FreeBSD’s Summer 2010 Highlights

Murray Stokely who was involved in the FreeBSD Google Summer of Code 2010 mentoring program has put an update on his blog:

FreeBSD is a modern open source operating system for servers, desktops, and embedded systems, based on over 30 years of continuous development. The FreeBSD Project has participated as a mentoring organization in Google Summer of Code each year since the program’s inception in 2005. This year, FreeBSD mentored 18 students with a final success rate of 89%. The cumulative total over 6 years has been 117 students improving FreeBSD.”

Continues (google-opensource.blogspot.com)

It’s nice to see FreeBSD ‘promoted’ on one of the Google Blogs ;-)

4 open source firewall/router projects, incl pfSense and m0n0wall

LinuxPlanet has a post with some background information of 4 great open source firewall/router projects. Two are Linux-based (endian and smoothwall) and the other two are based on FreeBSD (m0n0wall and pfSense):

pfSense

pfSense is a customized distribution of FreeBSD. It actually started in 2004 as a fork of the m0n0wallproject. However, it concentrates more towards full PC installations, where m0n0wall is more towards embedded hardware.

pfSense can be considered as a popular package, as it has more than 1 million downloads. It can be used in homes or in large corporations and organizations. It’s available as a Live CD, hard drive installation, or embedded.

pfSense has low system requirements; 100 MHz Pentium CPU and 128 MBs of RAM. The Live CD requires a CD-ROM drive and a USB flash drive or floppy drive for storing the configuration file. The hard drive installation requires a CD-ROM for the initial installation and at least 1 GB hard drive. The embedded version requires a serial port for console and at least a 128 MB Compact Flash card.

pfSense, of course, includes a powerful firewall, including the ability to filter based upon the passively detected operating system. Its state table can be finely customized. It can do Network Address Translation (NAT) and load balancing of multiple WAN connections. It has a DHCP server and relay functionality.

Other important features include redundancy and synchronization, captive portal, and the support of three VPN solutions: IPsec, OpenVPN, and PPTP.

pfSense includes great reporting and monitoring features. RRC graphs show historical values of CPU utilization, firewall states, throughput, and more. There are also SVG graphs showing the real-time throughput of interfaces.

m0n0wall

m0n0wall is also based from FreeBSD. This firewall project is designed for use with embedded x86-based PCs. However, it is possible to run m0n0wall on most standard desktop PCs.

m0n0wall officially supports the embedded net48xx/net55xx systems from Soekris Engineering and the ALIX platform from PC Engines. It requires at least a 16 MB Compact Flash (CF) card and they recommend using at least 64 MBs of RAM.

Getting m0n0wall running on an embedded system just takes downloading an image and writing it to a CF card. For desktop PCs, you can be write a disk image to a small IDE hard drive or CF card, or use the CD-ROM and floppy disk version. A VMware image is also available.

The entire system configuration is conveniently stored in one single XML text file, eliminating multiple text files parsed in a shell script. m0n0wall can completely boot up in less than 25 seconds after hitting the power button. On embedded platforms it provides a WAN to LAN TCP throughput of more than 50 Mbps (including NAT), and with newer PCs you can see 100+ Mbps.

The firewall provides stateful packet filtering and supports Network Address Translation (NAT). It also features a DHCP server and relay support. It supports VLANs and IPsec and PPTP VPNs. It even features wireless support for certain chipsets to create an access point (AP).

Other important features include a captive portal, SVG-based traffic graphing, SNMP agent, DynDNS client, and Wake on LAN client.” (full article)

Great to see the attention given by LinuxPlanet to FreeBSD based router/firewall projects. It would be nice if this was followed up by an in-depth review, comparison and benchmarking to help users decide which of the four is the best for their particular need.

FreeBSD Events Update (Ohio LinuxFest, EuroBSDCon, MeetBSD)

Ohio LinuxFest

Ohio LinuxFest will be taking place from today (10-12 Sep in Ohio). I’m aware of the following FreeBSD related companies and projects that will be respresented: the FreeBSD Foundation, iXsystems, PC-BSD and BSD Certification. If you know of any other ones, please leave a comment below.

The eighth annual Ohio LinuxFest will be held on September 10-12, 2010 at the Greater Columbus Convention Center in downtown Columbus, Ohio. Hosting authoritative speakers and a large expo, the Ohio LinuxFest welcomes all Free and Open Source Software professionals, enthusiasts, and everyone interested in learning more about Free and Open Source Software.

Dru Lavigne will be doing a presentation titled PC-BSD: An Easy to Use BSD Desktop (slideshare available)

EuroBSDCon 2010 (Accepted Talks)

The following talks will be taking place at EuroBSDCon 2010 (8-10 October, Karlsruhe (Germany)):

MeetBSD 2010 (California)

This conference will be held  5-6 November 2010 Mountain View, California, USA)

MeetBSD 2010 features a community-driven discussion format that gives great minds from the BSD and open source communities the opportunity to share ideas. Discussions in the form of breakout sessions will provide a forum for a variety of open source development topics. Lightning talks will allow attendees to share the status of their BSD projects quickly with other community members, while stimulating conversation. A handful of selected speakers will also take part in the event, delivering information on a number of BSD platforms (source).

FreeBSD 6.4 and 8.0 End of Life

On November 30th, FreeBSD 6.4 and FreeBSD 8.0 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Since FreeBSD 6.4 is the last remaining supported release from the FreeBSD 6.x stable branch, support for the FreeBSD 6.x stable branch will also cease at the same point. Users of either of these FreeBSD releases are strongly encouraged to upgrade to either FreeBSD 7.3 or FreeBSD 8.1 before that date.

The FreeBSD Ports Management Team wishes to remind users that November 30 is also the end of support for the Ports Collection for both FreeBSD 6.4 RELEASE and the FreeBSD 6.x STABLE branch. Neither the infrastructure nor individual ports are guaranteed to work on these FreeBSD versions after that date. A CVS tag will be created for users who cannot upgrade for some reason, at which time these users are advised to stop tracking the latest ports CVS repository and use the RELEASE_6_EOL tag instead (source)

Capsicum Presentation at Usenix Security 2010

Robert Watson’s Capsicum presentation at Usenix Security is available as MP4.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

FreeBSD Events and Conference Calendar

These and other dates can be found in my FreeBSD Events and Conferences Calender (gcal).

BSD Magazine issue 2010-09: BSD and Linux

The BSD Mag September issue is about BSD and Linux

The following articles can be found in this issue:

Installing a Citrix Client on FreeBSD

As our computing needs change, so does our criteria for selecting an operating system. Today, my job and my family are in different cities.

Writing shellcode for Linux and *BSD

A shellcode is a sequence of machine language instructions which an already-running program can be forced to execute by altering its execution flow through software vulnerabilities (e.g. stack overflow, heap overflow or format strings).

How To Convert Text to Voice Using Festival and Lame in FreeBSD

In 2007 I built a web-based IM/ Chat Service which was later launched as an iPhone web app. Making a long story short I retired the service in 2008 and that was that.

FreeBSD Squid proxy with Parental Controls How-To

Traditionally, web pages were served via a webserver such as Apache and transmitted via the network on port 80 to a web-browser.

Network monitoring with Nagios and OpenBSD PART 2

So our OpenBSD-based network now includes redundant firewalls, domain name servers, a mail gateway  and a web proxy cache .

The Difference Between FreeBSD and Ubuntu in a Not So Technical Way

As a system administrator, I have been using various distributions of Linux and FreeBSD. I am comfortable in a mixed environment of *nix operating systems to provide network services.

Download: BSD Magazine 2010-09 (Linux and BSD)

PC-BSD Q&A in this Week’s DistroWatch Issue

Jesse Smith from DistroWatch recently asked DistroWatch readers to submit questions about PC-BSD.  The questions, with Dru Lavigne’s answers, can be read in this week’s issue of Distrowatch.

The questions asked were:

  • What is your opinion on the differences between the BSD license and the GPL, and how it works for how BSD does things? Why would a developer choose a license which allows a commercial entity to use their code and make money from it without giving anything back (i.e. OS X)?
  • Going back to the basics, it’d be interesting to know why one might choose a BSD operating system over a Linux distro, and vice versa. What is/are the core function(s) of BSD, and what sets it apart from Linux (other than the different licensing schemes)?
  • What are some of the philosophical differences between the BSD kernel and Linux kernel coders? And can things like drivers be shared between the two camps?
  • Could you please compare and contrast BSD Ports and Linux package management?
  • I would appreciate hearing your insight into the Oracle/Google lawsuit, Java and patent issues. I would also love to hear about your perspective on some of the new upstart BSD distros that include installers and GNOME/KDE (PC-BSD, GhostBSD, GNOBSD).
  • I would love to try a BSD distro, and I like the look of PC-BSD, but I don’t want to download the large DVD image. Are there plans for a live CD edition any time soon? Perhaps one with Xfce or LXDE instead of KDE?
  • It is already possible to install ZFS from the GUI installer of PC-BSD. In fact I was able to establish a functioning mirrored “rootpool” using the installer with a minimum of fuss. The problem is that there is no default (suggested) file system layout that is specifically tailored to zpools (like there is in OpenSolaris) and you have to create your own, unlike the default (or suggested) UFS layout provided by the PC-BSD installer. This puts a premium on user knowledge. So I was wondering if future installers will have an even more “user-friendly” approach to ZFS installation, where ideal partition layouts are recommended by the installer?
  • Will there be any attempt to improve on the power and flexibility of the BTX bootloader that PC-BSD uses? Is it even conceivable that PC-BSD might incorporate GRUB 2? Right now it is supposed to be possible to install GRUB on PC-BSD, but I think people have had a lot trouble doing this, with GRUB 2 at any rate.
  • I’ve tried to install PC-BSD, but if it’s not video issues on my new machine it’s boot issues on the old one. What can a relative computer Luddite like myself (who’ll try something but probably never dig that deep into getting it to work) do to encourage better hardware compatibility on future releases?
  • I have been using PC-BSD and plain FreeBSD (with KDE) for quite a while. With FreeBSD you have the option of using it in “rolling-release style” by upgrading your ports on a regular basis. But you can restrict your port upgrades and just upgrade those ports that have security vulnerabilities if you like. Just run portaudit and it will tell you what needs upgrading. Now, as you know, PC-BSD is not a rolling release (unless you use the ports system with it and want to constantly upgrade). But I have noticed that the number of “system updates” in PC-BSD are very few and far between. They seem even fewer then just the security patches provided by FreeBSD (i.e. the portupgrades applied only to the vulnerable ports). So my question is, in light of these fewer system updates, is PC-BSD more insecure then FreeBSD? (I am assuming that one is not using the ports system with PC-BSD.) I realize that a lot of the vulnerabilities that portaudit reports are only relevant if you are using a server, but this is not universally true, and I can’t shake the feeling that PC-BSD is significantly behind the curve when it comes to providing package updates that eliminate security problems. If PC-BSD has a flaw relative to FreeBSD (or most Linux distros) this might be it.
  • Is there anything else you’d like to add about the PC-BSD project or BSD in general?

Read the answers: Interview (by Jesse Smith)

FreeNAS 8 alpha snapshot ready for testing

Warner Losh from iXsystems announced the availability of a FreeNAS 8 alpha build today.

The iXsystems engineering team has moderized FreeNAS in a number of ways. We wanted a platform that was more extensible than the current m0m0wall-based framework allowed. We wanted to create a platform that could be expandable by modules (possibly not even written by us). We wanted to make it easier to upgrade the base FreeBSD release, as well as leverage more base FreeBSD technology that has been integrated into the system since FreeNAS was originally developed.

We’ve migrated the build to be NanoBSD based. This allows us to leverage the embedded work that has gone into NanoBSD. It also allows us to push some of the features that are important to FreeNAS back into the base FreeBSD distribution. NanoBSD gives us the flexibility that we need. Since we’re using the FreeBSD package system to add ports and packages, users will be able to add their own packages (we’ll likely expand the basics to use the PBI’s that PC-BSD produces for ease of installation). We’re using the normal rc.d system, so upgrading is easier as well. etc

It has taken some time to come to these builds but iXsystems has been working hard to move FreeNAS from a m0n0wall base to a nanoBSD base. This will upgrading the underlying FreeBSD base system go smoother, and the new design makes development of plugins easier. Imagine FreeNAS with the ability to import PBI plugins and updates. That would be cool.

Olivier as put some screenshots on the FreeNAS blog, including some hints on how to set the the disk(s) and services.

Happy testing.

FreeNAS is an embedded open source NAS (Network-Attached Storage) distribution based on FreeBSD, supporting the following protocols: CIFS (samba), FTP, NFS, TFTP, AFP, RSYNC, Unison, iSCSI (initiator and target) and UPnP. It supports Software RAID (0,1,5), ZFS, disk encryption, S.M.A.R.T/email monitoring with a WEB configuration interface

FreeBSD quick news and links (week 35)

Some FreeBSD related links and updates below:

New NVidia FreeBSD drivers 256.53

NVidia has updated its graphics drivers for FreeBSD. Some of the changes are:

  • Fixed a bug that prevented XvMC from initializing in most cases.
  • Added support for xorg-server video driver ABI version 8, which will be included in the upcoming xorg-server-1.9 series of releases.
  • Fixed a bug that caused extremely slow rendering of OpenGL applications on X screens other than screen 0 when using a compositing manager.
  • Fixed a regression introduced after 256.35 that caused stability problems on GPUs such as GeForce GT 240.
  • Fixed a slow kernel virtual address space leak observed whenstarting and stopping OpenGL, CUDA, or VDPAU applications.
  • Fixed a bug that left the system susceptible to hangs when running two or more VDPAU applications simultaneously.

BSD License Generator

One shouldn’t have to change too much text when adapting the BSD license, but for the lazy there a BSD License Generator.

Benchmarking HAProxy – Ubuntu vs FreeBSD

“HAProxy on Ubuntu, or HAProxy on FreeBSD? I couldn’t find any real benchmarks comparing the two out in the wild, so I decided to do my own.”

More: Benchmarking HAProxy – Ubuntu vs FreeBSD

Installing pfSense on a Nokia IP120 firewall

“I was recently toying with an old Nokia IP120 firewall and discovered that pfSense would run quite well on this old hardware.”

Here’s how to do it: Installing pfSense on a Nokia IP120 firewall

FreeBSD Stable Release Install Guide

There’s already the excellent FreeBSD Handbook, but here and there you can find other useful guides, for instance the FreeBSD Stable Release Install Guide.

Up to date, Step by Step, How-To, Instructional Guide to Installing FreeBSD from scratch, Specifically written with background information covering the why and how the different components are used together to create a home or small enterprise network for the new-be and inexperienced FreeBSD computer hobbyist. Not a General reference type of document, but a true learning aid containing details unique to the stable version of FreeBSD your installing: a1poweruser.com

The history of Unix on the PC: Exploring lesser-known variants

“When someone discusses the Unix operating system on a PC, many modern computer users think of Linux, a Unix work-alike first released by Linus Torvalds in 1991. Linux is a relative newcomer to the field; Unix and Unix-like operating systems have been released for Intel x86-based systems as far back as 1979. This article covers some lesser-known Unix variants for IBM PC-compatible systems, both those that survive today and the ones that were not long-lived or commercially successful:

The history of Unix on the PC: Exploring lesser-known variants

FreeBSD will continue supporting ZFS

OpenSolaris may be dead now; its advanced techologies such as the ZFS file system continue to live on in FreeBSD.

FreeBSD Developer Pawel Jakub Dawidek confirmed that he is preparing a port of the OpenSolaris ZFS v28 file-system.

Some of the new features included in v28 are:

  • Data deduplication
  • Triple parity RAIDZ (RAIDZ3)
  • zfs diff
  • zpool split
  • Snapshot holds
  • zpool import -F
  • continue to work on ZFS

Instructions on how to test the latest patch can be found on the mailinglist.

Martin Matuska has issued two calls for testers to try out his improvements to the ZFS code.

Pawel confirmed the commitment of the FreeBSD Project to ZFS:

… a message we, as the FreeBSD project, would like to send to our users: Eventhough OpenSolaris is dead, the ZFS file system is going to stay in FreeBSD. At this point we have quite a few developers involved in ZFS on FreeBSD as well as serveral companies.