FreeBSD Events Update (EuroBSDCon, BSDCan, NYCBUG, SCALE)

Below some links, resources and updates for future and past (Free)BSD conferences:

1. BSDCan 2011 will be held this month (11-13 May).
Links: RegistrationScheduleMain Page

2. The EuroBSDCon 2011 website has gone live. This year it will be the 10th anniversary and the conference will be held in Holland (6 – 9 Oct). I’m hoping to attend.
Links: Call for papersMain Page

3. BSD High Availability tutorial (NYCBUG) – MP3

The BSD High Availability (HA) suite has some very handy and powerful features. However, as with all systems, there are certain considerations to be made when rolling out a HA implementation. This talk will focus on the security considerations when rolling out a BSD HA implementation.

The talk covers the following:

* An explanation of the BSD HA environment (CARP, pfsync, sasyncd)
* How these components, specifically CARP, function at a lower level
* Current and potential attacks against the HA environment, including some demos
* Security considerations when rolling out a HA implementation and applicable work-arounds
* Ideas on how to improve the security and flexibility of the BSD HA tool suite Download the MP3 file

4. Video of SCALE 2011 presentation by Dru Lavigne, titled”PC-BSD: an Easy to Use Open Source Desktop“.

5. FOSDEM Trip report by Brooks Davis

Brooks Davis has provided a trip report for FOSDEM 2011; it includes some interesting notes on clang/llvm.

 

 

FreeBSD on Amazon EC2 cluster compute, and the Cloud

FreeBSD on Amazon EC2

Colin Percifal announced back in December 2010 that he had managed to make FreeBSD run on Amazon EC2. There were some quirks and some work-rounds needed, but it worked.

FreeBSD ran only on the ‘small t1.micro’ instance, but it wasn’t working on the ‘cc1.4xlarge instances’ (8 cores of 2.93 GHz Nehalem, 23 GB of RAM, two 840 GB disks). Colin announced that this is now working: FreeBSD Amazon EC2 Cluster Compute.

Personally, I don’t like the idea of keeping any (personal) data and files in the Cloud, but it’s great news that FreeBSD runs on Amazon EC2. After all, FreeBSD is lean, agile and flexible,  so it should be able to run on almost anything.

The Cloud

Talking about the Cloud, the idea is nice, but it is dangerous, for security and availability reasons, to be dependent on a 3rd party cloud provider, whether it be Google, Amazon, RackSpace etc.

The following are some links to recent events showing how unreliable and insecure cloud providers can be.

Though these issues, vulnerabilities and problems have been dealt with and fixed (esp. the Tarsnap problem was handled very well), trusting and relying on ‘the cloud’ should be a decision that is well considered. Even Tarsnap, a service run by Colin, a highly regarded FreeBSD security specialist, had a security problem!

No company, however big it is, however much knowledge and experience they have, is able to offer 100% uptime and guarantee 100% data security.

Private Clouds could be the golden middle way, e.g. ownCloud, OpenStack, Eucalyptus. Cloud technology but run and managed within a / your company.

FreeBSD Installer and FreeBSD Version polls (results)

Many thanks to everybody who recently took a minute voting in the “FreeBSD Installer preference” poll and the “FreeBSD version usage” poll.

Below the numbers, percentages and the charts.

1. What kind of FreeBSD Installer do you like?

2. What version of FreeBSD are you using?

These polls are in no way scientific and may not be reflective of views and preferences of the FreeBSD community as a whole, but they give some interesting pictures.

There are at least two servers with FreeBSD 1.x  churning away and at least 13 are still running FreeBSD 4.x. I suppose these are cases of “if it ain’t broken, don’t fix it”. About 80% of the votes were for FreeBSD 7.x and 8.x.

Interestingly, about 50% of the votes were for a FreeBSD installer where you can choose to go either GUI or ncurses.

(Free)BSD quick news ‘n links (week 17)

Below some links to some FreeBSD resourses that you guys may be interested in, and other BSD related items I’ve come across.

FreeBSD

  • Chromium 10, Google’s blazingly fast internet browser, is now available in the FreeBSD Ports directory (www/chromium).
  • New FreeBSD Installer test and walkthrough. Michael W. Lucas tests the new FreeBSD installer (bsd install) and gives his feedback (incl screenshots). He likes most of the changes and improvements, but is not altogether happy yet.
  • FreeBSD 8.2-RELEASE Custom XFCE builds available. Download from freebsd-custom.wikidot.com/

DragonFlyBSD

  • DragonFlyBSD 2.10 Released. DFBSD devs have released version 2.10 with better hardware and multiple processor support. The HAMMER file system now supports deduplication.
  • DragonFlyBSD devs are looking for testers to try out the internet browser on DragonFlyBSD (Chromium for DragonFly)

OpenBSD

  • A Puffy in the corporate aquarium. There’s an interesting article on the Undeadly OpenBSD blog of m:tier, a London consultancy that works with Fortune 500 companies to equip them with OpenBSD firewalls, servers and desktops. OpenBSD has a reputation for high security and being a difficult operating system to use for new user, but m:tier helps companies to use for everything:

As a company we are very dedicated to what we do because we are “forced” to use our operating system of choice and we want our customers to be as happy as we are at using it :-)

So our paid job is hacking on and deploying, maintaining, supporting… OpenBSD installations. We are also required to hack on things that can be merged back into OpenBSD itself and when it’s not possible, then we change what we did so that it can be. Of course some developments are very specific to what we do and have no place in the project’s CVS tree.

So, amongst other services, we set up and maintain several 100% OpenBSD-based infrastructures (going from the entry site firewall to the secretary’s workstation) and this is what I’m going to talk about here.  Continues

  • MarBSD-X is a OpenBSD based Live CD with support for X (via)

BSD Certification

The BSD Certification Group (BSDCG) announced today that it has partnered with Schroeder Measurement Technologies (SMT) to increase the geographic availability of BSD certification exams. Through its sister company, Iso-Quality Testing (IQT), SMT maintains a testing center network of carefully selected partners, including college/university testing centers and computer-related businesses to provide testing services in a secure, proctored environment. Testing centers are available in over 300 cities in 19 countries. (full press release)

 

Submit your real world pf.conf

As some of you may know, fwbuilder.org is a cross-platform, graphical firewall management utility that supports iptables, ASA, PIX, FWSM, Cisco router access lists, pf, ipfw, ipfilter, and HP ProCurve ACL firewalls. Vadim Kurland and Mike Horn, the lead fwbuilder developers, have begun work on providing complete pf.conf import functionality, the last piece that was missing to provide 100% pf support. This work is a direct result of several customers expressing interest in the addition of pf configuration import and they expect the work to be completed by this summer.

In order for them to be confident that as many permutations as possible are covered, they are looking for BSD users who can share their real world pf.conf files. The configs need to contain valid IP addresses, but users can sanitize the configs by globally replacing “real” IP addresses with “fake” IP addresses.  Users who are concerned about privacy can encrypt their file with Vadim’s public PGP key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8B08DC58.

You can send your pf.conf file(s) to configs at netcitadel dot com. They will also be looking for testers as the work nears completion. Please help spread the word through social media and by posting to other mailing lists that may be interested.

Google SoC 2011 FreeBSD Accepted Projects

FreeBSD Google summer of codeGoogle has announced today that the following FreeBSD related projects have been accepted for the annual Google Summer of Code (2011).

With 17 approved projects, FreeBSD is one of the Top 10 supported projects.

  1. Path-based file system MAC policy (Alan Alvarez)
  2. Implement TCP UTO (Catalin Nicutar)
  3. Replacing the old regex implementation (Gábor Kövesdán)
  4. Capsicum application adaptation and core libraries (Ilya Bakulin)
  5. Finish porting FUSE to FreeBSD (Ilya Putsikau)
  6. FreeBSD/arm port to NXP LPC32x0 (Jakub Klama)
  7. pkgng: Implementation of sub-commands to convert .rpm and .deb to pkgng package format (Joffrey Lassignardie)
  8. Implement the RPS/RFS in FreeBSD (Kazuya GODA)
  9. FreeBSD port of NetworkManager (Kulakov Anton)
  10. Testing temporal properties of FreeBSD with Temporally Enhanced Security Logic Assertions (Mateusz Kocielski)
  11. Extending Capsicum for Common System Services (Nathan Dautenhahn)
  12. Disk device error counters (Oleksandr)
  13. Multiqueue BPF support and other BPF features (Takuya ASADA)
  14. SMB (smbfs) infrastructure work (Walter Artica)
  15. Multibyte Encoding Support in Nvi (Zhihao Yuan)
  16. (Re)implement the BFS scheduler in FreeBSD (rudot)
  17. Adding DWARF2 Call Frame Information (xxp)

Well done, to everyone who got in.

FreeBSD Security Advisory (mountd)

The FreeBSD Security Team has identified a security bug in mountd.

I. Background

The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call.

II. Problem Description

While parsing the exports(5) table, a network mask in the form of “-network=netname/prefixlength” results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as “-network 192.0.2.0/23″ would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

III. Impact

When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems.

For a workaround and solution, check out the security advisory: FreeBSD Security Advisory (mountd)

FreeBSD Quarterly Status Report (Jan – Mar 2011)

FreeBSD’s quarterly status report for 2011 Q1 is now available. This report covers FreeBSD related projects between January and April 2011. During this quarter, developers focused on releasing FreeBSD 7.4 and 8.2, which were released in February 2011. Currently, the project is starting to work on the next major version, 9.0.

It’s good to see so much activity, projects and contribution to FreeBSD, most of which is done by dedicated volunteers.

From the table of contents:

Projects

FreeBSD Team Reports

Network Infrastructure

Kernel

Documentation

Architectures

Ports

Miscellaneous

Google Summer of Code

Link: FreeBSD Quarterly Status Report (Jan – Mar 2011)