pfSense 2.1, pfSense Gold Subscription and ESF

pfsense-logoChris Buechler has announced pfSense 2.1, a free, powerful, open source firewall and security solution.

Don’t be deceived by the .1 version number as it comes with a whole slew of new features. pfSense 2.1 is based on FreeBSD 8.3, comes with support for PC-BSD’s PBI package management, includes new hardware drivers and security updates, and many IPv6 updates.

A list with all the changes and additions can be found here.

It was also announced that there is now a $99 pfSense Gold Subscription.

pfSense Gold Subscription is our $99 per year premium membership subscription program, designed to provide special benefits to our members while supporting ongoing development of the Open Source pfSense project.  We hope this dual benefit will make Gold a program worth subscribing to.

The company behind pfSense has changed its name from BSD Perimeter to ESF. You will never guess what ESF stands for….. Electric Sheep Fencing.

The BSD family – FreeBSD 9.1 (part 1)

David Hutchinson has written an instructive overview on osnews.com about FreeBSD 9.1, its features and FreeBSD in general. He also explains why he prefers it over Linux.

FreeBSD is a complete and well-engineered system. While much of what they do involves less fanfare than Linux, they have a strong and active development and user community. They have kept pace with technology and still maintain a powerful system with modern features, and have done so mostly without anything feeling tacked on. The consistency of the system is why I prefer it over Linux – significant changes can rarely, if ever, be described as disruptive. But, changes still are made.

[...]

Very important from a technological standpoint as well as a philosophical standpoint is removal of GPL from the base system. There are some environments where the GPL is not appreciated or allowed (such as certain embedded scenarios), and these changes allow FreeBSD to fit into those environments. It is also important for the FreeBSD project, as it helps to strengthen the identity of the project and the license. [...]

There is still plenty of development going on the BSD world, and as I alluded to at the top, this is meant to be the first of several articles on BSD that I’ll be writing in the coming weeks, time allowing. [...]

The BSD family, pt. 1: FreeBSD 9.1

FreeBSD 10.0-ALPHA4 available for testing purposes

freebsd_logo-100x100The fourth ALPHA build for the FreeBSD-10.0 release cycle is now available for testing purposes.

The fourth ALPHA build of the 10.0-RELEASE release cycle is now available
on the FTP servers for the amd64, i386, ia64, powerpc, powerpc64 and
sparc64 architectures.
Note: Due to build issues within the head/ branch, ALPHA3 ISO builds were skipped.
The 10.0-ALPHA4 builds correlate to svn revision r255933 of the head/branch.

Check out the dates for the upcoming BETA and RC releases on the FreeBSD 10 Release page.

The announcement and download locations can be found in this email to the FreeBSD current list: http://lists.freebsd.org/pipermail/freebsd-current/2013-September/044951.html

FreeBSD 9.2-RELEASE launches

freebsd_logo_textThanks to all the hard work of the FreeBSD Foundation, FreeBSD developers and the contribution of a some private companies, FreeBSD 9.2-RELEASE has been announced by the FreeBSD Release Engineering Team and is now available.

This is the second release from the stable/9 branch, which improves on the stability of FreeBSD 9.1 and introduces some new features.

Some of the highlights in this version are:

  • The ZFS filesystem now supports TRIM when used on solid state drives.
  • The virtio(4) drivers have been added to the GENERIC kernel configuration for amd64 and i386 architectures.
  • The ZFS filesystem now supports lz4 compression.
  • OpenSSL has been updated to version 0.9.8y.
  • DTrace hooks have been enabled by default in the GENERIC kernel.
  • DTrace has been updated to version 1.9.0.
  • Sendmail has been updated to version 8.14.7.
  • OpenSSH has been updated to version 6.2p2.
  • Import unmapped I/O support from head.

A complete list of new features and known problems can be found of the 9.2 Release Notes page.

(Free)BSD Code Commits Catch Up – Week 39

C++ FreeBSD

This is a weekly post linking to interesting updates, additions or changes in the FreeBSD code or in the code of the following FreeBSD-based flavours: PC-BSD, FreeNAS or pfSense.

If I have missed out any updates that you’re excited about, please share with us all in the comments.

pc-bsd logo 100x100PC-BSD

  • New pc-thinclient WebUI (link)
  • Beginnings of a new Life Preserver main GUI (Link)
  • Life Preserver UI updates and new icons (link1, link2)
  • Replication functionality in the tray watcher finished (link)
  • Work on PBI10 format started (incl ability to run PBIs without installing them) (link)
  • PBI10 will use LZMA compression instead of uzip (link)
  • PC-BSD 10 PBI manager receiving pkgng updates (link)

FreeBSD LogoFreeBSD

  • Import a new libcxxrt (link)
  • LSI MegaRAID Invader cards now work (link)
  • UNBOUND has replaced Bind (link)
  • FreeBSD 9.2 RELEASE (link)

freenas-ixsystems-new-logoFreeNAS

  • HAST related updates (link1, link2)
  • Auditdisd updates (link)
  • Plugin updated brought back (link)

pfsense logo 100x100pfSense

Update to include GratisDNS dynDNS service (link)

OpenZFS – Communities co-operating on ZFS code and features

OpenZFS is a new community founded around open-source, cross-platform ZFS projects. 

open-zfs freebsdZFS is arguably the world’s most advanced file-system and has been in active development for over a decade. It is the popular and highly-advanced 128-bit file-system with enhanced error detection and correction capabilities designed for Solaris during the Sun Microsystems days.

Different projects have continued developing ZFS, such as illumos, FreeBSD and Oracle, but to avoid further fragmentation a number of companies and communities with an interest in ZFS have joined forces and set up OpenZFS.

Prior to the formation of OpenZFS there was little or no co-ordination [1] between the different ZFS related projects and the implementations on different operating system, but OpenZFS is to change that and to promote collaboration between cross-project developers and stakeholders.

The high-level goals of OpenZFS are:

  • to raise awareness of the quality, utility, and availability of open source implementations of ZFS
  • to encourage open communication about ongoing efforts to improve open source ZFS
  • to ensure consistent reliability, functionality, and performance of all distributions of ZFS.

OpenZFS has been founded by members of the Linux, FreeBSD, Mac OS X, and illumos communities, including Matt Ahrens, one of the two original authors of ZFS.

The OpenZFS community brings together over a hundred software developers and companies with the aim to improve and further develop ZFS. Some well known companies taking part are iXsystem, HybridCluster, Nexenta and PogoLinux.

The notion “open” in OpenZFS should to be stressed. Oracle has further developed ZFS (e.g. v35) but hasn’t made the code changes public, but the OpenZFS project will be open, share and encourage co-operation.

 “The goals of the project are to raise awareness, encourage open communication and to ensure consistent reliability, functionality and performance across multiple platforms.”

Ahrens said.

This is what Justin Gibbs, president of the FreeBSD Foundation, had to say:

freebsd_foundation 100.x100This is a cross-platform effort to ensure the continued evolution of the ZFS file system. For developers and users of FreeBSD, the formation of OpenZFS clarifies the future of ZFS support for our platform.  The FreeBSD project is now an equal partner in defining the course for ZFS. OpenZFS combines the man power of the FreeBSD, Illumos, Linux, and MacOS communities to provide a level of test coverage, feature development, documentation, and support that wasn’t possible with our separate efforts.  Most importantly, OpenZFS will improve platform interoperability and reduce fragmentation of ZFS implementations. Today is an exciting day for ZFS and the FreeBSD platform.  I encourage you to browse http://www.open-zfs.org and to get involved. You are officially invited to help make the future of OpenZFS!

Matt Ahrens will co-present with Martin Matuska a presentation on OpenZFS at the upcoming EuroBSDCon 2013: OpenZFS:  Upcoming Features and Performance Enhancements with Illumos and FreeBSD joining Forces.

All in all, this is a very welcome development in the future of ZFS.

Links:

[1] With the exception of the illumos – FreeBSD co-operation.

BSD Conference: vBSDcon, October 25 – 27, 2013

A reminder for the upcoming vBSDcon 2013 has gone out today:

vBSDcon_banner

“Registrations for vBSDcon 2013 remain open until October 23rd, 2013. Register now for this BSD conference scheduled to take place at the Dulles Hyatt in Herndon, VA from October 25 – 27, 2013. Registrations are being accepted at www.vbsdcon.com.

Users and developers from across the BSD communities are encouraged to attend the event intended bring together members of the BSD community for a series of roundtable discussions, educational sessions, best practice conversations, and exclusive networking opportunities. Those interested in such an opportunity to learn, experience, and meet others involved in the BSD communities should plan to attend vBSDcon 2013.

vBSDcon is proud to bring prolific speakers such as:

  • David Chisnall, a member of FreeBSD’s Core Team which is charged with deciding FreeBSD’s overall goals and directions, speaking on the migration from GCC to LLVM/CLANG within the FreeBSD project.
  • Luigi Rizzo, FreeBSD source committer and project developer for netmap, speaking on the Evolution of the Netmaps Framework.
  • Baptiste Daroussin, FreeBSD source committer and project developer for PkgNG, speaking on the topic of PkgNG.
  • Henning Brauer & Reyk Floeter, OpenBSD developers, speaking on deep packet inspection with OpenBSD and PF.
  • Scott Long, FreeBSD source committer, speaking on “Disspelling the Stigma of the “Dot-oh” Release.
  • Devin Teske, FreeBSD source committer, with “A Comprehensive Look at bsdconfig”.
  • Kris Moore, PC-BSD Director of Development, speaking on automating deployment of FreeBSD and PC-BSD systems.
  • John Hixson, of iXsystems, speaking on the topic of FreeNAS plugins.

vBSDcon is being hosted at the Dulles Hyatt in Herndon, VA making it extremely convenient for attendees who book their room at the venue. The venue is also just minutes from Dulles International Airport with regular shuttles to/from the hotel and airport terminal during the day. Breakfast, lunch, and snacks will be provided on-site by the hotel’s on premise restaurant.

The schedule includes a reception dinner at the Dulles Hyatt on the evening of October 25th provided by Verisign and a mid-conference social the following evening celebrating 20 years of FreeBSD. Space for off hours hacker lounges and doc sprints will be available in the conference facilities with complimentary wireless internet access. The BSD Certification Group will also be hosting a BSDA certification exam on Saturday evening following the completion of conference activities for the day.

All are invited to take part in this event and are encouraged to register at the vBSDcon web site at www.vbsdcon.com. Simply click the “Register now” button to begin your registration! We look forward to meeting you all there!”

FreeBSD 10′s New Technologies and Features

freebsd_logo-100x100FreeBSD 10 has been in the works for a while. FreeBSD 9 became available on 12 January 2012 and now 20 months later, FreeBSD 10 is shaping up nicely, with two alpha releases available for testing.

According to the Release Schedule  FreeBSD 10 will receive the RELEASE status in November, but since the developers aim for quality of product over speed of release, this may slip into Dec 2013 / Jan 2014.

There has been a lot of maturing technologies in FreeBSD 10, with many new features which make this release, I think, the most exciting one in years. A lot of development has gone into virtualisation support. Virtualisation with FreeBSD Jails has been available for a long time, but not so much “full virtualisation”.

Let’s have a look at the some of the most talked about, most requested and most interesting features that have found their way into or are planned for “10.0″, but may not make the deadline. (More details and links to feature commits can be found FreeBSD 10 Wiki page).

General

pkgngpkgng is the new package management tool for FreeBSD

llvm-clangLLVM/Clang – FreeBSD 10.0 will deprecate the GPL-licensed GCC and switch to the BSD-licensed LLVM/Clang compiler (v3) by default. GCC is still in the source tree. It’s been switched off on platforms that LLVM supports fully (amd64, arm, armv6, i386), but can easily be built; just add WITH_GCC=YES to /etc/src.conf and ‘make -C/usr/src buildworld installworld’. (Thanks @DES for this clarification)

Unmapped VMIO buffers – The use of the unmapped buffers eliminate the need to perform TLB shootdown for mapping on the buffer creation and reuse, greatly reducing the amount of IPIs for shootdown on big-SMP machines and eliminating up to 25-30% of the system time on i/o intensive workloads

Libc++Libc++ has been integrated in FreeBSD 10. The libc++ library is focused upon C++11 support, is licensed under the MIT/UIUC license (rather than GPL) and will now be used instead of libstdc++

Variable symlinks – The support for variable symbolic links (varsym) supports automatic expansion of per-process, per-jail or system-wide variables in symbolic file links (may not make it in final release)

Kernel

Tickless kernel – FreeBSD 10.0 now supports a truly tickless kernel, enhancing battery performance on laptops and general resource effectiveness in virtual machines

freebsd_amdAMD Kernel Mode-Setting – AMD GPUs kernel mode setting supports the use of newer xf86-video-ati drivers and AMD GPUs

New iSCSI stack – The new iSCSI stack is kernel-mode and focused on reliability and interoperability

freebsd_intelRDRAND – Intel’s “Bull Mountain” RDRAND CPU instruction set on Ivy Bridge and Haswell CPUs for random number generator access will be supported in FreeBSD 10

KMS – A new X.Org stack with initial KMS support. Kernel mode-setting support in FreeBSD is still not at the level of support found on Linux for Intel, Radeon, and Nouveau hardware, but making good progress.

Startup

UEFI boot-loader support (may not make it in final release)

Animated boot splash support

Networking

BIND replacementUnbound and LNDS will replace BIND as the system’s DNS resolver. BIND will still be available from the ports.

PF firewall with SMP support. The PF firewall is now SMP-friendly. It supports fine-grain locking and better utilisation of CPUs on multi core machines. This means greater performance due to the multi-threading

NetMap – The NetMap framework for high-performance raw Ethernet packet access (paragraph updated – Thanks @Ed)

CARPCARP support has been overhauled and rewritten from the ground up

Wifi improvements – Improved 802.11n WiFi/WLAN wireless networking stack with support for new features and new drivers (e.g. Atheros PCI/PCIe 802.11n WiFi adapter from Qualcomm ,SMP/concurrency races, 802.11n TX aggregation)

Hardware Support

PCI hot-plug support (may not get included)

Apple Thunderbolt connectivity support (may not make it in final release)

USB Audio 2.0 – USB Audio support has been revamped, supporting new devices, higher bandwidth support and increased sampling frequency (may not make it in final release)

Architectures

FreeBSD/arm – Greatly improved support for the ARMv6 and ARMv7 platforms, incl SMP, thread-local storage (TLS) and superpages. Support for new ARM SoCs like the Texas Instruments OMAP4 and MV78x60 included

Raspberry Pi support.

Filesystems

ZFSZFS – FreeBSD 10.0 brings with it support for ZFS TRIM and it also supports LZ4 compression support which compresses much better (up to 50%) than the default LZJB compression. L2ARC compression support was also added, as well as NOP-write optimisation (ported from Illumos). All this will be great for using FreeBSD or FreeNAS as your NAS file server.

UFS live file-system resizing support. A UFS formatted filesystem can now be enlarged with growfs(8) when mounted in read-write mode. This should come in useful when adding extra storage to virtual machines without interrupting the service. Newly created UFS file systems will have faster fsck operation

FUSE – FreeBSD 10.0 brings in FUSE file-system support in user-space. FUSE file systems can now be accessed under FreeBSD without installing the “fusefs-kmod” kernel module from ports. This will make accessing these file systems (Linux) more stable.

Virtualisation

bhyvebhyvebhyve is the new native BSD Hypervisor and present in FreeBSD 10, developed from the ground up to offer a light-weight low-level HVM virtualization on FreeBSD.  bhyve supports the latest AMD and Intel virtualisation extensions, and is able to run the FreeBSD kernel fully virtualised. bhive also supports VirtIO for para-virtualization

Virtio – “virtio” is the name for the para-virtualisation interface developed for the Linux KVMVirtio drivers are developed alongside byhve. Any hypervisor supporting this interface should run without problems (Qemu/KVM, VirtualBox and BHyVe). The BSD-licensed implementation of the virtio kernel drivers support PCI, memory balloon, network IO, block and SCSI interfaces.

freebsd_xenXen – FreeBSD 10 comes with Xen DomU x86_64 support, Xen i386 PV support, plus many other Xen related items (USB PV drivers, SCSI pass-through, PowerPC/ARM/MIPS support, PV SMP support). Before you ask: No, there’s no Xen Dom0 support, yet

VPS – Virtual Private Systems for FreeBSD is an extension of the VIMAGE concept to the rest of the kernel (OS-level virtualisation, similar to jails), allowing live migration of VPSs from one host to another. This project is still in SVN and may not make it in final release)

All in all this is an impressive list of new features. This makes the release of FreeBSD definitely something to look forward to.

Which of the above or other features are you eagerly waiting for?