“As you already may now, last half a year I’ve been working on making pf SMP-scalable and faster in general. More info can be found here:
Since that announce in June, I’ve been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough.
The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in.”
The first paragraph of this book’s afterword reads:
“You now know more about SSH, OpenSSH and Putty than the vast majority of IT professionals! Congratulations”.
That claim will be true for any reader of SSH Mastery who has read the book up to that point and has incorporated at least some of the elements of the configurations it describes into their own environments.
“But why a book dedicated to a single command?”, you might ask. Almost all Unixes and Unix-likes have incorporated OpenSSH, the free SSH that is developed as part of the OpenBSD project, and OpenSSH comes with excellent documentation in the form of several extensive man pages.
Below some links to some FreeBSD resourses that you guys may be interested in, and other BSD related items I’ve come across.
- Chromium 10, Google’s blazingly fast internet browser, is now available in the FreeBSD Ports directory (www/chromium).
- New FreeBSD Installer test and walkthrough. Michael W. Lucas tests the new FreeBSD installer (bsd install) and gives his feedback (incl screenshots). He likes most of the changes and improvements, but is not altogether happy yet.
- FreeBSD 8.2-RELEASE Custom XFCE builds available. Download from freebsd-custom.wikidot.com/
- DragonFlyBSD 2.10 Released. DFBSD devs have released version 2.10 with better hardware and multiple processor support. The HAMMER file system now supports deduplication.
- DragonFlyBSD devs are looking for testers to try out the internet browser on DragonFlyBSD (Chromium for DragonFly)
- A Puffy in the corporate aquarium. There’s an interesting article on the Undeadly OpenBSD blog of m:tier, a London consultancy that works with Fortune 500 companies to equip them with OpenBSD firewalls, servers and desktops. OpenBSD has a reputation for high security and being a difficult operating system to use for new user, but m:tier helps companies to use for everything:
As a company we are very dedicated to what we do because we are “forced” to use our operating system of choice and we want our customers to be as happy as we are at using it :-)
So our paid job is hacking on and deploying, maintaining, supporting… OpenBSD installations. We are also required to hack on things that can be merged back into OpenBSD itself and when it’s not possible, then we change what we did so that it can be. Of course some developments are very specific to what we do and have no place in the project’s CVS tree.
So, amongst other services, we set up and maintain several 100% OpenBSD-based infrastructures (going from the entry site firewall to the secretary’s workstation) and this is what I’m going to talk about here. Continues
The BSD Certification Group (BSDCG) announced today that it has partnered with Schroeder Measurement Technologies (SMT) to increase the geographic availability of BSD certification exams. Through its sister company, Iso-Quality Testing (IQT), SMT maintains a testing center network of carefully selected partners, including college/university testing centers and computer-related businesses to provide testing services in a secure, proctored environment. Testing centers are available in over 300 cities in 19 countries. (full press release)
Some exciting and eyebrow raising news items:
FreeBSD on Amazon EC2
One of my largest complaints about Amazon EC2 ever since it launched has been my inability to run FreeBSD on it. Judging from the feedback I received to two earlier blog posts, I haven’t been alone. The problems keeping FreeBSD out of EC2 have always been more FreeBSD-related than Amazon-related, however, and over the past month I’ve been hacking away at FreeBSD’s Xen code, to the point where I can say something I’ve been waiting to say for a long time: FreeBSD now runs on Amazon EC2.
There are some caveats to this. First, at the moment only FreeBSD 9.0-CURRENT can run under EC2; I haven’t merged bug fixes back to the stable branches. Second, at the moment FreeBSD only runs on t1.micro instances, for reasons I can’t discuss (NDA) but hope will be resolved soon. Third, this code hasn’t received very much testing and is almost certain to have more serious bugs, so it should be approached as an experimental, not-ready-for-production-use system for now. Full post
OpenBSD & the FBI
Theo de Raadt, project leader of the OpenBSD project, has made an email public that reveals that the FBI built a backdoor into OpenBSD’s ipsec about a decade ago.
As of yet it’s not known if any of the revelations/allegations are true and if any other operating systems are affected. We will have to wait until developers have reviewed the code. What do you think about all this? Please drop a comment at the bottom.
This subject has been picked up by many websites and blogs. Here’s a selection:
- FBI Poked Spy Hole in OpenBSD, Says Former Contractor – technewsworld.com
- FBI ‘planted backdoor’ in OpenBSD – theregister.com
- FBI Accused Of Decade-Old Cryptography Code Conspiracy – forbes.com
- Developer claims FBI implemented backdoors in OpenBSD – itwire.com
On November 30th, FreeBSD 6.4 and FreeBSD 8.0 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Since FreeBSD 6.4 is the last remaining supported release from the FreeBSD 6.x stable branch, support for the FreeBSD 6.x stable branch will also cease at the same point. Users of either of these FreeBSD releases are strongly encouraged to upgrade to either FreeBSD 7.3 or FreeBSD 8.1 before that date.
The FreeBSD Ports Management Team wishes to remind users that November 30 is also the end of support for the Ports Collection for both FreeBSD 6.4 RELEASE and the FreeBSD 6.x STABLE branch. Neither the infrastructure nor individual ports are guaranteed to work on these FreeBSD versions after that date. A CVS tag will be created for users who cannot upgrade for some reason, at which time these users are advised to stop tracking the latest ports CVS repository and use the RELEASE_6_EOL tag instead. (source)
As in previous years, Google held a “Mentor Summit” to bring together representatives from the open source organizations that participated in the Google Summer of Code to share experiences of what worked, what didn’t, and generally learn from each other about shepherding students through the program. The mentor summit is always run Unconference-style and it is a great opportunity to meet, learn, and socialize with the many other open source organization… continues (Murray’s FreeBSD Notes)
FreeBSD Will Pay for Some KMS, GEM Love
“The good news, however, is that the FreeBSD Foundation is willing to finance a developer to work on bringing kernel mode-setting and Graphics Execution Manager support over to the FreeBSD kernel.”
Source & full story: FreeBSD Will Pay for Some KMS, GEM Love (phoronix.com)
Why I Love Unix
I love Unix because of all the wonderful things that I can do on the command line. When I first used Unix in 1983, it was love on first sight. With a list of the most basic commands by my side, I quickly discovered how much I could accomplish with several command strings strung together. Unix was nothing like what I’d been using up to that point in my brief data processing career. It was clever, modular and logical. With tools like grep and languages like awk, it was quite a bit of fun to discover how easily I could make the system do my bid. My ability to capture sequences of commands easily into scripts made it possible for me to encapsulate my clever commands, even share them with coworkers. The Unix culture seemed innovative, inviting my participation in creating an environment that really worked for me.
Full blog post: Why I love UNIX (itworld.com)
Other BSD related news
Juraj Sipos, the founder of MaheshaBSD, has published an article listing the difference between Linux and BSD:
“This article is not about the history of Unix; however, Unix is such a complex issue that it deserves few words in this respect: BSD family of Unix systems is based upon the source code of real Unix developed in Bell Labs, which was later purchased by the University of California. Thus, the name of the family of Unix systems called BSD is derived from “Berkeley Software Distribution”. The contemporary BSD systems stand on the source code that was released in the beginning of 1990’s (Net/2 Lite and 386/BSD release).
No one person or any entity owns BSD. Enthusiastic developers create it and many of its components are open-sourced.
BSD is behind the philosophy of TCP/IP networking and the Internet thereof; it is a developed Unix system with advanced features. Except for proprietary BSD/OS, the development of which was discontinued, there are currently four BSD systems available: FreeBSD, NetBSD, OpenBSD and Mac OS X, which is derived from FreeBSD. There are also various forks of these, like PC-BSD – a FreeBSD clone, or MirOS, an OpenBSD clone. The intention of such forks is to include various characteristics missing in the above BSD systems, on which these (forks), no matter how well they are designed, only strongly depend. PC-BSD, for example, has more graphical features than FreeBSD, but there are no substantial differences between these two. PC-BSD cannot breathe without FreeBSD; FreeBSD or OpenBSD are independent of one another.”
Continues (linuxmagazines.com): Linux vs BSD with a little focus on OpenBSD
- Returning committer: Niels Heinen (ports) (07/03/2010)
- New committer: Neel Natu (src) (03/03/2010)
1. Quick Poll – which pages would you like to see printed from Dru’s latest book in the upcoming BSD Magazine issue?
2. How does PC-BSD 8.0 compare with Kubuntu 9.10? This is probably comparing apples with pears, but for those liking comparison reviews, check PC-BSD 8.0 vs. Kubuntu 9.10 Benchmarks
In a majority of the tests, Kubuntu 9.10 performed better than PC-BSD 8.0, but the tests we used in this article are just a subset of what is available to run on both platforms via the Phoronix Test Suite so for those deciding between running PC-BSD / FreeBSD it is important to run the tests relevant to you and also consider the other features at hand for both free software operating systems.
3. PC-BSD’s graphical firewall manager
PC-BSD is a desktop-oriented, FreeBSD-based distribution with KDE as the default desktop environment. The version due to be released shortly is PC-BSD 8. Because it the only BSD-based desktop distribution that’s in a position to compete with the best Linux desktop distributions, I’ll be publishing a number of articles over the next few weeks to introduce those not yet familiar with it to some of its management tools. This post takes a look at the graphical firewall manager.
OpenSSH 5.4 released
Damien Miller (djm@) posted to announce@ with the announcement of OpenSSH 5.4. Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new ‘netcat mode’, many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.
Please read on for the full release announcement
NetBSD, well-known for its high portability has arrived at version 5, which has been worked on for about 2 year. This release seems pretty interesting from a performance point of view. It’s claimed that NetBSD 5.0 now outruns NetBSD 4, FreeBSD 7.1 and Fedora 10.
In addition to scalability and performance improvements, a significant number of major features have been added. Some highlights are: a preview of metadata journaling for FFS file systems (known as WAPBL, Write Ahead Physical Block Logging), the ‘jemalloc’ memory allocator, the X.Org X11 distribution instead of XFree86 on a number of ports, the Power Management Framework, ACPI suspend/resume support on many laptops, write support for UDF file systems, the Automated Testing Framework, the Runnable Userspace Meta Program framework, Xen 3.3 support for both i386 and amd64, POSIX message queues and asynchronous I/O, and many new hardware device drivers. [source]
OpenBSD, renowned for its focus on security (incl OpenSSH), has released version 4.5. The latest version comes with improved hardware support, new tools and functionalities and upgraded ports.
Oh yeah, and there’s also a new release song.
The new 2.2 release includes Hammer, a file system that includes instant crash recovery, multi-volume file systems, data integrity checking, fine grained history retention, and the ability to mirror data to other volumes. It has undergone extensive stress-testing and is considered production-ready!
7.2 review: improved virtualisation (nixcraft)
This blog, FreeBSD – the unknown Giant, as the title suggests, covers only FreeBSD related stories and updates. However, over the last few months, I have received emails from my some readers asking why I don’t write about the “other BSDs”, such as OpenBSD, NetBSD and DragonflyBSD.
Well, the answer is quite simple: “There’s no need to!” No, not because they’re not worth writing about, they certainly are, but because there are already some quality blogs dedicated to each of these BSD operating systems. Hence my reason for not, or only occasionally, writing about then. Since these blogs are regularly updated with news, howtos and information on made progress, I’ve decided not to just copy, paste and republish what’s on those blogs.
To find out more about OpenBSD, visit the OpenBSD Journal. The DragonflyBSD digest is updated regularly with news relating to DragonflyBSD, and lately a lot on the progress of the newly created and much promising Hammer File System (HammerFS), whilst Hubert’s NetBSD blog brings the latest and greatest with regards to NetBSD.
Of course there are more many blogs and websites tracking the “big four”, but these are the best as far as I’m aware.