All Jupiter Broadcasting Shows

LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more. Headlines LLDB Threading support now ready for mainline Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages. In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report. So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report. Multiple IPSec VPN tunnels with FreeBSD The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html) But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below. The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE). Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C). VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C). News Roundup Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel. Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made. For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%. unwind(8); "happy eyeballs" In case you are wondering why happy eyeballs: It's a variation on this: https://en.wikipedia.org/wiki/Happy_Eyeballs unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers. This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E): 17 files changed, 385 insertions(+), 1683 deletions(-) Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals. Amazon now has FreeBSD ARM 12 Product Overview FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years. FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems. OpenSSH U2F/FIDO support in base I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys. Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step. You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time. So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too. Please test this thoroughly - it's a big change that we want to have stable before the next release. Beastie Bits DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud Really fast Markov chains in ~20 lines of sh, grep, cut and awk FreeBSD Journal Sept/Oct 2019 Michael Dexter is raising money for Bhyve development syscall call-from verification FreeBSD Forums Howto Section Feedback/Questions Jeroen - Feedback Savo - pfsense ports Tin - I want to learn C Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag. Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.

All three of us have different levels of experience with Linux but there are tons of things that we wish we'd learned earlier in our journey. From gatekeeping to community culture, command line tricks to backups, and more.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.explainshell — Write down a command-line to see the help text that matches each argumentArch Linux — A simple, lightweight distributionEndeavourOS — An Arch-based distro with a dynamic and friendly community at its core.Regular expression — A regular expression is a sequence of characters that define a search pattern.Samba — Samba is the standard Windows interoperability suite of programs for Linux and Unix.Nextcloud — The self-hosted productivity platform that keeps you in contro

We're myth-busting this week as we take a perfectly functioning production server and switch it to Arch. Is this rolling distro too dangerous to run in production, or can the right approach unlock the perfect server? We try it so you don't have to. Plus some big community news, feedback, and more.Special Guest: Brent Gervais.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Microsoft Teams is now available on Linux Microsoft Teams is the first Office app for Linux | VentureBeat Black Friday Sale is almost done! NVIDIA Looks To Have Some Sort Of Open-Source Driver Announcement For 2020 WireGuard VPN is a step closer to mainstream adoption How to setup your own VPN server using WireGuard on Ubuntu Chris Noticed his Manjaro mirrors were REALLY slow this AM Christmas Student Contest! | The Mad Botter — We are running a contest for High-School students to win a System76 Thelio Linux PC on us. To qualify you must be a US high-school student with your parents permission to participate and write a small FOSS project and publish it on GitHub.Perfect Plasma Setup - From Basic to Brilliant - YouTube Jupiter Extras: Brunch with Brent: Alan Pope Keep the conversation going join us on Telegram Jupiterbroadcasting.com/telegram WireGuard Snapper pacupg snap-pac: Pacman hooks that use snapper to create pre/post btrfs snapshots like openSUSE’s YaST Docker + systemd-network Surprise - Bootloader Blog Docker - ArchWiki A reliable fix to Docker not keeping it’s IPV4 address on Arch - VADOSWARE ubuntu - Docker service starts before ZFS - Server Fault grub-btrfs: Include btrfs snapshots in the grub menu Feedback: Arch Update Catch-Up Tips

Brent sits down with Alan Pope (popey), who shares his knack for fuzzy-testing, the beginnings of Ubuntu Podcast, insights into Ubuntu Touch and Unity, the joys and perils of being "Internet Famous", and how to contribute meaningfully to your favorite Linux distributions. popey is a Developer Advocate at Canonical working on Snapcraft & Ubuntu, co-host of User Error and Ubuntu Podcast.Special Guest: Alan Pope.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer./r/Cats - Reddit/r/Chonkers - RedditMartin Wimpress on TwitterBrunch with Brent: Martin WimpressBrunch with Brent: RoccoUbuntu PodcastUbuntu Podcast on TelegramUser Errorpopey.comAlan Pope - @popey on TwitterBrent Gervais - @brentgervais on Twitter

Ubuntu Pro is a click away, and their kernel goes rolling on AWS. We process the range of announcements, while Mozilla cranks up the security and impresses us with DeepSpeech. Plus why Ubuntu is taking the Windows Subsystem for Linux so seriously.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Canonical announces Ubuntu Pro for Amazon Web Services — New premium Ubuntu images with extended security, kernel live patching and moreIntroducing the Ubuntu AWS Rolling KernelCanonical Announces "Ubuntu Pro" For AWSCanonical makes Ubuntu for Windows SubSystem for Linux a priorityAmazon Announces Graviton2 SoC Along With New 64-Core Arm Instances — The new Graviton2 SoC is a custom design by Amazon’s own in-house silicon design teams and is a successor to the first-generation Graviton chip. The new chip quadruples the core count from 16 cores to 64.Graviton pulse - Memory AlphaAWS Goes All In On Arm-Based Graviton2 ProcessorsFirefox 71 Released — Native MP3 decoding on Windows, Linux, and macOSFirefox 71 Linux Performance Isn't Looking All That GreatFirefox Private Network BetaFirefox VPN Sign UpMozilla launches the next phase of its Firefox Private Network VPN betaAvast Online Security and Avast Secure Browser are spying on youMozilla updates DeepSpeech with an English language model that runs 'faster than real time'

Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.Special Guest: Karthik Gaekwad.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.DevSecOps Days is coming to Austin, Texas. — Join us for the first ever DevSecOps Days Austin, Texas. Meet fellow practitioners integrating security into their DevOps practices. Learn about their journeys, share ideas on integrating security into your teams, and trade insights on automating security within the entire developer and production pipeline. Come learn how to put the "Sec" into DevSecOps. How DevOps and security teams can get along better — One of the biggest issues for IT security teams is getting involved early enough in the development process. For many, security is something that gets applied once the applications have been built and are moving into production. However, this is an old fashioned approach that is held over from the days when development took place in waterfall phases and applications were held behind strong perimeter security implementations.What is DevSecOps? — DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps. Security’s Shift Right — Once you give up on the idea of teaching developers to not write bugs, you are freer to think of approaches to help them. One of the best approaches is to provide rapid feedback to developers. In the land of application performance, we found that running APM tools in production was a way to help developers find places to optimize their code. This created a feedback loop from production (the right) to development (the left).Karthik on Twitter — I live in Austin, work with @golang, k8s & containers at Oracle; @lynda author; organize @devopsdays, @containerdays and @cloudaustin. Views are my own.

Talking to ourselves, delicious family meals, and the complexities of modern work. Plus inexpensive acquisitions, the price we put on security, and popey refusing to answer the simplest of questions. 00:00:47 Is turkey dinner really worth the effort? 00:06:54 What's the best bargain you've ever acquired? 00:12:18 If you were given $1,000 for every person you shared your master password with, how many people would you share it with? 00:18:49 Have you ever had an imaginary friend? 00:22:55 Is the gig economy good or bad? 00:29:46 Beer/cider: warm or flat?Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.

Home Assistant has changed our families' lives for the better. We share tips for getting started, implementing automation, devices we use, and our favorite integrations. Plus Alex's thoughts on automating his new LG TV and be sure to check the links!Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Hard Drive Sales Telegram GroupNabu Casa — No longer worry if you left the garage door open. Quickly access your Home Assistant instance from your phone, your favorite coffeeshop or at work. All data is fully encrypted between your device and your Home Assistant instance. No snoopingHome Assistant CloudChris' Z-Wave USB Dongle — Z-Wave Plus certified for wide compatibilityChris' White Noise Makers — The Original White Noise Machine - Marpac Dohm Chris' Fav sensor: Aeotec Multisensor 6 — Z-Wave Plus 6-in1 motion, temperature, humidity, light, UV, vibration sensorChris' Outdoor Z-Wave Power Plugs — GE Enbrighten Z-Wave Plus Smart Plug, 1 On/Off Outlet, Weather-Resistant, Built-in Repeater/Range Extender500-Watt Ceramic Small Space Personal Mini Heater — Compact personal space heater design that is small enough for tables or desktopsChris' Portable Oil-Filled Radiator — 1200 watts of heating power, silent operation, Best for small to medium rooms that need constant heat in the colder seasons. TP-Link Smart Plug two Pack — Smart WiFi Plug Mini by TP-LinkHome Assistant Integrations DirectoryAlex's Fav Smart Plug — Teckin Mini Smart Socket with Schedule and Timer FunctionSmart RGB LED strips with Home Assistant — This article will detail how to build a fully open source, 3D printable smart LED strip for $16.38.Mosquitto - An open source MQTT broker — The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers.Complete guide on setting up Grafana/InfluxDB with Home Assistant

We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more. Headlines FreeBSD third quarterly status report for 2019 This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work). Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner. Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October. Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January. OpenBSD on Sparc64 OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available. First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release. Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions. News Roundup ZoL repo move to OpenZFS Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at http://github.com/ZFSonLinux/zfs will be moved to the OpenZFS organization, at http://github.com/OpenZFS/zfs. The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020. Mcclure111 Sun Thread A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback. GEOM NOP Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device. GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks. Keeping NetBSD up-to-date with pkg_comp 2.0 This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD. Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure. This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform. Beastie Bits DragonFly - Radeon Improvements NomadBSD review Spongebob OpenBSD Security Comic Forth : The Early Years LCM+L PDP-7 booting and running UNIX Version 0 Feedback/Questions Chris - Ctrl-T Improved Ctrl+t that shows kernel backtrace Brian - Migrating NexentaStore to FreeBSD/FreeNAS Avery - How to get involved Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

Give the gift of remote support with our neat SSH trick. Also, Cassidy from elementary OS joins us to discuss what's great about their new release. Plus we'll share some gadget gift ideas, and what we're building for the holidays.Special Guests: Alex Kretzschmar and Cassidy James Blaede.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Thermal testing Raspberry Pi 4 - Raspberry Pi Black Friday Sale is almost done! Librem 5 backers have begun receiving their Linux phones Richi’s Blog - ZeroNet Here’s An Early Look at the PinePhone Developer Edition (Video) - OMG! Ubuntu! Introducing elementary OS 5.1 Hera ⋅ elementary Blog Linux App Summit 2019 Linux Headlines Get Together | Distros and Drinks Jupiter Extras - NOW ON YouTube Keep the conversation going join us on Telegram Jupiterbroadcasting.com/telegram Giving the Gift of Linux. The gift of network backups backuppc - Docker Hub Pi-hole®: A black hole for Internet advertisements – A black hole for Internet advertisements Free Backup Solution - Veeam Backup & Replication Community Edition AdguardTeam/AdGuardHome: Network-wide ads & trackers blocking DNS server Lakka - The DIY open source retrogaming emulation console RetroArch - runs on iOS/Apple TV and Android for tablets and phones, as well as on game consoles like PS2, PS3, PSP, PS Vita, Wii, Wii U, 2DS, 3DS, Switch, and more! (what Lakka uses) Amazon.com: Retroflag NESPi Case+ Plus with USB Wired Game Controllers & Cooling Fan & Heatsinks for RetroPie Raspberry Pi 3/2 Model B & Raspberry Pi 3B+: Computers & Accessories Lee Seymour on Twitter: “@ChrisLAS @RaspberryPi There’s a Gameboy clone that runs on a Pi Zero.” / Twitter Odroid GO - Retro gaming based on the ESP32 microcontroller Adafruit Pi GRRL 2.0 - Handheld gaming based on the Raspberry Pi - Case and Pi not included Pimoroni Picade Cabinet Kit - Mini arcade cabinet based on the Raspberry Pi (Pi not included) jellyfin/jellyfin-kodi: Kodi app for Jellyfin Dennis Hoshield on Twitter: “@ChrisLAS @RaspberryPi The options are endless! I built a frame for the LCD panel and controller, and velcro’d a wood case enclosed R pi to it. https://t.co/ncS9UmPtK7” / Twitter OSMC - (Open Source Media Center) is a free and open source media player based on Linux. Founded in 2014, OSMC lets you play back media from your local network, attached storage and the Internet. OSMC’s Vero 4k + - £99 - Pair the power of OSMC with hardware anyone can use. Hass.io Installing Hass.io - Home Assistant Kasa Smart WiFi Plug Mini by TP-Link Holiday Light Show - System76 Weekend Project Strobe Audio — Open Source Multiroom Music System Pi-DAC+ I2S audiophile sound card for Raspberry Pi badaix/snapcast: Synchronous multi-room audio player Pi MusicBox - A Spotify, SoundCloud, Google Music player for the Raspberry Pi, with remote control Mopidy Open Media Vault - openmediavault is the next generation network attached storage (NAS) solution based on Debian Linux. Orange Pi Zero Pioneer FreedomBox Home Server Kit Overview | FreedomBox - Personal Server at Home Self healing reverse SSH setup with systemd OpenSSH/Cookbook/Proxies and Jump Hosts - Wikibooks, open books for an open world Self-healing SSH Tunnel with autossh by jnsgruk IPv6 VPN · Slexy.org Pastebin 6tunnel · Slexy.org Pastebin 6tunnel: Tunnelling for application that don’t speak IPv6 Ubuntu Manpage: 6tunnel - tunnelling for application that don’t speak IPv6 DS-Lite – IPv4 over IPv6 and NAT | Citrix Blogs This Month in Mutter & GNOME Shell | November 2019 – GNOME Shell & Mutter Dev