The FreeBSD Security Team has issued the following security advisories:
Read the messages how your system will be affected and how you can update it.
Open source server and storage solution provider iXsystems will once again host MeetBSD California. This year, MeetBSD will be an informal 2-Day BSD Camp taking place at Hacker Dojo in Mountain View, California on November 5th and 6th.
MeetBSD California promises to be a fun and engaging plunge into the BSD operating system world, just as it was back in 2008 when the event first took place. Allen Gunn, Executive Director of Aspiration, will facilitate this year’s “unconference”, which will consist of Break Out Sessions, Informal Discussions, and 5-10 minute “Lightning Talks” on a variety of open source development topics, including ZFS, HAST, jails, OS virtualization, and sysinstall.
MeetBSD California 2010 will culminate with an after-party taking place at Hacker Dojo on the evening of Saturday, November 6th.
Whether you’re interested in learning more about the BSD family of operating systems, or ready to share some of your FreeBSD wisdom, MeetBSD California 2010 will offer an enjoyable forum for lively discussion on a wide range of BSD-related topics.
Ken Smith made the following announcement on the FreeBSD Stable mailinglist with regards to the upcoming FreeBSD 8.1:
We are about a week away from starting code freeze for the 8.1-RELEASE release cycle. Since sometimes that means stable/8 gets a little less reliable due to higher than normal levels of developer activity I’ll adjust the branch to say it is 8.1-PRERELEASE now.
The target schedule for the release cycle is available here: http://www.freebsd.org/releases/8.1R/schedule.html
And the wiki page to track the current status of the release (started but not heavily used yet) is here: http://wiki.freebsd.org/Releng/8.1TODO
The current target release date is July 9th, 2010. You can find these and other FreeBSD related dates in the FreeBSD Events Calendar.
With more and more services and applications running on your average server, upgrading the operating system and application software becomes trickier and larger service windows are needed performing these upgrades.
Over the last four years Paul Schenkeveld (PSconsult) has searched for means and methods to keep software up to date with minimum downtime and inconvenience for users and maximum consistency. The result is a model which combines the strength of NanoBSD, ZFS and jails to build servers where application upgrades result in downtime of only a few seconds and kernel upgrades only need the time to reboot without installing in (tampering with) the running system. This system is in production now for several months on 6 to 8 servers at four different sites.
LWN.net has an article explaining Paul’s approach:
On May 6, NLUUG held its Spring Conference with the theme System Administration. There were a lot of talks about very specific tools or case studies, but one struck your author because it married conceptual simplicity with a useful goal: Minimizing service windows on servers using NanoBSD + ZFS + jails by Paul Schenkeveld. Over the last four years, Paul has searched for methods to upgrade applications on a server with minimal downtime. The system he implemented is in production now on various servers, which require only a few seconds downtime for an application upgrade and the same amount of time for a rollback if the upgrade fails.
Combining these three technologies (NanoBSD, ZFS, and jails), Paul reached his goal of setting up a FreeBSD server that can be upgraded with minimal downtime. All user-visible applications run in jails. Underneath the jails, a minimal FreeBSD operating system runs, built using the NanoBSD script. This holds the kernel, some low-level services, and the tools for building a new system image for upgrading the operating system. The NanoBSD system image can be put on a partition of a regular disk drive, but Paul prefers to put it on a separate flash drive, because NanoBSD is specifically designed for it and using a separate drive for the operating system makes it easier for the system administrator when the hard drives with the jails fail.
Read the whole article:
NLUUG: Minimizing downtime on servers using NanoBSD, ZFS, and jails
Paul presented the above also in Tokio at AsiaBSDCon 2010:
BSDCan 2010 is over. Time to glean pictures, videos and presentations:
Matthew Hughes, a student of Ethical Hacking in the UK, has always had an interest in FreeBSD and computer security, and now he has decided to combine these two interests by introduding SecurityBSD, a distribution of BSD aimed at security professionals.
SecurityBSD is a bundling of the FreeBSD operating system with open source security tools aimed at computer security profesionals and enthusiasts, and intends to be a serious contender to the more popular security Linux distributions such as Backtrack Linux, Weaknet Linux and SamuraiWTF.
SecurityBSD can be used on your old beige-box or on the latest computer hardware, it really doesn’t matter. One of the advantages of SecurityBSD is that it is lightweight, and can be used on legacy machines, which will be ideal for enterprises with a small IT security budget, especially in the developing world.
Version 0.01 (pre-alpha) is now available: SecurityBSD 0.01 – Kevin Federline pre-alpha released
We wish Matthew much success and are looking forward to see this become an established project.
Juraj Sipos, the founder of MaheshaBSD, has published an article listing the difference between Linux and BSD:
“This article is not about the history of Unix; however, Unix is such a complex issue that it deserves few words in this respect: BSD family of Unix systems is based upon the source code of real Unix developed in Bell Labs, which was later purchased by the University of California. Thus, the name of the family of Unix systems called BSD is derived from “Berkeley Software Distribution”. The contemporary BSD systems stand on the source code that was released in the beginning of 1990’s (Net/2 Lite and 386/BSD release).
No one person or any entity owns BSD. Enthusiastic developers create it and many of its components are open-sourced.
BSD is behind the philosophy of TCP/IP networking and the Internet thereof; it is a developed Unix system with advanced features. Except for proprietary BSD/OS, the development of which was discontinued, there are currently four BSD systems available: FreeBSD, NetBSD, OpenBSD and Mac OS X, which is derived from FreeBSD. There are also various forks of these, like PC-BSD – a FreeBSD clone, or MirOS, an OpenBSD clone. The intention of such forks is to include various characteristics missing in the above BSD systems, on which these (forks), no matter how well they are designed, only strongly depend. PC-BSD, for example, has more graphical features than FreeBSD, but there are no substantial differences between these two. PC-BSD cannot breathe without FreeBSD; FreeBSD or OpenBSD are independent of one another.”
Continues (linuxmagazines.com): Linux vs BSD with a little focus on OpenBSD
An account from a happy user of pfSense:
“I had been reviewing pfsense firewall recently. After using an outdated Watchguard firebox for long, we wanted to replace it with something reliable and easy to manage remotely. Previously our NOC team was looking at Endian for a lot of customers but it ended up as a wrong choice of technology with many of the stuff not working as expected and some of the crucial features missing or not working no matter repeated attempts.
Installation of Pfsense is straight forward but can be a little confusing for a novice user especially assigning the WAN and LAN interfaces. But there are lots of step by step installation videos in youtube to rescue. Once you have got the web based GUI, then configuring everything is a breeze. I liked the PPTP feature which many of the s/w firewalls were missing.
Since we liked it a lot we are moving our internal office n/w also under pfsense which means ‘RIP’ for the pretty old watchguard or serve me at my home.”
Source (confiance.com): Pfsense – With out doubt a very good Software firewall
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
Chris Buechler has created a list of pfSense 2.0 New Features and Changes.
A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days. (source)