BSD Now TV Episode 13: Bridging the Gap

A new BSD Now TV episode (Bridging the gap – episode 13) has been uploaded, featuring an interview with Jordan Hubbard, one of the founders of the FreeBSD project – and the one who invented ports!

Other topics discussed are:

  • Getting to know your portmgr
  • vBSDCon wrap-up compilation
  • Faces of FreeBSD
  • Dragonfly 3.6 released
  • Interview – Jordan Hubbard
  • News Roundup
  • pfSense 2.1 on AWS EC2
  • Puffy on the desktop
  • Two-factor authentication with SSH
  • PCBSD weekly digest
  • Feedback/Questions

rootbsd_banner1This post is sponsored by our partner RootBSD, an expert in BSD style web hosting : stable, secure, flexible and friendly.

FreeBSD Security Advisory: OpenSSH

FreeBSD Security AdvisortyThe FreeBSD Security Team has identified a memory corruption vulnerability in OpenSSH and has issued the following security advisory: FreeBSD-SA-13:14.openssh  (19/11/2013).

I. Background

OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access.

AES-GCM (Galois/Counter Mode) is a mode of operation for AES block cipher that combines the counter mode of encryption with the Galois mode of authentication which can offer throughput rates for state of the art, high speed communication channels.

OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.

II. Problem Description

A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange.

III. Impact

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.

For a workaround and solution, check out the security advisory: FreeBSD-SA-13:14.openssh

FreeNAS 9.2.0-BETA is now available

The FreeNAS team has announced freenas-ixsystems-new-logothe availability of FreeNAS 9.2.0-BETA. As will be evident from the name tag, this version is for testing purposes only. Should you come across any issues, please get in touch with the team and file a bug report.

We have also made a number of enhancements to the UI and generally done our best to bring more polish to the FreeNAS system, both in usability and performance.  Those doing benchmarks against 9.1.1 and 9.2.0-BETA should notice some measurable improvements on any reasonably capable hardware.

Some of the changes are from the Release Notes for FreeNAS 9.2.0-BETA are:

  • Version 9.2-RELEASE of FreeBSD with performance improvements, bug fixes, and updated software packages.
  • The Kernel UMA allocator is now the default for ZFS. This results in higher ZFS performance.
  • Avahi (multicast DNS, aka Bonjour) registration of all services, include the web service, means you no longer need to have a head on the box to know its IP address, even for initial configuration. freenas.local is the default (or freenas-n.local, where n is the # of freenas.local machines already on the local network). This can be changed by changing the hostname.
  • The built-in admin user account is no longer used and the Admin Account removed. The first time the FreeNAS graphical interface is accessed, a pop-up menu will prompt for the root password. Subsequent logins to the graphical interface will require this password.
  • A complete REST API has been created for FreeNAS, allowing a FreeNAS instance to be controlled remotely.
  • The “Permit Sudo” field has been added to the add and edit screens for Users and Groups. A column in View Groups and View Users now indicates whether or not “Permit Sudo” has been set.
  • HTTP and HTTPS access to the FreeNAS graphical interface are no longer mutually exclusive. The fields “WebGUI HTTP Port” and “WebGUI HTTPS Port” have been added to System Settings -> General.
  • An “Edit” button has been added to the “Hostname” field of System Information to make the hostname easier to change.
  • The results from the latest ZFS scrub now appear in Volume Status.
  • Netatalk has been updated to version 3.1.0.
  • The AIO options have been removed from CIFS.
  • Fourteen TLS-related fields have been added to the Advanced Mode of FTP.
  • An “IPv4 Address” column has been added to the View Jails screen.
  • A shell button has been added to Jails, making it easy to access the command line of the selected jail.
  • A “Create directory” checkbox has been added to the Add Storage function of a jail so that the user does not have to first access the jail’s shell to make sure that the directory already exists. A “Read-Only” checkbox has also been added to this screen.
  • A jails templating system has been added, allowing the quick deployment of new jails from existing templates and the ability to create custom templates. Linux jail support has also been added and installation templates are included for Debian-7.1.0, Gentoo-20130820, Ubuntu-13.04, Centos-6.4, Fedora-19, and Suse-12.3.
  • A link to the online FreeBSD manual pages has been added to Help.
  • Added bxe(4) driver for Broadcom NetXtreme II Ethernet 10Gb PCIe adapter.
  • Added padlock(4) driver which provides cryptographic hardware acceleration for VIA C3, C7 and Eden processors.

FreeBSD Journal announced

The FreeBSD Foundation has announced that it will launch the FreeBSD Journal in January 2014. The Journal will be a bi-monthly publication and will be available on the web or as an Android/iPhone/Kindle app.

We are preparing the debut our new online magazine, the FreeBSD Journal. We created high-quality brochures to teach people about FreeBSD. We also visited companies to help facilitate collaboration efforts with the Project.

The first issue will be focusing on (the then released) FreeBSD 10, the ZFS file system, the ARM Beaglebone Black on FreeBSD, the Clang compiler, and many other interesting subjects

It’s great to see the FreeBSD Foundation funding a purely FreeBSD focused magazine, and I’m sure the high quality content will make more companies move over to this rock solid operating system.

freebsd_journal_promo

BSDNow Episode 12: Collecting SSHells

The BSDNow.tv team has uploaded recording no. 12. In it Amitai Schlair of the NetBSD foundation is interviewed about pkgsrc, NetBSD’s future plans and much more. After that, if you’ve ever wondered what all this SSH stuff is about, the tutorial has got you covered. The basics of SSH will be shown, as well as how to combine it with tmux for persistent sessions.

rootbsd_banner1This post is sponsored by our partner RootBSD, an expert in BSD style web hosting : stable, secure, flexible and friendly.

FreeBSD news – miscellaneous links and updates – week 46

Freebsd newsIn this post I have a mix of news snippets, links to howto’s, projects, resources and software/package updates. Just a round-up of those FreeBSD related links you may find interesting.

 

New FreeBSD snapshots and virtual machine disk images
[FreeBSD mailinglist]

 

pfSense’s new website
The pfSense project website has new theme. The commercial company behind pfSense (ESF) is looking for  support staff.
[pfsense blog]

 

Sony’s new PlayStation 4 and open-source FreeBSD
the PlayStation 4 – on sale today in the US – uses a modified version of the open-source FreeBSD operating system.
[The Register]

 

pkgng goes official in FreeBSD
[FreeBSD mailinglist]

 

BSD CertificationUpdate on the BSD Professional Lab Exam
[bsdcg.blogspot.co.uk]

 

bsdtalk234 – Henning Brauer at vBSDCon
An interview from vBSDCon with Henning Brauer.  We talk about his recent work with the pf firewall and the queuing system
[bsd talk]

 

FreeBSD Ports Management interview - Antoine Brodin
Who is Antoine Brodin?
[freebsdish]

 

Why FreeBSD Is Liking LLDB For Debugging
[phoronix]

 

The State Of FreeBSD’s Bhyve Virtualization
[phoronix]

 

FreeBSD Einstein
Anyone crunching numbers for EINSTEIN@HOME?
[FreeBSD forums]

 

Automatic panic reports
Colin Percival has announced a new port called sysutils/panicmail which users can use to automatically submit panic reports.
[FreeBSD mailinglist]

 

FreeBSD-Foundation sponsored Newcons project update
Alekandr Rybalko continues to make good progress on the FreeBSD-Foundation sponsored Newcons project. This project will provide a replacement for the legacy syscons system console. Newcons provides a number of improvements, including better integration with graphics modes, and broader character set support.
[FreeBSD Foundation blog]

 

Bhyve script has been updated
freebsd_bhyvebhyve, the “BSD hypervisor” is a legacy-free hypervisor/virtual machine manager developed on FreeBSD and relies on modern CPU features such as Extended Page Tables (EPT) and VirtIO network and storage drivers.

 

Howtos

Using PKGNG on FreeBSD with Puppet
This is how I installed the new package manager on FreeBSD : pkgng and how to use it with Puppet.

 

FreeBSD Now!: Happy 20th Birthday FreeBSD
In honor of the 20th birthday of FreeBSD, some instructions to reconstitute FreeBSD 1.0 on Qemu.

 

Events

FreeBSD Vendor Summit 2013
The (annual) FreeBSD Vendor summit took place again in November on Yahoo’s compus. This is a short write up.
[ignoranthack.me]

 

OpenZFS Developer Summit: 17-19 Nov
Delphix is hosting a developer-focused event for OpenZFS. The goal of the event is to foster cross-platform community discussions of OpenZFS work, and to make progress on some of the projects proposed for this community.
[openzfs]

 

iXsystems and conferences
ixsystems logoiXsystems has been busy running booths promoting FreeBSD at some recent FreeBSD conferences and Linux/Open Source trade shows. You can read the summaries and see some photos on the iX blog: LISA ’13, FreeBSD 20year party, vBSDCon 2013, All Things Open 2013, SeaGL 2013, EuroBSDCon 2013, KyivBSD 2013 and LinuxCon 2013. (Disclosure: iXsystems is a partner of FreeBSD News)
[iXsystems Blog]