Series on 2011 development of FreeBSD based O/S

Next week I’ll be posting a number of posts on what project founders and developers are planning this year for some FreeBSD based operating systems.

I’ll be posting on PC-BSD, pfSense, m0n0wall, HeX, MaheshaBSD, Debian GNU/kFreeBSD and maybe a few more.

Stay tuned.

Quick news and links: ghostbsd, pfsense, doing business with BSD

Some links to recent project updates and howtos.

pfSense

GhostBSD

Setting up FreeBSD Wireless

Successful businesses do it with BSD!

The hidden underbelly of Mac OS X is; yep you guessed it BSD. Originally based on OpenBSD however since 10.2 or shortly there after FreeBSD. So this begs the question why do some many manufacturers rally behind Linux when Apple has clearly demonstrated beyond a shadow of any doubt that if you wish to be truly commercially successful building on the back of Open Source you’ve got to do it with a BSD. Consider all of those netbook producers out there with deploying Windows XP in most cases or some flavorless Linux distribution. …. Contintues

kFreeBSD with ZFS, Bordeaux on PC-BSD, benchmarks and pfSense

Debian’s GNU/kFreeBSD Installer will support ZFS

“While Debian GNU/kFreeBSD has supported the ZFS file-system with its FreeBSD-8 kernel, support for installing the Debian GNU/kFreeBSD distribution to a root ZFS file-system will now be possible with the Debian 6.0 “Squeeze” release.

For those unfamiliar with Debian GNU/kFreeBSD, it takes the GNU user-land but runs it atop the FreeBSD kernel rather than Debian GNU/Linux with the Linux kernel. You can still use apt-get and do most anything you would with the Linux-based Debian distribution (aside from different hardware compatibility and other support differences), but instead you’re running the FreeBSD kernel.

While the upstream FreeBSD project doesn’t have an easy root ZFS file-system installation option within FreeBSD 8.0/8.1, this isn’t particularly ground-breaking, as the FreeBSD-based PC-BSD already has ZFS installation support that is quite easy to work.”

Full post on Phoronix: Debian’s GNU/kFreeBSD Installer Will Support ZFS

Review of Running Bordeaux on PC-BSD

Jesse Smith of Distrowatch has used Bordeaux for a week and written up his (mostly positive) experience (feature story):

“The Bordeaux Technology Group is a company specializing in compatibility software. Specifically, they work at making it as easy as possible to run Windows programs on the UNIX family of operating systems. Their Bordeaux tool is built to run on Linux, FreeBSD, Solaris, OpenIndiana and Mac OS X. Bordeaux is, at its heart, a customized build of Wine. They take a recent version of Wine, add some special tools and test their build for compatibility against a group of popular Windows software. They then sell this bundle (along with support) for about US$20 – 25, much less than the typical cost of a Windows license. A few weeks ago I had a chance to chat with Tom, a member of the Bordeaux Technology Group, and he was kind enough to give me a copy of Bordeaux (PC-BSD edition) to test-drive.

The provided PBI package was about 44 MB and it installed without any problems. With the install completed, two icons were added to my desktop and application menu. These new icons were labelled “Bordeaux” and “Cellar Manager”. I launched Bordeaux first and was presented with a new window featuring three tabs along the top. These three tabs are called “Install Applications”, “Manage Wine” and “Unsupported Packages”. At the bottom of the window, regardless of which tab is selected, are two buttons called “Help” and “Install”. Clicking the Help button always opens a browser window to the Bordeaux documentation website. The Install button actually performs different functions depending on which tab is selected.”

Read on for the remainder of the story, and the conclusion: Test-driving Bordeaux 2.0.8

NB, Bordeaux Group has a 50% offer going: Bordeaux 50% off recession busting sale

New benchmarks of OpenSolaris, BSD & Linux

Phoronix has benchmarked the latest OpenSolaris-based distributions (OpenSolaris, OpenIndiana, and Augustiner-Schweinshaxe), compared to PC-BSD, Fedora, and Ubuntu. The Phoronix review concludes:

There you have it, the performance of the latest OpenSolaris distributions against PC-BSD/FreeBSD and two of the most popular Linux distributions. The Fedora and Ubuntu operating systems won most of the tests, but there were a few leads for PC-BSD while the OpenSolaris operating systems just one won test (Local Adaptive Thresholding via GraphicsMagick) at least for our benchmarking selection and workload. If you are using an OpenSolaris-based operating system hopefully you are not using it for a performance critical environment but rather to take advantage of its technical features like DTrace, ZFS (though that is becoming moot with its availability on PC-BSD/FreeBSD and even Linux), etc.

Check out the article for the graphs, benchmark details and hardware used: New benchmarks of Opensolaris, BSD and Linux

Build your own Router (pfSense)

Martin Diers set up pfSense for a new warehouse.

My company is expanding into a warehouse, and so for the first time, I have to setup a WAN. That’s a Wide Area Network, which basically means joining together two or more LANs so everyone can see each other, even if you are across the country.

At my company, I have our local internet router running pfSense on a traditional PC with two network cards. It works just like your home linksys or netgear router. It’s just faster and can handle a lot more traffic. It is also extremely stable. I never have to reboot the thing. You configure it just like your home router: through a web interface

He finishes the article by saying how easy setting up a wlan with pfsense (and cheap), compared to the 90′s:

pfSense has been the best router software I have ever used. It is as capable as anything put out by Cisco or HP, and it is open source. For the cost of the bare hardware, you can have a world-class router that supports many other services such as local DNS resolution, content filtering, bandwidth monitoring, Quality of Service controlls, the list goes on, and you can even have it in an little fanless package.

Read the whole post: Build your own router (trojanbadger.com)

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.”

4 open source firewall/router projects, incl pfSense and m0n0wall

LinuxPlanet has a post with some background information of 4 great open source firewall/router projects. Two are Linux-based (endian and smoothwall) and the other two are based on FreeBSD (m0n0wall and pfSense):

pfSense

pfSense is a customized distribution of FreeBSD. It actually started in 2004 as a fork of the m0n0wallproject. However, it concentrates more towards full PC installations, where m0n0wall is more towards embedded hardware.

pfSense can be considered as a popular package, as it has more than 1 million downloads. It can be used in homes or in large corporations and organizations. It’s available as a Live CD, hard drive installation, or embedded.

pfSense has low system requirements; 100 MHz Pentium CPU and 128 MBs of RAM. The Live CD requires a CD-ROM drive and a USB flash drive or floppy drive for storing the configuration file. The hard drive installation requires a CD-ROM for the initial installation and at least 1 GB hard drive. The embedded version requires a serial port for console and at least a 128 MB Compact Flash card.

pfSense, of course, includes a powerful firewall, including the ability to filter based upon the passively detected operating system. Its state table can be finely customized. It can do Network Address Translation (NAT) and load balancing of multiple WAN connections. It has a DHCP server and relay functionality.

Other important features include redundancy and synchronization, captive portal, and the support of three VPN solutions: IPsec, OpenVPN, and PPTP.

pfSense includes great reporting and monitoring features. RRC graphs show historical values of CPU utilization, firewall states, throughput, and more. There are also SVG graphs showing the real-time throughput of interfaces.

m0n0wall

m0n0wall is also based from FreeBSD. This firewall project is designed for use with embedded x86-based PCs. However, it is possible to run m0n0wall on most standard desktop PCs.

m0n0wall officially supports the embedded net48xx/net55xx systems from Soekris Engineering and the ALIX platform from PC Engines. It requires at least a 16 MB Compact Flash (CF) card and they recommend using at least 64 MBs of RAM.

Getting m0n0wall running on an embedded system just takes downloading an image and writing it to a CF card. For desktop PCs, you can be write a disk image to a small IDE hard drive or CF card, or use the CD-ROM and floppy disk version. A VMware image is also available.

The entire system configuration is conveniently stored in one single XML text file, eliminating multiple text files parsed in a shell script. m0n0wall can completely boot up in less than 25 seconds after hitting the power button. On embedded platforms it provides a WAN to LAN TCP throughput of more than 50 Mbps (including NAT), and with newer PCs you can see 100+ Mbps.

The firewall provides stateful packet filtering and supports Network Address Translation (NAT). It also features a DHCP server and relay support. It supports VLANs and IPsec and PPTP VPNs. It even features wireless support for certain chipsets to create an access point (AP).

Other important features include a captive portal, SVG-based traffic graphing, SNMP agent, DynDNS client, and Wake on LAN client.” (full article)

Great to see the attention given by LinuxPlanet to FreeBSD based router/firewall projects. It would be nice if this was followed up by an in-depth review, comparison and benchmarking to help users decide which of the four is the best for their particular need.

FreeBSD quick news and links (week 35)

Some FreeBSD related links and updates below:

New NVidia FreeBSD drivers 256.53

NVidia has updated its graphics drivers for FreeBSD. Some of the changes are:

  • Fixed a bug that prevented XvMC from initializing in most cases.
  • Added support for xorg-server video driver ABI version 8, which will be included in the upcoming xorg-server-1.9 series of releases.
  • Fixed a bug that caused extremely slow rendering of OpenGL applications on X screens other than screen 0 when using a compositing manager.
  • Fixed a regression introduced after 256.35 that caused stability problems on GPUs such as GeForce GT 240.
  • Fixed a slow kernel virtual address space leak observed whenstarting and stopping OpenGL, CUDA, or VDPAU applications.
  • Fixed a bug that left the system susceptible to hangs when running two or more VDPAU applications simultaneously.

BSD License Generator

One shouldn’t have to change too much text when adapting the BSD license, but for the lazy there a BSD License Generator.

Benchmarking HAProxy – Ubuntu vs FreeBSD

“HAProxy on Ubuntu, or HAProxy on FreeBSD? I couldn’t find any real benchmarks comparing the two out in the wild, so I decided to do my own.”

More: Benchmarking HAProxy – Ubuntu vs FreeBSD

Installing pfSense on a Nokia IP120 firewall

“I was recently toying with an old Nokia IP120 firewall and discovered that pfSense would run quite well on this old hardware.”

Here’s how to do it: Installing pfSense on a Nokia IP120 firewall

FreeBSD Stable Release Install Guide

There’s already the excellent FreeBSD Handbook, but here and there you can find other useful guides, for instance the FreeBSD Stable Release Install Guide.

Up to date, Step by Step, How-To, Instructional Guide to Installing FreeBSD from scratch, Specifically written with background information covering the why and how the different components are used together to create a home or small enterprise network for the new-be and inexperienced FreeBSD computer hobbyist. Not a General reference type of document, but a true learning aid containing details unique to the stable version of FreeBSD your installing: a1poweruser.com

The history of Unix on the PC: Exploring lesser-known variants

“When someone discusses the Unix operating system on a PC, many modern computer users think of Linux, a Unix work-alike first released by Linus Torvalds in 1991. Linux is a relative newcomer to the field; Unix and Unix-like operating systems have been released for Intel x86-based systems as far back as 1979. This article covers some lesser-known Unix variants for IBM PC-compatible systems, both those that survive today and the ones that were not long-lived or commercially successful:

The history of Unix on the PC: Exploring lesser-known variants

Bordeaux 2.0.8 for FreeBSD and PC-BSD released

The Bordeaux Technology Group released Bordeaux 2.0.8 for FreeBSD and PC-BSD today. Bordeaux 2.0.8 is a maintenance release that fixes a number of small bugs. With this release firefox and winetricks have been updated

Bordeaux 2.0.8 was built on FreeBSD 8, PC-BSD 8 and PC-BSD 7.1  A .sh installer is provided for FreeBSD and a .pbi installer for PC-BSD

Depending on sales, Bordeaux Software plans to add Pulse Audio to the next major BSD release. So if you would like to have Pulse Audio in Wine on FreeBSD and PC-BSD make a purchase. Help spread the word!

Full post: Bordeaux 2.0.8 for FreeBSD and PC-BSD Released

Purchase Bordeaux and help support Wineconf 2010 and FreeBSD

By purchasing Bordeaux you support further development of Bordeaux, but this month you will also indirectly support the FreeBSD Foundation as part of the revenues are shared: Purchase Bordeaux and help FreeBSD

FreeBSD events and conferences (KyivBSD, MeetBSD, EuroBSD)

Here is some info and details of upcoming FreeBSD related conferences and events.

KyivBSD 2010 Conference

On 25 Septempter the annual KyivBSD Conference will be held in Kiev, Ukraine. It’s mainly aimed at FreeBSD and PC-BSD users and developers.

More info: http://ru.kyivbsd.org.ua (RU) (EN translation) (via)

BSD-Day 2010

BSD-Day@2010 will be held at Eötvös Loránd University, Budapest, Hungary on 20 November 2010.

The purpose of this one-day event is to gather Central European developers of today’s open-source BSD systems, popularize their work, and provide a real-life communication interface between developers and users. There are no formalities, no papers, and no registration or participation fee, however the invited developers are encouraged to give a talk on their favorite BSD-related topic. The goal is to motivate potential future developers and users, especially undergraduate university students to work with BSD systems.

EuroBSDCon 2010 Travel Grants

The FreeBSD Foundation is now accepting travel grant applications for EuroBSDCon 2010 (Karlsruhe, Germany from October 8-10′. More details: EuroBSDCon 2010 Travel Grants.

For those interested in open source firewalls, there will be a pfSense tuturial at EuroBSDCon 2010.

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

MeetBSD 2010 (California)

Registration is now open for MeetBSD 2010 (Mountain View, California, 5-6 November): www.meetbsd.com

NYCBUG presentation

Ivan Ivanov presented “Examples in Cryptography with OpenSSL”. Download/listen the MP3.

Usenix Security Symposium 2010 (Capsicum)

Robert Watson will present Capsicum (coming in FreeBSD 9.0) at Usenix Security Symposium.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

These and other conferences can be found on my FreeBSD Events and Conferences Calandar.

FreeBSD quick news and links (04/08/2010)

PC-BSD Blog

Dru Lavigne has joined the PC-BSD team this month. The first thing she did, was setting up another blog: the PC-BSD Blog. She already posts BSD related posts on it.toolbox.com: A year in the life of  a BSD guru.

A new *BSD Planet Website

Edward launched AboutBSD recently as a new *BSD blogs agregating website. It won’t be a copy of blogs.freebsdish.org or news.bsdplanet.net, but it will also have some background info on the different BSD systems.

As for the goal for AboutBSD, I want to turn it into a planet website that aggregates how BSD system admins use BSD. So that new users or system admins can learn that BSD is flexible, powerful, and provides all the freedom one needs to deploy services on BSD.

FreeBSD/Linux Benchmarking (Phoronix)

PC-BSD Review: Strike that: now I’m a PC-BSD!

The review finishes with:

I would have no hesitation in recommending PC-BSD for desktop use. It has definitely been the best install experience for a desktop system I have had. It seems exactly tailored for someone like me, a developer in an office where we have tried to be operating-system-neutral as much as possible: most of our programmers do run PCs but we have weaned ourselves off any PC-only applications long ago (apart from specialist applications). As I mentioned in the previous blog, it is a smooth and pretty OS, and feels solid.

Whole review here

ZFS v15 imported into FreeBSD (head)

As announced before, ZFS v15 was successfuly imported into FreeBSD! For a time there was an option of importing just v15 or proceeding directly to v16 but the community has decided to first import the older version for reasons of stability and compatibility with Solaris 10 Update 8. (via)

Millions of home routers at risk.

According to new research delivered today here at the Black Hat security conference, millions of home routers may have a serious security flaw.

In his presentation at Black Hat, security researcher Craig Heffner detailed how an external attacker could gain full control of a user’s router and use that to gain access to the internal local area network (LAN). Though the implications are ominous, Heffner, also detailed a variety of steps users can take to protect themselves.

You should use pfSense instead:

Heffner also called on router vendors to build in DNS Rebinding mitigations into their routers directly.

“The only router software that I know of that does this now is pfSense

(Whole article here:  Millions of home routers at risk)

Foremay ships world’s largest 2TB SSD

This 2TB SSD should work on FreeBSD:

Foremay has introduced a 1TB 2.5? SATA solid-state drive alongside the industry-leading 2TB 3.5? SATA SSD, as the company expects to see an increased demand in SSD products for the enterprise.

The EC188 M-series model-V includes 200 MB/s read/write speeds, and can be used in the enterprise and workstation PCs.

Ideally, enterprise users will be able to utilize the EC188 M-series model-V, as it includes support for Microsoft Windows, Mac, several versions of Linux, OpenSolaris, Solaris, FreeBSD, HP-UX, Unix, and other operating systems…. Continues

Stopping SSH Brute Force attacks with PF on FreeBSD

Most people know that port 22 is used for SSH communication and due to this common knowledge, you get people using scripts to test for weak passwords. If you look into your /var/log/auth.log and you see tons of fails/errors from users not on your system or from invalid passwords for root, it means you have people trying to break into your system. Truthfully, anyone that puts a system online with port 22 open will see this happen to them.  It’s quite common and not direct attack against you, just scripts looking for IPs with port 22 open.

Now it goes without saying that you should make sure you have a strong password that take use of numbers, upper and low case letters and symbols. Doing this will go along way in preventing someone from breaking into your system. You should also ensure that people can’t remotely log in as root by making sure that you have ‘PermitRootLogin’ set to ‘no’ in your /etc/ssh/sshd_config file. This will ensure that no mater how many passwords they try for root they will never be able to log in.

Now you could just set your SSH server to run on a different port or have your firewall redirect a different port from the outside to the system, but what’s the fun in that when you can use a great tool like PF.

Read the whole howto: Stopping SSH Brute Force attacks with PF on FreeBSD

A Deadly Linux/UNIX Command in Action (Video)

The short and simple “rm -rf /” command is DISASTROUS.