Getting started with FreeBSD 8.1

Juliet Kemp from serverwatch.com has tried, used and reviewed FreeBSD 8.1. Though she had some issues with installing the operating system, she agrees that if you want stability and control over your system, FreeBSD is definitely to be considered:

FreeBSD is definitely not as user friendly as modern Linuxes — you’ll need to be a lot more familiar with what’s going on under the hood and perhaps more prepared to have a couple of goes at the installation. The packaging system works well, however, and the number of available packages is comparable with, for example, Debian.

If you want close control over your system and the software you install, FreeBSD is a decent choice. But be aware that if you’re a current Linux user, you’ll have a bit of a learning curve in front of you. This is not to say either style is better or worse, just different, and adjusting to differences takes time. Having said that, I got a working desktop system and a couple of server applications up and running within a few hours, and a lot of that was download time. It’s a powerful and functional member of the UNIX-like family, and reviewing it has certainly interested me enough to keep on experimenting with it. If she’d installed FreeBSD with the PC-BSD installer (pc-sysinstall) things would have been easier ;-)

Full review here: Getting Started with FreeBSD 8.1

FreeBSD Security Advisory (bzip2)

The FreeBSD Security Team have identified a little bug in FreeBSD with the integer overflow in bzip2 decompression:

I. Background

“The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually
provide a greater compression ratio.

II. Problem Description

When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

III. Impact

An attacker who can cause maliciously chosen inputs to be decompressed can cause the decompressor to crash. It is suspected that such an attacker can cause arbitrary code to be executed, but this is not known for certain.

Note that some utilities, including the tar archiver and the bspatch binary patching utility (used in portsnap and freebsd-update) decompress bzip2-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2-compressed data even if they never explicitly invoke the bunzip2 utility.”

To avoid potential problems, you need to upgrade.

How is FreeBSD 9.0 shaping up?

In the pas few years, Ivan Voras kept the world up-to-date as to what was brewing for the ‘next’ major FreeBSD release (FreeBSD 7FreeBSD 8). He’s doing the same for FreeBSD 9.0: What’s cooking for FreeBSD 9

It’s still early to talk about FreeBSD 9.0 release but so far there have been some interesting developments in the systems and a nice core featureset is shaping up. I’m still maintaining the “What’s cooking” page and this post is basically an (incomplete) summary of it at this point in time.

Of course, in addition to these features, there are non-stop modifications to all parts of the system, from drivers for new hardware to overall performance enhancements. (source)

Other ways (though with more technical discussions) to stay up-to-date with FreeBSD’s development are:

Miscelaneous FreeBSD news and links

Below some links to news articles and blogposts relating to FreeBSD, it’s development and future:

1. NeoRouter 1.1.2 released for FreeBSD (via)

NeoRouter is a cross-platform remote access and VPN solution, that helps you manage and connect to all your computers from anywhere. It gracefully integrates Remote Access, File Sharing, Virtual Private Network, User and Access Management.

Advantages:

  • cross-platform and zero-config
  • peer-to-peer (P2P) connection
  • Roaming user profile
  • built-in ACL and firewall
  • free

2. HOWTO: FreeBSD Binary Upgrade (base system + packages)

FreeBSD power user Vermaden has created an easy to follow howto enabling you to easily upgrade your FreeBSD base system and packages: FreeBSD Binary Upgrade

3. OpenJDK6 IcedTea Java plugin for FreeBSD

Request for help and testing:

Due to a lot of user request I’ve started working on a port for the OpenJDK6 IcedTea Java plugin which works with Firefox 3.6. As I never used the Java plugin and I’m not very experienced in the Java world I need some help.

Some parts of the port are taken from java/openjdk6 and pkgsrc

Source: OpenJDK6 IcedTea Java plugin for FreeBSD

4. Debian GNU/kFreeBSD Becomes More Interesting

Phoronix looks at Debian GNU/kFreeBSD again:

Since last year we have been talking about Debian GNU/kFreeBSD, one of the official ports for Debian 6.0 “Squeeze” that will bring a 32-bit and 64-bit FreeBSD kernel as an option to using the Linux kernel. Debain GNU/kFreeBSD still has the Debian user-land complete with its massive package repository and apt-get support, but the FreeBSD kernel is running underneath instead of Linux. Debian GNU/kFreeBSD has matured a lot over the past year and most recently it has switched to using the FreeBSD 8.1 kernel by default and also now supports ZFS file-systems.

In January of this year was our first time benchmarking Debian GNU/kFreeBSD when it was using the FreeBSD 7.2 kernel. With that initial testing, in 18 of our 27 benchmarks Debian GNU/Linux was still faster than Debian GNU/kFreeBSD. We delivered a much larger comparison a week later when comparing the Debian variant to Fedora, FreeBSD 7.2/8.0, OpenBSD, and OpenSolaris. Debian GNU/kFreeBSD performed about average.

[...]

Debian GNU/kFreeBSD though has continued advancing since that point. When trying out the latest daily installer image of Debian GNU/kFreeBSD this week, there is not only the FreeBSD 8.1 kernel available, but it’s now used by default. This Debian port is no longer using a Debian 7.x kernel by default but it’s moved up to match the latest upstream FreeBSD stable release that’s available.

[...]

Not only is Debian GNU/kFreeBSD more exciting for its new default kernel, but now it has ZFS file-system support too. Added to the kFreeBSD repository recently was a zfsutils package that provides the support for using and setting up ZFS file-systems.

Source: Debian GNU/kFreeBSD Becomes More Interesting

5. Glibc finally free software

Glibc is now free under the BSD license:

Fedora Engineering Manager Tom ‘spot’ Callaway has announced that glibc , the GNU C Library, is finally free software after working with Oracle to get Sun code from 1985 placed under an unrestricted licence. Glibc is typically included with most programs that are compiled with the GNU C compiler…. more

6. FreeBSD Nvidia driver 256.53 available

You can download the latest Nvidia graphics card drivers from FreeBSD direct from the NVidia website

7. Microsoft Patents Operating System Shutdown

How rediculous is this:

“Microsoft just received confirmation of a patent that hands the company the intellectual property of shutting an operating system down.” (continues)

What do you think. Will this have any implications for FreeBSD?

8. NetApp and Oracle lift ZFS patent cloud
A long running legal battle between NetApp and Sun Microsystems, which centered on the open source ZFS filesystem, has come to an end. NetApp has announced that it has agreed with Oracle to dismiss patent litigation.

More

9. Latest Version of BSD Certification DVD Available (via)

The latest version of the BSD Certification Study DVD is now available. Besides being a handy study reference, the DVD is a useful tool as it contains the latest versions of the 4 BSDs plus their documentation.

Full Announcement

FreeBSD’s Summer 2010 Highlights

Murray Stokely who was involved in the FreeBSD Google Summer of Code 2010 mentoring program has put an update on his blog:

FreeBSD is a modern open source operating system for servers, desktops, and embedded systems, based on over 30 years of continuous development. The FreeBSD Project has participated as a mentoring organization in Google Summer of Code each year since the program’s inception in 2005. This year, FreeBSD mentored 18 students with a final success rate of 89%. The cumulative total over 6 years has been 117 students improving FreeBSD.”

Continues (google-opensource.blogspot.com)

It’s nice to see FreeBSD ‘promoted’ on one of the Google Blogs ;-)

4 open source firewall/router projects, incl pfSense and m0n0wall

LinuxPlanet has a post with some background information of 4 great open source firewall/router projects. Two are Linux-based (endian and smoothwall) and the other two are based on FreeBSD (m0n0wall and pfSense):

pfSense

pfSense is a customized distribution of FreeBSD. It actually started in 2004 as a fork of the m0n0wallproject. However, it concentrates more towards full PC installations, where m0n0wall is more towards embedded hardware.

pfSense can be considered as a popular package, as it has more than 1 million downloads. It can be used in homes or in large corporations and organizations. It’s available as a Live CD, hard drive installation, or embedded.

pfSense has low system requirements; 100 MHz Pentium CPU and 128 MBs of RAM. The Live CD requires a CD-ROM drive and a USB flash drive or floppy drive for storing the configuration file. The hard drive installation requires a CD-ROM for the initial installation and at least 1 GB hard drive. The embedded version requires a serial port for console and at least a 128 MB Compact Flash card.

pfSense, of course, includes a powerful firewall, including the ability to filter based upon the passively detected operating system. Its state table can be finely customized. It can do Network Address Translation (NAT) and load balancing of multiple WAN connections. It has a DHCP server and relay functionality.

Other important features include redundancy and synchronization, captive portal, and the support of three VPN solutions: IPsec, OpenVPN, and PPTP.

pfSense includes great reporting and monitoring features. RRC graphs show historical values of CPU utilization, firewall states, throughput, and more. There are also SVG graphs showing the real-time throughput of interfaces.

m0n0wall

m0n0wall is also based from FreeBSD. This firewall project is designed for use with embedded x86-based PCs. However, it is possible to run m0n0wall on most standard desktop PCs.

m0n0wall officially supports the embedded net48xx/net55xx systems from Soekris Engineering and the ALIX platform from PC Engines. It requires at least a 16 MB Compact Flash (CF) card and they recommend using at least 64 MBs of RAM.

Getting m0n0wall running on an embedded system just takes downloading an image and writing it to a CF card. For desktop PCs, you can be write a disk image to a small IDE hard drive or CF card, or use the CD-ROM and floppy disk version. A VMware image is also available.

The entire system configuration is conveniently stored in one single XML text file, eliminating multiple text files parsed in a shell script. m0n0wall can completely boot up in less than 25 seconds after hitting the power button. On embedded platforms it provides a WAN to LAN TCP throughput of more than 50 Mbps (including NAT), and with newer PCs you can see 100+ Mbps.

The firewall provides stateful packet filtering and supports Network Address Translation (NAT). It also features a DHCP server and relay support. It supports VLANs and IPsec and PPTP VPNs. It even features wireless support for certain chipsets to create an access point (AP).

Other important features include a captive portal, SVG-based traffic graphing, SNMP agent, DynDNS client, and Wake on LAN client.” (full article)

Great to see the attention given by LinuxPlanet to FreeBSD based router/firewall projects. It would be nice if this was followed up by an in-depth review, comparison and benchmarking to help users decide which of the four is the best for their particular need.