opnsense-16-7-rc2-released/) Jupyter Notebook for bootstrapping Arduino on FreeBSD (https://nbviewer.jupyter.org/github/DadAtH-me/Projects/blob/master/arduino-on-nix.ipynb) The Design and Implementation of the Anykernel and Rump Kernels (second edition) (http://www.fixup.fi/misc/rumpkernel-book/) Complete desktop synchronisation with Unison and FreeBSD jails (xjails) (https://github.com/kbs1/freebsd-synced-xjails) Feedback/Questions Eric - List most popular files (http://pastebin.com/S7u0VeVi) Robroy - ZFS Write Cache (http://pastebin.com/81Zmj0cX) Luis - FreeNAS HW Setup (http://pastebin.com/SfeKR7v2) Emett - Python Followup (http://pastebin.com/wy4ar0YH) Peter - Multicast + Jails (http://pastebin.com/zd2QAu25) ***

This week on the show, Allan and I are going to be showing you a very interesting interview we did talking about using FreeBSD to drive This episode was brought to you by Headlines FreeBSD Core Team Election (https://www.freebsd.org/administration.html#t-core) Core.9 has been elected, and will officially take over from Core.8 on Wednesday, 6 July 2016 Many thanks to the outgoing members of the core team for their service over the last 2 years 214 out of 325 eligible voters (65.8%) cast their votes in an election counting 14 candidates. The top nine candidates are, in descending order of votes received: 180 84.1% Ed Maste (incumbent) 176 82.2% George V. Neville-Neil (incumbent) 171 79.9% Baptiste Daroussin (incumbent) 168 78.5% John Baldwin 166 77.6% Hiroki Sato (incumbent) 147 68.7% Allan Jude 132 61.7% Kris Moore 121 56.5% Benedict Reuschling 108 50.5% Benno Rice There was no tie for ninth. BSDNow and the entire community would also like to extend their thanks to all those who stood for election to the core team Next week's core meeting will encompass the members of Core.8 and Core.9, as responsibility for any outstanding items will be passed from outgoing members of core to the new incoming members *** Why I run OpenBSD (http://deftly.net/posts/2016-05-31-why-i-run-openbsd.html) This week we have a good article / blog post talking about why the posted has moved to OpenBSD from Linux. “One thing I learned during my travels between OSs: consistency is everything. Most operating systems seem to, at least, keep a consistent interface between themselves and binaries / applications. They do this by keeping consistent APIs (Application Programming Interfaces) and ABIs (Application Binary Interfaces). If you take a binary from a really old version of Linux and run or build it on a brand-spanking new install of Linux, it will likely Just Work™. This is great for applications and developers of applications. Vendors can build binaries for distribution and worry less about their product working when it gets out in the wild (sure this binary built in 2016 will run on RedHat AS2.1!!).“ The author then goes through another important part of the consistency argument, with what he calls “UPI” or “User Program Interfaces”. In other words, while the ABI may be stable, what about the end-user tooling that the user directly has to interact with on a daily basis? “This inconsistency seems to have come to be when Linux started getting wireless support. For some reason someone (vendors, maybe?) decided that ifconfig wasn't a good place to let users interact with their wireless device. Maybe they felt their device was special? Maybe there were technical reasons? The bottom line is, someone decided to create a new utility to manage a wireless device… and then another one came along… pretty soon there was iwconfig(8), iw(8), ifconfig(8), some funky thing that let windows drivers interface with Linux.. and one called ip(8) I am sure there are others I am forgetting, but I prefer to forget. I have moved onto greener pastures and the knowledge of these programs no longer serves me.” The article then goes through the rundown of how he evaluated the various BSD's and ultimately settled on OpenBSD: “OpenBSD won the showdown. It was the most complete, simple, and coherent system. The documentation was thorough, the code was easy to follow and understand. It had one command to configure all of the network interfaces! I didn't have wireless, but I was able to find a cheap USB adapter that worked by simply running man -k wireless and reading about the USB entries. It didn't have some of the applications I use regularly, so I started reading about ports (intuitively, via man ports!).” The ultimate NetBSD Router (http://blog.tbrodel.me/2016/#netbsd-router) “So yesterday I spent the day setting up a new firewall at home here, based off of this BSD Now tutorial. Having set up a couple of OpenBSD routers before, either based on old laptops, bulky old power-sucking desktops or completely over-specced machines like the Intel NUC, I wanted to get some kind of BSD onto a low-powered ARM board and use that instead.” “I've had a couple of Cubietrucks lying around for a while now, I've used them in a couple of art installations, running Debian and Pure Data, but over all they've been a bit disappointing. It's more the manufacturer's fault but they require blobs for the graphics and audio, which Debian won't allow, so as a multimedia board they're dud for video, and only passable for audio work with a usb sound card. So they've been collecting dust.” “Only thing missing is a second NIC, luckily I had an Apple USB->Ethernet dongle lying around, which when I bought it was the cheapest thing I could find on eBay that OpenBSD definitely supported. There, and on NetBSD, it's supported by the axe(4) driver. USB 2.0 works fine for me as I live in Australia and my ISP can only give me 30Mbps, so this should do for the forseeable future.” + The article then walks through installing and configuring NetBSD + Configuration includes: pf, unbound, and dhcpd “This project has been really fun, I started with basically no experience with NetBSD and have finished with a really useful, low-powered and robust appliance. It's a testament to the simplicity of the NetBSD system, and the BSD design principles in general, that such a novice as myself could figure this out. The NetBSD project has easily the most polished experience on Allwinner ARM boards, even Debian doesn't make it this easy. It's been a joy running the system, it has the bits I love from OpenBSD; ksh(1), tmux(1), an http daemon in base and of course, pf(4). This is mixed with some of the pragmatism I see in FreeBSD; a willingness to accept blobs if that really is the only way to boot, or get audio, or a video console.” bhyve-Bootable Boot Environments (http://callfortesting.org/bhyve-boot-environments/) We have a lengthy article also today from our friend Michael Dexter, who asks the basic question “What if multibooting and OS upgrades weren't horrible?” No doubt if you've been a frequent listener to this show, you've heard Allan or Myself talking about ZFS Boot Environments, and how they can “change your life”. Well today Michael goes further into detail on how the BE's work, and how they can be leveraged to do neat things, like installing other versions of an operating system from the original running system. “If you are reading this, you have probably used a personal computer with a BSD or GNU/Linux operating system and at some point attempted to multiboot between multiple operating systems on the same computer. This goal is typically attempted with complex disk partitioning and a BSD or GNU/Linux boot loader like LILO or GRUB, plus several hours of frustrating experimentation and perhaps data loss. While exotic OS experimentation has driven my virtualization work since the late 1990s, there are very pragmatic reasons for multibooting the same OS on the same hardware, notable for updates and failback to "known good" versions. To its credit, FreeBSD has long had various strategies including the NanoBSD embedded system framework with primary and secondary root partitions, plus the nextboot(8) utility for selecting the "next" kernel with various boot parameters. Get everything set correctly and you can multiboot "with impunity". “That's a good start, and over time we have seen ZFS "boot environments" be used by PC-BSD and FreeNAS to allow for system updates that allow one to fall back to previous versions should something go wrong. Hats off to these efforts but they exist in essentially purpose-built appliance environments. I have long sensed that there is more fun to be had here and a wonderful thing happened with FreeBSD 10.3 and 11.0: Allan Jude added a boot environment menu to the FreeBSD loader” From here Michael takes us through the mechanical bits of actually creating a new ZFS dataset (BE) and performing a fresh FreeBSD 10.3 installation into this new boot-environment. The twist comes at the end, where he next sets up the BE to be a root NFS for booting in bhyve! This is interesting and gives you a way to test booting into your new environment via a VM, before rebooting the host directly into it. *** Interview - Edicarla Andrade & Vinícius Zavam - @egypcio (https://twitter.com/egypcio) BSD-Powered Robots News Roundup Tomohiro Kasumi explains what “@@” means, in the context of the Hammer filesystem (http://lists.dragonflybsd.org/pipermail/users/2016-June/249717.html) A post from the Dragonfly users' mailing list about what the @@ construct means in the Hammer filesystem “@@ represents the existence of a PFS which is logically separated pseudo filesystem space within HAMMER's B-Tree” “HAMMER only has 1 large B-Tree per filesystem (not per PFS), so all the PFS exist within that single B-Tree. PFS are separated by localization parameter which is one of the B-Tree keys used to lookup the tree.” Each substring in "@@-1:00001" means: "@@" means it's a PFS or snapshot. "-1" means it's a master. ":" is just a separator. "00001" means it's PFS#1, where PFS#0 is the default PFS created on newfs. There is no "00000" because that's what's mounted on /HAMMER. PFS# is used for localization parameter. “Localization parameter has the highest priority when inserting or looking up B-Tree elements, so fs elements that belong to the same PFS# tend to be localized (clustered) within the B-Tree” There is also a note about how snapshots are named: "@@0x00..." A user points out that having : in the path can confuse some applications, such as in the case of adding the current directory or a relative path to the $PATH environment variable, which is a colon delimited list of paths This seems quite a bit more confusing that the datasets created by ZFS, but they might have other useful properties *** FreeBSD 11.0 nearing RC1 (https://www.freebsd.org/releases/11.0R/schedule.html) We've all been eagerly awaiting the pending release of FreeBSD 11.0, and the schedule has now been updated! The first release candidate is slated for July 29th! If all goes well (and we stick to schedule) there will be another RC2 and possible RC3 release, before 11.0 officially drops near the end of August. Start playing with those builds folks, be sure to send your feedback to the team to make this the best .0 release ever! *** TensorFlow on FreeBSD (http://ecc-comp.blogspot.com/2016/06/tensorflow-on-freebsd.html) Next we have a blog post about the experience of a “new” FreeBSD user trying to deploy some non-ported software to his new system. Specifically he was interested in running TensorFlow, but not doing a port himself, because in his words: “First, I apologize for not supplying a port archive myself. After reading the FreeBSD handbook for creating a port, it's too complex of a task for me right now. I've only been using FreeBSD for two weeks. I would also not like to waste anyone's time giving them a terrible port archive and mess up their system.” First of all, good ports are often born out of bad ports! Don't let the porting framework daunt you, give it a go, since that's the only way you are going to learn how to write “good” ports over time. The porters-handbook is a good first place to start, plus the community usually is very helpful in providing feedback. He then walks us through the changes made to the TensorFlow code (starting with the assumption that OSX was a good “flavor” to begin porting from) and ultimately compiling. This ends up with the creation of a pip package which works! A good tutorial, and also very similar to what goes on in the porting process. With this write-up perhaps somebody will take up creating a port of it… hint hint! *** NetBSD: A New Beginning? (http://jamesdeagle.blogspot.ca/2016/06/netbsd-new-beginning.html) We don't get enough NetBSD news at times, but this post by James Deagle talks about his adventure with NetBSD 7.0 and making it his “new beginning” “After a few months of traipsing around the worlds of SunOS and Linux, I'm back to NetBSD for what I hope will be a lengthy return engagement. And while I'm enamored of NetBSD for all the previously-mentioned reasons, I'm already thinking ahead to some problems to solve, some of which have also been mentioned before.” He then goes through and lists some of the small nits he's still running into during the daily workflow YouTube audio - Specifically he mentions that no audio is playing, but wonders if Flash plays some part. (Ideally you're not using Flash though, in which case you need to check the audio backend FF is using. Try PulseAudio since it seems the best supported. If pulse is already enabled, install ‘pavucontrol' to make sure audio is playing to the correct sound device) Slow gaming performance (TuxKart and Celestia) - Check DRI / Xorg? Or is it CPU bound? Lastly some unspecified Wireless issues, which typically end up being driver related. (Or use another chipset) Beastie Bits Reproducible NetBSD? 77.7% of the way there (https://reproducible.debian.net/netbsd/netbsd.html) Create FreeBSD virtual machine using qemu. Run the VM using xhyve. (https://gist.github.com/zg/38a3afa112ddf7de4912aafc249ec82f) FreeBSD PowerPC 32bit pkg repository (unofficial). ~19,500 packages, more to come (https://joshcummings.net/pub/FreeBSD) NetBSD machines at Open Source Conference 2016 Gunma (http://mail-index.netbsd.org/netbsd-advocacy/2016/05/16/msg000706.html) Adam Leventhal (of ZFS and DTrace) does an analysis of APFS (http://arstechnica.com/apple/2016/06/a-zfs-developers-analysis-of-the-good-and-bad-in-apples-new-apfs-file-system/) SemiBug June meeting summary (http://lists.nycbug.org/pipermail/semibug/2016-June/000106.html) KnoxBug Meeting (http://knoxbug.org/content/2016-07-26) Feedback/Questions Andrew - iocage (http://pastebin.com/nuYTzaG6) Florian - Arm + GitHub (http://pastebin.com/PzY68hNS) Clint - Synth (http://pastebin.com/JESGZjLu) Leonardo - Translations (http://pastebin.com/b4LAiPs4) Zachary - Moving things to VMs (http://pastebin.com/VRc8fvBk) ***

It's an exciting time for .NET! While at NDC in Oslo, Carl and Richard sat down with David Fowler and Damian Edwards to talk about the development of .NET Core, ASP.NET Core 1 and the Kestrel web server. The conversation digs into the challenges of writing a cross-platform web development framework, including some controversial pivots that have frustrated some developers - looking at you, RC2! Damian then discusses Kestrel, the cross-platform web hosting environment. This is a wide-ranging conversation and the excitement is palpable!Support this podcast at — https://redcircle.com/net-rocks/donations

This week on the show, Allan and I have gotten a bit more sleep since AsiaBSDCon, which is excellent since there is a LOT of news to cover. That plus our interview with Ports SecTeam member Mark Felder. So keep it This episode was brought to you by Headlines FreeNAS 9.10 Released (http://lists.freenas.org/pipermail/freenas-announce/2016-March/000028.html) OS: The base OS version for FreeNAS 9.10 is now FreeBSD 10.3-RC3, bringing in a huge number of OS-related bug fixes, performance improvements and new features. +Directory Services: You can now connect to large AD domains with cache disabled. +Reporting: Add the ability to send collectd data to a remote graphite server. +Hardware Support: Added Support for Intel I219-V & I219-LM Gigabit Ethernet Chipset Added Support for Intel Skylake architecture Improved support for USB devices (like network adapters) USB 3.0 devices now supported. +Filesharing: Samba (SMB filesharing) updated from version 4.1 to 4.3.4 Added GUI feature to allow nfsv3-like ownership when using nfsv4 Various bug fixes related to FreeBSD 10. +Ports: FreeBSD ports updated to follow the FreeBSD 2016Q1 branch. +Jails: FreeBSD Jails now default to a FreeBSD 10.3-RC2 based template. Old jails, or systems on which jails have been installed, will still default to the previous FreeBSD 9.3 based template. Only those machinesusing jails for the first time (or deleting and recreating their jails dataset) will use the new template. +bhyve: ++In the upcoming 10 release, the CLI will offer full support for managing virtual machines and containers. Until then, the iohyve command is bundled as a stop-gap solution to provide basic VM management support - *** Ubuntu BSD's first Beta Release (https://sourceforge.net/projects/ubuntubsd/) Under the category of “Where did this come from?”, we have a first beta release of Ubuntu BSD. Specifically it is Ubuntu, respun to use the FreeBSD kernel and ZFS natively. From looking at the minimal information up on sourceforge, we gather that is has a nice text-based installer, which supports ZFS configuration and iSCSI volume creation setups. Aside from that, it includes the XFCE desktop out of box, but claims to be suitable for both desktops and servers alike right now. We will keep an eye on this, if anybody listening has already tested it out, maybe drop us a line on your thoughts of how this mash-up works out. *** FreeBSD - a lesson in poor defaults (http://vez.mrsk.me/freebsd-defaults.txt) Former BSD producer, and now OpenBSD developer, TJ, writes a post detailing the defaults he changes in a fresh FreeBSD installation Maybe some of these should be the defaults While others are definitely a personal preference, or are not as security related as they seem A few of these, while valid criticisms, but some are done for a reason Specifically, the OpenSSH changes. So, you're a user, you install FreeBSD 10.0, and it comes with OpenSSH version X, which has some specific defaults As guaranteed by the FreeBSD Project, you will have a nice smooth upgrade path to any version in the 10.x branch Just because OpenSSH has released version Y, doesn't mean that the upgrade can suddenly remove support for DSA keys, or re-adding support for AES-CBC (which is not really weak, and which can be hardware accelerated, unlikely most of the replacements) “FreeBSD is the team trying to increase the risk.” Is incorrect, they are trying to reduce the impact on the end user Specifically, a user upgrading from 10.x to 10.3, should not end up locked out of their SSH server, or otherwise confronted by unexpected errors or slowdowns because of upstream changes I will note again, (and again), that the NONE cipher can NOT allow a user to “shoot themselves in the foot”, encryption is still used during the login phase, it is just disabled for the file transfer phase. The NONE cipher will refuse to work for an interactive session. While the post states that the NONE cipher doesn't improve performance that much, it infact does In my own testing, chacha20-poly1305 1.3 gbps, aes128-gcm (fastest) 5.0 gbps, NONE cipher 6.3 gbps That means that the NONE cipher is an hour faster to transfer 10 TB over the LAN. The article suggests just removing sendmail with no replacement. Not sure how they expect users to deliver mail, or the daily/weekly reports Ports can be compiled as a regular user. Only the install phase requires root for ntpd, it is not clear that there is an acceptable replacement yet, but I will not that it is off by default In the sysctl section, I am not sure I see how enabling tcp blackhole actually increases security at all I am not sure that linking to every security advisory in openssl since 2001 is actually useful Encrypted swap is an option in bsdinstall now, but I am not sure it is really that important FreeBSD now uses the Fortuna PRNG, upgraded to replace the older Yarrow, not vanilla RC4. “The resistance from the security team to phase out legacy options makes mewonder if they should be called a compatibility team instead.” I do not think this is the choice of the security team, it is the ABI guarantee that the project makes. The stable/10 branch will always have the same ABI, and a program or driver compiled against it will work with any version on that branch The security team doesn't really have a choice in the matter. Switching the version of OpenSSL used in FreeBSD 9.x would likely break a large number of applications the user has installed Something may need to be done differently, since it doesn't look like any version of OpenSSL, (or OpenSSH), will be supported for 5 years ever again *** ZFS Raidz Performance, Capacity and Integrity (https://calomel.org/zfs_raid_speed_capacity.html) An updated version of an article comparing the performance of various ZFS vdev configurations The settings users in the test may not reflect your workload If you are benchmarking ZFS, consider using multiple files across different datasets, and not making all of the writes synchronous Also, it is advisable to run more than 3 runs of each test Comparing the numbers from the 12 and 24 disk tests, it is surprising to see that the 12 mirror sets did not outperform the other configurations. In the 12 drive tests, the 6 mirror sets had about the same read performance as the other configurations, it is not clear why the performance with more disks is worse, or why it is no longer in line with the other configurations More investigation of this would be required There are obviously so other bottlenecks, as 5x SSDs in RAID-Z1 performed the same as 17x SSDs in RAID-Z1 Interesting results none the less *** iXSystems FreeNAS Mini Review (http://www.nasanda.com/2016/03/ixsystems-freenas-mini-nas-device-reviewed/) Interview - Mark Felder - feld@freebsd.org (mailto:feld@freebsd.org) / @feldpos (https://twitter.com/feldpos) Ports, Ports and more Ports DigitalOcean Digital Ocean's guide to setting up an OpenVPN server (https://www.digitalocean.com/community/tutorials/how-to-configure-and-connect-to-a-private-openvpn-server-on-freebsd-10-1) News Roundup AsiaBSDCon OpenBSD Papers (http://undeadly.org/cgi?action=article&sid=20160316153158&mode=flat&count=0) + Undeadly.org has compiled a handy list of the various OpenBSD talks / papers that were offered a few weeks ago at AsiaBSDCon 2016. Antoine Jacoutot (ajacoutot@) - OpenBSD rc.d(8) (slides | paper) Henning Brauer (henning@) - Running an ISP on OpenBSD (slides) Mike Belopuhov (mikeb@) - Implementation of Xen PVHVM drivers in OpenBSD (slides | paper) Mike Belopuhov (mikeb@) - OpenBSD project status update (slides) Mike Larkin (mlarkin@) - OpenBSD vmm Update (slides) Reyk Floeter (reyk@) - OpenBSD vmd Update (slides) Each talk provides slides, and some the papers as well. Also included is the update to ‘vmm' discussed at bhyveCon, which will be of interest to virtualization enthusiasts. *** Bitcoin Devs could learn a lot from BSD (http://bitcoinist.net/bitcoin-devs-could-learn-a-lot-from-bsd/) An interesting article this week, comparing two projects that at first glance may not be entirely related, namely BitCoin and BSD. The article first details some of the woes currently plaguing the BitCoin development community, such as toxic community feedback to changes and stakeholders with vested financial interests being unable to work towards a common development purpose. This leads into the crux or the article, about what BitCoin devs could learn from BSD: First and foremost, the way code is developed needs change to stop the current negative trend in Bitcoin. The FreeBSD project has a rigid internal hierarchy of people with write access to their codebase, which the various Bitcoin implementations also have, but BSD does this in a way that is very open to fresh eyes on their code, allowing parallel problem solving without the petty infighting we see in Bitcoin. Anyone can propose a commit publicly to the code, make it publicly available, and democratically decide which change ends up in the codebase. FreeBSD has a tiny number of core developers compared to the size of their codebase, but at any point, they have a huge community advancing their project without hard forks popping up at every small disagreement. Brian Armstrong commented recently on this flaw with Bitcoin development, particularly with the Core Devs: “Being high IQ is not enough for a team to succeed. You need to make reasonable tradeoffs, collaborate, be welcoming, communicate, and be easy to work with. Any team that doesn't have this will be unable to attract top talent and will struggle long term. In my opinion, perhaps the biggest risk in Bitcoin right now is, ironically, one of the things which has helped it the most in the past: the Bitcoin Core developers.” A good summary of the culture that could be adopted is summed up as follows: The other thing Bitcoin devs could learn from is the BSD community's adoption of the Unix Design philosophy. Primarily “Worse is Better,” The rule of Diversity, and Do One Thing and Do It Well. “Worse is Better” emphasizes using extant functional solutions rather than making more complex ones, even if they would be more robust. The Rule of Diversity stresses flexibility of the program being developed, allowing for modification and different implementations without breaking. Do one Thing and Do it well is a mantra of the BSD and Unix Communities that stresses modularity and progress over “perfect” solutions. Each of these elements help to make BSD a wildly successful open source project with a healthy development community and lots of inter-cooperation between the different BSD systems. While this is the opposite of what we see with Bitcoin at present, the situation is salvageable provided changes like this are made, especially by Core Developers. All in all, a well written and interesting take on the FreeBSD/BSD project. We hope the BitCoin devs can take something useful from it down the road. *** FreeBSD cross-compiling with gcc and poudriere (http://ben.eficium.net/2016/03/freebsd-cross-compiling-with-gcc.html) Cross-Compiling, always a challenge, has gotten easier using poudriere and qemu in recent years. However this blog post details some of the particular issues still being face when trying to compile some certain ports for ARM (I.E. rPi) that don't play nicely with FreeBSD's default CLANG compiler. The writer (Ben Slack) takes us through some of the work-arounds he uses to build some troublesome ports, namely lsof and libatomic_ops. Note this is not just an issue with cross compile, the above mentioned ports also don't build with clang on the Pi directly. After doing the initial poudriere/qemu cross-compile setup, he then shows us the minor tweaks to adjust which compiler builds specific ports, and how he triggers the builds using poudriere. With the actual Makefile adjustment being so minor, one wonders if this shouldn't just be committed upstream, with some if (ARM) - USE_GCC=yes type conditional. *** Nvidia releases new Beta graphics driver for FreeBSD (https://devtalk.nvidia.com/default/topic/925607/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-364-12-beta-/) Added support for the following GPUs: GeForce 920MX & GeForce 930MX Added support for the Vulkan API version 1.0. Fixed a bug that could cause incorrect frame rate reporting on Quadro Sync configurations with multiple GPUs. Added a new RandR property, CscMatrix, which specifies a 3x4 color-space conversion matrix. Improved handling of the X gamma ramp on GF119 and newer GPUs. On these GPUs, the RandR gamma ramp is always 1024 entries and now applies to the cursor and VDPAU or workstation overlays in addition to the X root window. Fixes for bugs and added several other EGL extensions *** Beastie Bits New TN Bug started (http://knoxbug.org/) DragonFlyBSD Network/TCP Performance's gets a bump (http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4a43469a10cef8c17553c342aab9d73611ea7bc8?utm_source=anzwix) FreeBSD Foundation introduces a new website and logo (https://www.freebsdfoundation.org/blog/introducing-a-new-look-for-the-foundation/) Our producer made these based on the new logo: http://q5sys.sh/2016/03/a-new-freebsd-foundation-logo-means-its-time-for-some-new-wallpapers/ http://q5sys.sh/2016/03/pc-bsd-and-lumina-desktop-wallpapers/ https://github.com/pcbsd/lumina/commit/60314f46247b7ad6e877af503b3814b0be170da8 IPv6 errata for 5.7/5.8, pledge errata for 5.9 (http://undeadly.org/cgi?action=article&sid=20160316190937&mode=flat) Sponsoring “PAM Mastery” (http://blather.michaelwlucas.com/archives/2577) A visualization of FreeBSD commits on GitHub for 2015 (https://rocketgraph.com/s/v89jBkKN4e-) The VAX platform is no more (http://undeadly.org/cgi?action=article&sid=20160309192510) Feedback/Questions Hunter - Utils for Blind (http://slexy.org/view/s20KPYDOsq) Chris - ZFS Quotas (http://slexy.org/view/s2EHdI3z3L) Anonymous - Tun, Tap and Me! (http://slexy.org/view/s21Nx1VSiU) Andrew - Navigating the BSDs (http://slexy.org/view/s2ZKK2DZTL) Brent - Wifi on BSD (http://slexy.org/view/s20duO29mN) ***

This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines pfSense 2.1.4 released (https://blog.pfsense.org/?p=1377) The pfSense team (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) has released 2.1.4, shortly after 2.1.3 - it's mainly a security release Included within are eight security fixes, most of which are pfSense-specific OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so) It also includes a large number of various other bug fixes Update all your routers! *** DragonflyBSD's pf gets SMP (http://lists.dragonflybsd.org/pipermail/commits/2014-June/270300.html) While we're on the topic of pf... Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas Stemming from a user's complaint (http://lists.dragonflybsd.org/pipermail/users/2014-June/128664.html), Matthew Dillon did his own work on pf to make it SMP-aware Altering your configuration (http://lists.dragonflybsd.org/pipermail/users/2014-June/128671.html)'s ruleset can also help speed things up, he found When will OpenBSD, the source of pf, finally do the same? *** ChaCha usage and deployment (http://ianix.com/pub/chacha-deployment.html) A while back, we talked to djm (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5 This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20 OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not Unfortunately, this article has one mistake: FreeBSD does not use it (https://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html) - they still use the broken RC4 algorithm *** BSDMag June 2014 issue (http://bsdmag.org/magazine/1864-tls-hardening-june-bsd-magazine-issue) The monthly online BSD magazine releases their newest issue This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities The free pdf file is available for download as always *** Interview - Craig Rodrigues - rodrigc@freebsd.org (mailto:rodrigc@freebsd.org) FreeBSD's continuous (https://wiki.freebsd.org/Jenkins) testing (https://docs.google.com/presentation/d/1yBiPxS1nKnVwRlAEsYeAOzYdpG5uzXTv1_7i7jwVCfU/edit#slide=id.p) infrastructure (https://jenkins.freebsd.org/jenkins/) Tutorial Creating pre-patched OpenBSD ISOs (http://www.bsdnow.tv/tutorials/stable-iso) News Roundup Preauthenticated decryption considered harmful (http://www.tedunangst.com/flak/post/preauthenticated-decryption-considered-harmful) Responding to a post (https://www.imperialviolet.org/2014/06/27/streamingencryption.html) from Adam Langley, Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) talks a little more about how signify and pkg_add handle signatures In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns With signify, now everything is fully downloaded and verified before tar is even invoked The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post Be sure to also read the original post from Adam, lots of good information *** FreeBSD 9.3-RC2 is out (https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/079092.html) As the -RELEASE inches closer, release candidate 2 is out and ready for testing Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things The updated bsdconfig will use pkgng style packages now too A lesser known fact: there are also premade virtual machine images you can use too *** pkgsrcCon 2014 wrap-up (http://saveosx.org/pkgsrcCon/) In what may be the first real pkgsrcCon article we've ever had! Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event Unfortunately no recordings to be found... *** PostgreSQL FreeBSD performance and scalability (https://kib.kiev.ua/kib/pgsql_perf.pdf) FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings Lots of technical details if you're interested in getting the best performance out of your hardware It also includes specific kernel options he used and the rest of the configuration If you don't want to open the pdf file, you can use this link (https://docs.google.com/viewer?url=https%3A%2F%2Fkib.kiev.ua%2Fkib%2Fpgsql_perf.pdf) too *** Feedback/Questions James writes in (http://slexy.org/view/s24pFjUPe4) Klemen writes in (http://slexy.org/view/s21OogIgTu) John writes in (http://slexy.org/view/s21rLcemNN) Brad writes in (http://slexy.org/view/s203Qsx6CZ) Adam writes in (http://slexy.org/view/s2eBj0FfSL) ***

Put away the Christmas trees and update your ports trees! We're back with the first show of 2014, and we've got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we'll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Faces of FreeBSD continues (http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-shteryana-shopova.html) Our first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia Gives some information about how she got into BSD "I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn't booted the other two operating systems in months. So I wiped them out." She wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation We've also got one for Kevin Martin (http://freebsdfoundation.blogspot.com/2013/12/faces-of-freebsd-kevin-martin.html) Started off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company "FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible. FreeBSD is a terrific technology with a terrific community." *** OpenPF? (http://www.shiningsilence.com/dbsdlog/2013/12/19/13008.html) A blog post over at the Dragonfly digest (http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug) What if we had some cross platform development of OpenBSD's firewall? Similar to portable OpenSSH (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) or OpenZFS (http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days), there could be a centrally-developed version with compatibility glue Right now FreeBSD 9's pf is old, FreeBSD 10's pf is old (but has the best performance of any implementation due to custom patches), NetBSD's pf is old (but they're working on a fork) and Dragonfly's pf is old Further complicated by the fact that PF itself doesn't have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4' Not likely to happen any time soon, but it's good food for thought *** Year of BSD on the server (http://mxey.net/the-year-of-freebsd-on-the-server/) A good blog post about switching servers from Linux to BSD 2014 is going to be the year of a lot of switching, due to FreeBSD 10's amazing new features This author was particularly taken with pkgng (http://www.bsdnow.tv/tutorials/pkgng) and the more coherent layout of BSD systems Similarly, there was also a recent reddit thread (http://www.reddit.com/r/BSD/comments/1tdrz1/why_did_you_choose_bsd_over_linux/), "Why did you choose BSD over Linux?" Both are excellent reads for Linux users that are thinking about making the switch, send 'em to your friends *** Getting to know your portmgr (http://blogs.freebsdish.org/portmgr/2013/12/24/getting-to-know-your-portmgr-bryan-drewery/) This time in the series they interview Bryan Drewery, a fairly new addition to the team He started maintaining portupgrade and portmaster, and eventually ended up on the ports management team Believe it or not, his wife actually had a lot to do with him getting into FreeBSD full-time Lots of fun trivia and background about him Speaking of portmgr, our interview for today is... *** Interview - Baptiste Daroussin - bapt@freebsd.org (mailto:bapt@freebsd.org) The future of FreeBSD's binary packages (http://www.bsdnow.tv/tutorials/pkgng), ports' features, various topics News Roundup pfSense december hang out (https://www.youtube.com/watch?v=aD-2e9u3tug) Interview/presentation from pfSense developer Chris Buechler with an accompanying blog post (http://blog.pfsense.org/?p=1146) "This is the first in what will be a monthly recurring series. Each month, we'll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics" Speaking of pfSense, they recently opened an online store (http://blog.pfsense.org/?p=1156) We're planning on having a pfSense episode next month! *** BSDMag December issue is out (http://bsdmag.org/magazine/1854-carp-on-freebsd-how-to-use-devd-to-take-action-on-kernel-events) The free monthly BSD magazine gets a new release for December Topics include CARP on FreeBSD, more BSD programming, "unix basics for security professionals," some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH *** OpenBSD gets tmpfs (http://undeadly.org/cgi?action=article&sid=20131217081921) In addition to the recently-added FUSE support, OpenBSD now has tmpfs To get more testing, it was enabled by default in -current Should make its way into 5.5 if everything goes according to plan Enables lots of new possibilities, like our ccache and tmpfs guide (http://www.bsdnow.tv/tutorials/ccache) *** PCBSD weekly digests (http://blog.pcbsd.org/2013/12/pc-bsd-weekly-feature-digest-122013/) Catching up with all the work going on in PCBSD land.. 10.0-RC2 is now available (http://blog.pcbsd.org/2013/12/weekly-feature-digest-122713/) The big pkgng 1.2 problems seem to have been worked out *** Feedback/Questions Remy writes in (http://slexy.org/view/s2UrUzlnf6) Jason writes in (http://slexy.org/view/s2iqnywwKX) Rob writes in (http://slexy.org/view/s2IUcPySbh) John writes in (http://slexy.org/view/s21aYlbXz2) Stuart writes in (http://slexy.org/view/s21vrYSqU8) ***