First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."
Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.
badger.foo writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course." From the article: " The NetFlow protocol was invented at Cisco in the early 1990s. It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions. ... On OpenBSD, various netflow sensors and collectors had been available for a while when the new network pseudo device pflow debuted in OpenBSD 4.5."
paugq writes "NuttX is a real-time operating system (RTOS) with an emphasis on standards compliance and small footprint. Scalable from 8-bit to 32-bit microcontroller environments, the primary governing standards in NuttX are POSIX and ANSI standards. Additional standard APIs from Unix and other common RTOS's (such as VxWorks) are adopted for functionality not available under these standards, or for functionality that is not appropriate for deeply-embedded environments. NuttX was first released in 2007 by Gregory Nutt under the permissive BSD license, and today the 100th release was made: NuttX 6.33. Supported platforms include ARM, Atmel AVR, x86, Z80 and others."
An anonymous reader writes "FreeBSD 10.0 has been released. A few highlights include: pkg is now the default package management utility. Major enhancements in virtualization, including the addition of bhyve, virtio, and native paravirtualized drivers providing support for FreeBSD as a guest operating system on Microsoft Hyper-V. Support for the high-performance LZ4 compression algorithm has been added to ZFS and TRIM support for SSD has been added to ZFS. clang is the default compiler. This release has official Raspberry Pi support. For a complete list of new features and known problems, please see the online release notes and a quick FreeBSD installation video is here. FreeBSD 10.0-RELEASE may be downloaded via ftp or via a torrent client that supports web seeding."
New submitter MrBingoBoingo writes "Recently it was announced here on Slashdot that OpenBSD was facing an impending shortfall that jeopardized its continued existence. A sponsorship to save OpenBSD has been announced, and it wasn't one of the usual culprits that saved OpenBSD, but a Romanian Bitcoin billionaire."
ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."
Freshly Exhumed writes "Today the OpenBSD mailing list carried a plea from Theo de Raadt for much needed financial aid for the OpenBSD foundation: 'I am resending this request for funding our electricity bills because it is not yet resolved. We really need even more funding beyond that, because otherwise all of this is simply unsustainable. This request is the smallest we can make.' Bob Beck, of the OpenBSD Foundation, added: 'the fact is right now, OpenBSD will shut down if we do not have the funding to keep the lights on.'" The electricity bill in question is $20,000 a year for build servers located in Canada.
New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."
An anonymous reader writes "DragonFlyBSD 3.6 was released [Monday] with the big new features being dports, Intel and AMD Radeon KMS kernel graphics drivers, major SMP improvements, and improved language support. Dports is the new package management system based upon the FreeBSD Ports collection and replaces pkgsrc as the default; over 20k packages are available via dports. Major SMP scaling improvements come via reducing lock contention within the kernel and other multi-core enhancements. The Intel and Radeon graphics drivers on DragonFlyBSD were ported from the FreeBSD kernel, which in turn were ported from the upstream Linux kernel."
An anonymous reader writes "The FreeBSD Foundation's annual year-end fundraising drive is currently running. Their goal this year is US$ 1M, and they're currently at US$ 427K. In 2013, the efforts that were funded were from the last drive were: Native iSCSI kernel stack, Updated Intel graphics chipset support, Integration of Newcons, UTF-8 console support, Superpages for ARM architecture, and Layer 2 networking updates. Also various conferences and summit sponsorships, as well as hardware purchases for the Project. The Foundation is a US 501(c)3 non-profit, so your donations (if in the US) are tax-deductible. Some of the larger 2013 (corporate?) sponsors so far are NetApp, LineRate, WhatsApp, and Tarsnap."
An anonymous reader writes "The release of OpenBSD 5.4 has been announced. New and notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions."
An anonymous reader writes "The FreeBSD Release Engineering Team has announced the release of FreeBSD 9.2. FreeBSD 9.2-RELEASE has ZFS TRIM SSD support, ZFS LZ4 compression support, DTrace hooks and VirtIO drivers as part of the default kernel configuration, unmapped I/O support, and numerous other minor features. FreeBSD also announced FreeBSD 10.0 Alpha 4 on the same day, which is the next major feature release of the open-source BSD operating system."
An anonymous reader writes "With the LLVM/Clang migration, FreeBSD developers have now disabled building GCC and the GNU C++ standard library (libstdc++) as part of the FreeBSD base system. GCC and libstdc++ have been superseded by LLVM's Clang and libc++, respectively, on primary architectures for FreeBSD 10.0." You can still flip a few switches to get GCC, but the system compiler will still be clang. Update: 09/11 14:50 GMT by U L : Reader Noryungi noted that the What's Cooking for FreeBSD 10 page is also worth a look, adding "I have to say, this is shaping up to be a very interesting release. Bhyve [the BSD hypervisor], in particular, sounds very promising."
An anonymous reader writes "There's some good news if you use NVIDIA graphics on (Ubuntu) Linux or FreeBSD with their binary graphics driver: the OpenGL performance is comparable to Windows 8. Unfortunately, that's not the same for Intel graphics and AMD doesn't even offer a Catalyst driver for FreeBSD. FreeBSD offers a binary Linux compatibility layer to run games at the same (or better) performance as Linux, but unfortunately it's capped to running Linux x86 binaries and NVIDIA is the only GPU vendor with proper BSD graphics driver support."
New submitter transam writes "After a long stint at Apple doing all kinds of Unix-y goodness, Jordan Hubbard has moved onto iXsystems to lead engineering and development, including heading up the FreeNAS project. Apple's loss is their gain."
An anonymous reader writes "The FreeBSD project has begun the process of making it possible for the operating system to run alongside Windows 8 on a computer which has secure boot enabled." Linux distros have taken to using a minimal loader, signed by Microsoft, to enable booting on UEFI systems with secure boot. "Indeed we will likely take the Linux shim loader, put our own key in it, and then ask Microsoft to sign it," says developer Marshall McKusick in the linked IT Wire article. "Since Microsoft will have already vetted the shim loader code, we hope that there will be little trouble getting them to sign our version for us."
jones_supa writes "This discovery comes nicely alongside the celebration of FreeBSD's 20th birthday, for all the UNIX nerds. The operating system powering the PlayStation 4 is Orbis OS, which is a Sony spin of FreeBSD 9.0. It's not a huge surprise FreeBSD is being used over Linux, in part due to the more liberal licensing. The PlayStation 4 is x86-64 based now rather than Cell-based, which makes it easier to use FreeBSD. BSDs in general currently lack manufacturer supported full-feature AMD graphics driver, which leads to the conclusion that Sony and AMD have likely co-developed a discrete driver for the PS4. Some pictures of the development kit boot loader (GRUB) have been published too."
mbadolato writes "FreeBSD celebrates its 20th birthday this week. On 19 June 1993, David Greenman, Jordan Hubbard and Rod Grimes announced the creation of their new fork of the BSD 4.3 operating system, and its new name: FreeBSD." And in the time since then, FreeBSD hasn't exactly stood still; it's spawned numerous other projects (like DragonFly BSD and PC-BSD), as well as served as the basis for much of Mac OS X; there's even a Raspberry Pi build.
Five years ago today, reader J.J. Ramsey asked what's keeping you off Windows (itself a followup to this question about the opposite situation). With five years of development time gone by for Windows as well as all the alternative OSes, where does Windows stand for you today? (Is it the year of Linux on the Desktop yet?)
kthreadd writes "The FreeBSD project has released version 8.4 of the free operating system with the same name. Highlights of this version include GNOME 2.32.1, KDE 4.10.1. In this release, focus has been put on improving stability and storage capability. The ZFS filesystem has been updated to support feature flags for ZFS pools, asynchronous destruction of ZFS datasets, LZ4 compression and ZIO NOP-write optimization. Also, support has been added for all shipping LSI storage controllers."
Madwand writes "The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vibrant international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection."
An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."
An anonymous reader writes "DragonFly BSD has released version 3.4. This version is the first BSD to support GCC 4.7, and contains a new experimental Aptitude-like binary package installed called DPorts, which uses the FreeBSD ports collection as a base."
Professor_Quail writes "Following a successful 2012 fundraising campaign, the FreeBSD Foundation is soliciting the submission of project proposals for funded development grants. Proposals may be related to any of the major subsystems or infrastructure within the FreeBSD operating system, and will be evaluated based on desirability, technical merit, and cost-effectiveness. The proposal process is open to all developers (including non-FreeBSD committers), and the deadline for submitting a proposal is April 26th, 2013." The foundation is currently funding a few other projects, including UEFI booting support.
An anonymous reader writes "NetBSD 7.0 will support the Lua scripting language within its kernel for developing drivers and new sub-systems. A Lua scripting interpreter is being added to the NetBSD kernel along with a kernel API so developers can use this scripting language rather than C for developing new BSD kernel components. Expressed reasons for supporting a scripting language in a kernel were rapid application development, better configuration, and "modifying software written in C is hard for users." In a presentation it was said that Lua in the kernel will let users explore their system in an easy way."
badger.foo writes "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column." For others keeping track, have you seen many such attempts?
An anonymous reader writes "NetBSD developer Julian Djamil Fagir provides a nice briefing on what the big three BSD projects have been working on, and explains/reminds us of their cultural differences. Stick a fork in them? Yes, Djamil Fagir mentions a couple of those, too. The recent releases from FreeBSD and NetBSD were covered by Slashdot."
An anonymous reader writes "The Arch Linux distribution has been modified to run off the FreeBSD 9.0 kernel as an alternative to using Linux. The developer of Arch BSD explained his reasoning as enjoying FreeBSD while also liking the Arch Linux philosophy of a 'fast, lightweight, optimized distro,' so he sought to combine the two operating systems to have FreeBSD at its core while being encircled by Arch. The Arch BSD initiative is similar to Debian GNU/kFreeBSD."
tearmeapart writes "The teams at FreeBSD have reached another great achievement with FreeBSD 9.1, with improvements to the already fantastic zfs features, more VM improvements (helping bringing FreeBSD to the next generation of VMs), and improvements in speed to many parts of the network system. Support FreeBSD via the FreeBSD mall or download/upgrade FreeBSD from a mirror. Unfortunately, the torrent server is still down due to the previous security incident." And new submitter northar writes "The other day the NetBSD project released their first update to the 6.x series, 6.0.1. They also (rather discreetly) announced a fund drive targeting 60.000 USD before the end of 2012 in the release notes. They better get going if their donation page is anything like recently updated."
mbadolato writes "On December 9, 2012, Slashdot reported that the FreeBSD Foundation was falling short of their 2012 goal of $500,000 by nearly 50%. For all of those that continued to echo about how FreeBSD is dying, it's less than three weeks later and the total is presently nearing $200,000 OVER the goal. Netcraft continues to be wrong." And reader hypnosec adds another crowdfunding success story: "The Wikimedia Foundation has announced at the conclusion of its ninth annual fund-raiser that it has managed to raise a whopping $25 million from 1.2 million donors in just over a week's time. ... As compared to last year's fund-raiser, which got completed in 46 days, this year's was completed in just nine days."
TrueSatan writes "Perhaps a sign of our troubled times or a sign that FreeBSD is becoming less relevant to modern computing needs: the FreeBSD project has sought $500,000 by year end to allow it to continue to offer to fund and manage projects, sponsor FreeBSD events, Developer Summits and provide travel grants to FreeBSD developers. But with the end of this year fast approaching, it has raised just over $280,000, far short of its target."
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans have been found, but rather because the project has not yet been able to confirm that they could not exist. Apparently initial access was via a stolen SSH key, but fortunately the project's clusters were partitioned so that the effects were limited. The announcement contains more detailed information — and we are left wondering, would proprietary companies that get broken into so forthcoming? Should they be?"
An anonymous reader writes "Brooks Davis has announced that the FreeBSD Project has now officially switched to Clang/LLVM as C/C++ compiler. This follows several years of preparation, feeding back improvements to the Clang and LLVM source code bases, and nightly builds of FreeBSD using LLVM over two years. Future snapshots and all major FreeBSD releases will ship compiled with LLVM by default!"
An anonymous reader writes "Dragonfly BSD recently announced the release of version 3.2 of their operating system. Improvements include: USB4BSD, a second-generation USB stack; merging of a GSoC project to provide CPU topology awareness to the scheduler, giving a nice boost for hyperthreading Intel CPUs; and last but not least, a new largely rewritten scheduler. Some background is in order for the last one. PostgreSQL 9.3 will move from SysV shared memory to mmap for its shared memory needs. It turned out that the switch much hurts its performance on the BSDs. Matthew Dillon was fast to respond with a search for bottlenecks and got the performance up to par with Linux."
An anonymous reader writes "ACM Queue interviews Cambridge researcher (and FreeBSD developer) Robert Watson on why processor designs need to change in order to better support security features like Capsicum — and how they change all the time (RISC, GPUs, etc). He also talks about the challenge of building a research team at Cambridge that could actually work with all levels of the stack: CPU design, operating systems, compilers, applications, and formal methods. The DARPA-sponsored SRI and Cambridge CTSRD project is building a new open source processor that can support orders of magnitude greater sandboxing than current designs."
New submitter Madwand sends this quote from the NetBSD Project's announcement that NetBSD 6.0 has been released: "Changes from the previous release include scalability improvements on multi-core systems, many new and updated device drivers, Xen and MIPS port improvements, and brand new features such as a new packet filter. Some NetBSD 6.0 highlights are: support for thread-local storage (TLS), Logical Volume Manager (LVM) functionality, rewritten disk quota subsystem, new subsystems to handle flash devices and NAND controllers, an experimental CHFS file system designed for flash devices, support for Multiprotocol Label Switching (MPLS) protocol, and more. This release also introduces NPF — a new packet filter, designed with multi-core systems in mind, which can do TCP/IP traffic filtering, stateful inspection, and network address translation (NAT)."
With the goal of bringing more experimental development to the OpenBSD code base, a few developers have announced a fork named Bitrig. According to their FAQ, Bitrig aims to build a small system targeting only modern hardware and "be a very commercially friendly code base by using non-viral licenses where possible." Their first step toward that goal was removing GCC in favor of LLVM/Clang. The project roadmap shows their future goals as adding FUSE support, improving multiprocessing, porting the system to ARM, and replacing the GNU C++ library with LLVM's.
An anonymous reader writes "Shared in last quarter's FreeBSD status report are developer plans to have LLVM/Clang become the default compiler and to deprecate GCC. Clang can now build most packages and suit well for their BSD needs. They also plan to have a full BSD-licensed C++11 stack in FreeBSD 10." Says the article, too: "Some vendors have also been playing around with the idea of using Clang to build the Linux kernel (it's possible to do with certain kernel configurations, patches, and other headaches)."
An anonymous reader writes "Today the 5.1 release of OpenBSD has surfaced. As usual, it includes improved hardware support, but also OpenSSH 6.0 and over 7000 ports, with major performance and stability improvements in the package build process (and some really cool stickers). Here's the changelog, the download page, and the CD-ordering page. "
An anonymous reader writes "Matt Dillon of DragonFly BSD just announced that AMD confirmed a CPU bug he found. Matt quotes part of the mail exchange and it looks like 'consecutive back-to-back pops and (near) return instructions can create a condition where the processor incorrectly updates the stack pointer.' The specific manifestations in DragonFly were random segmentation faults under heavy load."
An anonymous reader writes "MINIX 3.2.0 was released today (alternative announcement). Lots of code has been pulled in from NetBSD, replacing libc, much of the userspace and the bootloader. This should allow much more software to be ported easily (using the pkgsrc infrastructure which was previously adopted) while retaining the microkernel architecture. Also Clang is now used as a default compiler and ELF as the default binary format, which should allow MINIX to be ported to other architectures in the near future (in fact, they are currently looking to hire someone with embedded systems experience to port MINIX to ARM). A live CD is available." The big highlight is the new NetBSD based userland — it replaces the incredibly old fashioned and limited Minix userland. There's even experimental SMP support. Topping it all off, the project switched over to git which would make getting involved in development a bit easier for the casual hacker.
An anonymous reader writes with word of the release earlier this week, after eight months of development, of DragonFly BSD 3.0. The release includes improved scalability through finer-grained locking, improvements to the HAMMER file system in low-memory configurations, and a TrueCrypt-compatible disk encryption system. DragonFly is an installable system, but it can also be run live from CD, DVD, or USB key.
An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.
ReeceTarbert writes "VirtualBSD 9.0 is a desktop-ready FreeBSD 9.0-RELEASE built around the XFCE Desktop Environment for good aesthetics and usability, and is distributed as a VMware appliance (that can also be made to work with VirtualBox) so even non techies can be up and running in minutes. The most common applications, plugins and multimedia codecs are ready since the first boot and chances are that you'll find VirtualBSD very functional right out of the box. However, it should be noted that VirtualBSD is more a technology demonstrator than a fully fledged distribution, therefore is squarely aimed at people that heard about FreeBSD but have never tried it, didn't have enough time to build the system from scratch, or have since moved to a different OS but still need their FreeBSD fix from time to time."
PuceBaboon writes "It's worth noting that, in addition to the main FreeBSD release covered here recently, PC-BSD has also released their 'Isotope' edition, based on FreeBSD 9.0. Why would you be interested? Well, PC-BSD, while not the first, is certainly the most current version of FreeBSD aimed squarely at the desktop user. Pre-configured for the desktop and using a graphical installer, the 9.0 release includes KDE, GNOME, XFCE and LXDE desktop environments, an update manager, WiFi 'quick connect,' BootCamp support and auto-configuration for most common hardware. Live-CD, VirtualBox and VMware release images for 32- and 64-bit architectures also make it easier than ever for users to test the release before committing to a full install. Check out the torrents (scroll down), main download page and the PC-BSD 9.0 manual pages."
An anonymous reader writes "FreeBSD 9.0 has been released. A few highlights include: A new installer, bsdinstall(8) has been added and is the installer used by the ISO images provided as part of this release, The Fast Filesystem now supports softupdates journaling, and Kernel support for Capsicum Capability Mode, an experimental set of features for sandboxing support."
An anonymous reader points out an interesting, detailed interview with Andrew Tanenbaum at Linuxfr.org; Tanenbaum holds forth on the current state of MINIX, licensing decisions, and the real reason he believes that Linux caught on just when he "thought BSD was going to take over the world." ("I think Linux succeeded against BSD, which was a stable mature system at the time simply because BSDI got stuck in a lawsuit and was effectively stopped for several years.")