This week on the show, we’ll be chatting with Marc Espie. He’s recently added some additional security measures to dpb, OpenBSD’s package building tool, and we’ll find out why they’re so important. We’ve also got all this week’s news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now – the place to B.. SD.

Thanks to:













Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it’s finally time to give BSD a try

“That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in.”

In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks

The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you’re into that)

You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into

He’s also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon

His second post explores replacing the firewall on his self-described “over complicated home network” with an OpenBSD box

After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing

All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand

Getting to hear experiences like this are very important – they show areas where all the BSD developers’ hard work has paid off, but can also let us know where we need to improve

The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated

They’re not the first major FreeBSD-based project to offer an alternate build – OPNsense did that a few weeks ago – but this might open the door for more projects to give it a try as well

With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won’t have

Time will tell if more projects and products like FreeNAS might be interested too

People who run BSD on their notebooks, you’ll want to pay attention to this one

OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode

According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life

If you’re running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings

The Japanese NetBSD users group never sleeps, and they’ve hit yet another open source conference

As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)

We’ll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms

Interview – Marc Espie – espie@openbsd.org / @espie_openbsd

Recent improvements to OpenBSD’s dpb tool

News Roundup

We’ve talked about FreeBSD’s “bhyve” hypervisor a lot on the show, and now it’s been ported to another OS

As the name “xhyve” might imply, it’s a port of bhyve to Mac OS X

Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future

It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer

There are also a few examples on how to use it

If you’ve been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you’ll be pleased to know that 4K displays work just fine

Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas

Some GUI applications might look weird on such a huge resolution,

HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience

We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD’s base as chrooted by default – things from ports or packages don’t always get the same treatment

This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn’t chroot by default

It goes through the process of manually building a sandbox with all the libraries you’ll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it

With a few small changes, similar tricks could be done on the other BSDs as well – everybody has chroots

SmallWall is a relatively new BSD-based project that we’ve never covered before

It’s an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits

They’ve just released the first official version, so you can give it a try now

If you’re interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks…

Feedback/Questions