Chromium for FreeBSD – change of port maintainer

Shortly after Google Chrome was released, I was  excited to find out that Ben Laurie was porting Google Chrome/Chromium to FreeBSD. This is in my opinion the best web browser available (I know, it’s subjective). It’s light-weight, secure and extendible.

The only thing that has cast a bit of a shadow on the Chromium porting project was thehybrid licensing model, where paying subscribers have access to the latest builds, and non-paying individuals can download an older/out-of-date version.

In itself there’s nothing wrong with this licensing model, but you’d expect that more with closed source and proprietary software. Chrome/Chromium is free and therefore any ported versions should be free too, IMO, as long as Google’s EULA is adhered to.

Due to some issues a new port (www/ports/chromium) maintainer has been appointed, i.e. Rene Ladan.

“However complete and obstinate disregard to the security vulnerabilities of the version in the ports tree, including refusal to even document them contradicts the idea of maintainership as the community understands it and as it is documented.” (source)

We wish Rene the best and we hope to see Chromium 8 that was released last week ported to FreeBSD (current version in ports is version 6).

kFreeBSD with ZFS, Bordeaux on PC-BSD, benchmarks and pfSense

Debian’s GNU/kFreeBSD Installer will support ZFS

“While Debian GNU/kFreeBSD has supported the ZFS file-system with its FreeBSD-8 kernel, support for installing the Debian GNU/kFreeBSD distribution to a root ZFS file-system will now be possible with the Debian 6.0 “Squeeze” release.

For those unfamiliar with Debian GNU/kFreeBSD, it takes the GNU user-land but runs it atop the FreeBSD kernel rather than Debian GNU/Linux with the Linux kernel. You can still use apt-get and do most anything you would with the Linux-based Debian distribution (aside from different hardware compatibility and other support differences), but instead you’re running the FreeBSD kernel.

While the upstream FreeBSD project doesn’t have an easy root ZFS file-system installation option within FreeBSD 8.0/8.1, this isn’t particularly ground-breaking, as the FreeBSD-based PC-BSD already has ZFS installation support that is quite easy to work.”

Full post on Phoronix: Debian’s GNU/kFreeBSD Installer Will Support ZFS

Review of Running Bordeaux on PC-BSD

Jesse Smith of Distrowatch has used Bordeaux for a week and written up his (mostly positive) experience (feature story):

“The Bordeaux Technology Group is a company specializing in compatibility software. Specifically, they work at making it as easy as possible to run Windows programs on the UNIX family of operating systems. Their Bordeaux tool is built to run on Linux, FreeBSD, Solaris, OpenIndiana and Mac OS X. Bordeaux is, at its heart, a customized build of Wine. They take a recent version of Wine, add some special tools and test their build for compatibility against a group of popular Windows software. They then sell this bundle (along with support) for about US$20 – 25, much less than the typical cost of a Windows license. A few weeks ago I had a chance to chat with Tom, a member of the Bordeaux Technology Group, and he was kind enough to give me a copy of Bordeaux (PC-BSD edition) to test-drive.

The provided PBI package was about 44 MB and it installed without any problems. With the install completed, two icons were added to my desktop and application menu. These new icons were labelled “Bordeaux” and “Cellar Manager”. I launched Bordeaux first and was presented with a new window featuring three tabs along the top. These three tabs are called “Install Applications”, “Manage Wine” and “Unsupported Packages”. At the bottom of the window, regardless of which tab is selected, are two buttons called “Help” and “Install”. Clicking the Help button always opens a browser window to the Bordeaux documentation website. The Install button actually performs different functions depending on which tab is selected.”

Read on for the remainder of the story, and the conclusion: Test-driving Bordeaux 2.0.8

NB, Bordeaux Group has a 50% offer going: Bordeaux 50% off recession busting sale

New benchmarks of OpenSolaris, BSD & Linux

Phoronix has benchmarked the latest OpenSolaris-based distributions (OpenSolaris, OpenIndiana, and Augustiner-Schweinshaxe), compared to PC-BSD, Fedora, and Ubuntu. The Phoronix review concludes:

There you have it, the performance of the latest OpenSolaris distributions against PC-BSD/FreeBSD and two of the most popular Linux distributions. The Fedora and Ubuntu operating systems won most of the tests, but there were a few leads for PC-BSD while the OpenSolaris operating systems just one won test (Local Adaptive Thresholding via GraphicsMagick) at least for our benchmarking selection and workload. If you are using an OpenSolaris-based operating system hopefully you are not using it for a performance critical environment but rather to take advantage of its technical features like DTrace, ZFS (though that is becoming moot with its availability on PC-BSD/FreeBSD and even Linux), etc.

Check out the article for the graphs, benchmark details and hardware used: New benchmarks of Opensolaris, BSD and Linux

Build your own Router (pfSense)

Martin Diers set up pfSense for a new warehouse.

My company is expanding into a warehouse, and so for the first time, I have to setup a WAN. That’s a Wide Area Network, which basically means joining together two or more LANs so everyone can see each other, even if you are across the country.

At my company, I have our local internet router running pfSense on a traditional PC with two network cards. It works just like your home linksys or netgear router. It’s just faster and can handle a lot more traffic. It is also extremely stable. I never have to reboot the thing. You configure it just like your home router: through a web interface

He finishes the article by saying how easy setting up a wlan with pfsense (and cheap), compared to the 90′s:

pfSense has been the best router software I have ever used. It is as capable as anything put out by Cisco or HP, and it is open source. For the cost of the bare hardware, you can have a world-class router that supports many other services such as local DNS resolution, content filtering, bandwidth monitoring, Quality of Service controlls, the list goes on, and you can even have it in an little fanless package.

Read the whole post: Build your own router (trojanbadger.com)

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.”

Bjoern Zeeb receives 2nd Itojun Service Award

Bjoern Zeeb received the second Itojun Service Award at he IETF 79 meeting in Beijing last month.

Bjoern A. Zeeb, a FreeBSD Developer, received the award for his dedicated work to make significant improvements in open source implementations of IPv6. IPv6 is the next generation of Internet protocol that will help ensure the continued rapid growth of the Internet as a platform for innovation.

First awarded last year, the Itojun Service Award honours the memory of Dr. Jun-ichiro “itojun” Hagino, who passed away in 2007, aged just 37. The award, established by the friends of itojun and administered by the Internet Society (ISOC), recognises and commemorates the extraordinary dedication exercised by itojun over the course of IPv6 development.

“For many years, Bjoern has been a committed champion of, and contributor to, implementing IPv6 in open source operating systems used in servers, desktops, and embedded computer platforms, including those used by some of the busiest websites in the world,”

said Jun Murai of the Itojun Service Award committee and Founder of the WIDE Project.

“On behalf of the Itojun Service Award committee, I am extremely pleased to present this award to Bjoern for his outstanding work in support of IPv6 development and deployment.”

The Itojun Service Award is focused on pragmatic contributions to developing and deploying IPv6 in the spirit of serving the Internet. The award, expected to be presented annually, includes a presentation crystal, a US$3,000 honorarium, and a travel grant.

“This is a great honour, and I would like to thank the people who recommended me for the award and the committee for believing my work was valuable. I never met Itojun but he was one of the people helping me, and I have the highest respect for his massive foundational work,”

said Bjoern A. Zeeb.

“As the Internet community works to roll out IPv6 to more and more people all around the globe, we also need to help others–developers, businesses, and users–understand and use the new Internet protocols so that the vision Itojun was working so hard for comes true.”

Each Internet-connected device uses an IP address and, with the number of Internet-connected devices growing rapidly, the supply of unallocated IPv4 addresses is expected to be exhausted within the next year. To help ensure the continued rapid growth of the Internet, IPv6 provides a huge increase in the number of available addresses. And, while the technical foundations of IPv6 are well established, significant work remains to expand the deployment and use of IPv6.

IPv6 was developed within the Internet Engineering Task Force (IETF), the Internet’s premier standards-making body responsible for the development of protocols used in IP-based networks. IETF participants represent an international community of network designers, operators, vendors, and researchers involved in the technical operation of the Internet and the continuing evolution of Internet architecture. More information on the Itojun Service Award is available at: http://www.isoc.org/itojun

Source: ISOC monthly newsletter (Nov 2010)

FreeBSD Security Advisory (openssl)

The FreeBSD Security Team has identified a security bug in openssl:

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL’s internal caching mechanism. The race condition can lead to a buffer overflow.

A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.

III. Impact

For affected server applications, an attacker may be able to utilize the buffer overflow to crash the application or potentially run arbitrary code with the privileges of the application.

It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server.

To find out more about the impact, a work-around and solution, check out the advisory page: FreeBSD Security Advisory (openssl)

FreeBSD Foundation EOY fund-raise drive

The FreeBSD Foundation has kicked off its annual end-of-year fund-raise drive, and is calling happy (Free)BSD users make a small donation to help the FreeBSD Project fund new initiatives, sponsor FreeBSD Conferences, grant travel grants etc.

The Foundation has received some large (corporate) donations already, but the number of last year’s individual donations hasn’t been matched yet. More than half of the £350k goal has been given. If you want and can help, you can donate here (I am not affiliated with the FreeBSD Foundation).

FreeBSD Foundation president Justin Gibbs writes:

As the year is winding down I’m writing this note to remind you of the motivation behind the FreeBSD Foundation’s work, its benefits to you, and to ask for your financial assistance in making our work possible.

Ten years ago, I created the FreeBSD Foundation to repay a debt I owe to the FreeBSD project. While working on FreeBSD I learned the fundamentals of sound software design, how to successfully manage a large code base, and experienced the challenges of release engineering. Beyond the benefits of this education, FreeBSD has provided a robust platform that has allowed me to build several successful commercial products while being well paid to work on an operating system I love.

Today, through my volunteer work with the FreeBSD Foundation, I’m still paying down this debt.

This year, despite the slow pace of the economic recovery, the FreeBSD Foundation has an impressive list of accomplishments:

Provided $100,000 in grants for projects that improve FreeBSD in the areas of:

  • DTrace support
  • High availability storage
  • Enhanced SNMP reporting
  • Virtualization and resource partitioning
  • Embedded device support
  • Networking stack improvements

Allocated $50,000 for equipment to enhance FreeBSD project infrastructure.

Sponsored 8 FreeBSD related conferences.

Funded 16 travel grants giving increased community and developer access to conferences.

Provided legal support to the FreeBSD project.

How do our activities benefit you? If you are a company using FreeBSD, our work to strengthen the FreeBSD community ensures the continued viability of FreeBSD and a large pool of developers to tap into. If you are an end user, our work brings you new features and access to conferences. And if you are a FreeBSD developer, the FreeBSD Foundation is providing the resources needed to make your next innovation possible.

The FreeBSD project thrives through the hard work of our community, but it also requires financial backing. This year we set a fund-raising goal of $350,000. We are pleased to report that we are half way there, but we need your help to reach our goal. Every donation, no matter its size, helps to make our work possible. As a non-profit with very low overhead, your donation is the best way to invest in FreeBSD. Please make that investment today.

Source: FreeBSD Foundation blog

FreeBSD Security Advisory (pseudofs)

The FreeBSD Security Team has identified a little bug in FreeBSD with speudofs:

I. Background

pseudofs offers an abstract API for pseudo file systems which is utilized by procfs(5) and linprocfs(5). It provides generic file system services such as ACLs, extended attributes which interface with VFS and which are otherwise onerous to implement. This enables pseudo file system authors to add this functionality to their file systems with minimal effort.

II. Problem Description

The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.

To find out more about the impact, a work-around and solution, check out the advisory page:

FreeBSD Security Advisory (pseudofs)

NYI Sponsors NYCBSDCon 2010

New York Internet (NYI) is sponsoring NYCBSDCon 2010 which is taking place this weekend. NYCBSDCon is a bi-annual BSD conference held at Manhattan’s prestigious Cooper Union.

NYI has a long history of supporting open source projects, particularly the BSDs. It has sponsored NYCBSDCon since its inception in 2005, as well as recently announcing that it now oversees the day-to-day hosting operations of the East Coast U.S. mirror for the FreeBSD Foundation, a deployment consisting of more than 23,000 pieces of Project software.

“NYI has been with us since the beginning. Their unflagging enthusiasm, along with their operational precision and technical intelligence, have been invaluable to the growth of this community in the New York area. If ticket sales are any indication, we expect NYCBSDCon 2010 to be our most successful to-date.”

said George Rosamond, an organizer of NYCBSDCon 2010.

“NYCBSDCon is one of the most important events on our calendar,” added Phillip Koblence, VP Operations, NYI. “Not only is it an excellent opportunity to stay current with the latest developments in BSD, it also allows us to maintain direct, strategic ties with the thought-leaders of a community that has contributed so much to the advancement of open source software.”

NYCBSDCon 2010 aims to build on the success of past events, with a wide array of speakers and topics and an exciting and diverse crowd representing all current BSD projects. Topics will include IPv6, pfSense, PC-Sysinstall and LDAP.

Continue reading

November 2010 – a month of FreeBSD conferences

Last weekend MeetBSD 2010 took place in California. If you were not able to attend or if you want to ‘see’ the conference again, check out Will Backman pictures and the two videos he took (day 1, day 2). Some of the presentation slides are available too.

LISA 2010 will take place from November 10–11 in San Jose, CA. PC-BSD will be represented.

The bi-annual NYCBSDCon will be held 12-14 November. Check out the to-be-held presentations.

BSD-Day 2010 will be held in Budapest (Hungary) at Eötvös Loránd University on 20 November.