Language Selection

English French German Italian Portuguese Spanish

BSD

BSD: FreeBSD Development News and BSD Now 294

Filed under
BSD
  • CFT for FreeBSD + ZoL

    We're pleased to make available images allowing testing of FreeBSD using ZFS on Linux. During this development cycle, the ZoL code has been made portable, and available in the ports tree as sysutils/zol and sysutils/zol-kmod, for userland/kernel bits respectively. While some have used these for testing, we felt it necessary to generate some installation images which are an easier method of getting up and started using ZoL. These images are built against FreeBSD 12-stable and 13-HEAD and will install a world / kernel with the base system ZFS disabled and the sysutils/zol ports pre-installed.

    It is possible to these with both UFS or ZFS on root, and we're looking for feedback on any stability issues or other regressions that you see vs the legacy ZFS in base.

  • FreeBSD Images Reworked With ZFS On Linux Code Up For Testing

    Last year FreeBSD developers decided to re-base their ZFS file-system code based on the "ZFS On Linux" port rather than the Illumos source tree where they originally had been acquiring the support for this BSD. There's now FreeBSD 12 and FreeBSD 13/Head images available for testing of this re-worked ZFS file-system support.

    Kris Moore of iXsystems has been involved in this large undertaking to get the FreeBSD ZFS code re-based over ZoL. They are still working on this big effort but have now spun some FreeBSD 12-STABLE and 13-HEAD installation images for those easily wanting to test out this ZoL'ed FreeBSD.

  • The SSH Tarpit | BSD Now 294

    A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more.

OpenSSH 8.0 released

Filed under
Security
BSD

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Read more

GhostBSD 19.04 Release Switches To LightDM, Based On FreeBSD 13.0-CURRENT

Filed under
BSD

With TrueOS (formerly PC-BSD) shifting away from its desktop FreeBSD focus, the GhostBSD project remains one of the nice "desktop BSD" operating system offerings. GhostBSD 19.04 is now available in MATE and Xfce desktop spins.

GhostBSD 19.04 is based on FreeBSD 13.0-CURRENT while officially using the MATE desktop but also providing a community Xfce desktop image. GhostBSD 19.04 switches to LightDM as its display/log-in manager, supports ZFS now when using the MBR mode in the installer, drops gksu, and has a number of bug fixes especially to its installer among other packages.

Read more

Also: t2k19 Hackathon Report: Stefan Sperling on 802.11? progress, suspend/resume and more

BSD, GNU and SUSE Events

Filed under
GNU
OSS
SUSE
BSD
  • t2k19 Hackathon Report: Ken Westerback on dhclient, disklabel, and more
  • Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone

    This year’s edition of LibrePlanet went on so well, we had people stopping by to ask questions before the conference was open for the day.

    Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

    The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

  • SUSECON – Cloud Talkin’

    With over 1,000 attendees from 45 different countries, SUSECON was a truly global affair with a uniquely country twist.

NetBSD's New Hypervisor and GhostBSD 19.04 RC4

Filed under
BSD

WireGuard Snapshot `0.0.20190406` Available

Filed under
Software
Security
BSD

Hello,

A new snapshot, `0.0.20190406`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * allowedips: initialize list head when removing intermediate nodes
  
  Fix for an important regression in removing allowed IPs from the last
  snapshot. We have new test cases to catch these in the future as well.
  
  * wg-quick: freebsd: rebreak interface loopback, while fixing localhost
  * wg-quick: freebsd: export TMPDIR when restoring and don't make empty
  
  Two fixes for FreeBSD which have already been backported into ports.
  
  * tools: genkey: account for short reads of /dev/urandom
  * tools: add support for Haiku
  
  The tools now support Haiku! Maybe somebody is working on a WireGuard
  implementation for it?
  
  * tools: warn if an AllowedIP has a nonzero host part
  
  If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
  will now print a warning. Even though we mask this automatically down to
  192.168.1.0/24, usually when people specify it like this, it's a mistake.
  
  * wg-quick: add 'strip' subcommand
  
  The new strip subcommand prints the config file to stdout after stripping
  it of all wg-quick-specific options. This enables tricks such as:
  `wg addconf $DEV <(wg-quick strip $DEV)`.
  
  * tools: avoid unneccessary next_peer assignments in sort_peers()
  
  Small C optimization the compiler was probably already doing.
  
  * peerlookup: rename from hashtables
  * allowedips: do not use __always_inline
  * device: use skb accessor functions where possible
  
  Suggested tweaks from Dave Miller.
  
  * qemu: set framewarn 1280 for 64bit and 1024 for 32bit
  
  These should indicate to us more clearly when we cross the most strict stack
  thresholds expected when using recent compilers with the kernel.
  
  * blake2s: simplify
  * blake2s: remove outlen parameter from final
  
  The blake2s implementation has been simplified, since we don't use any of the
  fancy tree hashing parameters or the like. We also no longer separate the
  output length at initialization time from the output length at finalization
  time.
  
  * global: the _bh variety of rcu helpers have been unified
  * compat: nf_nat_core.h was removed upstream
  * compat: backport skb_mark_not_on_list
  
  The usual assortment of compat fixes for Linux 5.1.

This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, Samuel 
Neves, Bruno Wolff III, and Alexander von Gluck IV.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.xz
  SHA2-256: 2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b
  BLAKE2b-256: 787a01fa3d6a800d7376a04ff57dd16d884a7d3cb99d2f91bfc59895ab759200

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld

Read more

Also: New WireGuard Snapshot Offers FreeBSD Fixes, Other Tweaks

LLVM Clang 9.0 Adds "-ftime-trace" To Produce Useful Time Trace Profiling Data

Filed under
Development
BSD

LLVM has merged a very useful feature for the Clang 9.0 release this autumn: the -ftime-trace feature allows producing time trace profiling data in a friendly format that is useful for developers to better understand where the compiler is spending most of its time and other areas for improvement.

Clang has already supported -ftime-report for printing time summaries for each stage of the compilation process while -ftime-trace yields much more useful data. The output of -ftime-trace is JSON-based profiling outputs that can be loaded into Chrome's chrome://tracing visualizer. This data shows how much time LLVM/Clang is spending on compiling each file, down to the function granularity.

Read more

DragonFlyBSD Receives Initial FUSE Port For File-Systems In User-Space

Filed under
BSD

Tomohiro Kusumi has contributed an initial FUSE implementation to DragonFlyBSD for implementing file-systems in user-space support.

The design is based roughly on FreeBSD code but is a cleanly written implementation for allowing user-space file-systems to work on this BSD. This initial FUSE support isn't designed to be API/ABI compatible with the FreeBSD code due to different sysctls and other factors.

Read more

BSD Leftovers

Filed under
BSD

Release of HardenedBSD 1200058.4 and BSD Now 290

Filed under
BSD
Syndicate content

More in Tux Machines

Audiocasts/Shows: Linux in the Ham Shack and Linux Headlines

  • LHS Episode #302: The End of Kenwood

    Welcome to Episode 302 of Linux in the Ham Shack. In this short topic episode, the hosts discuss the potential end of Kenwood in the amateur radio market, emcom in Montucky, Storm Area 51, HF on satellites, a huge update for PulseAudio, the Linux 5.3 kernel and much more. Thank you for listening and have a fantastic week.

  • 09/19/2019 | Linux Headlines

    Fresh init system controversy at the Debian project, a more scalable Samba, and a big release for LLVM. Plus GitHub's latest security steps and a new version of OBS Studio.

Android Leftovers

When Diverse Network ASICs Meet A Unifying Operating System

And it has also been a decade since switch upstart Arista Networks launched its Extensible Operating System, or EOS, which is derived from Linux. [...] The cross-platform nature of ArcOS, coupled with its ability to run in any function on the network, could turn out to be the key differentiator. A lot of these other NOSes were point solutions that could only be deployed in certain parts of the network, and that just creates animosity with the incumbent vendors that dominate the rest of the networking stack. Given the mission-critical nature of networking in the modern datacenter, it costs a great deal to qualify a new network operating system, and it can take a lot of time. If ArcOS can run across more platforms, qualify faster, and do more jobs in the network, then, says Garg, it has a good chance of shaking up switching and routing. “That totally changes the business conversation and the TCO advantages that we can bring to a customer across the entirety of their network.” Read more

Server: Kubernetes/OpenShift, OpenStack, and Red Hat's Ansible

  • 9 steps to awesome with Kubernetes/OpenShift presented by Burr Sutter

    Burr Sutter gave a terrific talk in India in July, where he laid out the terms, systems and processes needed to setup Kubernetes for developers. This is an introductory presentation, which may be useful for your larger community of Kubernetes users once you’ve already setup User Provisioned Infrastructure (UPI) in Red Hat OpenShift for them, though it does go into the deeper details of actually running the a cluster. To follow along, Burr created an accompanying GitHub repository, so you too can learn how to setup an awesome Kubernetes cluster in just 9 steps.

  • Weaveworks Named a Top Kubernetes Contributor

    But anyone who knows the history of Weaveworks might not be too surprised by this. Weaveworks has been a major champion of Kubernetes since the very beginning. It might not be too much of a coincidence that Weaveworks was incorporated only a few weeks after Kubernetes was open sourced, five years ago. In addition to this, the very first elected chair of the CNCF’s Technical Oversight Committee, responsible for technical leadership to the Cloud Native Foundation was also headed up by our CEO, Alexis Richardson(@monadic) (soon to be replaced by the awesome Liz Rice (@lizrice) of Aqua Security).

  • Improving trust in the cloud with OpenStack and AMD SEV

    This post contains an exciting announcement, but first I need to provide some context! Ever heard that joke “the cloud is just someone else’s computer”? Of course it’s a gross over-simplification, but there’s more than a grain of truth in it. And that raises the question: if your applications are running in someone else’s data-centre, how can you trust that they’re not being snooped upon, or worse, invasively tampered with?

  • Red Hat OpenStack Platform 15 Enhances Infrastructure Security and Cloud-Native Integration Across the Open Hybrid Cloud

    Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat OpenStack Platform 15, the latest version of its highly scalable and agile cloud Infrastructure-as-a-Service (IaaS) solution. Based on the OpenStack community’s "Stein" release, Red Hat OpenStack Platform 15 adds performance and cloud security enhancements and expands the platform’s ecosystem of supported hardware, helping IT organizations to more quickly and more securely support demanding production workloads. Given the role of Linux as the foundation for hybrid cloud, customers can also benefit from a more secure, flexible and intelligent Linux operating system underpinning their private cloud deployments with Red Hat Enterprise Linux 8.

  • Red Hat Ansible Automation Accelerates Past Major Adoption Milestone, Now Manages More Than Four Million Customer Systems Worldwide

    Red Hat, Inc., the world's leading provider of open source solutions, today announced that more than four million customer systems worldwide are now automated by Red Hat Ansible Automation. Customers, including Energy Market Company, Microsoft, Reserve Bank of New Zealand and Surescripts all use Red Hat Ansible Automation to automate and orchestrate their IT operations, helping to expand automation across IT stacks. According to a blog post by Chris Gardner with Forrester Research, who was the author of The Forrester Wave™: Infrastructure Automation Platforms, Q3 2019, "Infrastructure automation isn’t just on-premises or the cloud. It’s at the edge and everywhere in between."1 Since its launch in 2013, Red Hat Ansible Automation has provided a single tool to help organizations automate across IT operations and development, including infrastructure, networks, cloud, security and beyond.