[FreeBSD-Announce] Change of Security Officer

Xin Li has just been appointed as the new Security Officer as part of the FreeBSD Core Team. Congratulations sir! We also send our best wishes to Dag-Erling and his family.

Dear all,

With immediate effect, the FreeBSD Core	team has appointed Xin Li as
the new Security Officer.  Congratulations Xin!

The previous Security Officer, Dag-Erling Smørgrav has unfortunately
been unable to continue in the role due to his family circumstances.  As
is usual, he proposed his successor when he tendered his resignation to
Core.  Xin was formerly the Deputy Security Officer and Core was glad to
confirm his appointment.

Core wishes to thank Dag-Erling for his valuable contributions during
his time as Security Officer and wishes him every future success.

Traditionally the hand-over of the Security Officer role has been
announced by the departing Security Officer.  Unfortunately Dag-Erling
has not been able to do that, so in this instance I have been requested
to make the announcement in his stead.

	Matthew
--
FreeBSD Core Team Secretary
core-secretary at FreeBSD.org

Original: https://lists.freebsd.org/pipermail/freebsd-announce/2015-June/001646.html

Working around sendmail STARTTLS connection problems

Last week the FreeBSD project released an errata notice for the sendmail service. While the notice itself covers all the technical details, what has essentially happened is OpenSSL and related software have begun rejecting 512-bit and lower DH parameters. This change protects services against the OpenSSL “Logjam” vulnerability and will hopefully make us all a little safer.

The bad news is that sendmail, as it is shipped with FreeBSD, does not make the grade when it comes to the security restrictions. As a result, FreeBSD systems which have been recently upgraded with security patches may no longer be able to send e-mail messages through the sendmail service. Administrators may notice they are no longer receiving status reports via e-mail or local users may not be able to send out mail messages.

The good news is there is an easy fix, we simply need to generate a new DH parameter file on our FreeBSD system and restart the mail service. This can be accomplished with just a few commands from the shell. In a terminal, as the root user, run the following commands:

cd /etc/mail/certs
openssl dhparam -out dh.param 2048
cd ..
make restart

The above commands will create a new DH parameter file with a 2048-bit key and restart the sendmail service. At this point the sendmail service should resume working. Some people have reported on the FreeBSD forums that they also had to reboot their computer after applying the above fix.

FreeNAS vs NexentaStor Community

This article compares FreeNAS with NextentaStor Community. They are both storage operating systems, FreeNAS being based on FreeBSD.

Original: http://www.freenas.org/freenas-versus-nexenta/

RGB_FreeNAS_Shark_Logo_Onlight_Lg nexenta

High Level Comparison

FreeNAS and NexentaStor Community are Storage Operating Systems that support many of the same features like CIFS, SMB, NFS, and iSCSI protocols. Each system works with OpenZFS (v5000) with feature flags, most virtualization platforms, and have support, training and certification available.

FreeNAS

Started in October 2005 by Olivier Cochard-Labbe, FreeNAS is a free and open-source software network-attached storage (NAS) system based on FreeBSD and the OpenZFS file system and is licensed under the terms of the BSD License. In September 2009, the development team realized that FreeNAS would need to be completely re-written in order to incorporate modern features like a plug-in architecture, updates to the base system, and an up-to-date User Interface. To carry this out, the FreeNAS Team transferred the project over to iXsystems, who moved from a m0n0wall and PHP-based architecture to one based on FreeBSD’s NanoBSD embedded build system, the Python programming language, the Django CMS and the dojo JavaScript toolkit.

NexentaStor Community Edition

Alex Aizman and Dmitry Ysupov created the Nexenta OS project after Sun Microsystems released the bulk of its Solaris operating system under free software licenses as OpenSolaris. NexentaStor is derived from the former Nexenta OS and based on the illumos operating system, utilizing OpenZFS as an underlying filesystem. The software delivers unified file and block storage services to consumers. NexentaStor Community edition is free up to 18TB of raw storage and does not include all the features of the professional version.

[Read more…]

xhyve

For those who would like to use bhyve for OS X, a BSD-licensed virtualizer has been ported. Check out xhyve below. xhyve_logo

xhyve is a lightweight virtualization solution for OS X that is capable of running Linux. It is a port of FreeBSD’s bhyve

  • super lightweight, only 230 KB in size
  • completely standalone, no dependencies
  • the only BSD-licensed virtualizer on OS X
  • does not require a kernel extension (bhyve’s kernel code was ported to user mode code calling into Hypervisor.framework)
  • multi-CPU support
  • networking support
  • can run off-the-shelf Linux distributions (and could be extended to run other operating systems)

See this weblog post for instructions on running Tiny Core Linux or Ubuntu Server with xhyve.

Original: http://onethingwell.org/post/121265557390/xhyve

Compiling OpenDaVINCI on FreeBSD 10.1 (32bit and 64bit)

This tutorial by user Christian Berger shows us how to get OpenDaVINCI set up on FreeBSD 10.1.

OpenDaVINCI-Header

Download and install FreeBSD 10.1 and update the packages list as root (FreeBSD will install automatically the package management tool, simply press ‘y’ to accept):

# pkg update

Install the bash shell for more convenient typing:

# pkg install shells/bash

Add the following line to /etc/fstab as indicated by the installer:

fdesc   /dev/fd     fdescfs     rw  0   0

Change the shell by running:

$ chsh

Install the compiler:

# pkg install lang/gcc
# pkg install devel/cmake
# pkg install devel/git
# pkg install lang/python

Add a symbolic link to python as root user:

[Read more…]

BSD Unix: Power to the people, from the code

This article by Andrew Leonard talks about how the BSD operating system came about to be a dominant player in the open source world. Hear about the story of Bill Joy, Marshall Kirk McKusick, and other big influences and the origins at the University of California, Berkeley.

Original: http://www.salon.com/2000/05/16/chapter_2_part_one/

How Berkeley hackers built the Net’s most fabled free operating system on the ashes of the ’60s — and then lost the lead to Linux.

By the time Bill Joy arrived in Berkeley, Calif., in 1975 to attend graduate school, the fabled capital of leftist radicalism was a bit ragged around the edges. If the 21-year-old programming wunderkind had glanced at the headlines blasting out of the local alternative weeklies, he might have wondered just what kind of insane mess he had gotten himself into. In San Francisco, Patty Hearst was on trial for a bank robbery committed while the newspaper heiress was toting machine guns for the Symbionese Liberation Army. In Oakland, the Weather Underground botched a bombing of a Defense Department building. Even the reliable bugaboo of CIA recruitment on the University of California’s Berkeley campus failed to generate more than a token protest.

Berkeley was burned out, its radical energy wasting away in infantile terrorism, conspiracy theorizing and drug overdoses. The Free Speech Movement that had galvanized the university in the ’60s belonged to another geological age. Ken Thompson, co-creator of the Unix operating system, graduated from Berkeley in 1966 with a degree in electrical engineering. He returned to the university from Bell Labs for a sabbatical in 1975. But the campus on which he had once walked to class through clouds of tear gas had changed. That year, says Thompson, Berkeley “had turned into the most politically apathetic place I’d seen.”

But it was the right place for Joy. “He never looked at those [alternative] papers,” says John Gage, a close friend of Joy’s during the Berkeley years and later at Sun Microsystems, a company co-founded by Joy. Today, Joy calls himself a “staunch Democrat” and has recently carved out a new niche as a techno-skeptical doomsayer, but in the ’70s he was, by his own description, “not an activist.” Joy chose to attend UC-Berkeley instead of Stanford or MIT not because he was attracted by its politics or countercultural reputation but because the computer science department’s hardware was so obsolete that he figured he’d have no choice but to confine his research efforts to studying computing theory — which was exactly what he wanted to do.

[Read more…]

BSDCan 2015 – The BSD Conference

Registration is still open for BSDCan 2015 for those interested in attending. It will be held at the University of Ottawa, Canada on June 12-13, 2015. Dan Langille and Steve Bourne will be doing the keynote presentation.

Visit their website at https://www.bsdcan.org/2015/ for more information.

bsdcan2015

BSDCan – The BSD Conference

Come join us at the 12th annual BSDCan!

BSDCan, a BSD conference held in Ottawa, Canada, has quickly established itself as the technical conference for people working on and with 4.4BSD based operating systems and related projects. The organizers have found a fantastic formula that appeals to a wide range of people from extreme novices to advanced developers.

NOTE: BSDCan 2015 is in June.

BSDCan 2015 will be held on 12-13 June 2015 (Fri/Sat) at University of Ottawa in the DMS (Desmarais) building, and will be preceded by two days of Tutorials on 10-11 June 2015 (Wed/Thu). See our map for details.

There will be related events (of a social nature, for the most part) on the day before and after the conference.

Call for Papers

The Call for Papers has closed, the schedule has been released, and registration is now open.

Sponsors

If you want join the group of BSDCan sponsors, please read about our sponsorship opportunities.

OpenVPN routing with BIRD on FreeBSD

openvpntechThis tutorial by user Felix J. Ogris shows us how to get OpenVPN routing with BIRD set up on FreeBSD.

Original: http://www.ogris.de/howtos/freebsd-openvpn-bird.html

If you run OpenVPN as an unprivileged user and/or in a chroot environment, it can’t dynamically modify routes. This becomes a problem if you run multiple OpenVPN daemons, no matter whether they run on the same box or on different servers. When a client disconnects from one instance and later connects to another instance, you have to update your internal routing information for that client. To solve this, I’ve been using the BIRD Internet Routing Daemon.
The relevant part of my /usr/local/etc/openvpn.conf looks like this:

mode server
chroot /usr/local/etc/openvpn/chroot
client-connect /bin/cc.sh
client-disconnect /bin/cc.sh
script-security 2
user openvpn
group openvpn

Note that the location of the client-connect and client-disconnect script /bin/cc.sh is relative to the chroot directory /usr/local/etc/openvpn/chroot, which contains three subdirectories:

drwxr-xr-x  2 root  wheel    bin
drwxr-xr-x  2 root  wheel    ccd
drwxrwxr-x  2 root  openvpn  tmp
  • bin contains three tools:
    -r-xr-xr-x  1 root  wheel  cc.sh
    -r-xr-xr-x  2 root  wheel  nc
    -r-xr-xr-x  2 root  wheel  sh
    

    I copied sh from /rescue/sh, while nc was hardlinked to sh. All binaries in /rescue are statically linked, so they’ll work even in a chroot environment.

  • ccd contains my client config files, each containing an ifconfig-push and optionally one or more iroute statements for a particular client. Those files are owned and writeable by root only.
  • tmp contains the control socket for BIRD, and a dynamically created config file for each OpenVPN client.

When an OpenVPN client connects, cc.sh reads its ip address and routes from the config file in ccd, writes this information in BIRD compatible syntax to the config file in tmp, and informs BIRD to reload its configuration.
When a client disconnects, cc.sh just empties the config file in tmp, and reloads BIRD.
My /usr/local/etc/bird.conf looks like this:

[Read more…]