In this BSD Now episode, hosts Allan Jude and Kris Moore interview Bryan Cantrill (Joyent CTO) regarding dtrace, ZFS, pksrc, etc. Press play below to tune in:
FreeBSD ports developer Koop Mast recounts his experience at BSDCan 2015. His trip was sponsored by the FreeBSD Foundation. BSDCan was held at the University of Ottawa in June.
I have been to two EuroBSDCon conferences and now I can add my first BSDCan to the list. The trip to Ottawa was just as interesting as the conference itself, it was the first time I stepped aboard an airplane. Purely by chance I found out, after I booked my flight, that I shared the same flight with Ed Schouten and Massimiliano Stucchi so they could help me with the confusing ant hill that is your average airport.
We arrived the 9th in Ottawa and after dropping off our stuff at the residence, we went to the Royal Oak for drinks and social activities.
During the dev summit or the actual BSDCan you can meet people you’ve only heard of before and have a conversation. In some cases, you can also find out they have heard of you before too. That happened to me during lunch on Wednesday, when I met Michael W. Lucas at Cora’s.
While I mostly work on FreeBSD ports, it was interesting to see how a company like Isilon uses at least part of the Project you work on in their product and how they’ve changed their policy over the years to keep up with all the shiny new stuff.
The hacking lounge was a mixed bag of what people were doing: talking with other people attending the conference about different subjects, discussing future projects, doing some code hacking or taking a soldering iron to “harmless” wireless routers. During one of the hacking lounges, Johannes Jost Meixner ask me to do a simple test with a few new ports to see if the skype4 port worked on HEAD. I also put the inspiration I got during a presentation into solving a segfault in PulseAudio that was bugging me for a while.
FreeBSD has issued an errata notice regarding vidcontrol(1) for syscons(4). Please see below to implement the proper measures.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:13.vidcontrol Errata Notice The FreeBSD Project Topic: Allow size argument to vidcontrol(1) for syscons(4) Category: core Module: vidcontrol Announced: 2015-08-18 Credits: Ed Maste Affects: FreeBSD 10.2-RELEASE Corrected: 2015-08-04 15:15:06 UTC (stable/10, 10.2-STABLE) 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1) 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.freebsd.org/>. I. Background The vidcontrol(1) utility is used to set various options for the syscons(4) or vt(4) console driver, such as video mode, colors, cursor shape, screen output map, font, and screen saver timeout. The vidcontrol(1) utility allows specifying a font size and font file as arguments to the '-f' flag. When no size or file are specified, vidcontrol(1) the default font will be used. II. Problem Description The vidcontrol(1) does not properly allow specifying the font size when invoked from the command line.
Devin Teske, FreeBSD programmer, presented his boot loader enhancements at a Bay Area FreeBSD User Group meetup in April.
For more BAFUG videos, check out their playlist here.
This tutorial by the folks at WineHQ shows us how to get Wine set up on FreeBSD. Wine is a compatibility layer that allows you to run Windows application on several open source operating systems.
The FreeBSD Ports repository contains up-to-date packages for both Wine’s stable and development releases, not to mention the experimental wine-staging release (currently a separate project from wine, but not really a fork… it’s complicated).
Installing the necessary package is very easy. If you’re on a 32-bit version of FreeBSD, use the pkg install command with one of wine (stable release), wine-devel (development release), or wine-staging (separate experimental release). For example, to install the wine development release:pkg install wine-devel
If you’re on a 64-bit version of FreeBSD, support for 64-bit Windows apps hasn’t been implemented yet, but you can still run 32-bit Windows apps fine. Instead of the packages listed above, just choose from i386-wine, i386-wine-devel, or i386-wine-staging.
This section is mostly taken from the FreeBSD Wiki’s page on 32-bit Wine
Since FreeBSD doesn’t yet support cross-compiling 32-bit programs from a 64-bit environment, you’ll need to use a chroot. Otherwise, the process shouldn’t be hard at all….
- Load the necessary i386 files for a chroot into a folder
- Add mount points for necessary directories to the chroot
Enter the chroot, set a few environment variables, and start ldconfig running
- Move to your desired version’s build directory and make the package [Read more…]
This tutorial by user Chad Milios (DigitalOcean) shows us how to get Unbound (caching DNS resolver) set up on FreeBSD 10.1. DigitalOcean is a cloud infrastructure that offers many open source platforms, including FreeBSD.
The system of domain name servers (DNS) is a global hierarchy of databases dedicated to the simple but essential task of looking up host names like
www.digitalocean.comand turning them into one or more IP addresses. Whenever an email is sent or a connection to a host is initiated by its name, the DNS system is used. You can read this introduction to the DNS system for more information.
Such an essential and fundamental component of Internet infrastructure gets a lot of use. It is not uncommon for a busy system to make hundreds of name lookups per second or more. If services running on your server perform much work at all behind the scenes then it is likely that security and performance will benefit from verifying and caching within your own systems the name lookups that your service performs to conduct its operations.
In this tutorial, you will learn how to set up a FreeBSD server to remember all DNS lookups in a system-wide cache. Information will automatically expire from this cache, honoring each looked-up domain’s individual policy for rechecking.
In order to follow this tutorial, you will need:
- One FreeBSD 10.1 Droplet
Step 1 — Enabling Unbound
FreeBSD 10.1 includes the verifying caching resolver Unbound (version 1.4.22) as part of the base system.
Once you are logged into your server via SSH, enabling FreeBSD’s included resolver is as simple as issuing the following command:
- sudo sysrc local_unbound_enable=YES
Your Droplet is now configured to start Unbound at the next system reboot.
Step 2 — Starting Unbound
In this BSD Now episode, hosts Allan Jude and Kris Moore interview Peter Toth regarding his iocage jail management system. They discuss its recent popularity and how it compares with ezjail. Press play below to tune in:
The developers of FreeBSD have made available version 10.2. Several changes noted are updates for resolvconf(8), ntp suite, rc(8), growfs, Linux(R) compatability, GNOME, KDE, ZFS performance & reliability improvements, and more. See below for the full list of changes. Download the ISO here.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 FreeBSD 10.2-RELEASE Announcement The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 10.2-RELEASE. This is the third release of the stable/10 branch, which improves on the stability of FreeBSD 10.1-RELEASE and introduces some new features. Some of the highlights: * The resolvconf(8) utility has been updated to version 3.7.0, with improvements to protect DNS privacy. * The ntp suite has been updated to version 4.2.8p3. * A new rc(8) script, growfs, has been added, which will resize the root filesystem on boot if the /firstboot file exists. * The Linux(R) compatibility version has been updated to support Centos(TM) 6 ports. * The drm code has been updated to match Linux(R) version 3.8.13, allowing running multiple X servers simultaneously. * Several enhancements and updates for improved FreeBSD/arm support. * Several ZFS performance and reliability improvements. * GNOME has been updated to version 3.14.2. * KDE has been updated to version 4.14.3. * And much more... For a complete list of new features and known problems, please see the online release notes and errata list, available at: * https://www.FreeBSD.org/releases/10.2R/relnotes.html * https://www.FreeBSD.org/releases/10.2R/errata.html
FreeBSD has issued a Security Advisory concerning a shell injection vulnerability in patch(1). Please see below on how to apply the patches.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch(1) Category: contrib Module: patch Announced: 2015-08-05 Credits: Martin Natano Affects: FreeBSD 10.x. Corrected: 2015-08-05 22:05:02 UTC (stable/10, 10.2-PRERELEASE) 2015-08-05 22:05:02 UTC (stable/10, 10.2-BETA2-p3) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC1-p2) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC2-p1) 2015-08-05 22:05:18 UTC (releng/10.1, 10.1-RELEASE-p17) CVE Name: CVE-2015-1418 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The patch(1) utility takes a patch file produced by the diff(1) program and apply the differences to an original file, producing a patched version. The patch(1) utility supports patches that uses ed(1) script format, as required by the POSIX.1-2008 standard. ed(1) is a line-oriented text editor. II. Problem Description
FreeBSD has issued a Security Advisory concerning a remote denial of service vulnerability. Please see below on how to apply the patches.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:19.routed Security Advisory The FreeBSD ProjectTopic: routed(8) remote denial of service vulnerability Category: core Module: routed Announced: 2015-08-05 Credits: Hiroki Sato Affects: All supported versions of FreeBSD. Corrected: 2015-08-05 22:05:02 UTC (stable/10, 10.2-PRERELEASE) 2015-08-05 22:05:02 UTC (stable/10, 10.2-BETA2-p3) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC1-p2) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC2-p1) 2015-08-05 22:05:18 UTC (releng/10.1, 10.1-RELEASE-p17) 2015-08-05 22:05:07 UTC (stable/9, 9.3-STABLE) 2015-08-05 22:05:24 UTC (releng/9.3, 9.3-RELEASE-p22) CVE Name: CVE-2015-5674 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The routing information protocol (RIP) is an older routing protocol which, while not as capable as more recent protocols such as OSPF and BGP, is sometimes preferred for its simplicity and therefore still used as an interior gateway protocol on smaller networks. Routers in a RIP network periodically broadcast their routing table on all enabled interfaces. Neighboring routers and hosts receive these broadcasts and update their routing tables accordingly. The routed(8) daemon is a RIP implementation for FreeBSD. The rtquery(8) utility can be used to send a RIP query to a router and display the result without updating the routing table. II. Problem Description