Himalaya: Listen. Learn. Grow.

4.8K Ratings
Open In App
title

BSD Now

Allan Jude

5
Followers
13
Plays
BSD Now

BSD Now

Allan Jude

5
Followers
13
Plays
OVERVIEWEPISODESYOU MAY ALSO LIKE

Details

About Us

Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros.The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.

Latest Episodes

378: Networknomicon

Interview with Michael W. Lucas: SNMP and TLS book, cashflow for creators, book sale and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines Interview with Michael W. Lucas SNMP Book The Networknomicon Sponsor the TLS Book Cashflow for creators Book sale Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv *** Special Guest: Michael W Lucas.

56 min5 d ago
Comments
378: Networknomicon

377: Firewall ban-sharing

History of FreeBD: BSDi and USL Lawsuits, Building a Website on Google Compute Engine, Firewall ban-sharing across machines, OpenVPN as default gateway on OpenBSD, Sorting out what the Single Unix Specification is, Switching from Apple to a Thinkpad for development, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines History of FreeBSD : Part 2 : BSDi and USL Lawsuits In this second part of our series on the history of FreeBSD, we continue to trace the pre-history of FreeBSD and the events that would eventually shape the project and the future of open source software. Building a Web Site on Google Compute Engine Here's how I deployed a web site to the Google Cloud Platform. I used FreeBSD for good performance, stability, and minimal complexity. I set up HTTPS with free Let's Encrypt TLS certificates for both RSA and ECC. Then I adjusted the Apache configuration for a good score from the authoritative Qualys server analysis. News Roundup Firewall ban-sharing across machines As described in My infrastructure as of 2019, my machines are located in three different sites and are loosely coupled. Nonetheless, I wanted to set things up so that if an IP address is acting maliciously toward one machine, all my machines block that IP at once so the meanie won't get to try one machine after another. OpenVPN as default gateway on OpenBSD If you plan to use an OpenVPN tunnel to reach your default gateway, which would make the tun interface in the egress group, and use tun0 in your pf.conf which is loaded before OpenVPN starts? Here are the few tips I use to solve the problems. Sorting out what the Single Unix Specification is and covers Sorting out what the Single Unix Specification is and covers October 8, 2020 I've linked to the Single Unix Specification any number of times, for various versions of it (when I first linked to it, it was at issue 6, in 2006; it's now up to a 2018 edition). But I've never been quite clear what it covered and didn't cover, and how it related to POSIX and similar things. After yesterday's entry got me looking at the SuS site again, I decided to try to sort this out once and for all. Bye-bye, Apple The days of Apple products are behind me. I had been developing on a Macbook for over twelve years, but now, I’ve switched to an ever trending setup: OpenBSD on a Thinkpad. The new platform is a winner. Everything is clean, quick, and configurable. When I ps uaxww, I’m not hogging ‘gigs’ of RAM just to have things up and running. There’s no black magic that derails me at every turn. In short, my sanity has been long restored. Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Chris - small projects Jens - ZFS Question One pool to rule them all Shroyer - Dotnet on FreeBSD for Jellyfin *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

48 min1 w ago
Comments
377: Firewall ban-sharing

376: Build stable packages

FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines FreeBSD 12.2 Release The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. ZFS Webinar: November 18th Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS” Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors. Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation. Datasets and Properties – Controlling settings with properties and many other tricks! News Roundup Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals. How the OpenBSD -stable packages are built In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me. OPNsense 20.7.4 released This release finally wraps up the recent Netmap kernel changes and tests. The Realtek vendor driver was updated as well as third party software cURL, libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple of them. Beastie Bits Binutils and linker changes 28 Years of NetBSD contributions Bluetooth Audio on OpenBSD K8s Bhyve *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Sean - C Flags Thierry - RPI ZFS question Thierry's script *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

46 min2 w ago
Comments
376: Build stable packages

375: Virtually everything

bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines bhyve - The FreeBSD Hypervisor FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance. ZFS and FreeBSD Support Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website! udf info leak FreeBSD UDF driver info leak Analysis done on FreeBSD release 11.0 because that's what I had around. Fix committed to FreeBSD *** News Roundup I'm now a user of Vim, not classical Vi (partly because of windows) In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi. FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes. Introduction of a new FreeBSD Remote Process Plugin in LLDB Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one. OpenBSD Laptop Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go… Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Ethan - Linux user wanting to try out OpenBSD iian - Learning IT johnny - bsd swag Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

44 min3 w ago
Comments
375: Virtually everything

374: OpenBSD’s 25th anniversary

OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines OpenBSD 6.8 Released Oct 18, 2020. (OpenBSD's 25th anniversary) NetBSD 9.1 Released The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. OpenZFS Developer Summit 2020 As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference. • After attending the conference, I wrote up some of my notes from each of the talks • Part 2 ZFS and FreeBSD Support Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website! News Roundup BastilleBSD - native container management for FreeBSD Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used. On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives. A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD. Tarsnap – cleaning up old backups I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations. MWL - BookSale For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while. Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1. Beastie Bits Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109 The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974 Using a 1930 Teletype as a Linux Terminal *** ###Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions lars - infosec handbook scott - zfs import zhong - first episode Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

54 minOCT 29
Comments
374: OpenBSD’s 25th anniversary

373: Kyle Evans Interview

We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff. NOTES This episode of BSDNow is brought to you by Tarsnap Interview - Kyle Evans - kevans@freebsd.org / @kaevans91 Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

33 minOCT 22
Comments
373: Kyle Evans Interview

372: Slow SSD scrubs

Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines Wayland on BSD After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet! My BSD sucks less than yours This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way. Video EuroBSDCon 2017 Part 1 EuroBSDCon 2017 Part 2 News Roundup Even on SSDs, ongoing activity can slow down ZFS scrubs drastically Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning. OpenBSD on the Desktop (Part I) Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice. A simple shell status bar for OpenBSD and cwm(1) These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot! As I love scripting, I decided to build my own. Beastie Bits DragonFly v5.8.3 released to address to issues OpenSSH 8.4 released Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Dane - FreeBSD vs Linux in Microservices and Containters Mason - questions.md Michael - Tmux License.md Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

48 minOCT 15
Comments
372: Slow SSD scrubs

371: Wildcards running wild

New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines My New Project: zedfs.com Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling. On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you! TrueNAS CORE is Ready for Deployment TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule. The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60. News Roundup Interprocess Communication in FreeBSD 11: Performance Analysis Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments. Back To The Future: Unix Wildcards Gone Wild First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013. Unix Wars Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth... Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Chris - installing FreeBSD 13-current Dane - FreeBSD History Lesson Marc - linux compat Mason - apropos battery Paul - a topic idea Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

41 minOCT 8
Comments
371: Wildcards running wild

370: Testing shutdown

The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines FuryBSD 2020-Q3 The world’s first OpenZFS based live image FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root). FreeBSD Subversion to Git Migration: Pt 1 Why? FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"? Video from Warner Losh News Roundup FreeBSD Instant-workstation 2020 A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you. nut – testing the shutdown mechanism Following on from my recent nut setup, this is the second in a series of three posts. The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required. login_ldap added to OpenBSD -current With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2 *** Beastie Bits NetBSD current now has GCC 9.3.0 for x86/ARM MidnightBSD 1.2.8 MidnightBSD 2.0-Current Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Rick - rcorder Dan - machiatto bin Luis - old episodes Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

45 minOCT 1
Comments
370: Testing shutdown

369: Where rc.d belongs

High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection. Building the Development Version of Emacs on NetBSD I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived. News Roundup rc.d belongs in libexec, not etc Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration. This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change. FreeBSD 11.3 EOL As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly encouraged to upgrade to a newer release as soon as possible. OPNsense 20.7.1 Released Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned. MidnightBSD 1.2.7 out MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github. It includes several bug fixes and security updates over the last ISO release and is recommended for new installations. Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes Beastie Bits Tarsnap podcast NetBSD Tips and Tricks FreeBSD mini-git Primer GhostBSD Financial Reports *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Daniel - Documentation Tooling Fongaboo - Where did the ZFS tutorial Go? Johnny - Browser Cold Wars *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

44 minSEP 25
Comments
369: Where rc.d belongs

Latest Episodes

378: Networknomicon

Interview with Michael W. Lucas: SNMP and TLS book, cashflow for creators, book sale and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines Interview with Michael W. Lucas SNMP Book The Networknomicon Sponsor the TLS Book Cashflow for creators Book sale Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv *** Special Guest: Michael W Lucas.

56 min5 d ago
Comments
378: Networknomicon

377: Firewall ban-sharing

History of FreeBD: BSDi and USL Lawsuits, Building a Website on Google Compute Engine, Firewall ban-sharing across machines, OpenVPN as default gateway on OpenBSD, Sorting out what the Single Unix Specification is, Switching from Apple to a Thinkpad for development, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines History of FreeBSD : Part 2 : BSDi and USL Lawsuits In this second part of our series on the history of FreeBSD, we continue to trace the pre-history of FreeBSD and the events that would eventually shape the project and the future of open source software. Building a Web Site on Google Compute Engine Here's how I deployed a web site to the Google Cloud Platform. I used FreeBSD for good performance, stability, and minimal complexity. I set up HTTPS with free Let's Encrypt TLS certificates for both RSA and ECC. Then I adjusted the Apache configuration for a good score from the authoritative Qualys server analysis. News Roundup Firewall ban-sharing across machines As described in My infrastructure as of 2019, my machines are located in three different sites and are loosely coupled. Nonetheless, I wanted to set things up so that if an IP address is acting maliciously toward one machine, all my machines block that IP at once so the meanie won't get to try one machine after another. OpenVPN as default gateway on OpenBSD If you plan to use an OpenVPN tunnel to reach your default gateway, which would make the tun interface in the egress group, and use tun0 in your pf.conf which is loaded before OpenVPN starts? Here are the few tips I use to solve the problems. Sorting out what the Single Unix Specification is and covers Sorting out what the Single Unix Specification is and covers October 8, 2020 I've linked to the Single Unix Specification any number of times, for various versions of it (when I first linked to it, it was at issue 6, in 2006; it's now up to a 2018 edition). But I've never been quite clear what it covered and didn't cover, and how it related to POSIX and similar things. After yesterday's entry got me looking at the SuS site again, I decided to try to sort this out once and for all. Bye-bye, Apple The days of Apple products are behind me. I had been developing on a Macbook for over twelve years, but now, I’ve switched to an ever trending setup: OpenBSD on a Thinkpad. The new platform is a winner. Everything is clean, quick, and configurable. When I ps uaxww, I’m not hogging ‘gigs’ of RAM just to have things up and running. There’s no black magic that derails me at every turn. In short, my sanity has been long restored. Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Chris - small projects Jens - ZFS Question One pool to rule them all Shroyer - Dotnet on FreeBSD for Jellyfin *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

48 min1 w ago
Comments
377: Firewall ban-sharing

376: Build stable packages

FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines FreeBSD 12.2 Release The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. ZFS Webinar: November 18th Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS” Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors. Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation. Datasets and Properties – Controlling settings with properties and many other tricks! News Roundup Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals. How the OpenBSD -stable packages are built In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me. OPNsense 20.7.4 released This release finally wraps up the recent Netmap kernel changes and tests. The Realtek vendor driver was updated as well as third party software cURL, libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple of them. Beastie Bits Binutils and linker changes 28 Years of NetBSD contributions Bluetooth Audio on OpenBSD K8s Bhyve *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Sean - C Flags Thierry - RPI ZFS question Thierry's script *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

46 min2 w ago
Comments
376: Build stable packages

375: Virtually everything

bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines bhyve - The FreeBSD Hypervisor FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance. ZFS and FreeBSD Support Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website! udf info leak FreeBSD UDF driver info leak Analysis done on FreeBSD release 11.0 because that's what I had around. Fix committed to FreeBSD *** News Roundup I'm now a user of Vim, not classical Vi (partly because of windows) In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi. FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes. Introduction of a new FreeBSD Remote Process Plugin in LLDB Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one. OpenBSD Laptop Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go… Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Ethan - Linux user wanting to try out OpenBSD iian - Learning IT johnny - bsd swag Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

44 min3 w ago
Comments
375: Virtually everything

374: OpenBSD’s 25th anniversary

OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines OpenBSD 6.8 Released Oct 18, 2020. (OpenBSD's 25th anniversary) NetBSD 9.1 Released The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. OpenZFS Developer Summit 2020 As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference. • After attending the conference, I wrote up some of my notes from each of the talks • Part 2 ZFS and FreeBSD Support Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website! News Roundup BastilleBSD - native container management for FreeBSD Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used. On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives. A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD. Tarsnap – cleaning up old backups I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations. MWL - BookSale For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while. Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1. Beastie Bits Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109 The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974 Using a 1930 Teletype as a Linux Terminal *** ###Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions lars - infosec handbook scott - zfs import zhong - first episode Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

54 minOCT 29
Comments
374: OpenBSD’s 25th anniversary

373: Kyle Evans Interview

We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff. NOTES This episode of BSDNow is brought to you by Tarsnap Interview - Kyle Evans - kevans@freebsd.org / @kaevans91 Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

33 minOCT 22
Comments
373: Kyle Evans Interview

372: Slow SSD scrubs

Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines Wayland on BSD After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet! My BSD sucks less than yours This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way. Video EuroBSDCon 2017 Part 1 EuroBSDCon 2017 Part 2 News Roundup Even on SSDs, ongoing activity can slow down ZFS scrubs drastically Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning. OpenBSD on the Desktop (Part I) Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice. A simple shell status bar for OpenBSD and cwm(1) These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot! As I love scripting, I decided to build my own. Beastie Bits DragonFly v5.8.3 released to address to issues OpenSSH 8.4 released Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Dane - FreeBSD vs Linux in Microservices and Containters Mason - questions.md Michael - Tmux License.md Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

48 minOCT 15
Comments
372: Slow SSD scrubs

371: Wildcards running wild

New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines My New Project: zedfs.com Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling. On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you! TrueNAS CORE is Ready for Deployment TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule. The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60. News Roundup Interprocess Communication in FreeBSD 11: Performance Analysis Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments. Back To The Future: Unix Wildcards Gone Wild First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013. Unix Wars Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth... Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Chris - installing FreeBSD 13-current Dane - FreeBSD History Lesson Marc - linux compat Mason - apropos battery Paul - a topic idea Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

41 minOCT 8
Comments
371: Wildcards running wild

370: Testing shutdown

The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap Headlines FuryBSD 2020-Q3 The world’s first OpenZFS based live image FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root). FreeBSD Subversion to Git Migration: Pt 1 Why? FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"? Video from Warner Losh News Roundup FreeBSD Instant-workstation 2020 A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you. nut – testing the shutdown mechanism Following on from my recent nut setup, this is the second in a series of three posts. The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required. login_ldap added to OpenBSD -current With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2 *** Beastie Bits NetBSD current now has GCC 9.3.0 for x86/ARM MidnightBSD 1.2.8 MidnightBSD 2.0-Current Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Rick - rcorder Dan - machiatto bin Luis - old episodes Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

45 minOCT 1
Comments
370: Testing shutdown

369: Where rc.d belongs

High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more. NOTES This episode of BSDNow is brought to you by Tarsnap Headlines High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection. Building the Development Version of Emacs on NetBSD I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived. News Roundup rc.d belongs in libexec, not etc Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration. This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change. FreeBSD 11.3 EOL As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly encouraged to upgrade to a newer release as soon as possible. OPNsense 20.7.1 Released Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned. MidnightBSD 1.2.7 out MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github. It includes several bug fixes and security updates over the last ISO release and is recommended for new installations. Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes Beastie Bits Tarsnap podcast NetBSD Tips and Tricks FreeBSD mini-git Primer GhostBSD Financial Reports *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Daniel - Documentation Tooling Fongaboo - Where did the ZFS tutorial Go? Johnny - Browser Cold Wars *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

44 minSEP 25
Comments
369: Where rc.d belongs
success toast
Welcome to Himalaya LearningClick below to download our app for better listening experience.Download App