BSD is go for Launch

Coming up on BSDNow - We know init systems have been all the rage

This episode was brought to you by

iX Systems Mission Complete

• Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! ***

Headlines

Interview with Renato Westphal

• An interview with Brazilian OpenBSD developer Renato Westphal
• He describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS.
• He ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD
• When asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don't administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I'm doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.”
• They also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8)
• What do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I'd like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general” ***

Let’s Encrypt on a FreeBSD NGINX reverse proxy

• We have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy
• Backstory: For those who don’t know, “Let’s Encrypt” (https://letsencrypt.org) is a new Certificate Authority, which will allow you to create free and automated certificates.
• They have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow)
• This guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running.
• Most of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site.
• With that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains
• As a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at. ***

Mike Larkins OpenBSD vmm subsystem now in tree

• An openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world
• He mentions in the commit message that it still needs a lot of work, and as such is disabled by default.
• However for the adventurous among you, it can be turned on and tested
• Right now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD)
• No big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started. ***

The story of how Yahoo switched to FreeBSD

• Yahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests
• “Having spend many frustrating hours trying to install other PC OS's, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.”
• “If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.”
• Just that easily, Yahoo might never have ended up on FreeBSD
• “A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.”
• From my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD
• Related hackernews thread ***

iXsystems

• iXsystem's recap of LISA 2015 ***

Interview - Mark Heily - mark@heily.com / @MarkHeily

• relaunchd ***

News Roundup

Inline Intrusion Prevision System is an upcoming OPNSense Feature

• The next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system
• Suricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!)
• Enabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules. ***

Matthew Dillion working on Hardlinks in Hammer2

• We have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links
• The backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the common-parent-directory design for the inode target.”
• The implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag
• If no parent directory is marked “xlink”, it will fall-through instead to the root of the mount
• They also modified their installworld to set “/” /usr/,/var/,/home/ as “xlink” flagged
• This prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already. ***

Japan's NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference

• It’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference.
• This time around, we have pictures of the booth, as well as a variety of oddities such as:
• ODroid-C1 / Sharp X68030
• Sharp NetWalker
• Sharp WZero3 (Cell phone)
• Give them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!) ***

One of the three OpenBSD users Blog Post by Adam Wolk

• An OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative)
• The application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the three OpenBSD users feel strongly enough about this to propose a patch. :D”
• Part of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on
• Maybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary ***

BeastieBits

• DragonFly BSD 4.4 RC branch created
• HOWTO: NFS booting bhyve
• DragonFly BSD is looking for a 4.4 RC image by the end of November
• Support for Atheros QCA953x "Honeybee" has been added to FreeBSD
• Top updated in DragonflyBSD to allow the 'c' command
• FreeBSD textbook makes appearance on the 6pm news in the Netherlands 12:49
• SemiBug gives a recap of its Inaugural meeting and its plans for future meetups ***

Feedback/Questions

• Adam - GELI on USB
• Noble - Radius on FreeBSD
• Jim - Backporting Wifi Code
• Mohammad - Zombies!
• Miguel - ScaleEngine BTS ***