5 new TCP Congestion Control Algorithms Project (FreeBSD Foundation)

The FreeBSD Foundation has announced it is funding the 5 new TCP Congestion Control Algorithms Project:

“The FreeBSD Foundation is pleased to announce that Swinburne University’s Technology’s Centre for Advanced Internet Architectures has been awarded a grant to implement five new TCP congestion control algorithms in FreeBSD.

Correctly functioning congestion control (CC) is crucial to the efficient operation of the Internet and IP networks in general. CC dynamically balances a flow’s throughput against the inferred impact on the network, lowering throughput to protect the network as required.

The FreeBSD operating system’s TCP stack currently utilizes the defacto standard NewReno loss-based CC algorithm, which has known problems coping with many aspects of modern data networks like lossy or large bandwidth/delay paths. There is significant and ongoing work both in the research community and industry to address CC related problems, with a particular focus on TCP because of its ubiquitous deployment and use.

Swinburne University of Technology’s ongoing work with FreeBSD’s TCP stack and congestion control implementation has progressively matured. This project aims to refine their prototypes and integrate them into FreeBSD.

The project will conclude in January 2011.” (source: freebsdfoundation.blogspot.com)

The five protocols are:

If you’d like to see the Foundation fund more of these sort of projects, why not considering making a (small) donation?

This month I will be donating any affiliate commission I receive from Bordeaux Software (run Windows software on FreeBSD / PC-BSD) to the Foundation. If you’d love to use FreeBSD and/or PC-BSD but need to use Windows software as well, incl Microsoft Office, why not buy a copy of Bordeau ($10)?

Colin Percival will be donating his profits from tarsnap.com this month.

Chromium for FreeBSD – change of port maintainer

Shortly after Google Chrome was released, I was  excited to find out that Ben Laurie was porting Google Chrome/Chromium to FreeBSD. This is in my opinion the best web browser available (I know, it’s subjective). It’s light-weight, secure and extendible.

The only thing that has cast a bit of a shadow on the Chromium porting project was thehybrid licensing model, where paying subscribers have access to the latest builds, and non-paying individuals can download an older/out-of-date version.

In itself there’s nothing wrong with this licensing model, but you’d expect that more with closed source and proprietary software. Chrome/Chromium is free and therefore any ported versions should be free too, IMO, as long as Google’s EULA is adhered to.

Due to some issues a new port (www/ports/chromium) maintainer has been appointed, i.e. Rene Ladan.

“However complete and obstinate disregard to the security vulnerabilities of the version in the ports tree, including refusal to even document them contradicts the idea of maintainership as the community understands it and as it is documented.” (source)

We wish Rene the best and we hope to see Chromium 8 that was released last week ported to FreeBSD (current version in ports is version 6).

(Free)BSD Events (November)

Below some links, photos and videos for some BSD related events in the last few weeks:

NYCBSDCon

NYCBSDCon took place on 14 Nov. Justin Sherill has summarised the 2 days: NYCBSDCon Notes. Will Backman, the man behind bsdtalk, has uploaded a short video showing off the facilities, food and talks:


BSD Day 2010

Some pictures of BSDDay 2010 (Budapest, Hungary, 20 Nov 2010) can be found here.

For the slide, check out the wiki page.

DragonFlyBSD

DragonFlyBSD is taking part in Google Code-In. Several Google Code-In tasks for DragonFlyBSD have already been claimed and finished.

There’s a 15 minutes interview on BSDTalk with Matthew Dillon about the recent 2.8 release of DragonFlyBSD. This interview was done at MeetBSD California 2010. Download/Listen: MP3OGG

NetBSD

Soren Jacobsen has announced the release of NetBSD 5.1: “The NetBSD Project is pleased to announce that version 5.1 of the NetBSD operating system is now available. NetBSD 5.1 is the first feature update of the NetBSD 5.0 release branch. It represents a selected subset of fixes deemed critical for security or stability reasons, as well as new features and enhancements. Please note that all fixes in security/critical updates are cumulative, so the latest update contains all such fixes since the corresponding minor release. Some highlights include:

  • RAIDframe parity maps, which greatly improve parity rewrite times after unclean shutdown;
  • X.Org updates;
  • support for many more network devices;
  • Xen PAE dom0 support;
  • Xen PCI pass-through support.”

Zafer Aydogan announced Jibbed 5.1, a NetBSD-based live CD featuring automatic hardware detection and the Xfce desktop.

freebsdnews.com, thanks to Grove IT Consulting

Back in 2007 when I started this website about FreeBSD, Tom Grove wanted to set up something similar and registered freebsdnews.com. When I tried to register this domain, it was unfortunately already taken, but for different reasons Tom’s website never went live.

A couple of weeks ago I contacted Tom from Grove IT Consulting, asking if he was willing to part with the domain, and after a bit of emailing we agreed a price.

Being a happy FreeBSD user, he has decided to donate the proceeds to the FreeBSD Foundation’s to contribute to its end-of-year fund raise drive. Do you use FreeBSD and would you like to see more top notch technologies been added? Please consider making a (small) donation. (I am not affiliated with the FreeBSD Foundation).

Thanks to Tom Grove you can now access this website also by going to freebsdnews.com.

kFreeBSD with ZFS, Bordeaux on PC-BSD, benchmarks and pfSense

Debian’s GNU/kFreeBSD Installer will support ZFS

“While Debian GNU/kFreeBSD has supported the ZFS file-system with its FreeBSD-8 kernel, support for installing the Debian GNU/kFreeBSD distribution to a root ZFS file-system will now be possible with the Debian 6.0 “Squeeze” release.

For those unfamiliar with Debian GNU/kFreeBSD, it takes the GNU user-land but runs it atop the FreeBSD kernel rather than Debian GNU/Linux with the Linux kernel. You can still use apt-get and do most anything you would with the Linux-based Debian distribution (aside from different hardware compatibility and other support differences), but instead you’re running the FreeBSD kernel.

While the upstream FreeBSD project doesn’t have an easy root ZFS file-system installation option within FreeBSD 8.0/8.1, this isn’t particularly ground-breaking, as the FreeBSD-based PC-BSD already has ZFS installation support that is quite easy to work.”

Full post on Phoronix: Debian’s GNU/kFreeBSD Installer Will Support ZFS

Review of Running Bordeaux on PC-BSD

Jesse Smith of Distrowatch has used Bordeaux for a week and written up his (mostly positive) experience (feature story):

“The Bordeaux Technology Group is a company specializing in compatibility software. Specifically, they work at making it as easy as possible to run Windows programs on the UNIX family of operating systems. Their Bordeaux tool is built to run on Linux, FreeBSD, Solaris, OpenIndiana and Mac OS X. Bordeaux is, at its heart, a customized build of Wine. They take a recent version of Wine, add some special tools and test their build for compatibility against a group of popular Windows software. They then sell this bundle (along with support) for about US$20 – 25, much less than the typical cost of a Windows license. A few weeks ago I had a chance to chat with Tom, a member of the Bordeaux Technology Group, and he was kind enough to give me a copy of Bordeaux (PC-BSD edition) to test-drive.

The provided PBI package was about 44 MB and it installed without any problems. With the install completed, two icons were added to my desktop and application menu. These new icons were labelled “Bordeaux” and “Cellar Manager”. I launched Bordeaux first and was presented with a new window featuring three tabs along the top. These three tabs are called “Install Applications”, “Manage Wine” and “Unsupported Packages”. At the bottom of the window, regardless of which tab is selected, are two buttons called “Help” and “Install”. Clicking the Help button always opens a browser window to the Bordeaux documentation website. The Install button actually performs different functions depending on which tab is selected.”

Read on for the remainder of the story, and the conclusion: Test-driving Bordeaux 2.0.8

NB, Bordeaux Group has a 50% offer going: Bordeaux 50% off recession busting sale

New benchmarks of OpenSolaris, BSD & Linux

Phoronix has benchmarked the latest OpenSolaris-based distributions (OpenSolaris, OpenIndiana, and Augustiner-Schweinshaxe), compared to PC-BSD, Fedora, and Ubuntu. The Phoronix review concludes:

There you have it, the performance of the latest OpenSolaris distributions against PC-BSD/FreeBSD and two of the most popular Linux distributions. The Fedora and Ubuntu operating systems won most of the tests, but there were a few leads for PC-BSD while the OpenSolaris operating systems just one won test (Local Adaptive Thresholding via GraphicsMagick) at least for our benchmarking selection and workload. If you are using an OpenSolaris-based operating system hopefully you are not using it for a performance critical environment but rather to take advantage of its technical features like DTrace, ZFS (though that is becoming moot with its availability on PC-BSD/FreeBSD and even Linux), etc.

Check out the article for the graphs, benchmark details and hardware used: New benchmarks of Opensolaris, BSD and Linux

Build your own Router (pfSense)

Martin Diers set up pfSense for a new warehouse.

My company is expanding into a warehouse, and so for the first time, I have to setup a WAN. That’s a Wide Area Network, which basically means joining together two or more LANs so everyone can see each other, even if you are across the country.

At my company, I have our local internet router running pfSense on a traditional PC with two network cards. It works just like your home linksys or netgear router. It’s just faster and can handle a lot more traffic. It is also extremely stable. I never have to reboot the thing. You configure it just like your home router: through a web interface

He finishes the article by saying how easy setting up a wlan with pfsense (and cheap), compared to the 90′s:

pfSense has been the best router software I have ever used. It is as capable as anything put out by Cisco or HP, and it is open source. For the cost of the bare hardware, you can have a world-class router that supports many other services such as local DNS resolution, content filtering, bandwidth monitoring, Quality of Service controlls, the list goes on, and you can even have it in an little fanless package.

Read the whole post: Build your own router (trojanbadger.com)

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.”

Bjoern Zeeb receives 2nd Itojun Service Award

Bjoern Zeeb received the second Itojun Service Award at he IETF 79 meeting in Beijing last month.

Bjoern A. Zeeb, a FreeBSD Developer, received the award for his dedicated work to make significant improvements in open source implementations of IPv6. IPv6 is the next generation of Internet protocol that will help ensure the continued rapid growth of the Internet as a platform for innovation.

First awarded last year, the Itojun Service Award honours the memory of Dr. Jun-ichiro “itojun” Hagino, who passed away in 2007, aged just 37. The award, established by the friends of itojun and administered by the Internet Society (ISOC), recognises and commemorates the extraordinary dedication exercised by itojun over the course of IPv6 development.

“For many years, Bjoern has been a committed champion of, and contributor to, implementing IPv6 in open source operating systems used in servers, desktops, and embedded computer platforms, including those used by some of the busiest websites in the world,”

said Jun Murai of the Itojun Service Award committee and Founder of the WIDE Project.

“On behalf of the Itojun Service Award committee, I am extremely pleased to present this award to Bjoern for his outstanding work in support of IPv6 development and deployment.”

The Itojun Service Award is focused on pragmatic contributions to developing and deploying IPv6 in the spirit of serving the Internet. The award, expected to be presented annually, includes a presentation crystal, a US$3,000 honorarium, and a travel grant.

“This is a great honour, and I would like to thank the people who recommended me for the award and the committee for believing my work was valuable. I never met Itojun but he was one of the people helping me, and I have the highest respect for his massive foundational work,”

said Bjoern A. Zeeb.

“As the Internet community works to roll out IPv6 to more and more people all around the globe, we also need to help others–developers, businesses, and users–understand and use the new Internet protocols so that the vision Itojun was working so hard for comes true.”

Each Internet-connected device uses an IP address and, with the number of Internet-connected devices growing rapidly, the supply of unallocated IPv4 addresses is expected to be exhausted within the next year. To help ensure the continued rapid growth of the Internet, IPv6 provides a huge increase in the number of available addresses. And, while the technical foundations of IPv6 are well established, significant work remains to expand the deployment and use of IPv6.

IPv6 was developed within the Internet Engineering Task Force (IETF), the Internet’s premier standards-making body responsible for the development of protocols used in IP-based networks. IETF participants represent an international community of network designers, operators, vendors, and researchers involved in the technical operation of the Internet and the continuing evolution of Internet architecture. More information on the Itojun Service Award is available at: http://www.isoc.org/itojun

Source: ISOC monthly newsletter (Nov 2010)

Bordeaux Sale on (50% discount)

bordeaux wine windows softwareTom Wickline has announced a 50% off recession busting sale on Bordeaux for FreeBSD and PC-BSD. If sustainable, the sale will last till US unemployment rate falls below 7%.

To help the FreeBSD Foundation in it’s end-of-year fund-raise drive, I will donate any affiliate commission I receive this month, if you buy Bordeaux through this link.

If you’ve not heard of Bordaux (apart from the French wine), with Bordeaux you can run many of todays most popular Windows based office applications and games on your operating system of choice.

From the announcement:

“The Bordeaux Technology Group is proud to announce a 50% off recession busting sale on Bordeaux for Linux, Mac, FreeBSD, PCBSD and OpenIndiana. With the current US unemployment rate hovering near 10% and rumors of the possibility of a double dip recession. We want to do our part to help save individuals and small business as much money as we can on their Wine related software needs. With Bordeaux you can run many of todays most popular Windows based office applications and games on your operating system of choice.

Over the past two years their has been a large multitude of changes that have taken place in Wine. And with Wine 1.2.1 being recently released users can run more of their favorite Applications and Games on their unix operating system of choice.

Bordeaux for Linux and BSD will be marked down to only $10.00 and Bordeaux for Mac and OpenIndiana will cost only $12.50 during this sale.

This sale will last until the US unemployment rate falls below 7% or as long as we can feasibly run this half off sale. So, if you have ever wanted to try Wine or Bordeaux and have put off your purchase in the past this is the perfect time to try Bordeaux and save 50% off the normal selling price.

Supported Applications/Games:

  • Microsoft Office 2007
  • Microsoft Office 2003
  • Microsoft Office 2000
  • Microsoft Office 97
  • Microsoft Office Visio 2003
  • Microsoft Office Project 2003
  • Adobe Photoshop 6
  • Adobe Image Ready 3
  • Adobe Photoshop 7
  • Adobe Image Ready 7
  • Adobe Photoshop CS
  • Adobe Photoshop CS2
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 6
  • FireFox 3.6.8 and multimedia plug ins
  • Apple Safari 5.0 Web Browser
  • Steam and Steam based Games
  • Google SketchUp 7.1
  • VLC 1.1.0
  • Apple QuickTime 6.5.2 Player
  • IrfanView 4.27 (Image files only)
  • Winetricks support”

Buy here and support the FreeBSD Foundation.

FreeBSD Security Advisory (openssl)

The FreeBSD Security Team has identified a security bug in openssl:

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL’s internal caching mechanism. The race condition can lead to a buffer overflow.

A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.

III. Impact

For affected server applications, an attacker may be able to utilize the buffer overflow to crash the application or potentially run arbitrary code with the privileges of the application.

It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server.

To find out more about the impact, a work-around and solution, check out the advisory page: FreeBSD Security Advisory (openssl)