Language Selection

English French German Italian Portuguese Spanish

BSD

OpenBSD 6.0 - an exercise in precision

Filed under
Reviews
BSD

The OpenBSD project is well known for its strong focus on security and for its precise documentation. The OpenBSD operating system generally gives preference to security and properly behaving software over features. OpenBSD is lightweight, sparse and relatively locked down by default. This makes the platform particularly popular among administrators who need a firewall or other minimal and stable platform.

OpenBSD 6.0 introduces many small changes and a handful of important ones. Looking through the release notes we find support for the VAX platform has been dropped. There have been several security updates to the OpenSSH secure shell service. Perhaps one of the more interesting security features in the operating system is strict enforcement of W^X: "W^X is now strictly enforced by default; a program can only violate it if the executable is marked with PT_OPENBSD_WXNEEDED and is located on a file system mounted with the wxallowed mount option. Because there are still too many ports which violate W^X, the installer mounts the /usr/local file system with wxallowed. This allows the base system to be more secure as long as /usr/local is a separate file system. If you use no W^X violating programs, consider manually revoking that option."

I decided to play with the 64-bit x86 build of OpenBSD which is 226MB in size. Booting from this ISO presents us with a text console where we are asked if we would like to install OpenBSD, upgrade an existing copy of the operating system or perform an auto-install. I chose to perform a normal installation.

Read more

Also: OpenBSD and NetBSD machines at Open Source Conference 2016 Nagaoka

FreeBSD 11.0 Comes Up Short In Ubuntu 16.04 vs. macOS Sierra Benchmarks

Filed under
Graphics/Benchmarks
BSD
Ubuntu

Yesterday I published some macOS 10.2 vs. Ubuntu 16.04 LTS benchmarks from a Mac Mini and MacBook Air systems. For those curious if BSDs can outperform macOS Sierra on Apple hardware, I tested the MacBook Air with FreeBSD 11.0 compared to the Linux and macOS results on that Core i5 system. Here are those results.

Read more

FreeBSD Delaaays and OpenBSD Founder Theo de Raadt Upset

Filed under
BSD
  • FreeBSD 11.0-RELEASE Needs To Be Respun Due To Security Issues

    The delayed FreeBSD 11.0 release just suffered another last-minute set-back. While "FreeBSD 11.0-RELEASE images" were distributed to FTP mirrors and the official announcement expected today, these images need to be re-spun to contain some security fixes and thus pushing back the official release.

    Glen Barber noted today on the mailing list, "Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to include in the final release."

  • FreeBSD 11.0 Operating System Lands October 5 Due to Last-Minute Security Issues

    A few minutes ago, Glen Barber informed the FreeBSD community that they should not hurry and install the ISO images of the FreeBSD 11.0 operating system made available a few days ago on the official FTP mirrors.

    These images aren't safe to use and contain various security vulnerabilities that need to be fixed before the FreeBSD Project will officially unveil the final release of the FreeBSD 11.0 operating system in the coming days. According to the release schedule, FreeBSD 11.0 should hit the streets later today, September 29, 2016.

    However, until then the FreeBSD development team is hard at work patching those nasty security issues and rebuilding the final ISO images, which will be made available on the respective FTP mirrors later today as FreeBSD 11.0-RELEASE-p1. If you're already running FreeBSD 11.0-RELEASE, you will soon be provided with instructions to safely update your system

  • OpenBSD Founder Calling For LLVM To Face A Cataclysm Over Its Re-Licensing

    For over one year there's been talk of LLVM pursuing a mass relicensing from its University of Illinois/NCSA Open Source License, which is similar to the three-clause BSD license, to the Apache 2.0 license with explicit mention of GPLv2 compatibility. As mentioned in that aforelinked article, this re-licensing is moving ahead.

FreeBSD 11.0 Final Release ISO Images Available For Download

Filed under
BSD

The Final Release of FreeBSD 11.0 is scheduled for Wednesday, September 28, 2016. However, the release builds have started to appear on FreeBSD’s FTP mirrors and you can download the final ISO right now.

Read more

FreeBSD 11.0 Gets One Last Release Candidate Build, Final Version Is Coming Soon

Filed under
BSD

FreeBSD's Glen Barber announced the other day that the third, and hopefully the last Released Candidate (RC) build of the upcoming FreeBSD 11.0 operating system is now available for public testing.

Read more

FreeBSD 11.0 RC3

Filed under
BSD

BSD Leftovers

Filed under
BSD

Trying Out Eight BSDs On A Modern PC: Some Are Smooth, Others Troublesome

Filed under
BSD

Following the seven-way Linux distribution benchmark comparison published earlier this week, on the same system I set out to test a variety of BSD distributions on the same system and ultimately benchmark their out-of-the-box performance too. Those performance benchmark results will be published later this week while today were a few remarks I wanted to share when trying out TrueOS, DragonFlyBSD, GhostBSD, FreeBSD, OpenBSD, NetBSD, MidnightBSD, and PacBSD (Arch BSD) on this modern Intel Xeon system.

All of my testing was done on an Intel Xeon E5-2509 v4 Broadwell-EP system with MSI X99A WORKSTATION motherboard, NVIDIA GeForce GTX TITAN X, 16GB of DDR4 memory, and an OCZ TRION 150 120GB SATA 3.0 SSD. With the seven Linux distributions tested in recent days they all worked fine on the system: Ubuntu, Clear Linux, Scientific Linux, openSUSE Tumbleweed, Fedora, Antergos, and Sabayon Linux.

Below are my various brief remarks when testing the different BSDs on this Intel Xeon system. These are my thoughts with admittedly being a Linux enthusiast while just touching BSD, Solaris, and others only on a semi-frequent basis. I am by no means a diehard "Linux fan boy" and have no fundamental objections to BSD, I simply prefer the operating system that best fits my needs and for benchmarking where I can get my tests done in a reliable, reproducible, and timely manner. I at least prefer my operating systems have a clean and quick install process with sane defaults; working generally ~100 hour weeks, I don't have time in 2016 if an OS cannot easily install and boot properly on a modern PC. I enjoy testing out the various BSDs and have no strong bias to any of them. This is the largest BSD testing comparison I've done in the past 12 years on Phoronix at the same time and on the same hardware.

Read more

FreeBSD Now Has A Port For CentOS 7 Binary Support

Filed under
Red Hat
BSD

We've known for a while that FreeBSD has been working on a CentOS 7 compatibility layer while now that work has finally landed in FreeBSD ports.

As of yesterday, linux_base-c7 landed in ports for installing the CentOS 7 base packages. This will allow running newer Linux binaries built for modern CentOS/RHEL 7 era systems on FreeBSD, assuming the source isn't available or isn't compatible natively with FreeBSD. Previously CentOS 6 was the default port used for this Linux binary compatibility with FreeBSD.

Read more

BSD Leftovers

Filed under
BSD
  • Revisiting W^X with OpenBSD 6.0

    OpenBSD 6.0 was released today, and with it some exciting new security features. From my perspective, the chief among them is the technical enforcement of W^X in user-land. Since moving to a technical control rather than a policy statement for enforcing executable space protection was a result of discussions caused by my last blog post on the situation, I’m very excited about this development and thought that giving a demonstration and discussion would be in order. (In the spirit of not putting the headline on Page 1 and the retraction on Page 11, hopefully BSDNow will cover this as well).

  • OpenBSD 6.0 : why and how

    The only operating system I use on my computers is not Mac, not Windows, and not even Linux. It's OpenBSD, and I love it so much.

    Since OpenBSD 6.0 was released today, I figured I should say a little something about why I love it, and how you can try it.

  • PC-BSD Evolves into TrueOS

    We are proud to announce that the PC-BSD project has evolved into TrueOS: a modern, cutting-edge distribution of FreeBSD focused on security, simplicity, and stability for desktops, servers, and beyond! TrueOS harnesses the best elements of PC-BSD, combines it with security technologies from OpenBSD, and layers it on top of FreeBSD to provide a complete system for modern machines.

Syndicate content

More in Tux Machines

Leftovers: OSS and Sharing

  • Lenovo Cloud Director: Open Source Technologies Are The Glue That Binds The Hybrid Cloud
    Hardware giant Lenovo is banking on a future where both public and private clouds are critical in driving IT innovation, and the glue binding those hybrid environments is mostly open source technologies. Dan Harmon, Lenovo's group director of cloud and software-defined infrastructure, encouraged solution providers attending the NexGen Cloud Conference & Expo on Wednesday to explore opportunities to engage Lenovo as its products stock the next generation of cloud data centers. Both public and private clouds are growing rapidly and will dominate the market by 2020, Harmon told attendees of the conference produced by CRN parent The Channel Company.
  • Cloudera Ratchets Up its Training for Top Open Source Data Solutions
    Recently, we've taken note of the many organizations offering free or low cost Hadoop and Big Data training. MIT and MapR are just a couple of the players making waves in this space. Recently, Cloudera announced a catalog of online, self-paced training classes covering the company's entire portfolio of industry-standard Apache Hadoop and Apache Spark training courses. The courses, according to Cloudera, allow you to learn about the latest big data technologies "in a searchable environment anytime, anywhere." Now, Cloudera has announced an updated lineup of training courses and performance-based certification exams for data analysts, database administrators, and developers. The expanded training offerings address the skills gap around many top open source technologies, such as Apache Impala (incubating), Apache Spark, Apache Kudu, Apache Kafka and Apache Hive.
  • Netflix’s open-source project Hollow, NVIDIA’s deep learning kits for educators, and new IBM Bluemix integrations—SD Times news digest: Dec. 6, 2016
  • Open governance enhances the value of land use policy software
    In December 2015, the COP21 Paris Agreement saw many countries commit to reducing greenhouse gas emissions through initiatives in the land sector. In this context, emissions estimation systems will be key in ensuring these targets are met. Such solutions would not only be capable of assessing past trends but also of supporting target setting, tracking progress and helping to develop scenarios to inform policy decisions.
  • Blender Institute collaborate with Lulzbot in the name of open source
    Blender Institute, a platform for 3D design and animation, are collaborating with Lulzbot 3D printers. This project a continuation of Lulzbot and Blender Institute’s approach to open source and aimed at enhancing collaboration. The Blender Institute in Amsterdam, the Netherlands, is an important figure in the Free and Open Source Software community (FOSS). Providing open source design tool software for 3D movies, games, and visual effects. While Lulzbot, a product line of Aleph Objects take an open source approach to hardware through their 3D printers.
  • Bluetooth 5 Specification Released

Remembering Linux Installfests

Ah, yes. I remember the good old days when you had to be a real man or woman to install Linux, and the first time you tried you ended up saying something like “Help!” or maybe “Mommmmyyyyy!” Really, kids, that’s how it was. Stacks of floppies that took about 7,000 hours to download over your 16 baud connection. Times sure have changed, haven’t they? I remember Caldera advertising that their distribution autodetected 1,500 different monitors. I wrote an article titled “Monitor Number 1501,” because it didn’t detect my monitor. And sound. Getting sound going in Linux took mighty feats of systemic administsationish strength. Mere mortals could not do it. And that’s why we had installfests: so mighty Linux he-men and she-women could come down from the top of Slackware Mountain or the Red Hat Volcano and share their godlike wisdom with us. We gladly packed up our computers and took them to the installfest location (often at a college, since many Linux-skilled people were collegians) and walked away with Linuxized computers. Praise be! Read more

What New Is Going To Be In Ubuntu 17.04 'Zesty Zapus'

Right on the heels of Ubuntu 16.10 'Yakkety Yak' is Ubuntu 17.04 Zesty Zapus. Ubuntu 17.04 is currently scheduled for release on April 13, 2017 but know that this is only an estimate. One thing to know is that all things being equal, it is going to be released in April 2017. Ubuntu Zesty Zapus will be supported for only 9 months until January 2018 as it is not a LTS (long term support) release. Read
more

Security News

  • News in brief: DirtyCOW patched for Android; naked lack of security; South Korea hacked
  • Millions exposed to malvertising that hid attack code in banner pixels
    Researchers from antivirus provider Eset said "Stegano," as they've dubbed the campaign, dates back to 2014. Beginning in early October, its unusually stealthy operators scored a major coup by getting the ads displayed on a variety of unnamed reputable news sites, each with millions of daily visitors. Borrowing from the word steganography—the practice of concealing secret messages inside a larger document that dates back to at least 440 BC—Stegano hides parts of its malicious code in parameters controlling the transparency of pixels used to display banner ads. While the attack code alters the tone or color of the images, the changes are almost invisible to the untrained eye.
  • Backdoor accounts found in 80 Sony IP security camera models
    Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price. One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday.
  • I'm giving up on PGP
    After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It's about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.