FreeBSDNews.com

FreeBSD Foundation – January 2017 Projects Update

By 1 Comment

Ed Maste, Director of Project Development at the FreeBSD Foundation, updates us with the project initiatives so far in 2017. Read more on their ideas, selection, and development process at the Foundation website below.

freebsd_foundationHappy new year and welcome to 2017! In this update, I’ll take the opportunity to look at how the FreeBSD Foundation identifies, reviews, and chooses projects to be undertaken by paid development staff and by recipients of project development grants.

The Foundation chooses projects based on a variety of factors, but one common theme is that we try to identify gaps in work taken on by FreeBSD committers, contributors, and developers employed by companies building products on top of FreeBSD. Our goal is never to supplant development that is already happening in the community, but to augment and complement it. For staff development, we will take on projects that are of broad interest, but require too much effort for individual contributors to justify. We also act as a liaison, coordinating shared effort from multiple parties with a common goal of improving FreeBSD in some manner.

FreeBSD Foundation January 2017 Projects Update: https://www.freebsdfoundation.org/blog/january-2017-projects-update/

 

Improving TrueOS: OpenRC

By Leave a Comment

This article by Tim Moore discusses the integration of OpenRC to improve TrueOS’s management of system services. Read more about the benefits of OpenRC in the link below.

SysAdmServiceManager

OpenRC is a dependency-based init system working with the system provided init program. It is used with several Linux distributions, including Gentoo and Alpine Linux. However, OpenRC was created by the NetBSD developer Roy Marples in one of those interesting intersections of Linux and BSD development. OpenRC’s development history, portability, and 2-clause BSD license make its integration into TrueOS an easy decision.

What’s different with OpenRC?

TrueOS now uses OpenRC to manage all system services, as opposed to FreeBSD’s RC. Instead of using rc.d for base system rc scripts, OpenRC uses init.d. Also, every service in OpenRC has its own user configuration file, located in /etc/conf.d/ for the base system and /usr/local/etc.conf.d/ for ports. Finally, OpenRC uses runlevels, as opposed to the FreeBSD single- or multi- user modes. You can view the services and their runlevels by typing $ rc-update show -v in a CLI. Also, TrueOS integrates OpenRC service management into SysAdm with the Service Manager tool: …

Original post: https://www.trueos.org/blog/improving-trueos-openrc/

Phoronix: http://www.phoronix.com/scan.php?page=news_item&px=TrueOS-OpenRC

Discussion: http://www.phoronix.com/forums/node/926249

[How-To] IPv6 on FreeBSD/EC2

By Leave a Comment

In this tutorial, FreeBSD Security Officer Colin Percival shows us how to set up IPv6 on FreeBSD/EC2 and provides some tips to help simplify the process. Visit the link below to read his full blog.

AmazonWebservices_Logo.svg

A few hours ago Amazon announced that they had rolled out IPv6 support in EC2 to 15 regions — everywhere except the Beijing region, apparently. This seems as good a time as any to write about using IPv6 in EC2 on FreeBSD instances.

First, the good news: Future FreeBSD releases will support IPv6 “out of the box” on EC2. I committed changes to HEAD last week, and merged them to the stable/11 branch moments ago, to have FreeBSD automatically use whatever IPv6 addresses EC2 makes available to it.

Next, the annoying news: To get IPv6 support in EC2 from existing FreeBSD releases (10.3, 11.0) you’ll need to run a few simple commands. I consider this unfortunate but inevitable: While Amazon has been unusually helpful recently, there’s nothing they could have done to get support for their IPv6 networking configuration into FreeBSD a year before they launched it.

To enable IPv6 support in an existing FreeBSD EC2 instance, you’ll need to do three things: …

Full tutorial: http://www.daemonology.net/blog/2017-01-26-IPv6-on-FreeBSD-EC2.html

[How-To] Install FreeBSD 11 Google Cloud Compute

By Leave a Comment

This tutorial by user Vivek Gite will show us how to get FreeBSD 11 set up in a virtual machine on your Google Cloud Compute platform. The current list of available operating systems does not include FreeBSD. Follow the link below for the full set of instructions on how to get it running.

google-cloud-platform

How can I deploy or install FreeBSD version 11.x Unix operating system on the Google cloud engine? Do I need to create my own FreeBSD disk image to start with the Google Cloud Compute?

It is true that the Google Compute Engine support for Debian, Ubuntu, RHEL, SUSE, and FreeBSD Unix. However, create an instance page only display handful of operating systems as follows: …

Full tutorial: https://www.cyberciti.biz/faq/howto-deploying-freebsd11-unix-on-google-cloud/

The True Value of Randomness & Deeper Exploration in (Free|Hardened)BSD Entropy

By Leave a Comment

This blog series by user  discusses some security aspects of HardenedBSD, along with an Entropy Assessment of FreeBSD. The author runs various tests using DTrace and documents his findings across 2 different blogs, and more to come in the future. Check out the blog links for the full and detailed report.

hardenedScreen-Shot-2017-01-20-at-8.43.35-PM

The True Value of Randomness: Initial Results in Hardened/FreeBSD Entropy Assessment (Part 1 of Series)

First, touching back on some background: Currently, I am employed by Acumen Security, LLC as a Lead Security Engineer where I work on Common Criteria and FIPS consulting and evaluation testing.  Most of this (especially the FIPS 140 stuff) is basically being the crypto police — verifying the correct implementation and operation of cryptographic algorithms and modules, correct implementation of encrypted communications channels, etc.

In order for a product to be accepted into evaluation these days, the product vendor and lab must first submit an Entropy Assessment Report.  Essentially, this is proving that there is enough raw randomness being fed into the crypto system from the start, because if you have week or predictable initial entropy, the strength of the entire rest of the crypto system is compromised

Original article: https://www.weaponizedawesome.com/blog/?p=154

Deeper Exploration in (Free|Hardened)BSD Entropy (Part 2 of series)

So, the other day I posted some background and initial findings from a side project in attempting to measure entropy in FreeBSD and HardenedBSD systems.  Rather than instrumenting the kernel with printf(9) or log(9) calls, I decided that I wanted to take the opportunity to start digging with with DTrace.

The first blog post attracted a little bit of attention, and I got into a fairly long conversation on Twitter with John-Mark Gurney that let me know that I was on the right track, but needed to get a little bit further in to really, effectively count what was being fed in.

Original article: https://www.weaponizedawesome.com/blog/?p=173

Benno Rice – The Trouble with FreeBSD

By Leave a Comment

Benno Rice, FreeBSD committer and Core Team member, discusses issues in keeping the community alive through contributors, as well as addresses several solutions to the problem. This presentation was recorded at linux.conf.au in Hobart, Australia. Follow the link to view the full presentation.

Screenshot at 2017-01-27 17:59:09
An open source project’s community is what makes it a living thing. Without its community the project is a static lump of code. FreeBSD is one of the largest and longest continuously running open source projects around. Not only that, it comes from an even longer lineage before it via the original BSD work at the University of California, Berkeley. That doesn’t necessarily mean that it is without its problems.

While FreeBSD isn’t in any danger of disappearing any time soon, it does have issues with attracting new contributors, keeping its existing contributors and keeping its community healthy. These issues are not always unique to FreeBSD but FreeBSD provides an interesting case study.

This presentation will cover:

* How FreeBSD’s community and its processes have evolved over the years and how this compares to other, often newer, projects.
* What FreeBSD could learn from other projects.
* How this all fits into broader issues around open source development communities and things that do and don’t work.

Benno Rice – The Trouble with FreeBSD: https://www-tracey.archive.org/details/lca2017-The_Trouble_with_FreeBSD

Hacker News: https://news.ycombinator.com/item?id=13559902

[How-To] Beaglebone Black, FreeBSD, Android, Arduino and more

By Leave a Comment

This tutorial/blog from Victoria Raspberry PiMakers will show you how to get FreeBSD set up on a Beaglebone Black board for a DIY home security solution. In this project, they aim to eliminate the third party, leaving control and privacy in the hands of the user. Follow the link below for the full set of instructions.

IotBlockDiagramI’ve been mildly interested in home security and automation for a
few years, and I now have the time and resources to dive in and
see what can be done.

My goals for this project/presentation are:

  1. Introduce the Beaglebone Black;
  2. Use a smartphone as a remote control;
  3. Use the Internet as a conduit for control messages;
  4. Do this securely – i.e. high resistance to break-in and no
    eaves-dropping;
  5. Introduce some useful, but maybe little known technologies.

Oh yes, and light an LED and read a sensor.  Here is a block
diagram of the infrastructure:

Full tutorial: http://vicpimakers.ca/projects/beaglebone-black-freebsd-android-arduino-and-more/