The FreeBSD Security Team has issued the following security warnings:
For background info, problem description, impact, workaround and solutions, have a look at the individual advisory pages.
Martin Wilke reports that VirtualBox is now available in the FreeBSD Ports directory:
Today Virtualbox was committed to the FreeBSD ports tree. After a lot of work we had a good discussion today about how stable Virtualbox is, and after the CTF with take6 we got a lot of good feedback, so it was time to commit. Please READ the pkg-messages carefully, as well as the wiki page.
BSDTalk has a 16 minute interview with Kris Moore (PC-BSD founder)
BSDTalk 174 – Listen to the podcast: MP3 | OGG
Manolis Kiagias has announced a project that he has started: Building custom FreeBSD ISO’s:
I believe this list (and probably the forums) would be the best place to announce one of my little projects, namely the building of custom FreeBSD install discs (DVD sized for desktops, CD sized for servers) with the latest release and updated packages.
I have been experimenting lately with ‘make release’ and ports’ building using ports-mgmt/tinderbox. I am using a dedicated system for building the base system and packages. The purpose of this experiment (besides the educational value of it) is to allow me to build FreeBSD discs with custom and up to date packages. These will in turn reduce
significantly the amount of time required to install new systems (esp. desktops which need hundred of packages).…
This is just short of 1GB and contains the following:– – FreeBSD 7.2-RELEASE base system (standard bootable / installable disc)
– – Selection of custom packages that can be installed either during installation via sysinstall or at a later time (again using sysinstall or pkg_add etc).…
Many other useful packages are also included as dependencies of the ones listed above. This iso does not contain openoffice (to keep the size smaller) and multimedia apps (to avoid licensing problems). Future versions of the builds may have broader / different selection of packages, depending on the feedback received by the community.
Installation is no different than an official FreeBSD CD, other than when you reach the package selection screen, you will be shown the custom set of packages. The ports tree included in the CD is the one used to actually build the packages. I will soon upload a tarball with the options used – not all packages where built with the default options.
The whole announcement can be read here.
Kip Macy has committed a couple of long-discussed patches to ZFS on FreeBSD current (and 7-Stable) to increase its stability. Most paches are similar to those on OpenSolaris, and they should bring FreeBSD up to Solaris ZFS level with regards to performance and stability.
This is a presentation by George Dafernos at the Oekonux Conference (Manchester 2009). Some interesting statistics with regards to FreeBSD developers, releases, productivity etc etc.
Download here (PDF)
FreeBSD’s jails technology has been updated with an interesting new feature:
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings.
Graham from the IT Massive has put together a useful tutorial how to setup a jails in PC-BSD. The easiness and straight-forwardness is for him one of the reasons he’s using PC-BSD:
The Warden/FreeBSD Jails is one of the reasons that I use PC-BSD/FreeBSD. One possible use on the desktop would be a web application developer that wants to keep all the server programs out of the base system and possibly share access with a friend you don’t fully trust. I use The Warden for a similar role personally and I like the fact that at any point I can just stop, move or delete the jail to make the services go away.
With The Warden GUI it makes the FreeBSD jails technology more accessible to the users on the desktop and there is little reason not to use it if your setting up a server for your network. If you are a bit paranoid about security this may help you sleep at night. Overall I was impressed with the simplicity of using the software with the initial importing of the Inmate file the only issue that came up. However I would like to see a little more visual feedback in the output particularly in the creation of jails. I would be happy to recommend The Warden to other security minded friends that are starting with BSD.
Check out the howto here (theitmassive.com – 26/05/20209)
Three out of the 5 most reliable hosting companies in May used FreeBSD:
YippieMove has move from vmware for FreeBSD Jails as they’re more efficient:
We doubled the amount of memory per server, we quadrupled sqlite’s internal buffers, we turned off sqlite auto-vacuuming, we turned off synchronization, we added more database indexes. These things helped but not enough. We twiddled endlessly with NFS block sizes but that gave nothing. We were confused. Certainly we had expected a performance difference between running our software in a VM compared to running on the metal, but that it could be as much as 10X was a wake-up call.
At this point we realized that no amount of tweaking was likely to get our new sqlite3 version out of its performance hole. The raw performance just wasn’t there. We suspected at least part of the problem was that we were running FreeBSD guests in VMware. We checked that we were using the right network card driver (yes we were). We checked the OS version – 7.1, yep that one was supposedly the best you could get for VMware. We tuned various sysctl values according to guides we found online. Nothing helped.
Read the whole article (playingwithwire.com – 01/06/2009)