FreeBSD quick news and links (week 35)

Some FreeBSD related links and updates below:

New NVidia FreeBSD drivers 256.53

NVidia has updated its graphics drivers for FreeBSD. Some of the changes are:

  • Fixed a bug that prevented XvMC from initializing in most cases.
  • Added support for xorg-server video driver ABI version 8, which will be included in the upcoming xorg-server-1.9 series of releases.
  • Fixed a bug that caused extremely slow rendering of OpenGL applications on X screens other than screen 0 when using a compositing manager.
  • Fixed a regression introduced after 256.35 that caused stability problems on GPUs such as GeForce GT 240.
  • Fixed a slow kernel virtual address space leak observed whenstarting and stopping OpenGL, CUDA, or VDPAU applications.
  • Fixed a bug that left the system susceptible to hangs when running two or more VDPAU applications simultaneously.

BSD License Generator

One shouldn’t have to change too much text when adapting the BSD license, but for the lazy there a BSD License Generator.

Benchmarking HAProxy – Ubuntu vs FreeBSD

“HAProxy on Ubuntu, or HAProxy on FreeBSD? I couldn’t find any real benchmarks comparing the two out in the wild, so I decided to do my own.”

More: Benchmarking HAProxy – Ubuntu vs FreeBSD

Installing pfSense on a Nokia IP120 firewall

“I was recently toying with an old Nokia IP120 firewall and discovered that pfSense would run quite well on this old hardware.”

Here’s how to do it: Installing pfSense on a Nokia IP120 firewall

FreeBSD Stable Release Install Guide

There’s already the excellent FreeBSD Handbook, but here and there you can find other useful guides, for instance the FreeBSD Stable Release Install Guide.

Up to date, Step by Step, How-To, Instructional Guide to Installing FreeBSD from scratch, Specifically written with background information covering the why and how the different components are used together to create a home or small enterprise network for the new-be and inexperienced FreeBSD computer hobbyist. Not a General reference type of document, but a true learning aid containing details unique to the stable version of FreeBSD your installing: a1poweruser.com

The history of Unix on the PC: Exploring lesser-known variants

“When someone discusses the Unix operating system on a PC, many modern computer users think of Linux, a Unix work-alike first released by Linus Torvalds in 1991. Linux is a relative newcomer to the field; Unix and Unix-like operating systems have been released for Intel x86-based systems as far back as 1979. This article covers some lesser-known Unix variants for IBM PC-compatible systems, both those that survive today and the ones that were not long-lived or commercially successful:

The history of Unix on the PC: Exploring lesser-known variants

Bordeaux 2.0.8 for FreeBSD and PC-BSD released

The Bordeaux Technology Group released Bordeaux 2.0.8 for FreeBSD and PC-BSD today. Bordeaux 2.0.8 is a maintenance release that fixes a number of small bugs. With this release firefox and winetricks have been updated

Bordeaux 2.0.8 was built on FreeBSD 8, PC-BSD 8 and PC-BSD 7.1  A .sh installer is provided for FreeBSD and a .pbi installer for PC-BSD

Depending on sales, Bordeaux Software plans to add Pulse Audio to the next major BSD release. So if you would like to have Pulse Audio in Wine on FreeBSD and PC-BSD make a purchase. Help spread the word!

Full post: Bordeaux 2.0.8 for FreeBSD and PC-BSD Released

Purchase Bordeaux and help support Wineconf 2010 and FreeBSD

By purchasing Bordeaux you support further development of Bordeaux, but this month you will also indirectly support the FreeBSD Foundation as part of the revenues are shared: Purchase Bordeaux and help FreeBSD

FreeBSD events and conferences (KyivBSD, MeetBSD, EuroBSD)

Here is some info and details of upcoming FreeBSD related conferences and events.

KyivBSD 2010 Conference

On 25 Septempter the annual KyivBSD Conference will be held in Kiev, Ukraine. It’s mainly aimed at FreeBSD and PC-BSD users and developers.

More info: http://ru.kyivbsd.org.ua (RU) (EN translation) (via)

BSD-Day 2010

BSD-Day@2010 will be held at Eötvös Loránd University, Budapest, Hungary on 20 November 2010.

The purpose of this one-day event is to gather Central European developers of today’s open-source BSD systems, popularize their work, and provide a real-life communication interface between developers and users. There are no formalities, no papers, and no registration or participation fee, however the invited developers are encouraged to give a talk on their favorite BSD-related topic. The goal is to motivate potential future developers and users, especially undergraduate university students to work with BSD systems.

EuroBSDCon 2010 Travel Grants

The FreeBSD Foundation is now accepting travel grant applications for EuroBSDCon 2010 (Karlsruhe, Germany from October 8-10′. More details: EuroBSDCon 2010 Travel Grants.

For those interested in open source firewalls, there will be a pfSense tuturial at EuroBSDCon 2010.

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

MeetBSD 2010 (California)

Registration is now open for MeetBSD 2010 (Mountain View, California, 5-6 November): www.meetbsd.com

NYCBUG presentation

Ivan Ivanov presented “Examples in Cryptography with OpenSSL”. Download/listen the MP3.

Usenix Security Symposium 2010 (Capsicum)

Robert Watson will present Capsicum (coming in FreeBSD 9.0) at Usenix Security Symposium.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

These and other conferences can be found on my FreeBSD Events and Conferences Calandar.

FreeBSD quick news and links (04/08/2010)

PC-BSD Blog

Dru Lavigne has joined the PC-BSD team this month. The first thing she did, was setting up another blog: the PC-BSD Blog. She already posts BSD related posts on it.toolbox.com: A year in the life of  a BSD guru.

A new *BSD Planet Website

Edward launched AboutBSD recently as a new *BSD blogs agregating website. It won’t be a copy of blogs.freebsdish.org or news.bsdplanet.net, but it will also have some background info on the different BSD systems.

As for the goal for AboutBSD, I want to turn it into a planet website that aggregates how BSD system admins use BSD. So that new users or system admins can learn that BSD is flexible, powerful, and provides all the freedom one needs to deploy services on BSD.

FreeBSD/Linux Benchmarking (Phoronix)

PC-BSD Review: Strike that: now I’m a PC-BSD!

The review finishes with:

I would have no hesitation in recommending PC-BSD for desktop use. It has definitely been the best install experience for a desktop system I have had. It seems exactly tailored for someone like me, a developer in an office where we have tried to be operating-system-neutral as much as possible: most of our programmers do run PCs but we have weaned ourselves off any PC-only applications long ago (apart from specialist applications). As I mentioned in the previous blog, it is a smooth and pretty OS, and feels solid.

Whole review here

ZFS v15 imported into FreeBSD (head)

As announced before, ZFS v15 was successfuly imported into FreeBSD! For a time there was an option of importing just v15 or proceeding directly to v16 but the community has decided to first import the older version for reasons of stability and compatibility with Solaris 10 Update 8. (via)

Millions of home routers at risk.

According to new research delivered today here at the Black Hat security conference, millions of home routers may have a serious security flaw.

In his presentation at Black Hat, security researcher Craig Heffner detailed how an external attacker could gain full control of a user’s router and use that to gain access to the internal local area network (LAN). Though the implications are ominous, Heffner, also detailed a variety of steps users can take to protect themselves.

You should use pfSense instead:

Heffner also called on router vendors to build in DNS Rebinding mitigations into their routers directly.

“The only router software that I know of that does this now is pfSense

(Whole article here:  Millions of home routers at risk)

Foremay ships world’s largest 2TB SSD

This 2TB SSD should work on FreeBSD:

Foremay has introduced a 1TB 2.5? SATA solid-state drive alongside the industry-leading 2TB 3.5? SATA SSD, as the company expects to see an increased demand in SSD products for the enterprise.

The EC188 M-series model-V includes 200 MB/s read/write speeds, and can be used in the enterprise and workstation PCs.

Ideally, enterprise users will be able to utilize the EC188 M-series model-V, as it includes support for Microsoft Windows, Mac, several versions of Linux, OpenSolaris, Solaris, FreeBSD, HP-UX, Unix, and other operating systems…. Continues

Stopping SSH Brute Force attacks with PF on FreeBSD

Most people know that port 22 is used for SSH communication and due to this common knowledge, you get people using scripts to test for weak passwords. If you look into your /var/log/auth.log and you see tons of fails/errors from users not on your system or from invalid passwords for root, it means you have people trying to break into your system. Truthfully, anyone that puts a system online with port 22 open will see this happen to them.  It’s quite common and not direct attack against you, just scripts looking for IPs with port 22 open.

Now it goes without saying that you should make sure you have a strong password that take use of numbers, upper and low case letters and symbols. Doing this will go along way in preventing someone from breaking into your system. You should also ensure that people can’t remotely log in as root by making sure that you have ‘PermitRootLogin’ set to ‘no’ in your /etc/ssh/sshd_config file. This will ensure that no mater how many passwords they try for root they will never be able to log in.

Now you could just set your SSH server to run on a different port or have your firewall redirect a different port from the outside to the system, but what’s the fun in that when you can use a great tool like PF.

Read the whole howto: Stopping SSH Brute Force attacks with PF on FreeBSD

A Deadly Linux/UNIX Command in Action (Video)

The short and simple “rm -rf /” command is DISASTROUS.


M0n0wall vs pfSense vs NanoBSD

This shows how secure and rock-solid FreeBSD is. Makura no Soshi was running FreeBSD 4.11 as fil ter ing net work bridge, and thinking of upgrading, he’s compared the pros and cons of  m0n0wall, pfSense and NanoBSD. In the end he decided to go with NanoBSD.

Thus I chose NanoBSD. YMMV, and I would not recommend it for anyone not familiar with BSD. But with four other BSD servers the addition al maintenance effort is really small; possibly even easier than with any non-standard or web-based configuration.

Read the full post here: M0n0wall vs pfSense vs NanoBSD

Pfsense – With out doubt a very good software firewall

An account from a happy user of pfSense:

“I had been reviewing pfsense firewall recently. After using an outdated Watchguard firebox for long, we wanted to replace it with something reliable and easy to manage remotely. Previously our NOC team was looking at Endian for a lot of customers but it ended up as a wrong choice of technology with many of the stuff not working as expected and some of the crucial features missing or not working no matter repeated attempts.

Installation of Pfsense is straight forward but can be a little confusing for a novice user especially assigning the WAN and LAN interfaces. But there are lots of step by step installation videos in youtube to rescue. Once you have got the web based GUI, then configuring everything is a breeze. I liked the PPTP feature which many of the s/w firewalls were missing.

Since we liked it a lot we are moving our internal office n/w also under pfsense which means ‘RIP’ for the pretty old watchguard or serve me at my home.”

Source (confiance.com): Pfsense – With out doubt a very good Software firewall

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Chris Buechler has created a list of pfSense 2.0 New Features and Changes.

A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days. (source)

Audio presentations: 1 pfSense and 2 BSD for Linux Users

Dru Lavigne has uploaded the audio file of her presentation at SCALE 2010 talk on BSD for Linux Users is now available in mp3 format. Slides are available as PDF

She also mentioned an mp3 of a NYCBUG session on PFSense II, Rocking The Datacenter.

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

pfSense 2.0 Beta 1

pfsense-logoChris Buechler has announced the availability of the first beta release of pfSense 2.0, a FreeBSD-based firewall system.

Our Christmas gift to the community is the 2.0 release reaching the beta milestone. The release is feature complete, with no new features being added, and should stay relatively stable throughout the remainder of the development process.

That’s not to say it’s production-ready though, most of our developers are using it in production and have been for months, but unless you have a solid understanding of the underlying system and can manually verify the configuration, 2.0 is not yet for you. If you have a non-critical environment where you can try it out, you can find the latest build on the snapshot server.

Read the complete release announcement for further details and known issues