PC-BSD 9.1 RC3 available for testing

According to a PC-BSD blog post, RC3 images for the upcoming PC-BSD 9.1 are now available for i386 and amd64 architectures.

Notable changes since the previous release candidate:

  • PC-BSD handbook has been updated for 9.1
  • Fixed bug where some keyboard layouts were not being displayed
  • Multiple functionality and stability improvements for EasyPBI
  • Multiple functionality and stability improvements for TrueOS
  • New functionality improvements including better detection added to the mount-tray
  • Fixed bug where default mount points were not being set correctly using ZFS mirror/raidz mode
  • Fixed bug where update manager was not displaying the proper error text when failing
  • Added new ability to create ZFS datasets for jail environments
  • Added UK wireless channel 12 support
  • Fixed bug where Linux jails were not importing properly
  • Mirrors are now auto detected and set based upon location
  • Automatic ZFS 4K blocksize enabled by default
  • System manager should now show the correct dialog for “default”
    auto-detected mirrors.

If you come across any issues or bugs, please let the team know via the testing mailinglist.

Security Incident on FreeBSD Infrastructure

The FreeBSD Security Team has announced that on 11 November two servers as part of the FreeBSD.org hosting infrastructure have been compromised.

The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD.

No part of the base FreeBSD system has been put at risk and at no point has the intruder modified any part of the FreeBSD base system software. However, the attacker had access sufficient to potentially allow the compromise of third-party packages. No evidence of this has been found during in-depth analysis.

On Sunday 11th of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.
We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at http://www.freebsd.org/news/2012-compromise.html and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.
As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.
More information is available at http://www.freebsd.org/news/2012-compromise.html

M0n0wall 1.34 Released

Manuel Kasper has announced a maintenance version in the m0n0wall 1.3 branch: m0n0wall 1.34. This version includes CSRF-related fixes as well as a few other security-relevant updates.

There are no major functionality changes, but those who use the traffic shaper extensively may be interested in the fact that the rules can now finally be moved around just like on the firewall rules page.

M0n0wall website  |  Downloads and Changelog  |  Announcement

About M0n0BSD: M0n0wall is an embedded firewall distribution based on FreeBSD, and provides a small image which can be put on and run from CF cards, CD-Roms and hard disks. It also runs on a number of embedded platforms and virtual PCs.

New FreeBSD Foundation Funded Project: Porting Efika

The FreeBSD Foundation has announced that Aleksandr Rybalko has been awarded a grant to port FreeBSD to the Genesi Efika MX SmartBook laptop and SmartTop nettop devices.

Both use the Freescale i.MX515, an ARM Cortex-A8 System-on-Chip (SoC). These low power devices will provide convenient reference platforms for FreeBSD on ARM, as they are low-cost complete systems. The Smartbook includes a 10″ display, 3G connectivity and a battery life of 6 to 8 hours for $199.

When this project is completed, it will be possible to run X11 applications on FreeBSD on the Efika, with full support for sound and networking.  It will also make it much easier to support other devices, such as some Android tablets, that ship with the i.MX515 SoC.

This project will be completed by the end of 2012.

Efika is a line of power efficient ARM architecture and Power Architecture based computers manufactured by Genesi. In Esperanto efika means “efficacious, effective, or efficient” (wikipedia).

BSD Magazine (Nov 2012): Run FreeBSD as NAT Instance in Cloud

Run FreBSD as NAT instance in CloudNovember’s issue of the BSD Magazine is now available: Run FreeBSD as NAT Instance in Cloud (free PDF download).

You’ll find the following subjects inside:

NETGEAR Universal Wifi Adapter

The trend towards increased internet connectivity of media devices (TV’s, gaming consoles, DVR’s) has brought a work-around for one of few my frustrations with BSD operating systems – the limited support for newer wireless adapters. Many of these media devices have an ethernet port, but no way to attach a wireless adapter. Several companies have stepped up to this opportunity and have created universal wireless adapters that connect to the ethernet port rather than an expansion port. Since the device connects to the ethernet port, no driver is needed. Since no driver is needed, these devices should work with BSD operating systems. In this article, I will test Netgear’s Universal Wifi Adapter, model WNCE2001.

Automating the Deployment of FreeBSD and PC-BSD Systems

In PC-BSD 9.x every installation is fully-scripted, due to the the pc-sysinstall backend. This backend can also be used to quickly automate the deployment of FreeBSD servers and PC-BSD desktops using a PXE boot environment. In PC-BSD & TrueOS 9.1 and higher, this functionality is easy to setup and deploy using the “pc-thinclient” utility. PXE booting allows you to boot systems via the LAN interface, as opposed to using traditional media, such as DVD or USB. In order for clients to boot via PXE they will need a PXE capable network adapter.

Network Concepts, Routing and Firewalls

This article is aimed at anyone who wants to learn more about networking, routers and firewalls. We will discuss this topic in terms of a BSD/PF firewall/router.

FreeBSD as a NAT Instance in Amazon Cloud

Amazon VPC lets you launch instances in a virtual network that closely resembles a traditional network that you might operate in your own data center. You place publicly accessible servers (for example, web servers, DNS server etc.) into a public-facing subnet, and place your backend systems (databases, application servers etc.) in a private subnet with no Internet access. Instances in the private subnet can access the Internet only by routing their traffic through a NAT instance in a public subnet. This article is intended for beginners wanting to install and run FreeBSD as a NAT instance in Amazon Virtual Private Cloud (Amazon VPC).

PostgreSQL: Indexes (Part 2)

This article continues the previous one, presenting the readers with a few index examples and how the access costs are computed by the query planner. All the examples shown here have been tested on a PostgreSQL 9.1 cluster running on a FreeBSD 8.2-RELEASE machine; all the example source code are available in a GitHub repository.

FreeBSD Enterprise Search with Apache Solr (Part 3)

One of the important facets of enterprise search is to be able to search internal (Intranet) and external websites. On a smaller scale, it is relatively trivial to assemble some code in PHP or Perl to pull web pages from a site, extract the links from the HTML and then “wash, rinse, repeat”. The difficulty arises when we want to index, rank, and effectively manage these results on a large scale. Almost 10 years ago, Apache Nutch was developed as the key technology to crawl 100 million webpages, and has proved time and again that it is an efficient scalable solution. Nutch can be clustered, it is robots.txt friendly, and using modular plug-ins ans schemas, can be tuned to bias certain results first. While Nutch integration and tuning is quite specialized, it is fairly trivial to configure Nutch to dump results of a crawl session into MySQL (or any other JDBC based database for that matter), and rank / review these queries in Solr.

Download and read the whole magazine: Run FreeBSD as NAT Instance in Cloud

FreeBSD throws the Clang/LLVM Switch

Following the decision to move away from the GCC compiler to Clang, there has been a lot of discussions about the pros and cons.

One such thread can be found on Slashdot: FreeBSD Throws the Clang/LLVM Switch: Future Releases Use LLVM.

This page contains two interesting links if you’re interested in Clang, how it works and how it differs from GCC:

Clang FreeBSD’s default compiler – November 5th is Clang-Day

Brooks Davis mentioned on the FreeBSD src-head mailinglist a few days ago that November 5th was going to be Clang-day and that he was going to make Clang the default compiler for FreeBSD 10. He has now committed the patch as promised.

This change follows a few years of preparation, feeding back improvements to the Clang and LLVM source code bases, and nightly builds of FreeBSD using LLVM over two years. Future snapshots and all major FreeBSD releases will ship compiled with LLVM by default.

 After years of hard work by many FreeBSD and LLVM developers, make clang the default compiler on i386 and amd64 systems.