The presentation at AsiaBSDCon 2009 is focused on explaining theoretical approaches and pratical aspect of the locking support in the FreeBSD kernel. The locking KPI as well as underlying mechanisms and interactions with the scheduler will be analized and discussed deeply. Typical locking strategies and some edge cases will also be shown along with a detailed explanation about how to debug locking problems (deadlocks and races primirally).
At The Aerospace Corporation, we run a large FreeBSD based computing cluster to support engineering applications. These applications come in all shapes, sizes, and qualities of implementation. To support them and our diverse userbase we have been searching for ways to isolate jobs from one another in ways that are more effective than Unix time sharing and more fine grained than allocating whole nodes to jobs. In this paper we discuss the problem space and our efforts so far. These efforts include implementation of partial file systems virtualization and CPU isolation using CPU sets.
This presentation was held at AsiaBSDCon 2009.
In this paper we describe usage of FreeBSD operating system for IPv6 Multicast routing platform in SOI-Asia Project. SOI-Asia project is platform to deliver realtime lecture via UniDirectional Link of satellite to several countries in Asia. Because of limited bandwidth in satellite, we use IPv6 multicast to deliver material of lecture and realtime video and audio lecture. We also describe human resources development of operational aspect of the project in several countries in Asia.
This presentation was done at AsiaBSDCon 2009
FreeBSD has a reputation for its rock-solid reliability, and top-notch performance in the server world, but is noticeably absent when it comes to the vast market of desktop computing.
Why is this? FreeBSD offers many, if not almost all of the same open-source packages and software that can be found in the more popular Linux desktop distributions, yet even with the speed and reliability FreeBSD offers, a relative few number of users are deploying it on their desktops. In this presentation we will take a look at some of the reasons why FreeBSD has not been as widely adopted in the desktop market as it has on the server side. Several of the desktop weaknesses of FreeBSD will be shown, along with how we are trying to fix these short-comings through a desktopcentric version of FreeBSD, known as PCBSD. We will also take a look at the package management system employed by all open-source operating systems alike, and some of the pitfalls it brings, which may hinder widespread desktop adoption.
This talk was done at AsiaBSDCon 2009
ZFS is a relatively new and exciting file storage system developed by Sun.
The features of ZFS include support for high storage capacities, integration of the concepts of filesystem and volume management, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z and native NFSv4 ACLs. – Wikipedia
This page has some specific FreeBSD info relating to ZFS.
Interested to find out more about the strengths of ZFS? Have a look at the video’s below:
These are some recent links with regards FreeBSD security:
1. Using DenyHosts to help thwart SSH attacks on FreeBSD
DenyHosts is a script intended to be run by UNIX-like system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
- % su
- # cd /usr/ports/security/denyhosts
- # make install clean
- # echo ‘denyhosts_enable=”YES”‘ >> /etc/rc.conf
- # echo ‘syslogd_flags=”-s -c”‘ >> /etc/rc.conf
- # echo “sshd : /etc/hosts.deniedssh : deny” >> /etc/hosts.allow
- # echo “sshd : ALL : allow” >> /etc/hosts.allow
- # touch /etc/hosts.deniedssh
- Edit /usr/local/etc/denyhosts.conf and uncoment the BLOCK_SERVICE = sshd entry.
- # /usr/local/etc/rc.d/denyhosts onestart
Source - linux-bsd-sharing.blogspot.com
2. Network Security Monitoring
Richard Bejtlich, from TAO Security, did a presentation on network security monitoring using FreeBSD.
In this presentation I’ll discuss my latest thinking on using FreeBSD to identify normal, suspicious, and malicious traffic in enterprise networks. FreeBSD is a powerful platform for network traffic inspection and log analysis, and I’ll share a few ways I use it in production environments.
3. FreeBSD supported branches update
The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.0. The new list is below and at . Please note that FreeBSD 7.0 was originally announced with an EoL date of February 28, 2009, but the EoL was delayed by two months in order to allow a 3 month window for systems to be upgraded to FreeBSD 7.1. [source]
The current designation and estimated lifetimes of the currently supported branches are given below. TheEstimated EoL (end-of-life) column gives the earliest date on which that branch is likely to be dropped. Please note that these dates may be extended into the future, but only extenuating circumstances would lead to a branch’s support being dropped earlier than the date listed.
- RELENG_6 – 30 November 2010
- RELENG_6_3 – 31 January 2010
- RELENG_6_4 - 30 November 2010
- RELENG_7 - last release + 2 years
- RELENG_7_1 - 31 January 2011
These dates can also be found on the calendar at BSDEvents.net
4. How to harden FreeBSD
After a fresh install, it is important to harden the security on a server before it hits your network for use. Not only making configuration changes aid in the security of your box, but there are some practical rules to abide by. These are some hardening tips to make your FreeBSD box more secure and will apply to both the 5.x and 4.x branches, but I will assume you are running 5.x. If a 4.x change is different, I will note it.
Instructions here (Tux Training)
NetBSD, well-known for its high portability has arrived at version 5, which has been worked on for about 2 year. This release seems pretty interesting from a performance point of view. It’s claimed that NetBSD 5.0 now outruns NetBSD 4, FreeBSD 7.1 and Fedora 10.
In addition to scalability and performance improvements, a significant number of major features have been added. Some highlights are: a preview of metadata journaling for FFS file systems (known as WAPBL, Write Ahead Physical Block Logging), the ‘jemalloc’ memory allocator, the X.Org X11 distribution instead of XFree86 on a number of ports, the Power Management Framework, ACPI suspend/resume support on many laptops, write support for UDF file systems, the Automated Testing Framework, the Runnable Userspace Meta Program framework, Xen 3.3 support for both i386 and amd64, POSIX message queues and asynchronous I/O, and many new hardware device drivers. [source]
OpenBSD, renowned for its focus on security (incl OpenSSH), has released version 4.5. The latest version comes with improved hardware support, new tools and functionalities and upgraded ports.
Oh yeah, and there’s also a new release song.
The new 2.2 release includes Hammer, a file system that includes instant crash recovery, multi-volume file systems, data integrity checking, fine grained history retention, and the ability to mirror data to other volumes. It has undergone extensive stress-testing and is considered production-ready!
7.2 review: improved virtualisation (nixcraft)
The following are some links I’ve saved up with regards to FreeNAS, the FreeBSD/m0n0wall based, open source Network Attached Storage operating system.
1. More Uses For Old PCs and Laptops
The Telegraph.co.uk has an article on how to re-use that old PC in your attic. One of the recommended uses is as file-server:
Turning your old PC into a NAS device is a bit more of a challenge. The hardware requirements won’t be a problem and most PCs less than 4 or 5 years old should be up to the job, though you’ll probably need to add some extra hard drive capacity. However, unlike a multimedia server, which can also, at a pinch, still be used as a PC, a NAS device is dedicated to the one task. It is also better suited to more serious applications, as it requires a more structured approach to file management and security. It can’t easily be done using Windows-based software either but there are several freeware and open source applications that do the job very well indeed. These include FreeNAS, NASLite and NanoNAS and OpenFiler, but they’re not for absolute beginners so be prepared for a fairly steep learning curve. [whole post here]
2. Connect a FreeNAS to a TiVo
Bob Bakh discusses how to set up a TiVO (settop box) to use a FreeNAS server for storage.
I configured a box to run FreeNAS on my network to manage storing Media, and backing up vital information in my home.
It was a great tool, however I wanted more, mainly the ability to simply play media stored on the FreeNAS box on my home TV without the use of a general purpose computer. One way was to use my AppleTV, hack it and use an AFP mount, or an NFS mount directly to the AppleTV, this worked well, but was a pain, and a hacked AppleTV is not a happy AppleTV. So I gave up on that plan.
I looked at my TiVo and realized I had the makings of a decent setup there, so I started to Google around for some solutions… [read the remainder]
3. Three Minutes to 3 Terabytes: VIA ARTiGO and FreeNAS Store Terabytes in a Shoebox
It truly is a beautiful thing when something just works. This is especially true with computers. High capacity storage has become almost a commodity with the price of an external 1 TB USB hovering around $100. All you have to do is plug in the power and connect the USB cable, and you’ve got instant storage expansion. Works great for a single computer, and you could even unplug it from one and plug it into another. While that does work, it tends to get old after a while, and if you’re using that method for backups, you will more than likely end up forgetting or just quitting altogether at some point.
Network Attached Storage (NAS) is one answer to sharing large storage devices over a network. You could buy a NAS device from your favorite local or Internet supplier, but chances are you’ll wind up with something less than what a “real” NAS has to offer. That’s where VIA’s ARTiGO A2000 comes in. The A2000 fits a full-featured computer with space for two 3.5″ SATA drives in a package about the size of a shoebox. Add to the hardware the FreeNAS open source software and you’ve got a really capable storage solution. [Read further how to setup VIA's ARTiGO A2000 with FreeNAS]
4. Time Machine OSX Leopard to FreeNAS
I recently replaced a Windows 2003 box with an OSX Leopard server; the users are now 90% mac users and long file names are always a problem for mac users on a windows file share so it makes sense. I installed the OSX server and setup the file shares required. Being an OSX Leopard server Time Machine is the obvious choice to backup the server. So it seems out of the box you can only use Time Machine with another OSX server or so it seems. I have always been keen on FreeNAS having used its cousin m0n0wall for some as a firewall.
A bit of quick digging round lead me to an article on ReadyNAS by DavidB. The instructions are for ReadyNAS but they work just as well for FreeNAS and I’m sure any other server you may want to use.
A quick summary of the process I followed based on the above article: [Read Further]
5. FreeNAS, IN DEPTH
Last but not least, Jupiter Broadcasting has an indepth review of FreeNAS: