FreeBSD Foundation Announces Capsicum Framework Project

The FreeBSD Foundation has announced that Pawel Jakub Dawidek has been awarded a development grant to further improve the Capsicum framework. The grant is jointly funded by Google’s Open Source Programs Office.

The project includes the integration of previous work, implementation of new programmer-friendly capability system calls, improvements to the Casper Capsicum service daemon, and sandboxing various security-sensitive applications.

“My previous Capsicum work focused on improving the framework itself to make it a better fit for real world applications. This new project will make use of the improved Capsicum to secure sensitive programs and libraries found in FreeBSD. The project will also produce many examples for others to follow, allowing them to take advantage of Capsicum to improve the security of their programs,”

said Pawel.

Ben Laurie, of Google’s security team, added that

“traditional operating system security is based on Access Control Lists (ACLs). Decades of experience has made it quite clear this is the wrong model – but how can we move to a better way without having to rebuild everything? Capsicum shows that it is possible to migrate gradually from the broken ACL world to a more robust capability based world. We are pleased to be involved in the next step of its evolution.”

The project is expected to be completed by June 2013.

Source: FreeBSD Announce Mailinglist

FreeBSD Foundation is soliciting submission of project proposals (2013)

freebsd_foundation 100.x100The FreeBSD Foundation annually (200920102011, 2012) asks the FreeBSD (developers) community for any project proposals that they’d like to work on, and, this is the interesting part, get funding for from the Foundation.

The Foundation has invited the Community again this year:

The FreeBSD Foundation is soliciting the submission of project
proposals for funded development grants. Proposals may be related to any of the major subsystems or infrastructure within the FreeBSD operating system, and will be evaluated based on desirability, technical merit, and cost-effectiveness.

Key dates for this proposal solicitation:

  • Call for proposals: 27th March 2013
  • Deadline for submissions: 26th April 2013
  • Notifcation of accepted proposals: 17th May 2013

Proposals must include the following:

* A detailed description of what is being proposed, how it will
benefit the FreeBSD Project, and why the work is needed.
* A timeline and costing for the project.
* One or more people that will act as technical reviewers for the work.

Proposals are open to all developers, including non-FreeBSD
committers, but developers without access to commit to the source tree must provide details about how the completion guidelines will be achieved. (source)

All details on the proposal submission process can be found on the Project Proposal Procedures page.

There are many projects and loose ends to pick up, so if you’re interested, have al look at the FreeBSDD ideas page or hang out on the FreeBSD Forums.

iXsystems debuts exclusive ZFS Encryption Feature in FreeNAS 8.3.1

ixsystems logo

Following the release of FreeNAS 8.3.1, iXsystems has released the following announcement:

iXsystems continues to lead the way for free and open source software with the release of FreeNAS Version 8.3.1. With this update, FreeNAS becomes the first open source storage platform to offer encryption for the advanced Zettabyte File System (ZFS). This is the first point release of the 8.3 branch, including updates to several components for security and stability.

freenas-ixsystems-new-logoFreeNAS makes powerful features easy to use and accessible to everyone; until now, encryption for ZFS has been inaccessible to the general public. Thanks to ZFS encryption, security-conscious users will be able to prevent their data from being read if the disks are disconnected from their system.

The ZFS encryption module runs as fast as unencrypted volumes on processors that support the AES-NI instruction set. AES-NI instructions are available on many Intel and AMD processors.

The encryption key management has been made user friendly with options for automatically restarting the volume, or requiring an operator to manually enter in a key depending on the user’s required level of security. In addition encryption allows for confidence when retiring and recycling hard drives because the drives no longer need to be wiped provided the keys are obliterated.

In the future, iXsystems will be able to bring features and improvements from FreeBSD, the enterprise open source operating system, to the FreeNAS community faster. This is a result of the FreeNAS codebase moving to FreeBSD 9. Alfred Perlstein, VP of Software Engineering at iXsystems, says,

“With the FreeNAS and the FreeBSD code bases closer together, both userbases will benefit from testing and development done on the entire platform.”

FreeNAS 8.3.1 also updates many of the services and components of FreeNAS, providing upgraded hardware support, bug fixes, and performance enhancements. FreeNAS 8.3.0 has been the most popular FreeNAS release to date with over 500,000 downloads. iXsystems is looking forward to the continued growth of the FreeNAS community with the release of version 8.3.1, and to more opportunities to make powerful technology accessible for FreeNAS users.

About FreeNAS® 
FreeNAS is a free and open source Network Attached Storage operating system based on FreeBSD. The goal of the project is to design a lightweight, BSD-based software package that acts as a full featured NAS server, complete with a Django-based web user interface, full ZFS implementation, and the ability to interface with existing networks – regardless of operating system or protocol. The encryption system introduced in Version 8.3.1 makes FreeNAS the only Free and Open Source ZFS encryption offering in the world.

About iXsystems: 
iXsystems builds rock solid enterprise-class server and storage solutions. All of our products are assembled, tested, and shipped from our company headquarters in Silicon Valley. Technical support is provided in-house by the same engineers that build the systems. Thousands of companies, universities, and U.S. Government departments have come to rely on iXsystems’ customer-first commitment to excellence. iXsystems champions the cause of Open Source technology by dedicating extensive resources to several FreeBSD community projects: FreeNAS, PC-BSD, FreeBSD, and TrueOS.

Porting FreeBSD to Efika Platforms Project Completed

freebsd_foundation 100.x100The FreeBSD Foundation announced in November 2012 that Aleksandr Rybalko had been awarded a grant to port FreeBSD to the Genesi Efika MX SmartBook laptop and SmartTop nettop devices.

The Foundation updated its blog today to say the project is now completed.

You’ve already seen or at least heard about ARM systems running FreeBSD. In most cases it’s routers, firewalls, network storage, etc. Why doesn’t anyone use FreeBSD on an ARM based desktop or laptop? It is because no one had implemented Xorg support for boards supported by FreeBSD. Now you have a way to do just that!

I’m glad to introduce an Xorg driver for ARM, and not only ARM but for syscons framebuffer devices. It’s called xf86-video-scfb. The driver is very simple, and has been tested and works on the Efika MX and Raspberry Pi devices. I hope it w ll work with other devices, including those not based on ARM.

FreeBSD Efika Project completed

FreeBSD 8.4-BETA1 available for testing

The FreeBSD developers have announced the availability of the first BETA build for the FreeBSD-8.4 release . ISO images for the amd64, i386 and pc98 architectures are available on most of our FreeBSD mirror sites.

Since the stable/8 branch is relatively mature we hope there will only be one BETA build for this release cycle. If testing does not turn up any show-stopper caliber problems the next test build will be RC1.

New BSD Magazine (March 2013): Handling Kernel Panic

March’s issue of the BSD Magazine is now available: Handling Kernel Panic (free PDF download).

You’ll find the following subjects inside:

  • Reacting to Panic: How to Configure the System to handle Crash Dumps
  • MaheshaBSD Server: MySQL and WordPress in FreeBSD
  • FreeBSD Programming Primer: How to Embed CSS and Javascript in Pages
  • Hardening FreeBSD with TrustedBSD and MAC: configuration of mac_ifoff, mac_portacl, and MAC LOMAC modules

Handling Kernel Panic