To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week on the show!

We’ve got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like.

The latest news, answers to your emails and even some LibreSSL drama, on BSD Now – the place to B.. SD.

Thanks to:









Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

A thread started on the freebsd-questions and freebsd-current mailing lists this week concerning FreeBSD’s version of pf being old and seemingly unmaintained (unfortunately people didn’t always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)

Straight from the SMP FreeBSD pf maintainer: “no one right now [is actively developing pf on FreeBSD]” and “Following OpenBSD on features would be cool, but no bulk imports would be made again. Bulk imports produce bad quality of port,

and also pf in OpenBSD has no multi thread support”

and also pf in OpenBSD has no multi thread support” Baptiste Daroussin was quick to point out that multi-thread support is not the only difference between FreeBSD and OpenBSD versions of pf, including work that was done to support VIMAGE (network virtualization, to support have entire network stacks in jails)

Baptiste Daroussin also reports on his efforts to update FreeBSD pf. He ran into problems and after breaking pf on head, his changes were reverted. He reports that he is still interested in porting individual OpenBSD pf features that are relevant to him, but not in a ‘full sync’ or being the overall maintainer of FreeBSD pf

The project is looking for volunteers to continue the work. Mentorship is available for a number of people familiar with the FreeBSD networking stack, and Henning Brauer (one of the authors of OpenBSD pf) has stated his willingness to help on a number of occasions, and candidates can apply to the FreeBSD Foundation for funding

Searching for documentation online for pf is troublesome because there are two incompatible syntaxes

FreeBSD’s pf man pages are lacking, and some of FreeBSD’s documentation still links to OpenBSD’s pages, which are not compatible anymore

The discussion also touched on importing pf patches from pfSense, although the license that these patches are under is not clear at this time

Things quickly got off topic as further disagreement among individual developers vs. users derailed the conversation somewhat

Many users are very vocal about wanting it updated, saying they are willing to deal with the syntax change and it is worth the benefits

Some developers wonder which features of OpenBSD pf users actually want, other than just ‘the latest shiny’

Currently the only known problem with FreeBSD pf is with ipv6 fragments, and the VIMAGE subsystem

Gleb Smirnoff, author of the FreeBSD-specific SMP patches, says Henning’s claims about OpenBSD’s improved speed are “uncorroborated claims” (but neither side has provided any public benchmarks)

Olivier Cochard-Labbé (of the BSD Router Project) provided his benchmarks from Nov 2013 of packet forwarding rates with various configurations of FreeBSD 9.2 and 10, vs OpenBSD 5.4. Here is the raw data and scripts to reproduce and a graph of the results

There seem to be many opinions about what to do about pf, but so far no one willing to do the work

LibreSSL’s first few portable releases have come out and they’re making great progress, releasing 2.0.3 two days ago

Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list

However, there has already been some drama… with Linux users

There was a problem with Linux’s PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy

This “problem” doesn’t affect OpenBSD’s native implementation, only the portable version

The developers decide to weigh in to calm the misinformation and rage

A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now – remember to say thanks, guys

Ted Unangst has a really good post about the whole situation, definitely check it out

As a follow-up from last week, bapt says they’re working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly – if you’re a port maintainer, please test your ports against it

The release process for NetBSD 7.0 is finally underway

The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September

If you run NetBSD, that’ll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)

They’re also looking for some help updating documentation and fixing any bugs that get reported

Another formal announcement will be made when the beta binaries are up

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages

Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages

There’s also some detail about the signing infrastructure and different mirrors

Ports people and source people need to talk more often about ABI breakage

The post also includes information about pkg 1.3, the old pkg tools’ EOL, the quarterly stable package sets and a lot more (it’s a huge post!)

With recent QEMU features, you can basically chroot into a completely different architecture

This article goes through the process of building ARMv6 packages on a normal X86 box

Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now

The poudriere-devel port now has a “qemu user” option that will pull in all the requirements

Hopefully this will pave the way for official pkgng packages on those lesser-used architectures

For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen

This post shows his entire process in creating a mirror machine, using ZFS for everything

The “zfs send” and “zfs snapshot” commands really come in handy for this

He does the whole thing from a live CD, pretty impressive

A new blog series we stumbled upon about a Linux user switching to BSD

In part one, he gives a little background on being “done with Linux distros” and documents his initial experience getting and installing FreeBSD 10

He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels

Most of what he was used to on Linux was already in the default FreeBSD (except bash…)

Part two documents his experiences with pkgng and ports

Feedback/Questions