If you’ve been an EDGE user in the past few weeks, or following our Roadmap items for the upcoming 10.1.2 release, you may have noticed a number of new security and privacy related items. I wanted to take a moment to clarify what some of these new features are and what they will do.
– PersonaCrypt –
The first of the new features is a new CLI utility called personacrypt. This command will allow the creation and usage of a GELI backed encrypted external media for your users $HOME directory. We are using it internally to keep our user profiles on USB 3.0 — 256GB hybrid SSD / flash memory stick (Coarsair flash Voyager GTX specifically). This is tied into the PCDM login manager, and user manager, so when you create a new user account, you can opt to keep all your personal data on any external device. The device is formatted with GPT / GELI / ZFS, and is decrypted at login via the GUI, after entering your encryption key, along with the normal user password.
Additionally, the personacrypt command uses GELI’s ability to split the key into two parts. One being your passphrase, and the other being a key stored on disk. Without both of these parts, the media cannot be decrypted. This means if somebody steals the key and manages to get your password, it is still worthless without the system it was “paired” with. PersonaCrypt will also allow exporting / importing this key data, so you can “pair” the key with other systems.
– Tor Mode –
The FreeNAS Team has created a tutorial demonstrating how to replace a failed hard disk drive in version 9.3.
For more tutorials like this, check out their channel: https://www.youtube.com/user/FreeNASTeam
The developers of PC-BSD have updated their Lumina desktop environment to version 0.8.2.
The next version of the Lumina desktop environment has just been released! Version 0.8.2 is mainly a “spit-and-polish” release: focusing on bugfixes, overall appearances, and interface layout/design. The FreeBSD port has already been updated to the new version, and the PC-BSD “Edge” repository will be making the new version available within the next day or two (packages building now). If you are creating/distributing your own packages, you can find the source code for this release in the “qt5/0.8.2? branch in the Lumina repository on GitHub.
The major difference that people will notice is that the themes/colors distributed with the desktop have been greatly improved, and I have included a few examples below. The full details about the changes in this release are listed at the bottom of the announcement.
Reminder: The Lumina desktop environment is still considered to be “beta-quality”, so if you find things that either don’t work or don’t work well, please report them on the PC-BSD bug tracker so that they can get fixed as soon as possible.
View the full list of changes here: http://blog.pcbsd.org/2015/02/lumina-desktop-0-8-2-released/
Luke Wolf, a developer of KDE, foreshadows the future of PC-BSD as being a dominant open-source platform within 5 years. He mentions its offerings as a desktop system, compared with the Linux desktop share.
I am going to make a prediction right now that FreeBSD is going to take off in a big way on or before 2020, perhaps even to the point where it threatens Linux Desktop share.
This is of course a bold claim, however before you automatically dismiss me, consider this: where was LLVM/CLang 5 years ago? Now today it’s almost a foregone conclusion that it’s the future, to the point where RMS thinks there’s a conspiracy against GNU by the LLVM folks.
Alright so change happens and those we might consider untouchable can in fact be dethroned. Hasn’t FreeBSD had more than enough chance that it’s unlikely for the status quo to be disrupted though? I would agree, but for two things: PC-BSD, and the KMS linux-shim.
First off what is this KMS shim? It’s an adapter between a BSD kernel and the linux Kernel Mode Setting drivers, this is important because instead of having to port the Intel and AMD drivers over to how a BSD thinks they should be written, they will be able to just take the drivers as they are, thus reducing maintenance burden and allowing BSDs to have up to date graphics drivers (as opposed to the current state of being at ~ Linux 3.8 equivalence). As someone who uses all-AMD hardware this is kind of important, but this will more or less permanently solve the graphics hardware compatibility issue.
Now with the hardware compatibility issues out of the way, what is so special about PC-BSD?
The answer is that unlike Linux distributions, it’s not stagnant, and it’s truly focused on being a desktop offering. Consider this: In the past 10 years has the distribution you run changed significantly in what it offers over other distributions? I think you’ll find the answer is largely no. I do have to give a shout out to openSUSE for the OBS, but otherwise I’ve used my desktop in the same exact way that I have always used it within the continuity of distribution X,Y, or Z since I started using them. Distributions simply aren’t focused on desktop features, they’re leaving it up to the DEs to do so.
PC-BSD on the other hand in fitting with the BSD mindset of holistic solutions is focused on developing desktop features and is moving rapidly to implement them. Check out http://wiki.pcbsd.org/index.php/PC-BSD%C2%AE_Roadmap for a feel of their direction.
Already PC-BSD sets itself apart with power-user features like being able to easily install a package with it’s dependencies into a jail, integration with FreeNAS using ZFS as a backup solution, and 100% OS encryption, as well as niceties such as utilizing a Solaris idea called Bootable Environments where updates don’t touch the running system instead it creates a new snapshot and installs the updates there, and you boot into this new snapshot the next time you reboot, with capability to go back to an older snapshot in case an update borked your system but also preventing say KDE Applications from stopping running after you ran an update that touched the KDE version number (In theory openSUSE should be able to modify Snapper to do something similar as an option). Quite frankly, to me this is a breath of fresh air.
PC-BSD’s offering is only going to become stronger as time goes on, while I fear Linux desktop distros in 5 years will be much the same as they are now. The development of Really Neat Features ™ on top of the advantages that FreeBSD itself provides (better documentation, source and binaries as first class citizens, etc…) has convinced me that I should switch to it when my hardware is finally adequately supported (FreeBSD 11?), but what about other people? The FreeBSD and PC-BSD crowds are actually working on that problem, raising awareness at conventions and on the internet, thus doing the much needed footwork to effect a change.
With a large enough desktop feature gap, and appropriate marketing I have a strong feeling that PC-BSD will pose a serious threat to Linux desktop distributions within the next 5 years, what happens then? Who knows?
if you want to try out PC-BSD it’s available here http://www.pcbsd.org/ In my opinion they’re still in a relatively rough state right now, and here there be dragons and all that, but with enough polish it’s going to become a real gem.
This guide by linuxbsdos will help you get familiar with the pkg audit command available on PC-BSD and FreeBSD.
Pkg is that package manager and one of the its many commands I think you should get to know asap is the audit command. It’s used to audit installed packages against known vulnerabilities. I could be wrong, but I don’t think your favorite Linux distribution’s package manager has an equivalent command.
The command is very simple. Just pass the -F flag to pkg audit and it will output installed packages with outstanding vulnerabilities. By running pkg audit -F on a fresh installation of PC-BSD 10.1 KDE, for example, it reported the following vulnerable packages.
The folks at iTWire spoke to PC-BSD developer Kris Moore about his project and what Linux users can expect from it.
With the growing adoption of systemd, dissatisfaction with Linux has reached proportions not seen in recent years, to the extent that people have started talking of switching to FreeBSD.
Talk is all very well as a means of making a threat, but how difficult is it to actually make the move? Has Linux moved so far ahead that switching systems will mean one has to do without many applications that one has gotten used to?
iTWire spoke to Kris Moore, one of those deeply involved with the PC-BSD project. Moore also works with iXsystems, a company that sells hardware loaded with FreeBSD and PC-BSD.
Moore said initially there should be an understanding of what PC-BSD actually was. “First of all, I’m going to reference PC-BSD a lot here, but you need to understand that PC-BSD isn’t a fork per se, it’s just vanilla FreeBSD kernel/world with some unique installation options and a slew of graphical or command-line utilities to make FreeBSD on the desktop ‘easy’,” he said.
The Moore brothers are proud to announce PC-BSD 10.1.1-RELEASE.
PC-BSD 10.1.1 notable Changes
* Brand new system updater which supports automatic background updating of the system
* Many improvements to boot-environments and GRUB support for a wider
variety of setups
* Support for installation to a specific GPT partition and GPT
* Conversion to Qt5 for all desktop utilities
* Fixes to using dtrace when booted from GRUB
* Re-write of Mount Tray utility, improves mounting of external media
* Support for full-disk encryption (without an unencrypted /boot) using
* More packages available for installation from DVD/USB/CD images via
* New OVA files for virtual machines
* Misc bugfixes and improvements to utilities
* GNOME 3.14.1
* Cinnamon 2.4.2
* Lumina desktop 0.8.1
* Chromium 39.0.2171.95
* Firefox 35.0
* NVIDIA Driver 340.65
* Pkg 1.4.4
Download ISO/image: http://www.pcbsd.org/en/download.html
The PC-BSD team is pleased to announce the availability of RC2 images for the upcoming quarterly 10.1.1 release.
Please test these images out and report any issues found on our bug tracker.
Changes since RC1
* Disabled some diskid / gptid labels from installer
* Updated HandBook with additions for 10.1.1
* Fixes to Lumina desktop default settings
* Disabled the lock functionality in AppCafe
* Fixed an issue with VirtualBox modules not being loaded after install
* Updated some man pages for pbi_* commands
* Fixes to how ISO / memory disks are mounted via Mount Tray
* Fixes to Mount Tray for mounting exFAT partitions with write access
* Fixed an issue with UEFI USB media not loading GRUB correctly
* Removed pc-soundmixer utility, functionality has been merged into tray app
10.1.1-RC2 DVD/USB media can be downloaded from here via HTTP or Torrent.
For the full list of changes: http://blog.pcbsd.org/2015/01/pc-bsd-10-1-1-rc2-now-available/
The developers of pfSense have released the long awaited 2.2!
I’m happy to announce the release of pfSense® software version 2.2! This release brings improvements in performance and hardware support from the FreeBSD 10.1 base, as well as enhancements we’ve added such as AES-GCM with AES-NI acceleration, among a number of other new features and bug fixes. Jim Thompson posted an overview of the significant changes previously.
In the process of reaching release, we’ve closed out 392 total tickets (this number includes 55 features or tasks), fixed 135 bugs affecting 2.1.5 and prior versions, fixed another 202 bugs introduced in 2.2 by advancing the base OS version from FreeBSD 8.3 to 10.1, changing IPsec keying daemons from racoon to strongSwan, upgrading the PHP backend to version 5.5 and switching it from FastCGI to PHP-FPM, and adding the Unbound DNS Resolver, and many smaller changes.
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.
Official announcement: https://blog.pfsense.org/?p=1546
This week’s BSD Now episode welcomes Jos Schellevis about his new OPNsense project, forked from the open source firewall pfSense. We learn of how this project came about as well as discuss the future plans. Click play below to tune in: