Language Selection

English French German Italian Portuguese Spanish

BSD

Glen Barber: Statement regarding employment change and roles in the [FreeBSD] Project

Filed under
BSD

Dear FreeBSD community:

As I have a highly-visible role within the community, I want to share
some news.  I have decided the time has come to move on from my role
with the FreeBSD Foundation, this Friday being my last day.  I have
accepted a position within a prominent company that uses and produces
products based on FreeBSD.

My new employer has included provisions within my job description that
allow me to continue supporting the FreeBSD Project in my current
roles, including Release Engineering.

There are no planned immediate changes with how this pertains to my
roles within the Project and the various teams of which I am a member.

FreeBSD 11.3 and 12.1 will continue as previously scheduled, with no
impact as a result of this change.

I want to thank everyone at the FreeBSD Foundation for providing the
opportunity to serve the FreeBSD Project in my various roles, and their
support for my decision.

I look forward to continue supporting the FreeBSD Project in my various
roles moving forward.

Glen

Read more

Also: FreeBSD's Release Engineering Lead Departs The Foundation

BSD: DragonFlyBSD, ZFS vs. OpenZFS, FreeBSD Code

Filed under
BSD

OpenBSD Leftovers

Filed under
BSD
  • OpenBSD Adds Initial User-Space Support For Vulkan

    Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.

    This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.

  • SSH gets protection against side channel attacks

    Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised.

    Hopefully we can remove this in a few years time when computer architecture has become less unsafe.

  • doas environmental security

    Ted Unangst (tedu@) posted to the tech@ mailing list regarding recent changes to environment handling in doas (in -current): [...]

FreeBSD 11.3-RC2 Now Available

Filed under
BSD

The second RC build of the 11.3-RELEASE release cycle is now available.

Installation images are available for:

o 11.3-RC2 amd64 GENERIC
o 11.3-RC2 i386 GENERIC
o 11.3-RC2 powerpc GENERIC
o 11.3-RC2 powerpc64 GENERIC64
o 11.3-RC2 sparc64 GENERIC
o 11.3-RC2 armv6 BANANAPI
o 11.3-RC2 armv6 BEAGLEBONE
o 11.3-RC2 armv6 CUBIEBOARD
o 11.3-RC2 armv6 CUBIEBOARD2
o 11.3-RC2 armv6 CUBOX-HUMMINGBOARD
o 11.3-RC2 armv6 RPI-B
o 11.3-RC2 armv6 RPI2
o 11.3-RC2 armv6 PANDABOARD
o 11.3-RC2 armv6 WANDBOARD
o 11.3-RC2 aarch64 GENERIC

Note regarding arm SD card images: For convenience for those without
console access to the system, a freebsd user with a password of
freebsd is available by default for ssh(1) access.  Additionally,
the root user password is set to root.  It is strongly recommended
to change the password for both users after gaining access to the
system.

Installer images and memory stick images are available here:

    https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.3/

The image checksums follow at the end of this e-mail.

If you notice problems you can report them through the Bugzilla PR
system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing
system, use the "releng/11.3" branch.

A summary of changes since 11.3-RC1 includes:

o Updates to the ixl(4) and ixlv(4) drivers.

A list of changes since 11.2-RELEASE is available in the releng/11.3
release notes:

    https://www.freebsd.org/releases/11.3R/relnotes.html

Please note, the release notes page is not yet complete, and will be
updated on an ongoing basis as the 11.3-RELEASE cycle progresses.

=== Virtual Machine Disk Images ===

VM disk images are available for the amd64, i386, and aarch64
architectures.  Disk images may be downloaded from the following URL
(or any of the FreeBSD download mirrors):

    https://download.freebsd.org/ftp/releases/VM-IMAGES/11.3-RC2/

The partition layout is:

    ~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label)
    ~ 1 GB  - freebsd-swap GPT partition type (swapfs GPT label)
    ~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label)

The disk images are available in QCOW2, VHD, VMDK, and raw disk image
formats.  The image download size is approximately 135 MB and 165 MB
respectively (amd64/i386), decompressing to a 21 GB sparse image.

Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI
loader file is needed for qemu-system-aarch64 to be able to boot the
virtual machine images.  See this page for more information:

    https://wiki.freebsd.org/arm64/QEMU

To boot the VM image, run:

    % qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt  \
	-bios QEMU_EFI.fd -serial telnet::4444,server -nographic \
	-drive if=none,file=VMDISK,id=hd0 \
	-device virtio-blk-device,drive=hd0 \
	-device virtio-net-device,netdev=net0 \
	-netdev user,id=net0

Be sure to replace "VMDISK" with the path to the virtual machine image.

=== Amazon EC2 AMI Images ===

FreeBSD/amd64 EC2 AMIs are available in the following regions:

  eu-north-1 region: ami-091a9d377d956c519
  ap-south-1 region: ami-0fa381eb7dd65b236
  eu-west-3 region: ami-0888c48fcbc7ec3b9
  eu-west-2 region: ami-01d9ee1b7ba0aaf87
  eu-west-1 region: ami-072313e0a896f9fc3
  ap-northeast-2 region: ami-081a9854f2575823e
  ap-northeast-1 region: ami-027ab7629095b2419
  sa-east-1 region: ami-0ed1e9346b072b7fa
  ca-central-1 region: ami-0effcf973bbde0b80
  ap-southeast-1 region: ami-06fc8fd0e39f4a6e8
  ap-southeast-2 region: ami-0e68f9d80df9828aa
  eu-central-1 region: ami-042016143d5bf5261
  us-east-1 region: ami-0ad4a06d874497067
  us-east-2 region: ami-0efb20b4a888c1bd1
  us-west-1 region: ami-0b5b96c925cec68fe
  us-west-2 region: ami-0f672651aa001cc97

=== Vagrant Images ===

FreeBSD/amd64 images are available on the Hashicorp Atlas site, and can
be installed by running:

    % vagrant init freebsd/FreeBSD-11.3-RC2
    % vagrant up

=== Upgrading ===

The freebsd-update(8) utility supports binary upgrades of amd64 and i386
systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

	# freebsd-update upgrade -r 11.3-RC2

During this process, freebsd-update(8) may ask the user to help by
merging some configuration files or by confirming that the automatically
performed merging was done correctly.

	# freebsd-update install

The system must be rebooted with the newly installed kernel before
continuing.

	# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new
userland components:

	# freebsd-update install

It is recommended to rebuild and install all applications if possible,
especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 11.x.  Alternatively, the user can install misc/compat11x and
other compatibility libraries, afterwards the system must be rebooted
into the new userland:

	# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove
stale files:

	# freebsd-update install

Read more

UNIX/BSD: ADGS and "Unix-Based Environment", HAMMER vs. HAMMER2 Benchmarks (DragonFlyBSD)

Filed under
BSD
  • QF RDI's ‘Innovation Coupon’ funding initiative to support private sector

    Qatar Foundation Research, Development, and Innovation (QF RDI) has marked the launch of its new funding initiative, ‘Innovation Coupon’, by signing an agreement with its first beneficiary, ADGS – a local private sector SME that sells a suite of products that utilise artificial intelligence (AI), behavioural biometrics, and emergent behaviour.

    [...]

    ADGS is working to port its security solution from a Windows to a Unix-based environment. The ADGS team will use QF RDI’s award to employ external support in order to allow the company to continue its expansion.

  • HAMMER vs. HAMMER2 Benchmarks On DragonFlyBSD 5.6

    With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0.

Release of DragonFly BSD 5.6

Filed under
BSD
  • DragonFly BSD 5.6

    DragonFly version 5.6 brings an improved virtual memory system, updates to radeon and ttm, and performance improvements for HAMMER2.

    The details of all commits between the 5.4 and 5.6 branches are available in the associated commit messages for 5.6.0rc1 and 5.6.0.

  • DragonFlyBSD 5.6 Released With VM System, HAMMER2 In Good Shape

    DragonFlyBSD 5.6 is now available as the latest major update to this popular BSD operating system.

    DragonFlyBSD 5.6 brings the HAMMER2 file-system by default following numerous improvements this cycle to HAMMER2 to put it now in comparable/better standing than HAMMER1. HAMMER1 though remains available for those interested. I'll have out some new HAMMER2 DragonFlyBSD benchmarks shortly.

Compilers: GCC 10 and LLVM Clang 9.0

Filed under
GNU
BSD
  • GCC 10 Lands Support For Targeting TI's 32-bit PRU Processor

    New to the GCC 10 compiler code-base this week is a port for the Texas Instruments Programmable Real-Time Unit (PRU) processor found on various boards, including the likes of the BeagleBone Arm SBCs.

    The TI programmable real-time unit (PRU) is a processor on some TI boards that offers two 32-bit cores running at 200MHz. The PRU offers single-cycle I/O access and full access to the system's internal memory and peripherals. Texas Instruments has offered a proprietary toolchain for writing Assembly code to run on the PRU while now an independent developer has landed the GCC port for targeting this unique processor.

  • Clang-Scan-Deps Lands In Clang 9.0 For Much Faster Dependency Scanning

    Landing this week in the LLVM Clang 9.0 development code-base is the new clang-scan-deps tool for much faster scanning of files for dependencies compared to the traditional pre-processor based approach.

    Development of clang-scan-deps was led by Apple's compiler team and delivers up to around ten (10) times faster performance for scanning of dependencies/modules before compiling compared to the pre-processor-based scanning.

FreeBSD 11.3-RC1 Now Available

Filed under
BSD

The first RC build of the 11.3-RELEASE release cycle is now available.

Read more

Also: FreeBSD 11.3 Release Candidate Brings Different Fixes

Audiocasts/Shows: BSD Now (DragonFlyBSD/OpenBSD/NetBSD), The Linux Link Tech Show, and FLOSS Weekly

Filed under
GNU
Linux
BSD
  • Contention Reduction | BSD Now 302

    DragonFlyBSD’s kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.

  • The Linux Link Tech Show Episode 813
  • FLOSS Weekly 533: faastRuby

    faastRuby allows you to build serverless applications using functions to deploy to any cloud and scale without cold starts. You can use both Ruby and Crystal in the same appl and schedule periodic runs in plain English and Cron syntax. It allows for real-time cloud syn from your favorite code editor as well.

Ubuntu Server development summary – 11 June 2019

Filed under
Server
BSD
Ubuntu

The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list or visit the Ubuntu Server discourse hub for more discussion.

Read more

Also: DragonFlyBSD 5.6 RC1 Released With VM Optimizations, HAMMER2 By Default

Syndicate content

More in Tux Machines

Android Leftovers

One Mix Yoga 3 mini laptop demostrated running Ubuntu

If you are in interested in seeing how the Ubuntu Linux operating system runs on the new One Mix Yoga 3 mini laptop. You are sure to be interested in the new video created by Brad Linder over at Liliputing. “ I posted some notes about what happened when I took Ubuntu 19.04 for a spin on the One Mix 3 Yoga in my first-look article, but plenty of folks who watched my first look video on YouTube asked for a video… so I made one of those too.” The creators of the One Mix Yoga 3 have made it fairly easy to boot an alternative operating system simply by plugging in a bootable flash drive or USB storage device. As the mini laptop is powering up simply hit the delete key and you will be presented by the BIOS/UEFI menu. Simply change the boot priority order so that the computer will boot from a USB device and you are in business. Read more

Security: Curl, Fedora, Windows and More

  • Daniel Stenberg: openssl engine code injection in curl

    This flaw is known as CVE-2019-5443. If you downloaded and installed a curl executable for Windows from the curl project before June 21st 2019, go get an updated one. Now.

  • Fedora's GRUB2 EFI Build To Offer Greater Security Options

    In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader. GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

  • Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default

    Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions. The default OpenSSH daemon configuration file will now respect upstream's default of prohibiting passwords for root log-ins. Those wishing to restore the old behavior of allowing root log-ins with a password can adjust their SSHD configuration file with the PermitRootLogin option, but users are encouraged to instead use a public-key for root log-ins that is more secure and will be permitted still by default.

  • Warning Issued For Millions Of Microsoft Windows 10 Users

    Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions. The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them. What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer. What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

  • Update Your Dell Laptop Now to Fix a Critical Security Flaw in Pre-Installed Software

    SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.” What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload. There are concerns the flaw may affect non-Dell PCs, as well. The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here). You can read a full version of the SafeBreach Labs report here.

  • TCP SACK PANIC Kernel Vulnerabilities Reported by Netflix Researchers

    On June 17th, Researchers at Netflix have identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

  • DNS Security - Getting it Right

    This paper addresses the privacy implications of two new Domain Name System (DNS) encryption protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). Each of these protocols provides a means to secure the transfer of data during Internet domain name lookup, and they prevent monitoring and abuse of user data in this process. DoT and DoH provide valuable new protection for users online. They add protection to one of the last remaining unencrypted ‘core’ technologies of the modern Internet, strengthen resistance to censorship and can be coupled with additional protections to provide full user anonymity. Whilst DoT and DoH appear to be a win for Internet users, however, they raise issues for network operators concerned with Internet security and operational efficiency. DoH in particular makes it extremely difficult for network operators to implement domain-specific filters or blocks, which may have a negative impact on UK government strategies for the Internet which rely on these. We hope that a shift to encrypted DNS will lead to decreased reliance on network-level filtering for censorship.

Drawpile 2.1.11 release

Version 2.1.11 is now out. In addition to bug fixes, this release adds one long awaited feature: the ability to detach the chat box into a separate window. Another important change is to the server. IP bans now only apply to guest users. When a user with a registered account is banned, the ban is applied to the account only. This is to combat false positives caused by many unrelated people sharing the same IP address because of NAT. Read more Also: Drawpile 2.1.11 Released! Allow to Detach Chat Box into Separate