MaheshaBSD development in 2011

Juraj Sipos has written up something about the state of MaheshaBSD and his development plans for 2011. I have emailed different developers and project founders asking what they are working on and what they are planning to release in 2011 (PC-BSD, pfSense, HeX Live).

First a little bit about MaheshaBSD: MaheshaBSD is based on FreeBSD 8.0 RELEASE (i386) and the purpose is to bring FreeBSD closer to users but keep FreeBSD untouched. MaheshaBSD can be used either for a demonstration or system administration, backup or data recovery; it’s not meant for ordinary, daily use.

Juraj says comparing MaheshaBSD with PC-BSD:

MaheshaBSD cannot compete with PC-BSD and it does not have that goal. The difference between the two is like between a torch and an electrical lamp (the latter one is PC-BSD).

Juraj writes with regards to MaheshaBSD, it’s goal and development plans:

“What I can share  is that I plan to collect all Hindu Vedas and puranas and put them on a CD. There is not such a thing on the Internet. This means also Sanskrit and IAST (transliteration of Sanskrit) documents and tools for transliteration – obviously, the one that are FREE (not copyrighted).

When someone plans to make a new release, he should made it the one that has things that all others have not. Making a LiveCD or another distribution brings chaos. But if there is no LiveCD in the world that has all the Vedas and puranas, then such a distro does not produce chaos.

My goal is to attract users to FreeBSD not because they only get just “a nice computer screen”, but because they will also have various utilities. My second goal is to draw FreeBSD near to people who never heard of it.

So on the back of Lord Shiva and Lord Krishna I want to propagate FreeBSD and BSD operating systems. It is psychology. (I work in a psychological institution).

I noticed that many people looking at my website also clicked on the PC-BSD website (probably for the first time), so what I am doing is just a propagation (and advocacy).

New releases do not have much sense unless they have something special (or do something that other distros cannot). I think I would be happy with FreeBSD 4.8 even today. I tried DragonFly and enjoyed it very much. A new release of MaheshaBSD that would replace TestDisk from version 1 to 1.1 (the number is just an example) does not have much sense. I will probably make a FreeBSD 8.1 MFS and some scripts and will help users produce a new version of MaheshaBSD.”

Thanks, Juraj, for taking the time to write this up. It sounds like we are not going to see any great changes and surprise developments in 2011, but spreading use of FreeBSD is almost as important as developing and updating a FreeBSD based operating system. FreeBSD is very popular in Russia, and maybe one day it will be one of the top used O/S in the Hymalayas and surrounding countries.

More info on MaheshaBSD can be found at www.freebsd.nfo.sk and MaheshaBSD – a Live CD from the Hymalayas.

Available: PC-BSB 9.0 testing snapshot

Kris Moore has announced another PC-BSD 9.0 testing snapshot:

“Another release of the PC-BSD 9 snapshot is now available for download. This snapshot includes a bunch of bug-fixes to the GDM login manager, some new meta-pkgs, and fixes to the PBI command-line utilities.

This snapshot also includes CD images that install the LXDE desktop, as well as the USBFULL image which contains all the available desktops and meta-pkgs.”

For more information and some tips on how to use the new PBI command line utilities, check out Dru’s blogpost on the PC-BSD blog: Next 9.0 Snapshot is Available for Testing

Miscelaneous (Free)BSD news and links (Week 2)

I End of Life Announcement for PC-BSD 7.x

With the release of version 8.2 just around the corner, and PC-BSD 9.0 slated for later this year, we will be stopping the production of new packages / PBIs for the PC-BSD 7.x series in the near future: End of Life Announcement for PC-BSD 7.x

II Required: Senior FreeBSD/UNIX/Linux Administrator

You might be our next Sr. Systems Engineer: Senior FreeBSD/UNIX/Linux Administrator

III FreeBSD: Virtual Network Switch

In the previous post, I have mentioned about I’m going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below: FreeBSD: Virtual Network Switch

IV Installing pfSense on an Alix.6e1

The ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6 : Installing pfSense on an Alix.6e1

Available: FreeBSD 8.2-RC2

Ken Smith has announced the availability of FreeBSD 8.2-RC2. This is the second iteration of Release Candidates which will lead to 8.2-RELEASE.

Check out the updated release schedule and yet-to-completed tasks on the FreeBSD wiki.

The second Release Candidate for the FreeBSD 8.2 release cycle is now available. Initial testing of the 7.4-RC2 install images turned up an issue with the pre-built packages that will take a few more days to address. For this build only the amd64, i386, pc98, and sparc64 architectures are available.

Related to the upcoming release of FreeBSD 8.2 is the ports freeze: Ports Feature Freeze for 7.4 and 8.

HeX LiveCD development in 2011

This is the 3rd post relating to planned development for FreeBSD-based O/S this yea (1: PC-BSD, 2: pfSense)

HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics.

HeX 2.0, released in October 2008, is based on FreeBSD 7.0 and comes with Fluxbox as the default desktop environment. Development has slowed down with no new releases since, but the team has plans to change this in 2011.

C.S. Lee, project leader writes with regards to his 2011 development plans:

“We don’t have clear roadmap for what we are going to do with HeX in 2011, however the HeX 3.2 beta version will be released once we go through the testing phase, actually we have the HeX that is based on FreeBSD 8.2 in our closed development, and we will release the beta after we have tested ourselves.

Though we don’t have any roadmap specifically for this year, we do have todo

  • Split development – HeX will have 3 versions – Workstation, Sensor, Server(We really hope to get this done for a while but all the members are busy with own works). Right now we have HeX workstation only that’s available for security analyst to do packet post processing.
  • Remain bsd spirit, while we use HeX for many situation, especially for our security consulting works, it will remain free and open.
  • Improve the installer, not many actually know we have the easiest installer even before pc-bsd having one, we have modified version of bsd installer to get HeX installed to your laptop or vm, and many don’t know about it.
  • Largest packet processing and analysis tools in HeX workstation, you can compare ours with the rest of liveCD and you will definitely find we have almost all packet analysis tools in HeX, and all of them are categorized professionally
  • NSM Console improvement – you may have never heard of NSM Console, we actually have NSM Console that glue all the packet analysis tools together, it’s very modular and flexible where you can include any tools by writing the simple module. It’s like metasploit for packet analysis. NSM Console is written in ruby. We will ask for feedback and also suggestion to improve the tool.
  • HeX USB Stick – We actually have this in house, and we will release it soon, the reason we don’t release previously because FreeBSD has a lot of hard time when trying to boot from USB device until the USB stack has improved lately.
  • Include more tools, if you know any packet analysis tools that want to be included into HeX, let us know.
  • So for HeX Server and Sensor, I would like to explain a bit, for the server it will be a central server to collect all the network data from the sensor
  • For the HeX Sensor they will have tools like snort, bro, argus and many others, they will collect the network data and send to the HeX Server, then we can use HeX workstation to login to HeX Server and do the analysis.
  • HeX will also take advantage from the FreeBSD network stack development, for example in 8.2 BPF zero copy i implemented, and people may not heard about freebsd ringmap, so we may include ringmap implementation for our HeX Sensor, it’s currently in the testing and can be used with freebsd stable. Thanks to Alexandar for his work on that.

I would like to emphasize that with HeX normally you get almost full scale packet analysis platform, e.g, if you want to do ids/ips you can use snort/bro, if you want to do netflow analysis you can use argus/silktools/nfdump/fprobe/etc, and if you want to do statistical analysis you can use ourmon/tcpdstat/darkstat, if you want to do packet visualization, you can use afterglow, etherape and so forth.”

Thanks for the update, Mr Lee, and wishing you and the team all the best for 2011.

If you have used HeX LiveCD in the past or are still using it, what is your experience and what would you like to be added or changed? Let us know in the comments below.

FreeBSD Foundation requesting project proposals (2011)

The FreeBSD Foundation has requested proposals for potential funding. If you have any ideas how you can FreeBSD can be improved in 2011, why not submit you idea. In case you have no ideas but don’t mind getting paid for FreeBSD Development, have a look at the FreeBSD list of projects and ideas for volunteers.

The FreeBSD Foundation is pleased to announce we are soliciting the submission of proposals (submission document) for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. Proposals will be evaluated based on desirability, technical merit and cost-effectiveness.

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog

PC-BSD development in 2011

I’ve contacted the lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Let’s start with PC-BSD today.

As you all know, PC-BSD is a free, open-source operating system based on rock-solid FreeBSD, focusing on ease-of-use and and double-click package installation (PBI). The PC-BSD project is now part of iXsystems, a company that builds storage solutions, pre-configured servers, and customised servers utilizing open source hardware and software.

Today Kris Moore, the project’s founder, announced PC-BSD 8.2RC1 and with regards to his plans for 2011 he writes:

“For 8.2, it is mainly a release to include the latest FreeBSD 8.2 / KDE 4.5.4. Also some
bug fixes are present for advanced partitioning, letting the user select between MBR/GPT,
and easily toggle between UFS+S/ZFS.

On the 9.0 front, we’ve implemented a new system of “meta-pkgs” which will let users customize their particular desktop based upon the available packages in the release. This means we can now select alternative desktop environments, such as Gnome/KDE/LXDE/XFCE and others. In order to accomplish this, all of our tools have been re-written in pure QT4, removing any requirements for KDE4 to be present.

Related to this, we’ve re-implemented our PBI system to be 100% shell, allowing it to run on native FreeBSD and not be particular about the window-manager being used. This newer PBI format also includes features to reduce the duplication of library files, digital signatures, repository management, binary patching and more. For the non-technical end user the PBI system will appear mostly the same, but for advanced users a whole set of command-line utilities will make the managing of PBI files easier and more powerfull than before.

Also on 9, we’ve switched to using UFS+SUJ (Soft-Updates Journaled) file-system by default, which is a great way to eliminate the need for a long fsck after a crash / power-loss, while not having the heavy requirements of ZFS.” (Bold by GvE)

I’ve used PBI’s since version 0.7.8. Though they worked, it was evident that PBI technology was only just born, but it’s now growing up and maturing nicely.

You’re doing a great job, Kris, and we’re all looking forward to PC-BSD 9.0, and beyond. Thanks to iXsystems for providing the support and hardware to make PC-BSD better with every release.

To check progress of PC-BSD 9.0, you may have a look at the PC-BSD 9.0 todo and the PBI 9 and beyond sections of the wiki.