In this week’s episode of BSD Now, Alan Jude and Kris Moore interview Ken Westerback to discuss OpenBSD Foundation and talk about what they do. Hit play below to tune in:
The developers of PC-BSD have updated their Lumina desktop environment to version 0.8.2.
The next version of the Lumina desktop environment has just been released! Version 0.8.2 is mainly a “spit-and-polish” release: focusing on bugfixes, overall appearances, and interface layout/design. The FreeBSD port has already been updated to the new version, and the PC-BSD “Edge” repository will be making the new version available within the next day or two (packages building now). If you are creating/distributing your own packages, you can find the source code for this release in the “qt5/0.8.2? branch in the Lumina repository on GitHub.
The major difference that people will notice is that the themes/colors distributed with the desktop have been greatly improved, and I have included a few examples below. The full details about the changes in this release are listed at the bottom of the announcement.
Reminder: The Lumina desktop environment is still considered to be “beta-quality”, so if you find things that either don’t work or don’t work well, please report them on the PC-BSD bug tracker so that they can get fixed as soon as possible.
View the full list of changes here: http://blog.pcbsd.org/2015/02/lumina-desktop-0-8-2-released/
The folks at pfSense, an open-source firewall distribution, have requested that users donate directly to the FreeBSD Foundation. Donations to the foundation will directly benefit pfSense, as pfSense is built on FreeBSD itself.
The FreeBSD Foundation has recently asked me to write an endorsement for FreeBSD. I’ve done so (as Netgate, but prominently mentioning the pfSense project) and it will probably appear soon, but part of that endorsement had to do with donations.
It’s likely obvious by now that we’ve donated to the FreeBSD Foundation again this year. We get a lot from FreeBSD, and we feel the need to give back to the FreeBSD project in many ways. It should also be obvious that, while the pfSense project used to take donations, we no longer do. Indeed, while similar projects ask for donations, we instead ask that, if you are inclined to donate to pfSense, that you instead donate to the FreeBSD Foundation. For 14 years, the FreeBSD Foundation has been providing funding and support for the FreeBSD Project and community worldwide. They are fully funded by donations from people like you as well as organizations such as: VMware, NetApp, Tarsnap, Cavium, Xinuos, Netgate and others.
The reasons for this decision are too long to list here, but the most prominent reason is that we believe that your donation is better directed at FreeBSD. Your support of the FreeBSD Foundation advances FreeBSD so that it is a perfect research and development platform, and pfSense benefits directly from these advances. By donating to the foundation, you are helping fund and manage projects, sponsor FreeBSD events, and provide travel grants to FreeBSD developers. You are also helping the FreeBSD Foundation represent the Project in executing contracts, license agreements, copyrights, trademarks, and other legal arrangements that require a recognized legal entity. I know that we have leveraged the Foundation in several matters that fall under this last bit.
Of additional benefit, if you are in the US, the FreeBSD Foundation is a 501(c)3 non-profit organization. US-based donations should be fully tax-deductible on your federal return.
Thank you for your support.
Original post: https://blog.pfsense.org/?p=1579
A bug involving the Random Number Generator has been found in FreeBSD. Check out the article for more details.
The latest vulnerability-with-a-snazzy-name is YARNBUG, and it affects the most recent version of FreeBSD.
Actually, it’s not really called YARNBUG – we just made that up to stand for “Yet Another Random Number Bug.”
Loosely put, computer security as good as depends on randomness, and that means something of a paradox: access to a reliable supply of completely unpredictable numbers.
For example, imagine that you encrypt the same document multiple times with the same secret key: you need to “seed” the encryption each time with a random number, or else you’ll keep getting the same encrypted output.
Even though that wouldn’t tell an attacker what’s inside the document, it would needlessly signal that the encrypted files were identical, which isn’t supposed to happen.
Of course, whenever you need a random number, it really must be random.
If it can be guessed or predicted, even a bit, then, well, it simply isn’t random, and you’ll end up with patterns that can be anticipated in data that’s supposed to be entirely empty of meaning until it’s decrypted.
In this week’s BSD Now episode, Kris Moore and Alan Jude interview Alex Reece and Matt Ahrens about what’s coming up in OpenZFS. In addition, they introduce a tutorial series and show us how to submit your first patch. Click play to tune in:
Official page: http://www.bsdnow.tv/episodes/2015_02_18-noahs_l2arc
Luke Wolf, a developer of KDE, foreshadows the future of PC-BSD as being a dominant open-source platform within 5 years. He mentions its offerings as a desktop system, compared with the Linux desktop share.
I am going to make a prediction right now that FreeBSD is going to take off in a big way on or before 2020, perhaps even to the point where it threatens Linux Desktop share.
This is of course a bold claim, however before you automatically dismiss me, consider this: where was LLVM/CLang 5 years ago? Now today it’s almost a foregone conclusion that it’s the future, to the point where RMS thinks there’s a conspiracy against GNU by the LLVM folks.
Alright so change happens and those we might consider untouchable can in fact be dethroned. Hasn’t FreeBSD had more than enough chance that it’s unlikely for the status quo to be disrupted though? I would agree, but for two things: PC-BSD, and the KMS linux-shim.
First off what is this KMS shim? It’s an adapter between a BSD kernel and the linux Kernel Mode Setting drivers, this is important because instead of having to port the Intel and AMD drivers over to how a BSD thinks they should be written, they will be able to just take the drivers as they are, thus reducing maintenance burden and allowing BSDs to have up to date graphics drivers (as opposed to the current state of being at ~ Linux 3.8 equivalence). As someone who uses all-AMD hardware this is kind of important, but this will more or less permanently solve the graphics hardware compatibility issue.
Now with the hardware compatibility issues out of the way, what is so special about PC-BSD?
The answer is that unlike Linux distributions, it’s not stagnant, and it’s truly focused on being a desktop offering. Consider this: In the past 10 years has the distribution you run changed significantly in what it offers over other distributions? I think you’ll find the answer is largely no. I do have to give a shout out to openSUSE for the OBS, but otherwise I’ve used my desktop in the same exact way that I have always used it within the continuity of distribution X,Y, or Z since I started using them. Distributions simply aren’t focused on desktop features, they’re leaving it up to the DEs to do so.
PC-BSD on the other hand in fitting with the BSD mindset of holistic solutions is focused on developing desktop features and is moving rapidly to implement them. Check out http://wiki.pcbsd.org/index.php/PC-BSD%C2%AE_Roadmap for a feel of their direction.
Already PC-BSD sets itself apart with power-user features like being able to easily install a package with it’s dependencies into a jail, integration with FreeNAS using ZFS as a backup solution, and 100% OS encryption, as well as niceties such as utilizing a Solaris idea called Bootable Environments where updates don’t touch the running system instead it creates a new snapshot and installs the updates there, and you boot into this new snapshot the next time you reboot, with capability to go back to an older snapshot in case an update borked your system but also preventing say KDE Applications from stopping running after you ran an update that touched the KDE version number (In theory openSUSE should be able to modify Snapper to do something similar as an option). Quite frankly, to me this is a breath of fresh air.
PC-BSD’s offering is only going to become stronger as time goes on, while I fear Linux desktop distros in 5 years will be much the same as they are now. The development of Really Neat Features ™ on top of the advantages that FreeBSD itself provides (better documentation, source and binaries as first class citizens, etc…) has convinced me that I should switch to it when my hardware is finally adequately supported (FreeBSD 11?), but what about other people? The FreeBSD and PC-BSD crowds are actually working on that problem, raising awareness at conventions and on the internet, thus doing the much needed footwork to effect a change.
With a large enough desktop feature gap, and appropriate marketing I have a strong feeling that PC-BSD will pose a serious threat to Linux desktop distributions within the next 5 years, what happens then? Who knows?
if you want to try out PC-BSD it’s available here http://www.pcbsd.org/ In my opinion they’re still in a relatively rough state right now, and here there be dragons and all that, but with enough polish it’s going to become a real gem.
FAST ’15, also known as File and Storage Technologies, is currently here at Santa Clara, CA. Kirk McKusick will be giving a keynote presentation on BSD.
Join us in Santa Clara, CA, February 16–19, 2015, for the 13th USENIX Conference on File and Storage Technologies. FAST ’15 brings together storage-system researchers and practitioners to explore new directions in the design, implementation, evaluation, and deployment of storage systems.
The FAST ’15 Keynote Address, “A Brief History of the BSD Fast Filesystem,” will be given by Dr. Marshall Kirk McKusick. The 3-day technical sessions program also includes Work-in-Progress (WiP) reports; two Poster sessions; the SNIA Industry Track, and 28 refereed paper presentations, on topics including:
- Scaling for Future Systems
- Big Systems
- Write-Optimized File Systems
- Benchmarking and Workloads
- Mobile and Social-Networking Systems
FAST ’15 also offers in-depth training in the latest techniques, effective tools, and best strategies. The four half-day sessions will focus on software-defined storage, cluster-based parallel storage system technologies, flash memory, and Hadoop. Check out the full training program and register soon to guarantee your first choice—seating is limited.
Find out more here: https://www.usenix.org/conference/fast15
This guide by linuxbsdos will help you get familiar with the pkg audit command available on PC-BSD and FreeBSD.
Pkg is that package manager and one of the its many commands I think you should get to know asap is the audit command. It’s used to audit installed packages against known vulnerabilities. I could be wrong, but I don’t think your favorite Linux distribution’s package manager has an equivalent command.
The command is very simple. Just pass the -F flag to pkg audit and it will output installed packages with outstanding vulnerabilities. By running pkg audit -F on a fresh installation of PC-BSD 10.1 KDE, for example, it reported the following vulnerable packages.
In this week’s episode of BSD Now, Kris Moore and Alan Jude interview Henning Brauer regarding OpenNTPD and it’s recent revival of the portable version. Then they discuss other ways to securely tunnel traffic: on OpenVPN, IPSEC, SSH, and Tor. Click play below to tune in:
Official page: http://www.bsdnow.tv/episodes/2015_02_11-time_for_a_change
This tutorial by finid shows us how to get OSSEC running on FreeSBD 10.1.
OSSEC is an open source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response.
It’s one of the most important security applications you could install on your server and it can be used to monitor one machine or thousands in a client/server or agent/server fashion. If properly configured, OSSEC can give you a view into what’s happening on your server via email alerts to any number of configured email addresses.
This tutorial will show you how to install and configure OSSEC to monitor a DigitalOcean Droplet running FreeBSD 10.1. In addition to OSSEC’s default rulesets for user access and integrity checking, we will configure additional rules so that if a file is modified or added to the system, OSSEC will notify you by email.