DNS, Black Holes & Willem

Today on the show, we welcome Allan back from FOSSDEM, and enjoy an interview with Willem about DNS and MTU Black Holes. That plus all the weeks news, keep it turned here to BSD

This episode was brought to you by

Headlines

FreeBSD Quarterly Status Report

• It is that time of year again, reviewing the progress of the FreeBSD project over the last quarter of 2015
• There are a huge number of projects that have recently been completed or that are planned to finish in time for FreeBSD 10.3 or 11.0
• This is just a sample of the of the items that stood out most to us:
• A number of new teams have been created, and existing teams report in. The Issue Triage, bugmeister, jenkins, IPv6 advocacy, and wiki-admin teams are all mentioned in the status report
• Progress is reported on the i915 project to update the Intel graphics drivers
• In the storage subsystem: RCTL I/O rate limiting, Warner Losh’s CAM I/O Scheduler is progressing, Mellanox iSCSI Extensions for RDMA (iSER) was added, Chelsio iSCSI offload drivers, Mellanox 100 gbit/s drivers
• In Security: Encrypted crash dumps, OpenBSM updates, and a status report on HardenedBSD
• For embedded: Support for Ralink/Mediatek MIPS devices, Raspberry Pi Video Code packages, touch screen support for RPI and BBB, new port to the Marvell Armada38x, and the work on arm64 and RISC-V
• kib@ rewrote the out-of-memory handler, specifically to perform better in situations where a system does not have swap. Was tested on systems ranging from 32 MB of memory, to 512 GB
• Various improvements to the tool chain, build system, and nanobsd
• It was nice to see a bunch of reports from ports committers
• An overview of the different proposed init replacements, with a report on each ***

First timer’s guide to FOSS conferences

• This post provides a lot of good information for those considering going to their first conference
• The very first item says the most: “Conference talks are great because they teach you new skills or give you ideas. However, what conference talks are really for is giving you additional topics of conversation to chat with your fellow conference goers with. Hanging out after a talk ends to chat with the speaker is a great way to connect with speakers or fellow attendees that are passionate about a particular subject.”
• The hallway track is the best part of the conference. I’ve ended up missing as much as 2/3rds of a conference, and still found it to be a very valuable conference, sometimes more so than if I attend a talk in every slot
• It is important to remember that missing a talk is not the end of the world, that discussion in the hallway may be much more valuable. Most of the talks end up on youtube anyway. The point of the conference is being in the same place as the other people at the conference, the talks are just a means to get us all there.
• There is even a lot of good advice for people with social anxiety, and those like Allan who do not partake in alcohol
• Know the conference perks and the resources available to you. The author of the post commented on twitter about originally being unaware of the resources that some conferences provide for speakers, but also of discounts for students, and travel grants from Google and others like the FreeBSD Foundation
• There are also tips about swag, including watching out for booth wranglers (not common at BSD events, but many larger conferences have booths where your personal information can be exchanged for swag), as well as advice for following up with the people you meet at conferences.
• Lastly, it provides thoughts on avoiding “Project Passion Explosion“, or what I call “overcharging your BSD battery”, where after hearing about the interesting stuff other people are doing, or about the things other need, you try to do everything at once, and burn yourself out
• I know for myself, there are at least 10 projects I would love to work on, but I need to balance my free time, my work schedule, the FreeBSD release schedule, and which items might be better for someone else to work on. ***

FreeBSD 10.1 based WiFi Captive Portal

• Captive portals, the bane of many a traveler’s existence, however a necessary evil in the era of war-driving and other potentially nefarious uses of “free-wifi”.
• This week we have an article from the folks at “unixmen”, showing (in great detail) how they setup a FreeBSD 10.1 based captive portal, and yes those are manual MySQL commands.
• First up is a diagram showing the layout of their new portal system, using multiple APs for different floors of the apartment / hotel?
• The walkthrough assumes you have Apache/MySQL and PHP already installed, so you’ll need to prep those bits beforehand.
• Some Apache configuration is up next, which re-directs all port 80 requests over to 443/SSL and the captive portal web-login
• At this point we have to install “pear” from ports or packages and begin to do the database setup which is fairly typical if you done any SQL before, such as create user / database / table, etc.
• With the database finished, the article provides a nice and clean rc.conf which enables all the necessary services.
• Next up is the firewall configuration, which is using IPFW, specifically DUMMYNET/IPALIAS/IPDIVERT and friends. The article does mention to compile a new minimal kernel with these features, if you plan on doing so they I would recommend starting off with that.
• The article then continues, with setting up DHCP server, SUDO and the PHP file creation that will act as the interface between the client and mysql/firewall rules.
• When it’s all said and done, you end up with a nice web-interface for clients, plus a bonus Admin interface to manage creating and removing users.
• For convenience at the very end is a link to all the files / configurations used, so grab that and avoid some of the copy-n-paste ***

Sailor, a 'wannabe' portable container system {their own words!}

• In the world of docker / jails / VMs, containers are all the rage right now, and now we can introduce “Sailor” to this mix
• A unique thing about this new solution, is that its based upon chroot/pkgin, and available on NetBSD / OSX and CentOS
• Since it is not using “jail” or other security mechanism, they to give us this cavet “Note that sailor's goal is not to provide bullet-proof security, chroot is definitely not a trustable isolator; instead, sailor is a really convenient way of trying / testing an environment without compromising your workstation filesystem.”
• Creating a new “ship” is relatively straight-forward, a simple shell define file can supply most of the relevant information. Nginx for example is only a few lines: https://github.com/NetBSDfr/sailor/blob/master/examples/nginx.conf
• In addition to the basic pkg configuration, it also provides methods to do rw/ro mounts into the chroot, as well as IP aliases and copying of specific host binaries into the container ***

Interview - Willem Toorop - willem@nlnetlabs.nl / @WillemToorop

• GetDNS
• vBSDCon 2015 Talk ***

News Roundup

A Quarter Century of Unix

• An oldie, but goodie, the book “A Quarter Century of UNIX” is now available for free download via PDF format.
• This provides an invaluable look into the history of UNIX, which of course we wouldn’t have BSD without.
• There is also a print version still available via Amazon (link at the above URL also). If you find the book useful, consider buying a copy, since a % still goes to the original author ***

Bjoern Zeeb has been awarded grant to finalize VIMAGE fixes

• “Bjoern Zeeb has been awarded a project grant to finalize and integrate the work done to make the VIMAGE network stack virtualization infrastructure production ready.”
• VIMAGE is the network virtualization kernel component that can be used to give jails their own network interfaces, so they can have their own firewalls, be assign addresses via DHCP, etc.
• Currently, a number of bugs prevent this feature from being enabled by default, or used in production
• The main areas of focus for the work are: network stack teardown, interface ordering, locking, and addressing the remaining memory leaks at teardown
• The work is expected to be completed by the end of March and to be included in FreeBSD 11.0 ***

Building a smtpd Mail Server on OpenBSD

• The OpenSMTPd FAQ has been updated with a new walkthrough of a complete installation
• Following this guide, the resulting installation will:
• Accepting mails for multiple domains and virtual users
• Allowing virtual users to authenticate and send mails
• Applying anti-spam and anti-virus filters on mails
• Providing IMAP access for the virtual users
• Providing log statistics
• It covers setting up the new filter system, configuring TLS, creating the domain and user tables, configuring spamassassin and clamav, and setting up dovecot
• There is even a crontab to send you weekly stats on what your email server is doing ***

Introduction to the FreeBSD Open Source Operating System LiveLessons

• Dr. Kirk McKusick has been one of the foremost authorities on FreeBSD for some time now, as co-author of the D&I of FreeBSD (along with George Neville-Neil and Robert Watson) and teaching numerous classes on the same. (Another good reason to come to a *BSD conference)
• As part of the Addison-Wesley Professional / LiveLessons series, he has made a 10+ hour video lecture you can now purchase to take his class from the comfort of your own home/couch/office/etc
• Aspiring FreeBSD developers, kernel developers, Application Developers and other interested individuals should really consider this invaluable resource in their learning.
  • The video starts with an introduction to the FreeBSD community and explains how it differs from the Linux ecosystem. The video then goes on to provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces are used as examples where they are defined. Where they are not defined, the FreeBSD interfaces are described.
  • The video covers basic kernel services, locking, process structure, scheduling, signal handling, jails, and virtual and physical memory management.
  • The kernel I/O structure is described showing how I/O is multiplexed and the virtual filesystem interface is used to support multiple filesystems.
  • Devices are described showing disk management and their auto-configuration.
  • The organization and implementation of the fast filesystem is described concluding with a discussion of how to maintain consistency in the face of hardware or software failures.
  • The video includes an overview of the ZFS filesystem and covers the socket-based network architecture, layering and routing issues.
  • The presentations emphasize code organization, data structure navigation, and algorithms.
• Normally the video will set you back $299, but right now you can pick it up for $239 (USD). We can’t recommend this enough, but also don’t forget to try and make it out to BSDCan or MeetBSD, where you can usually talk to Dr. McKusick in person. ***

BeastieBits

• Faces of FreeBSD: Sean Bruno

• Support Michael W. Lucas writing BSD books, and get your name in the credits

• bhyve windows support merged to stable/10 branch, will be included in FreeBSD 10.3

• FreeBSD Outsells Windows by almost 2-1

• A rant about the whois protocol

• Kris Moore talks about Jails and system management on BSDTalk

• FOSDEM 2016: Slides from the 5 years of IllumOS talk

• A tweet from the first day of FOSDEM showed only 1 FreeBSD machine. Many of the FreeBSD developers were at a devsummit offsite that day, and more users arrived for the BSD dev room which was on the Sunday

  ---

Feedback/Questions

• Antonio - ZFS Book Formatting
• Simon - ZFS Corruption?
• Christian - rm -r^OOOPSSS
• Phillipp - ZFS Send/Recv ***