Author Archives: The arrow of time

Apache 2.2 and Perfect Forward Secrecy (PFS)

Update: apparently (I haven't tested it yet), Apache 2.2.26 finally supports ECDH cipher suites! The remainder of this blog post is not as usable any more and you can simply use some common SSLCipherSuite lines.

Using modern Perfect Forward Secrecy (PFS) cipher suites with #Apache 2.2 and #OpenSSL is not really possible in the general case. The best you can do is enable some DHE suites instead of the faster #ECDHE variants - for those you will need Apache 2.4.


GEOM_SHSEC: A shared secret disk drive GEOM module

GEOM_SHSEC is one of the less frequently used GEOM modules from FreeBSD, but it is actually pretty interesting. It combines several drives (or any other entities which are presentable as GEOM devices - including USB memory keys and files) into a single virtual drive which has the property that all its constituent devices must be present and available before its contents can be accessed.

For example, you might have two USB keys which both need to be plugged in before the Very Important Secret stored on them can be read. A very neat concept!


FreeNAS vs NAS4free

I've (finally) tried both FreeNAS and NAS4free and I'd like to share some thoughts and experiences. Both of these are "NAS-in-a-box" products intended to be installed on computers with a large number of drives, which they will export to the world in a variety of protocols. Both are based on FreeBSD, both fully support ZFS and they even share a common history.

The tl;dr of this post would be something like "yes, they are similar enough to be interchangable, BUT...", as I actually cannot give a more specific advice. Read on for why.


Parallella on Kickstarter

Kickstarter is a great thing - it allows projects which limited appeal to be succesfully financed, which helps them succeed. One such project is the Parallela. It is basically an ARM-based highly-NUMA computer with 16-64 cores which can be used both to teach parallel programming and actually do some useful work with very little electrical power. The numbers cited as on the on the order of 45 GFLOPS/watt for the maximum configuration. As the Kickstarter deadline is approaching, I think it is a good time to use this opportunity to call on all enthusiasts to help fund this cool project!


Using pkgng in real life

I have been using pkgng on a few machines now and I'd like to share some thoughts about how it behaves in real-world situations. Overall, I'm very happy with it and it's immensely better than what we had before. There are some rough edges which need to be solved but those are mostly a property of the ports system itself rather than pkgng.


pkgng – best thing since sliced bread!

FreeBSD (and BSDs in general) traditionally have source-based upgrades and installs which extends to the third party software collections - ports or pkgsrc and similar. This is all fine and offers unprecedended flexibility when tailoring system to specific needs, but sometimes this flexibility is less important than ease of use or time savings which can only be achieved with binary packages. Enter pkgng, the next-generation binary package management system by Baptiste Daroussin and others, which replaces the old-style ports and packages system.


Writing a GEOM GATE module, part 1

For various reasons, including the common good, I'd like to write a short-ish tutorial about writing GEOM GATE modules for FreeBSD. I hope to do this in a series of a few blog posts, dealing with the steps of writing such a module, this being the first post in the series. Finally, I'd like to do it while also creating a usable module, so this will not be an academic excercise but (hopefully) useful work.

I'd like to start with explaing what GEOM and GEOM GATE are.


BSDCan 2012 – Day 2

The second, and unfortunately the last day of BSDCan was filled with interesting talks, again with much overlap. There are simply so many interesting things going on in FreeBSD that all of them simply don't fit in just two days of conferencing! From all of those, I'd recommend (even though I wasn't able to attend some of them) the talks on netmap, ZFS, AWS, pkgng and IPv6 security - don't miss them when the videos go online!


DevSummit 2012 day 2 and BSDCan 2012 day 1

The second day of the DevSummit continued with interesting technical discussions in the Virtualization track, which was paralleled with the Teaching OS Courses track and the Administration and Toolchain tracks. The BSDCan day began with an epic bagpipe performance followed by full four tracks of highly interesting topics - unfortunate as there is much overlap. I gave my talk on Bullet Cache which describes some of the more interesting technical aspects and presents new performance measurements.


BSDCan 2012 – DevSummit

Another year - another BSDCan! It's very nice and even comforting to see such a large number of familiar faces again, and even more as the ranks are filled in by fresh new developers. The conference and the Developers' Summit before it promise a great program and a great time for the BSDers.