blackbearnh writes "Windows has a reputation for being easily exploited by rootkits, but just because you're using Linux or BSD doesn't mean you're safe from infection. In an interview on O'Reilly's ONLamp site, Joseph Kong (author of Designing BSD Rootkits ), talks about how to build and defend against Rootkits under BSD. 'I know a lot of people who refer to rootkits and rootkit-detectors as being in a big game of cat and mouse. However, it's really more like follow the leader — with rootkit authors always being the leader. Kind of grim, but that's really how it is. Until someone reveals how a specific (or certain class of) rootkit works, nobody thinks about protecting that part of the system. And when they do, the rootkit authors just find a way around it. This is what I meant earlier when I said rootkit hunting is hard — as you really have to validate the integrity of the entire system.'"

adstro writes to quote from the BSD mailing list: "We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system."

NormalVisual writes "The mailing lists were buzzing recently when Michael Buesch, one of the maintainers for the GPL'd bc43xx Broadcom wireless chip driver project, called the OpenBSD folks to task for apparently including code without permission from his project in the OpenBSD bcw project, which aims to provide functionality with Broadcom wireless chips under that OS. It seems that the problem has been resolved for now with the BSD driver author totally giving up on the project and Theo De Raadt taking the position that Buesch's posts on the subject were 'inhuman.'" More commentary from the BSD community is over at undeadly.org.

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

An anonymous reader writes "To debug the FreeBSD kernel core dump efficiently, it is best to set up a remote debugging session between a development machine and the target machine, and remotely debug the kernel using serial communication. This article shows you how you can debug as many kernel images as you want; it becomes transparent to users once debugging starts, and your system's performance is not affected at all."

AlanS2002 writes "Groklaw is hosting an article by Brendan Scott which looks at the misconceptions surrounding the BSD license. From the article: 'We observe that there exists a broad misconception that the BSD permits the licensing of BSD code and modifications of BSD code under closed source licenses. In this paper we put forward an argument to the effect that the terms of the BSD require BSD code and modifications to BSD code to be licensed under the terms of the BSD license. We look at some possible consequences and observe that this licensing requirement could have serious impacts on the unwary.'"

AlanS2002 writes "FreeBSD 6.2 has been released to mirrors. The release notes for your specific platform are also available. FreeBSD is an advanced operating system for x86 compatible (including Pentium and Athlon), amd64 compatible (including Opteron, Athlon64, and EM64T), ARM, IA-64, PC-98, and UltraSPARC architectures. It is derived from BSD, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development."

Alan Trick writes "Flameeyes (a Gentoo/FreeBSD developer) recently came up with some serious problems among the various *BSD projects who use BSD-4 licensed code (which is all of them). Even other projects like Open Darwin may be affected.

The saga started when he discovered the license problems with libkvm and start-stop-daemon. "libkvm is a userspace interface to FreeBSD kernel, and it's licensed under the original BSD license, BSD-4 if you want, the one with the nasty advertising clause." start-stop-daemon links to libkvm, but it's licensed under the GPL which is incompatible with the advertising clause. The good new is that the University of California/Berkley has given people permission to drop the advertising clause. The bad news is that libkvm has code from many other sources and each of them needs to give their permission for the license to be changed.

At the moment, development on the Gentoo/FreeBSD is on hold and the downloads have been removed from the Gentoo mirrors."

jschauma writes "NetBSD for everyone! Lots of news regarding new NetBSD releases: On October 31st, 2005, NetBSD 2.0.3, a source-only security update of the NetBSD 2.0 release, was announced. Since many people are still somewhat confused by the new versioning scheme used in NetBSD, this release was preceeded by an explanation of the NetBSD branches. Only two days after the 2.0.3 announcement, on November 2nd, 2005, NetBSD 2.1 was released. NetBSD 2.1 is the first maintenance release of the netbsd-2 release branch, and was announced with binary distributions for 54 architectures. Primary means of distribution include bittorrent."

Saint Aardvark writes "Earlier this year, the FreeBSD people announced a competition to design a new logo. Welp, the winner has been announced, and you can check out the new logo. Congratulations to Anton K. Gural on the spiffy work!"

Cowards Anonymous writes "OpenBSD 3.8 is out. It comes with improved hardware support, some improvements to the OSPF daemon, some new RAID management tools, among many others. Even if you plan on installing via FTP, why not order a CD copy, tshirt, or poster as well? "

Barry Lyndon writes "Computerworld reports that the nightmare of windows is driving PriceWaterhouseCoopers, one of the world's largest accountancy and business consulting companies, to OpenBSD and open source in general." From the article: "'My predecessor spent too much [so] I was told not to spend any money.' When asked what argument he used to convince management to use an open source solution, Uemura said: 'They didn't have an argument because they said don't spend any money.' 'They trusted me,' he said. 'The whole office was relying on one domain controller which was dying.' Uemura said a lot of work was done 'behind the scenes'. 'My experience is that if something has to be done, just do it - don't ask! They will thank you later,' he said."

Eh-Wire writes to tell us OpenBSD Journal is reporting that OpenBSD is officially ten-years-old today. After some confusion, it was decided that 10 years ago today marked the birth of OpenBSD when Theo de Raadt committed his makefile to CVS.

UltimaGuy writes "The NetBSD Project is pleased to announce the results of its participation in Google's "Summer of Code". After Google announced this program to introduce students to the world of open source software development at the beginning of June, the NetBSD Project was happy to join the approximately 40 other open source groups as a mentoring organization and compiled a list of suggested projects. I personally think the Project tmpfs: Efficient memory file-system as the most successful one."

PrayingWolf writes "The lyrics for the OpenBSD 3.8 song "Hackers of the Lost RAID" have been released.
As always, remember to read the lefthand column for what the song is related to - this time it's about (you guessed it) RAID drivers..."

UltimaGuy writes "The FreeBSD Project has launched a new website today. The new design was created by Emily Boyd, a student at Smith College that they had the pleasure of working with through Google's Summer of Code program. The old website is also still available."

Dan writes that BSDForums is featuring and interview with FreeBSD's Scott Long. Scott fills us in on some of the new things in FreeBSD 6.0 including Apple G4 PowerMac, AMD64, and wireless compatibility. In addition to specifics Scott also abstracts on the overall snapshot of BSD development with respect to OpenBSD, NetBSD and the ongoing debate between BSD vs. Linux.

An anonymous reader writes "There's an article by Jason Miller on innovation in Unix that talks about OpenBSD's new heap protection mechanism as a major boon for security. Sounds like OpenBSD is going to be the first to support this new security method."

hubertf writes "The BSD Certification Group announced the BSD Usage Survey today (non-English version also available). 'This survey aims to collect detailed statistics on how and where BSD systems are used around the world. The survey is short- only 19 questions- and should only take a few minutes to complete. The survey covers usage of the four main BSD projects - FreeBSD, OpenBSD, NetBSD and DragonFly BSD.'"