workstation

OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs (https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/) 2023 in Review: Continuous Integration and Workflow Improvement (https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/) News Roundup Running OpenBSD on OmniOS using bhyve (https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/) FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory? (https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/) OpenBSD workstation hardening (https://dataswamp.org/~solene/2023-12-31-hardened-openbsd-workstation.html) KDE Plasma now linked to packages build on -current (https://www.undeadly.org/cgi?action=article;sid=20231227120851&utm_source=bsdweekly) MidnightBSD 3.1.3 release (https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Kieran - Feedback (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md) Albin - links inquires questions (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines The mass extinction of UNIX workstations (https://www.osnews.com/story/135605/the-mass-extinction-of-unix-workstations/) whoarethey: Determine Who Can Log In to an SSH Server (https://www.agwa.name/blog/post/whoarethey) News Roundup FreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages (https://klarasystems.com/articles/freebsd-vs-linux-5-factors-when-considering-freebsd-vs-linux-package-management/) A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding (https://iximiuz.com/en/posts/ssh-tunnels/) Harvesting the Noise While it’s Fresh, Revisited (https://medium.com/@peter.hansteen/harvesting-the-noise-while-its-fresh-revisited-3da1894cc8a7) Bastille - The Jail Manager on FreeBSD (https://byte--sized-de.translate.goog/linux-unix/bastille-der-jail-manager-unter-freebsd/?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. *** Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Virtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM (https://klarasystems.com/articles/virtualization-showdown-freebsd-bhyve-linux-kvm/) The Birth of Standard Error (https://www.spinellis.gr/blog/20131211/) News Roundup Investigating why Steam started picking a random font (http://blog.pkh.me/p/35-investigating-why-steam-started-picking-a-random-font.html) Curious Case of Maintaining Sufficient Free Space with ZFS (https://taras.glek.net/post/curious-case-of-maintaining-sufficient-free-space-with-zfs/) Call for testing on updated Apple M1/M2 bootloader code (https://undeadly.org/cgi?action=article;sid=20221120113149) FreeBSD on my workstation (https://camandro.org/blog/2022-09-30-freebsd-on-my-workstation.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Brad - Initial Setup (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/Brad%20-%20Initial%20Setup.md) Joseph - openbsd and postgresql (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/joseph%20-%20openbsd%20and%20postgresql.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

We finally give Brent his new laptop and get his reaction. Plus our best pick for replacing stock Android with something private.

We finally give Brent his new laptop and get his reaction. Plus our best pick for replacing stock Android with something private.

Build Your FreeBSD Developer Workstation, logging is important, how BSD authentication works, pfSense turns 15 years old, OPNsense Business Edition 21.10 released, getting started with pot, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) If you like BSDNow, consider supporting us on Patreon (https://www.patreon.com/bsdnow) Headlines Building Your FreeBSD Developer Workstation Setup (https://klarasystems.com/articles/freebsd-developer-workstation-setup/) What I learned from Russian students: logging is important (https://peter.czanik.hu/posts/russian_students_logging) News Roundup How BSD Authentication works (https://blog.lambda.cx/posts/how-bsd-authentication-works/) pfSense Software is 15 Today! (https://www.netgate.com/blog/pfsense-software-is-15-today) OPNsense® Business Edition 21.10 released (https://opnsense.org/opnsense-business-edition-21-10-released/) Getting started with pot (https://pot.pizzamig.dev/Getting/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. ## Feedback/Questions Benjamin - Question for Benedict (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Benjamin%20-%20Question%20for%20Benedict.md) Nelson - Episode 419 correction (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Nelson%20-%20Episode%20419%20correction.md) Peter - state machines (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/427/feedback/Peter%20-%20state%20machines.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Season 2 Episode 7 of The Fedora Podcast. This is the podcast to teach you about how the Fedora Project works. In this episode: We talk about Gnome 40 (https://forty.gnome.org/) with Allan Day (https://blogs.gnome.org/aday/)! You can read more about Gnome (https://www.gnome.org/) 40 on the Fedora Magazine (https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/). For the show notes, our chat room, and more, go to https://podcast.fedoraproject.org

Creating an ergonomically correct workstation or desk for work or learning is important for our overall health and critical to avoiding muscle strains, forward head posture, joint pain and other issues.

Creating an ergonomically correct work station at home or in an office, can help prevent back pain, neck pain, headaches and fatigue due to poor posture. There are tools available to determine if your chair and monitor are at the proper height.

The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines FuryBSD 2020-Q3 The world’s first OpenZFS based live image (https://www.furybsd.org/furybsd-2020-q3-the-worlds-first-openzfs-based-live-image/) FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root). FreeBSD Subversion to Git Migration: Pt 1 Why? (https://bsdimp.blogspot.com/2020/09/freebsd-subversion-to-git-migration.html) FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"? Video from Warner Losh (https://www.youtube.com/watch?v=Lx9lKr_M-DI) News Roundup FreeBSD Instant-workstation 2020 (https://euroquis.nl/freebsd/2020/09/17/instant-workstation.html) A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you. nut – testing the shutdown mechanism (https://dan.langille.org/2020/09/10/nut-testing-the-shutdown-mechanism/) Following on from my recent nut setup, this is the second in a series of three posts. The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required. login_ldap added to OpenBSD -current (https://undeadly.org/cgi?action=article;sid=20200913081040) With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current + https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2 Beastie Bits NetBSD current now has GCC 9.3.0 for x86/ARM (https://twitter.com/netbsd/status/1305082782457245696) MidnightBSD 1.2.8 (https://www.justjournal.com/users/mbsd/entry/33802) MidnightBSD 2.0-Current (https://www.justjournal.com/users/mbsd/entry/33806) Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 (https://www.singlix.com/runix/) *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Rick - rcorder (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/Rick%20-%20rcorder.md) Dan - machiatto bin (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/dan%20-%20machiatto%20bin.md) Luis - old episodes (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/370/feedback/luis%20-%20old%20episodes.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more. Headlines What has to happen with Unix virtual memory when you have no swap space (https://utcc.utoronto.ca/~cks/space/blog/unix/NoSwapConsequence) Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine): Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...] I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM. To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program. See link for the rest of the article Dsynth details on Dragonfly (https://www.dragonflydigest.com/2019/08/27/23398.html) First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load. Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes. dsynth DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's). The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied. The intent is to make dsynth compatible with synth's configuration files and directory structure. This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts). dsynth code (https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/usr.bin/dsynth/dsynth.1) News Roundup Instant Workstation (https://euroquis.nl/freebsd/2019/08/12/instant-workstation.html) Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly. So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager. The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think. In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around. Here is the script in my GitHub repository with notes-for-myself. (https://raw.githubusercontent.com/adriaandegroot/FreeBSDTools/master/bin/instant-workstation) New Servers, new Tech (https://www.dragonflydigest.com/2019/08/26/23396.html) Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure. New servers in the colo, monster is being retired (http://lists.dragonflybsd.org/pipermail/users/2019-August/358271.html) We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency. With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner. Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be. But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot. I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly. Experimenting with streaming setups on NetBSD (https://dressupgeekout.blogspot.com/2019/08/experimenting-with-streaming-setups-on.html?m=1) Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward. Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK. My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen. NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support (https://www.phoronix.com/scan.php?page=news_item&px=NetBSD-Linux-DRM-Ioctl-GSoC2019) Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support. Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer. These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer. Those curious about this DRM ioctl GSoC project can learn more from the NetBSD blog (https://blog.netbsd.org/tnf/entry/gsoc_2019_report_implementation_of). NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux. Beastie Bits FreeBSD in Wellington? (https://twitter.com/MengTangmu/status/1163265206660694016) FreeBSD on GFE (https://twitter.com/onewilshire/status/1163792878642114560) Clarification (https://twitter.com/onewilshire/status/1166323112620826624) Distrotest.net now with BSDs (https://distrotest.net/) Lecture: Anykernels meet fuzzing NetBSD (https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10334.html) Sun Microsystems business plan from 1982 [pdf] (https://www.khoslaventures.com/wp-content/uploads/SunMicrosystem_bus_plan.pdf) Feedback/Questions Alan - Questions (http://dpaste.com/1Z8EGTW) Rodriguez - Feedback and a question (http://dpaste.com/2PZFP4X#wrap) Jeff - OpenZFS follow-up, FreeBSD Adventures (http://dpaste.com/02ZM6YE#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more. Headlines FreeBSD 11.3-RELEASE Announcement (https://www.freebsd.org/releases/11.3R/announce.html) The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch. Some of the highlights: The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0. The ELF Tool Chain has been updated to version r3614. OpenSSL has been updated to version 1.0.2s. The ZFS filesystem has been updated to implement parallel mounting. The loader(8) has been updated to extend geli(8) support to all architectures. The pkg(8) utility has been updated to version 1.10.5. The KDE desktop environment has been updated to version 5.15.3. The GNOME desktop environment has been updated to version 3.28. The kernel will now log the jail(8) ID when logging a process exit. Several feature additions and updates to userland applications. Several network driver firmware updates. Warnings for features deprecated in future releases will now be printed on all FreeBSD versions. Warnings have been added for IPSec algorithms deprecated in RFC 8221. Deprecation warnings have been added for weaker algorithms when creating geli(8) providers. And more... OpenBSD Is Now My Workstation (https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/) Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear). I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way. Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while. A Bit About Me and OpenBSD I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices. I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most. News Roundup Write your own fuzzer for NetBSD kernel! [Part 1] (https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for) How Fuzzing works? The dummy Fuzzer. The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective. The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter. Coverage and Fuzzing What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done. However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour. Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags. For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution vBSDcon - CFP - Call for Papers ends July 19th (https://vbsdcon.com/) You can submit your proposal at https://easychair.org/conferences/?conf=vbsdcon2019 The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue. If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD. Both users and developers are encouraged to share their experiences. Exploiting FreeBSD-SA-19:02.fd (https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html) In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process. Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges. What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable. The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap. The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors. In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive. After that, the bug trigger is addressed. It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed. In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too. The last section wraps everything up in a conclusion and points out further steps and challenges. The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh. Streaming to Twitch using OpenBSD (https://dataswamp.org/~solene/2019-07-06-twitch.html) Introduction If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters. The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you. You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account. These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups. There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application. Beastie Bits Portland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza (http://calagator.org/events/1250475868) KnoxBUG - Michael W. Lucas : Twenty Years in Jail (http://knoxbug.org/2019-07-29) Ohio Linuxfest - CFP - Closes August 17th (https://ohiolinux.org/call-for-presentations/) My college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved (https://old.reddit.com/r/freebsd/comments/cdx8fp/my_college_nyu_tandon_is_moving_their_cs/) 3 different ways of dumping hex contents of a file (https://moopost.blogspot.com/2019/07/3-different-ways-of-dumping-hex.html) Feedback/Questions Sebastian - ZFS setup toward ESXi (http://dpaste.com/0DRKFH6#wrap) Christopher - Questions (http://dpaste.com/2YNN1SH) Ser - Bhyve and Microsoft SQL (http://dpaste.com/1F5TMT0#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Maintaining proper posture while at work is critical to preventing neck and back pain and other repetitive motion injuries. Workplace ergonomics is the process of creating workstations that support healthy, functioning body positions while working.

A new episode of UnWired...the Vehicular Podcast has Robert talking about his history of driving, his hatred of traffic and building a new editing workstation. Going over the parts and software he is thinking about for his new build while keeping an eye on the road.

Check out our videos at SpaceAgeConsulting - YouTube
Reach out to us at ABOUT | spaceage-llc
Tweet to us at @rbaker_spaceage