FreeBSD on Amazon EC2 cluster compute, and the Cloud

FreeBSD on Amazon EC2

Colin Percifal announced back in December 2010 that he had managed to make FreeBSD run on Amazon EC2. There were some quirks and some work-rounds needed, but it worked.

FreeBSD ran only on the ‘small t1.micro’ instance, but it wasn’t working on the ‘cc1.4xlarge instances’ (8 cores of 2.93 GHz Nehalem, 23 GB of RAM, two 840 GB disks). Colin announced that this is now working: FreeBSD Amazon EC2 Cluster Compute.

Personally, I don’t like the idea of keeping any (personal) data and files in the Cloud, but it’s great news that FreeBSD runs on Amazon EC2. After all, FreeBSD is lean, agile and flexible,  so it should be able to run on almost anything.

The Cloud

Talking about the Cloud, the idea is nice, but it is dangerous, for security and availability reasons, to be dependent on a 3rd party cloud provider, whether it be Google, Amazon, RackSpace etc.

The following are some links to recent events showing how unreliable and insecure cloud providers can be.

Though these issues, vulnerabilities and problems have been dealt with and fixed (esp. the Tarsnap problem was handled very well), trusting and relying on ‘the cloud’ should be a decision that is well considered. Even Tarsnap, a service run by Colin, a highly regarded FreeBSD security specialist, had a security problem!

No company, however big it is, however much knowledge and experience they have, is able to offer 100% uptime and guarantee 100% data security.

Private Clouds could be the golden middle way, e.g. ownCloud, OpenStack, Eucalyptus. Cloud technology but run and managed within a / your company.

FreeBSD Installer and FreeBSD Version polls (results)

Many thanks to everybody who recently took a minute voting in the “FreeBSD Installer preference” poll and the “FreeBSD version usage” poll.

Below the numbers, percentages and the charts.

1. What kind of FreeBSD Installer do you like?

2. What version of FreeBSD are you using?

These polls are in no way scientific and may not be reflective of views and preferences of the FreeBSD community as a whole, but they give some interesting pictures.

There are at least two servers with FreeBSD 1.x  churning away and at least 13 are still running FreeBSD 4.x. I suppose these are cases of “if it ain’t broken, don’t fix it”. About 80% of the votes were for FreeBSD 7.x and 8.x.

Interestingly, about 50% of the votes were for a FreeBSD installer where you can choose to go either GUI or ncurses.

(Free)BSD quick news ‘n links (week 17)

Below some links to some FreeBSD resourses that you guys may be interested in, and other BSD related items I’ve come across.

FreeBSD

  • Chromium 10, Google’s blazingly fast internet browser, is now available in the FreeBSD Ports directory (www/chromium).
  • New FreeBSD Installer test and walkthrough. Michael W. Lucas tests the new FreeBSD installer (bsd install) and gives his feedback (incl screenshots). He likes most of the changes and improvements, but is not altogether happy yet.
  • FreeBSD 8.2-RELEASE Custom XFCE builds available. Download from freebsd-custom.wikidot.com/

DragonFlyBSD

  • DragonFlyBSD 2.10 Released. DFBSD devs have released version 2.10 with better hardware and multiple processor support. The HAMMER file system now supports deduplication.
  • DragonFlyBSD devs are looking for testers to try out the internet browser on DragonFlyBSD (Chromium for DragonFly)

OpenBSD

  • A Puffy in the corporate aquarium. There’s an interesting article on the Undeadly OpenBSD blog of m:tier, a London consultancy that works with Fortune 500 companies to equip them with OpenBSD firewalls, servers and desktops. OpenBSD has a reputation for high security and being a difficult operating system to use for new user, but m:tier helps companies to use for everything:

As a company we are very dedicated to what we do because we are “forced” to use our operating system of choice and we want our customers to be as happy as we are at using it :-)

So our paid job is hacking on and deploying, maintaining, supporting… OpenBSD installations. We are also required to hack on things that can be merged back into OpenBSD itself and when it’s not possible, then we change what we did so that it can be. Of course some developments are very specific to what we do and have no place in the project’s CVS tree.

So, amongst other services, we set up and maintain several 100% OpenBSD-based infrastructures (going from the entry site firewall to the secretary’s workstation) and this is what I’m going to talk about here.  Continues

  • MarBSD-X is a OpenBSD based Live CD with support for X (via)

BSD Certification

The BSD Certification Group (BSDCG) announced today that it has partnered with Schroeder Measurement Technologies (SMT) to increase the geographic availability of BSD certification exams. Through its sister company, Iso-Quality Testing (IQT), SMT maintains a testing center network of carefully selected partners, including college/university testing centers and computer-related businesses to provide testing services in a secure, proctored environment. Testing centers are available in over 300 cities in 19 countries. (full press release)

 

Submit your real world pf.conf

As some of you may know, fwbuilder.org is a cross-platform, graphical firewall management utility that supports iptables, ASA, PIX, FWSM, Cisco router access lists, pf, ipfw, ipfilter, and HP ProCurve ACL firewalls. Vadim Kurland and Mike Horn, the lead fwbuilder developers, have begun work on providing complete pf.conf import functionality, the last piece that was missing to provide 100% pf support. This work is a direct result of several customers expressing interest in the addition of pf configuration import and they expect the work to be completed by this summer.

In order for them to be confident that as many permutations as possible are covered, they are looking for BSD users who can share their real world pf.conf files. The configs need to contain valid IP addresses, but users can sanitize the configs by globally replacing “real” IP addresses with “fake” IP addresses.  Users who are concerned about privacy can encrypt their file with Vadim’s public PGP key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8B08DC58.

You can send your pf.conf file(s) to configs at netcitadel dot com. They will also be looking for testers as the work nears completion. Please help spread the word through social media and by posting to other mailing lists that may be interested.

Google SoC 2011 FreeBSD Accepted Projects

FreeBSD Google summer of codeGoogle has announced today that the following FreeBSD related projects have been accepted for the annual Google Summer of Code (2011).

With 17 approved projects, FreeBSD is one of the Top 10 supported projects.

  1. Path-based file system MAC policy (Alan Alvarez)
  2. Implement TCP UTO (Catalin Nicutar)
  3. Replacing the old regex implementation (Gábor Kövesdán)
  4. Capsicum application adaptation and core libraries (Ilya Bakulin)
  5. Finish porting FUSE to FreeBSD (Ilya Putsikau)
  6. FreeBSD/arm port to NXP LPC32x0 (Jakub Klama)
  7. pkgng: Implementation of sub-commands to convert .rpm and .deb to pkgng package format (Joffrey Lassignardie)
  8. Implement the RPS/RFS in FreeBSD (Kazuya GODA)
  9. FreeBSD port of NetworkManager (Kulakov Anton)
  10. Testing temporal properties of FreeBSD with Temporally Enhanced Security Logic Assertions (Mateusz Kocielski)
  11. Extending Capsicum for Common System Services (Nathan Dautenhahn)
  12. Disk device error counters (Oleksandr)
  13. Multiqueue BPF support and other BPF features (Takuya ASADA)
  14. SMB (smbfs) infrastructure work (Walter Artica)
  15. Multibyte Encoding Support in Nvi (Zhihao Yuan)
  16. (Re)implement the BFS scheduler in FreeBSD (rudot)
  17. Adding DWARF2 Call Frame Information (xxp)

Well done, to everyone who got in.

FreeBSD Security Advisory (mountd)

The FreeBSD Security Team has identified a security bug in mountd.

I. Background

The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call.

II. Problem Description

While parsing the exports(5) table, a network mask in the form of “-network=netname/prefixlength” results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as “-network 192.0.2.0/23″ would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

III. Impact

When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems.

For a workaround and solution, check out the security advisory: FreeBSD Security Advisory (mountd)

FreeBSD Quarterly Status Report (Jan – Mar 2011)

FreeBSD’s quarterly status report for 2011 Q1 is now available. This report covers FreeBSD related projects between January and April 2011. During this quarter, developers focused on releasing FreeBSD 7.4 and 8.2, which were released in February 2011. Currently, the project is starting to work on the next major version, 9.0.

It’s good to see so much activity, projects and contribution to FreeBSD, most of which is done by dedicated volunteers.

From the table of contents:

Projects

FreeBSD Team Reports

Network Infrastructure

Kernel

Documentation

Architectures

Ports

Miscellaneous

Google Summer of Code

Link: FreeBSD Quarterly Status Report (Jan – Mar 2011)

Upcoming FreeBSD Events: BSDCan, GSoC 2011

As most of you will be aware, BSDCan is one of the major annual BSD conferences, and Google sponsors development of the 5 big BSD’s each year in the Summer of Code. More info with regards to these events below.

BSDCan 2011

BSD Talk has a 15 minutes interview with Dan Langille, the organiser of BSDCan 2011, wherein they chat about the upcoming BSDCan conference: BSDTalk 203 – BSDCan and PGCon with Dan Langille

The FreeBSD Foundation will be providing a limited number of travel grants to individuals requesting assistance. Please fill out and submit the (PDF) Travel Grant Request Application by April 15, 2011 to apply for this grant.

This program is open to FreeBSD developers of all sorts (kernel hackers, documentation authors, bugbusters, system administrators, etc). In some cases we are also able to fund non-developers, such as active community members and FreeBSD advocates. Read further

Google Summer of Code 2011

Google Announces Summer of Code Accepted Projects
Google has announced the accepted projects list for its 2011 Google Summer of Code (GSOC) Program. Accepted Projects can be viewed on this page. FreeBSD is among them. If you want to take part, check out the FreeBSD GSoC ideas page.

Grazer Linuxtag 2011

FH Joanneum Graz, Graz, Austria  -

The Grazer Linuxtag is a one day event (09 April 2011, FH Joanneum Graz, Graz, Austria) on Linux and free software in general. Besides a FreeBSD booth and the possibility to take the BSDA certification exam there will also be a BSD Bootcamp with live workshops covering different FreeBSD topics. More information can be found here.