In this BSD Now episode, hosts Allan Jude and Kris Moore interview DragonFlyBSD developer Sepherosa Ziehau regarding their network stack. In addition, they discuss the various methods of containment and privilege separation. Hit play below to tune in:
This article by Andrew Leonard talks about how the BSD operating system came about to be a dominant player in the open source world. Hear about the story of Bill Joy, Marshall Kirk McKusick, and other big influences and the origins at the University of California, Berkeley.
How Berkeley hackers built the Net’s most fabled free operating system on the ashes of the ’60s — and then lost the lead to Linux.
By the time Bill Joy arrived in Berkeley, Calif., in 1975 to attend graduate school, the fabled capital of leftist radicalism was a bit ragged around the edges. If the 21-year-old programming wunderkind had glanced at the headlines blasting out of the local alternative weeklies, he might have wondered just what kind of insane mess he had gotten himself into. In San Francisco, Patty Hearst was on trial for a bank robbery committed while the newspaper heiress was toting machine guns for the Symbionese Liberation Army. In Oakland, the Weather Underground botched a bombing of a Defense Department building. Even the reliable bugaboo of CIA recruitment on the University of California’s Berkeley campus failed to generate more than a token protest.
Berkeley was burned out, its radical energy wasting away in infantile terrorism, conspiracy theorizing and drug overdoses. The Free Speech Movement that had galvanized the university in the ’60s belonged to another geological age. Ken Thompson, co-creator of the Unix operating system, graduated from Berkeley in 1966 with a degree in electrical engineering. He returned to the university from Bell Labs for a sabbatical in 1975. But the campus on which he had once walked to class through clouds of tear gas had changed. That year, says Thompson, Berkeley “had turned into the most politically apathetic place I’d seen.”
But it was the right place for Joy. “He never looked at those [alternative] papers,” says John Gage, a close friend of Joy’s during the Berkeley years and later at Sun Microsystems, a company co-founded by Joy. Today, Joy calls himself a “staunch Democrat” and has recently carved out a new niche as a techno-skeptical doomsayer, but in the ’70s he was, by his own description, “not an activist.” Joy chose to attend UC-Berkeley instead of Stanford or MIT not because he was attracted by its politics or countercultural reputation but because the computer science department’s hardware was so obsolete that he figured he’d have no choice but to confine his research efforts to studying computing theory — which was exactly what he wanted to do.
Registration is still open for BSDCan 2015 for those interested in attending. It will be held at the University of Ottawa, Canada on June 12-13, 2015. Dan Langille and Steve Bourne will be doing the keynote presentation.
Visit their website at https://www.bsdcan.org/2015/ for more information.
BSDCan – The BSD Conference
Come join us at the 12th annual BSDCan!
BSDCan, a BSD conference held in Ottawa, Canada, has quickly established itself as the technical conference for people working on and with 4.4BSD based operating systems and related projects. The organizers have found a fantastic formula that appeals to a wide range of people from extreme novices to advanced developers.
NOTE: BSDCan 2015 is in June.
BSDCan 2015 will be held on 12-13 June 2015 (Fri/Sat) at University of Ottawa in the DMS (Desmarais) building, and will be preceded by two days of Tutorials on 10-11 June 2015 (Wed/Thu). See our map for details.
There will be related events (of a social nature, for the most part) on the day before and after the conference.
Call for Papers
If you want join the group of BSDCan sponsors, please read about our sponsorship opportunities.
This tutorial by user Felix J. Ogris shows us how to get OpenVPN routing with BIRD set up on FreeBSD.
If you run OpenVPN as an unprivileged user and/or in a chroot environment, it can’t dynamically modify routes. This becomes a problem if you run multiple OpenVPN daemons, no matter whether they run on the same box or on different servers. When a client disconnects from one instance and later connects to another instance, you have to update your internal routing information for that client. To solve this, I’ve been using the BIRD Internet Routing Daemon.
The relevant part of my /usr/local/etc/openvpn.conf looks like this:mode server chroot /usr/local/etc/openvpn/chroot client-connect /bin/cc.sh client-disconnect /bin/cc.sh script-security 2 user openvpn group openvpn
Note that the location of the client-connect and client-disconnect script /bin/cc.sh is relative to the chroot directory /usr/local/etc/openvpn/chroot, which contains three subdirectories:drwxr-xr-x 2 root wheel bin drwxr-xr-x 2 root wheel ccd drwxrwxr-x 2 root openvpn tmp
- bin contains three tools:-r-xr-xr-x 1 root wheel cc.sh -r-xr-xr-x 2 root wheel nc -r-xr-xr-x 2 root wheel sh
I copied sh from /rescue/sh, while nc was hardlinked to sh. All binaries in /rescue are statically linked, so they’ll work even in a chroot environment.
- ccd contains my client config files, each containing an ifconfig-push and optionally one or more iroute statements for a particular client. Those files are owned and writeable by root only.
- tmp contains the control socket for BIRD, and a dynamically created config file for each OpenVPN client.
When an OpenVPN client connects, cc.sh reads its ip address and routes from the config file in ccd, writes this information in BIRD compatible syntax to the config file in tmp, and informs BIRD to reload its configuration.
When a client disconnects, cc.sh just empties the config file in tmp, and reloads BIRD.
My /usr/local/etc/bird.conf looks like this:
Phoronix, a website dedicated to bringing Linux related and open source news, is now 11 years old. They have highlighted several FreeBSD related articles as some of the most popular Phoronix articles, out of 15,000+. Congrats and thank you Phoronix for your contributions to the FreeBSD and open-source community.
Sony’s PlayStation 4 Is Running Modified FreeBSD 9
The operating system at the heart of Sony’s PlayStation 4 is FreeBSD 9.0.
FreeBSD 10 To Use Clang Compiler, Deprecate GCC
As indicated by the Q1-2012 FreeBSD Status Report, LLVM’s Clang compiler is quickly replacing GCC for this popular BSD operating system. The developers are also making much progress in a GNU-free C++11 stack. For FreeBSD 10 they’re aiming for Clang as the default C/C++ compiler, deprecate GCC, and to have a BSD-licensed C++ stack.
Ubuntu vs. OpenSolaris vs. FreeBSD Benchmarks
Over the past few weeks we have been providing several in-depth articles looking at the performance of Ubuntu Linux. We had begun by providing Ubuntu 7.04 to 8.10 benchmarks and had found the performance of this popular Linux distribution to become slower with time and that article was followed up with Mac OS X 10.5 vs. Ubuntu 8.10 benchmarks and other articles looking at the state of Ubuntu’s performance. In this article, we are now comparing the 64-bit performance of Ubuntu 8.10 against the latest test releases of OpenSolaris 2008.11 and FreeBSD 7.1.
FreeBSD 8.0 vs. Ubuntu 9.10 Benchmarks
Canonical will be releasing Ubuntu 9.10 at the end of next month while the final release of FreeBSD 8.0 is also expected within the next few weeks. With these two popular free software operating systems both having major updates coming out at around the same time, we decided it warranted some early benchmarking as we see how the FreeBSD 8.0 and Ubuntu 9.10 performance compares.
The developers of FreeBSD have laid out plans to release version 10.2 in August 2015. Check the table to see the release dates for each build.
This is the release schedule for FreeBSD 10.2. For more information about the release engineering process, please see the Release Engineering section of the web site.
Action Expected Actual Description Initial release schedule announcement – 26 February 2015 Release Engineers send announcement email to developers with a rough schedule. Release schedule reminder 20 May 2015 21 May 2015 Release Engineers send reminder announcement e-mail to developers with updated schedule. Code slush begins 19 June 2015 – Release Engineers announce that all further commits to the stable/10 branch will not require explicit approval, however new features should be avoided. Code freeze begins 3 July 2015 – Release Engineers announce that all further commits to the stable/10 branch will require explicit approval. Certain blanket approvals will be granted for narrow areas of development, documentation improvements, etc. BETA1 builds begin 10 July 2015 – First beta test snapshot. BETA2 builds begin 17 July 2015 – Second beta test snapshot. BETA3 builds begin * 24 July 2015 – Third beta test snapshot. releng/10.2 branch 31 July 2015 – Subversion branch created; future release engineering proceeds on this branch. RC1 builds begin 31 July 2015 – First release candidate. stable/10 thaw 1 August 2015 – The code freeze on the stable/10 branch is lifted. RC2 builds begin 7 August 2015 – Second release candidate. RC3 builds begin * 14 August 2015 – Third release candidate. RELEASE builds begin 21 August 2015 – 10.2-RELEASE builds begin. RELEASE announcement 31 August 2015 – 10.2-RELEASE press release. Turn over to the secteam – – releng/10.2 branch is handed over to the FreeBSD Security Officer Team in one or two weeks after the announcement.
“*” indicates “as-needed” items.
Ken Moore provides us a comprehensive status update on his Lumina desktop environment project.
With the amount of changes to the Lumina desktop environment and the increasing number of questions/comments we are receiving, I thought it would be a good time to post a status report about it and answer many of the commonly asked questions.
As always, please post any bug reports or feature requests on the PC-BSD Bug tracker.
If you wish to get involved in the development of the Lumina Desktop Environment, you can find the source code in our repository on GitHub.
Lumina Desktop FAQ/Status Update:
What is the Lumina Desktop Environment?
- The Lumina Desktop Environment (sometimes referred to as Lumina-DE or just Lumina) is a BSD-licensed, FreeDesktop-compliant graphical interface for a desktop operating system.
- It has been written from scratch in C++/Qt5 (it is not based on any existing DE code-base). It uses Fluxbox for the window management in the background and xscreensaver for screensaver/screenlocking functionality. The only other runtime dependencies are a couple of small X11 utilities (xnumlock, xbrightness, xterm, xrandr).
- This results in a very lightweight, very smooth desktop experience with minimal system overhead.
What is the current development status?
- While the current version (0.8.4) is still considered to be “Beta” quality, that is primarily because there are still a couple external utilities which have not had in-house replacements written yet (Fluxbox and xscreensaver primarily).
- In its current state it is very stable and completely usable on a daily basis for both developers and non-developers alike.
- The only caveat for its “beta” status is that since there are some backend systems which are still in major development, we reserve the right to break a user’s customized settings during the transition to these new systems (the window manager and screensaver settings are where I anticipate this happening once the replacement systems are in place). However, we already have a good track record of backwards compatibility with older settings formats, and will continue to work on ensuring a smooth transition between different versions of the desktop (even during heavy development/backend changes).
What are some of the features of Lumina?
FreeBSD Mastery: ZFS author Michael W. Lucas has released volume 7 of his book, along with co-author Allan Jude.
Data Storage for the 21st Century and Beyond!
The first of two ZFS books, by critically acclaimed author Michael W Lucas and FreeBSD developer Allan Jude
ZFS, the fast, flexible, self-healing filesystem, revolutionized data storage. Leveraging ZFS changes everything about managing FreeBSD systems.
With FreeBSD Mastery: ZFS, you’ll learn to:
- select hardware for ZFS systems
- arrange your storage for optimal performance
- configure datasets that match your enterprise’s needs
- repair and monitor storage pools
- expand your storage
- use compression to enhance performance
- determine if deduplication is right for your data
- understand how copy-on-write changes everything
- snapshot filesystems
- automatically rotate snapshots
- clone filesystems
- optimize how ZFS uses and manages space
- customize FreeBSD ZFS installs
Whether you’re a long-term FreeBSD administrator or a new user, FreeBSD Mastery: ZFS will help you simplify storage.
Master ZFS with FreeBSD Mastery: ZFS
“If you’re a FreeBSD (or Linux, or Unix) sysadmin, then you need this book.” — Slashdot, on FreeBSD Mastery: Storage Essentials
Get the book now!
Print and ebook bundle? If you buy the print from Amazon, you can get the ebook for $2.99.
Get the ebook from:
- direct from me at Tilted Windmill Press
- Gumroad (PDF, mobi, epub, no DRM, for EU customers)
- Amazon US, Amazon UK, Amazon CA, Amazon DE
- Barnes & Noble
Glen Barber at the FreeBSD Foundation made a visit to New York Internet data center, which houses some FreeBSD servers. Follow them along on their journey through the internet’s closets:
No Systems Administrators Were Harmed While Writing This Blog Entry
Mmm… Freshly-unboxed servers. There really is nothing better to wake up to in the morning.
Well, okay, coffee. But new servers – definitely second.
In late April, the FreeBSD Foundation generously purchased more machines to keep the FreeBSD.org infrastructure operating smoothly. While the new servers are not yet in production (a task the Cluster Administrators will undertake while at BSDCan in June), we have planned far in advance what we intend to do with the new hardware.
In mid-May, I spent several days at our East-Coast US colocation facility, racking, cabling, installing, and configuring the new servers.
As They Say in Real-Estate: Colocation, Colocation, Colocation
The new hardware is located at New York Internet in Bridgewater, New Jersey, who generously provides colocation services to the FreeBSD Project. They have an amazing staff, and whether we are on-site or working with them through their ticket system, are always friendly, knowledgeable, and of course, helpful.
New Hardware Specs
Mark VonFange interviews developer Kris Moore about PC-BSD 10.1.2 and what’s in store for future releases.
PC-BSD 10.1.2 has been released, so we thought we’d talk to project lead, Kris Moore, to see what’s in store!
Q: What new features and improvements are available in PC-BSD 10.1.2?
This quarterly update got a LOT of new features, partly so we would have time to really play with them before the 10.2 release later this summer. Most of them are security and privacy focused, but there are some other neat things as well. In no particular order, these are some of the best ones:
* PersonaCrypt – Our new privacy utility that offers a few cool new features.
In its default mode, it can setup your entire user $HOME directory on a geli-backed external device, such as a fast SSD Flash Stick (Using the 256GB Corsair Flash Voyager GTX here). At the login screen, you will then enter your normal user password, along with a decryption password to mount your home-directory. The GELI key is split in two, so you can “pair” the memory stick with your system, so even if the stick is stolen, and somebody gets the password, it is still worthless without the “paired” system. Another benefit of this technology is that you can bring your work with you when you travel between desktops, or jump from a desktop to laptop. I’m using it now for conferences and being on the road, since all my development work and important data is on my $HOME, meaning I can just unplug and keep working on my laptop without having to keep files in sync.
Another side of PersonaCrypt is something we call “Stealth” mode, which allows you to do a desktop login with a one-time GELI-key encrypted $HOME directory with no personal data. Think of it as privacy mode in a web-browser, but for your entire desktop session. This also plays nicely with the following new feature.
* Tor transparent proxy support
10.1.2 includes an easy way to switch between your normal internet connectivity, and “Tor” mode by clicking a single button on the system tray. In Tor mode, the firewall acts as a transparent proxy, forcing all internet traffic to be routed through the Tor network, including DNS requests. All other traffic which may expose your system on the internet is blocked. This goes a step beyond just running Tor as a browser proxy, since you can’t always trust plugins (cough *flash/java*) and other apps to behave properly.
* 4K Monitor support