Quick news: Firewalls, VirtualBSD, pfSense

Below three links to posts on pfSense and VirtualBSD

Techsource has an overview of 5 firewalls, one of which is the FreeBSD based pfSense.

If you’re having a small computer network at home or a huge office with hundreds of desktops, cyber security is something you can never compromise on. One thing that is a quintessential part of security is something we call a firewall.

A firewall is like the security guard at your door who keeps a watch on everyone who goes in and out. By allowing only legitimate connections to pass through and blocking connections based on a certain set of rules, the firewall secures the network from most kinds of threats that lurk around on the Internet. … continues

VirtualBSD review – Sneak a peak at FreeBSD

FreeBSD is a UNIX-like operating system, designed to be super stable and super secure. As such, it is probably not the simplest one to tame and run on a daily basis. Unfortunately, reliability and robustness do not always fully align with the mass-usage model of friendliness.

BSD developers realize this. So they released VirtualBSD, a VMware virtual appliance built using Xfce desktop with a very pretty theme and lots of programs and utilities preinstalled. VirtualBSD is intended for people who have never tried BSD or never dared try, did not have the right hardware for the task, or former users struck by nostalgia. Whatever the motives, testing VirtualBSD has never seen easier.

The article concludes with:

While the virtual machine test is far from being a real-life example of how simple or difficult or well-integrated a desktop is, VirtualBSD is a pleasant, refreshing diversion from the mainstream of free operating systems. It is an excellent technology demonstrator. The appliance testdrive proves that BSD is not a monster. Far from it; it’s a witty, charming, highly useful platform that anyone could use.

Even if you never intend on using BSD on your machine as the primary desktop, VirtualBSD could shatter some of your fears and misconceptions about the dreadful UNIX. It may not eclipse the Linux just yet, and probably never will, and it does not have to. What it can do is become another alternative should you need it, should you seek it. Overall, VirtualBSD delivers a handsome punch of good quality in all aspects of the desktop usage, aesthetics, availability of programs, codecs, everything. Quite a surprise and a breath of fresh air.

Looking back at my flirtations with the BSD family, things are getting better, significantly. The critical turning point is not there yet, but in time, this operating system might stir the flames of competition in the software world. For the time being, you have the perfect appliance to play with and sharpen your UNIX skills.

Read the whole article: VirtualBSD review – Sneak a peak at FreeBSD

FreeBSD PF updated to 4.5 for FreeBSD 9

Bjoern Zeeb committed PF 4.5 into FreeBSD HEAD for the 9 release (which will be the basis of pfSense 2.1), ported by Ermal Luci with help from Bjoern and Max Laier. Much of this work was funded by pfSense / BSDPerimeter, aside from volunteer efforts from Bjoern and Max providing some guidance along the way and Bjoern especially for review and assistance. (full post: FreeBSD PF updated to 4.5 for FreeBSD 9)

Google discontinues BSD Search (google.com/bsd)

Long before even Google Image Search, Google News or Blog Search existed, there was the handy Google BSD Search @ www.google.com/bsd

Today Google announced it is discontinuing some specialised search services:

We are no longer offering specialized search services at google.com/linux, google.com/microsoft, google.com/bsd, google.com/mac, google.com/about and google.com/unclesam. These services were established many years ago to offer search across a limited index of the web, which in the past was a better way to find this information. For example, google.com/linux was designed to help people find information from message boards and blogs about the Linux operating system. Today, search quality has advanced tremendously, and based on our analysis we’ve found that in most cases you’re better off looking for this kind of specialized information using the regular Google search box, for example by typing [linux fedora upgrade]. We understand that some users were surprised by this change, so we apologize for not communicating more clearly in advance of redirecting these services to google.com

I’m not sure how many readers would have used the BSD search functionality, but I tend to include the operating system in the search string when looking for a solution.

FreeNAS 8: interview and review

Techworld Australia caught up with Josh Paetzel, director of IT at iXsystems and project manager for FreeNAS 8, to talk about the current state of the OS, what lies ahead for it, and the relationship to FreeNAS 0.7.

Check out the article for the full conversation. One interesting piece of information is the fact that a multimedia plugin (PBI) is in the making that will bring back former home functionalities that are currently missing in FreeNAS 8.

Open source identity: FreeNAS 8’s Josh Paetzel

 

LinuxUser has a short review of FreeNAS 8: FreeNAS 8 Review

Pros: FreeNAS is an advanced NAS operating system with an easy-to-use web interface, especially if you love to use ZFS as your filesystem.
Cons:
Due to the complete rewrite, FreeNAS 8 has lost some interesting functionality for home users, and upgrades from a previous FreeNAS release are not possible.

LinuxUser gives FreeNAS a 4/5 verdict and concludes:

iXsystems has turned FreeNAS 8 into a modern, modular and future-proof NAS operating system. The new web interface is really easy-to-use without hiding the advanced features. Unfortunately some features didn’t make it through the re-write, but they are promised to reappear in FreeNAS 8.1. All in all, this makes FreeNAS currently the most advanced NAS operating system for home networks.

FreeNAS 8.0 Review (linuxuser.co.uk)

Miscelaneous news updates (arab-bsd, pf, cyphertite, PC-BSD)

Below a number of links to interesting FreeBSD (related) projects and resources.

ArabBSD

ArabBSD is a new FreeBSD related project, working to create an Arabian FreeBSD operating system:

ArabBSD is a project which aims to provide infrastructure for the most reliable and secure operating system FreeBSD. We aim to have our own Arab Operating System developers soon starting from the analysis of FreeBSD infrastructure,  block diagram formulation and call for research groups within each field.  Anyone who is interesting in operating systems and their news can join us. They will keep up with OS. OS is about everything in life containing all the types of programming. You can develop in the kernel and you can use this Operating System as a virtual environment for your project.

10 years of pf presentation

Henning Brauer has made his presentation from BSDCan 2011 available. Weighing in at 82 pages, he gives a detailed overview of what happened to the packet filter firewall (pf) in the last 10 years.

Interview with Kris Moore (PC-BSD)

PC Perspective‘s John Davis interviewed Kris Moore recently. They talk about PC-BSD’s hardware support, performance, games and the future. The full interview can be read here: Interview with Kris Moore, Founder and Lead Developer at PC-BSD.

There’s also an interview on Distrowatch by Jesse Smith on OS design elements. Jesse interviews Jenny Rosenberg and James Nixon (iXsystems). Read the full interview here:  In the eye of the beholder.

cyphertite

cyphertite is a high-security scalable solution for online backups that can be installed on FreeBSD. The project is looking for testers and feedback. cyphertite features include:

  • client-based system
  • IPv6 support
  • compresses and encrypts all data before transmission
  • deduplicates using fixed-size pieces of data called “chunks”
  • all network traffic is encrypted using openssl certificates and keys
  • realm deduplication i.e. only backs up a file once if it is on N computers that share the same user account
  • incremental backups for shorter backup window and smaller metadata files
  • local cache database of chunks already sent to server avoids unnecessary encryption and network traffic
  • pay according to storage space used, not per client machine
  • demonstrable privacy of client data with open source client

cyphertite.comInstall cyphertiteConfigure cyphertite

The Unix Method of Development Management

This is a mp3 recording of William Baxter’s NYCBUG presentation on The Unix Method of Development Management

Spanish video on PC-BSD

Sergio Ligregnio’s presentation on PC-BSD (in Spanish).


FreeBSD VPS Hosting with RootBSD – Exclusive Offer

If you are looking for an affordable and robust virtual server solution you can’t go wrong with RootBSD. RootBSD offers virtual private servers based on one of the most solid systems available.

VPS hosting is an interesting option to those who’d like to be in full control of their server (root access), but do not want to manage their own hardware or lease a dedicated server.
RootBSD offers advanced VPS hosting at affordable prices, using optimal hardware solutions. With their VPS hosting pachages you get outstanding customer support, combined with the stability and performance of the FreeBSD operating system.

RootBSD’s packages start at $19/month, and if you sign up through this link before 1 June and add FBSDNEWS as coupon code, you’ll get $10 off for the first month.

If you’ve ever wanted to try a FreeBSD VPS, why not try it now? I have close connections with RootBSD and can whole heartedly recommend their services. If you have any questions, drop me an email.

Link: RootBSD FreeBSD VPS Hosting

FreeBSD Events Update (EuroBSDCon, BSDCan, NYCBUG, SCALE)

Below some links, resources and updates for future and past (Free)BSD conferences:

1. BSDCan 2011 will be held this month (11-13 May).
Links: RegistrationSchedule – Main Page

2. The EuroBSDCon 2011 website has gone live. This year it will be the 10th anniversary and the conference will be held in Holland (6 – 9 Oct). I’m hoping to attend.
Links: Call for papersMain Page

3. BSD High Availability tutorial (NYCBUG) – MP3

The BSD High Availability (HA) suite has some very handy and powerful features. However, as with all systems, there are certain considerations to be made when rolling out a HA implementation. This talk will focus on the security considerations when rolling out a BSD HA implementation.

The talk covers the following:

* An explanation of the BSD HA environment (CARP, pfsync, sasyncd)
* How these components, specifically CARP, function at a lower level
* Current and potential attacks against the HA environment, including some demos
* Security considerations when rolling out a HA implementation and applicable work-arounds
* Ideas on how to improve the security and flexibility of the BSD HA tool suite Download the MP3 file

4. Video of SCALE 2011 presentation by Dru Lavigne, titled”PC-BSD: an Easy to Use Open Source Desktop“.

5. FOSDEM Trip report by Brooks Davis

Brooks Davis has provided a trip report for FOSDEM 2011; it includes some interesting notes on clang/llvm.

 

 

FreeBSD on Amazon EC2 cluster compute, and the Cloud

FreeBSD on Amazon EC2

Colin Percifal announced back in December 2010 that he had managed to make FreeBSD run on Amazon EC2. There were some quirks and some work-rounds needed, but it worked.

FreeBSD ran only on the ‘small t1.micro’ instance, but it wasn’t working on the ‘cc1.4xlarge instances’ (8 cores of 2.93 GHz Nehalem, 23 GB of RAM, two 840 GB disks). Colin announced that this is now working: FreeBSD Amazon EC2 Cluster Compute.

Personally, I don’t like the idea of keeping any (personal) data and files in the Cloud, but it’s great news that FreeBSD runs on Amazon EC2. After all, FreeBSD is lean, agile and flexible,  so it should be able to run on almost anything.

The Cloud

Talking about the Cloud, the idea is nice, but it is dangerous, for security and availability reasons, to be dependent on a 3rd party cloud provider, whether it be Google, Amazon, RackSpace etc.

The following are some links to recent events showing how unreliable and insecure cloud providers can be.

Though these issues, vulnerabilities and problems have been dealt with and fixed (esp. the Tarsnap problem was handled very well), trusting and relying on ‘the cloud’ should be a decision that is well considered. Even Tarsnap, a service run by Colin, a highly regarded FreeBSD security specialist, had a security problem!

No company, however big it is, however much knowledge and experience they have, is able to offer 100% uptime and guarantee 100% data security.

Private Clouds could be the golden middle way, e.g. ownCloud, OpenStack, Eucalyptus. Cloud technology but run and managed within a / your company.

FreeBSD Installer and FreeBSD Version polls (results)

Many thanks to everybody who recently took a minute voting in the “FreeBSD Installer preference” poll and the “FreeBSD version usage” poll.

Below the numbers, percentages and the charts.

1. What kind of FreeBSD Installer do you like?

2. What version of FreeBSD are you using?

These polls are in no way scientific and may not be reflective of views and preferences of the FreeBSD community as a whole, but they give some interesting pictures.

There are at least two servers with FreeBSD 1.x  churning away and at least 13 are still running FreeBSD 4.x. I suppose these are cases of “if it ain’t broken, don’t fix it”. About 80% of the votes were for FreeBSD 7.x and 8.x.

Interestingly, about 50% of the votes were for a FreeBSD installer where you can choose to go either GUI or ncurses.