BSD News 25/05/15

Last week in BSD

Releases: PC-BSD
News: FreeBSD, OpenBSD, ArchBSD, PacBSD, Hammer, BSDnow, pkgsrcCon, HardenedBSD, Wallapper

Releases

PC-BSD 10.1.2 Released

  • New PersonaCrypt Utility
    • Allows moving all of users $HOME directory to an encrypted USB Drive. This drive can be connected at login, and used across different systems
    • Stealth Mode — Allows login to a blank $HOME directory, which is encrypted with a one-time GELI key. This $HOME directory is then discarded at logout, or rendered unreadable after a reboot
  • Tor mode — Switch firewall to running transparent proxy, blocking all traffic except what is routed through Tor.
  • Migrated to IPFW firewall for enabling VIMAGE in 10.2
  • Added sound configuration via the first boot utility
  • Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media
  • New HTML handbook, updated via normal package updates
  • Media Center support allowing direct login to Kodi and PlexHomeTheater for the 10ft user experience
  • Switch to new AppCafe interface, with remote support via web-browser
  • Improvements to Online Updater, along with GRUB nested menus for Boot-Environments
  • Migrate all ports to using LibreSSL instead of OpenSSL
  • Switch from NTPD to OpenNTPD
  • Lumina desktop 0.8.4
  • Chromium 42.0.2311.135
  • Firefox 38.0
  • NVIDIA Driver 346.47
  • Pkg 1.5.2

 

HotFix release to 10.1.2 – Now available 


A minor hotfix update to the 10.1.2 ISO’s has been released today. This includes fixes to advanced installation using raidz, cache and log devices, as well as a fix to the text-installer when booted in UEFI mode. Users who have already installed 10.1.2 will not need to download, and can instead online-update to install any fixes.
Download Now

Other news

Heads Up: spamd(8) PF Rule Change


With a recent commit, Reyk Flöter (reyk@) flipped the switch on spamd(8)'s pf interfacement:
hange spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.

Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Those of you running spamd setups looking to upgrade need to double-check your pf configurations to make sure they still work the way you expect.

ArchBSD changes to PacBSD 


Over the next few days we will be migrating to a new name for the project. Due to potential trademark issues with using ArchBSD and our current logo. We have decided to rename the project.
The new name can currently be used to browser the website, but our current certificates only work with ArchBSD.net, so there will be warnings when browsing with https. We will have to wait a few days before our new certificate will be generated to work with *.pacbsd.org.
The Organization on git has been updated and can be found: PacBSD
After the migration to our new name PacBSD we will be switching to a new website and new logo.

ZFS Armistice | BSD Now 90   


This time on the show, we'll be chatting with Jed Reynolds about ZFS. He's been using it extensively on a certain other OS, and we can both learn a bit about the other side's implementation. Answers to your questions and all this week's news, coming up on BSD Now - the place to B.. SD. 

Announcing pkgsrcCon 2015 in Berlin   


The 10th pkgsrcCon is happening on the weekend of July 4th and 5th 2015 in Berlin. Developers, contributors, and users are all welcome to attend.
More details can be found on the pkgsrcCon 2015 website.

Everyone is welcome to make a presentation. So please do! If you already have title or topic please send an email to [email protected].



Code stuff

Automatic encryption of swap
Hammer abort-cleanup added 
In Other BSDs for 2015/05/23 

Interesting articles

freebsd-wifi-build, or "wait, you can run freebsd on atheros MIPS access points? where do I get that?" 
A scanning tip 
Lumina Desktop Status Update/FAQ

Wallpaper of the week


Not really. http://fapp.to/hardenedbsd-mate-desktop/

BSD News 18/05/15

Last week in BSD

Releases: PC-BSD, OPNsense
News: BSDnow, BSDTalk, OpenBSD, freeNAS, HardenedBSD

BSDSec

[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:04.freebsd-update 
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:05.ufs 

Releases

PC-BSD 10.1.2 Released   


  •  New PersonaCrypt Utility
    • Allows moving all of users $HOME directory to an encrypted USB Drive. This drive can be connected at login, and used across different systems
    • Stealth Mode — Allows login to a blank $HOME directory, which is encrypted with a one-time GELI key. This $HOME directory is then discarded at logout, or rendered unreadable after a reboot
  • Tor mode — Switch firewall to running transparent proxy, blocking all traffic except what is routed through Tor.
  • Migrated to IPFW firewall for enabling VIMAGE in 10.2
  • Added sound configuration via the first boot utility
  • Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media
  • New HTML handbook, updated via normal package updates
  • Media Center support allowing direct login to Kodi and PlexHomeTheater for the 10ft user experience
  • Switch to new AppCafe interface, with remote support via web-browser
  • Improvements to Online Updater, along with GRUB nested menus for Boot-Environments
  • Migrate all ports to using LibreSSL instead of OpenSSL
  • Switch from NTPD to OpenNTPD
  • Lumina desktop 0.8.4
  • Chromium 42.0.2311.135
  • Firefox 38.0
  • NVIDIA Driver 346.47
  • Pkg 1.5.2

OPNsense version 15.1.10.2 Released 


Here is the full list of changes:
  • proxy: basic proxy features on top of our new and shiny MVC framework under “Services: Proxy Server”
  • proxy: smart tokens for item lists (copy/paste CSV list into them and watch the magic happen)
  • proxy: help on/off per item or full page
  • proxy: hide advanced options and include sane defaults
  • proxy: FTP proxy included with same ACL controls as HTTP
  • proxy: simple authentication using built-in user database
  • openvpn: added Tunnelblick’s version of the OpenVPN XOR feature for protocol obfuscation[3]
  • core: fixed config.xml section import regression
  • core: stripped numerous dynamic strings from gettext() invokes
  • ports: added FreeBSD’s 10.1 ifinfo tool to probe for interface statistics to replace legacy PHP module code
  • ports: bsdinstaller 2.3 no longer uses cpdup utility, plus log collection and SONAME fixes
  • ports: updated to pkg 1.5.2, phalcon 2.0.0, dnsmasq 2.72_1[4]
  • ports: perl5 is now installed by default (5.18)
  • development: OpenSSL and LibreSSL branches have been merged for a simpler build experience and smaller release times
  • development: the package sets are now always kept as a single archive that can be reused and recompiled (even selectively)
  • development: stable translation template file is available now[5]
  • development: kickstarted Japanese and Chinese translations
  • development: language translation files are now automatically compiled into the core package
  • development: added a persistent build config file for setting the version, crypto flavour and release version tag (if applicable)
The update is available via the firmware upgrade feature only.


PC-BSD 11.0-CURRENTMAY2015 images now available


The PC-BSD project is pleased to announce the availability of our 11.0-CURRENTMAY2015 images.
WARNING: These images are considered “bleeding-edge” and should be treated as such.
The DVD/USB ISO files can now be downloaded from this URL.


Other new

Exclusive Disjunction | BSD Now 89 




This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent W^X improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD. 

bsdtalk253 - George Neville-Neil 

An interview with George Neville-Neil about the recently published 2nd edition of The Design and Implementation of the FreeBSD Operating System.
File Info: 30Min, 15MB
Ogg Link: https://archive.org/download/bsdtalk253/bsdtalk253.ogg


OpenBSD 5.7 CD 2 Incorrectly Pressed 


OpenBSD project leader Theo de Raadt (deraadt@) outlined some issues with the CD plant, which led to an incorrectly-finished CD 2, some of which were, unfortunately, shipped prior to the issue being found.
Sadly, CD2 of the OpenBSD 5.7 shipped in a broken fashion due to errors at the manufacturing plant. Two mistakes were made. In the rush after the first error, this error was not caught in time. Many people have received (or will soon receive) their package with this broken disc. Orders which have not yet shipped are being held back... because...
A repaired disc is on the way from the plant.
This will be shipped out to everyone, and will be inserted into the orders not yet shipped

Code stuff

secadm 0.2.1 Released
Shut up ARP 
In Other BSDs for 2015/05/16 

Interesting articles

Yes, You Can Virtualize FreeNAS 
Minnowboard and DragonFly
The importance of strong and fast cryptography

Wallpaper of the week

as fount at https://betobsd.wordpress.com/category/bsd-wallpaper/

BSD News 11/05/15

Last week in BSD

Releases: OPNsense,, GhostBSD
Other news: vBSDCon, OpenBSD, BSDnow, NetBSD, Mumblehard, HardenedBSD, Wallpaper

Releases

OPNsense version 15.1.10 Released 


The full change log of 15.1.10 is as follows:
  • kernel: cleaned up the custom legacy patches to move the underlying FreeBSD back to more standard behaviour
  • kernel: removed dysfunctional dummynet patches and traffic shaper / limiter GUI feature (ETA for a replacement is 15.7)
  • kernel: stripped FAIRQ and CODELQ disciplines as they are no longer supported by FreeBSD
  • kernel: isolated MPD (Multi-link PPP daemon) alteration patches (will be dropped in a future release)
  • kernel: fixed IPSec dropping connections in some scenarios
  • images: a new NanoBSD-based image has been added to the release bundle (directly written to SD or HD)
  • notable ports updates: curl 7.42.1, ca_root_nss: 3.18.1
  • installer: omit swap and add noatime to root partition in quick/easy install when available space is under 30GB, fixed faulty exit on importer cancel
  • development: the ports tree is now kept fully in sync with FreeBSD
  • development: improved the ports build script in terms of error reporting and rebuilding speed
  • development: simplified file system path handling in most files to make the code easier to maintain
  • development: fixed a bug that prevented extracting our packages on ZFS
  • core: replaced most of the legacy PHP module usage with more portable (and maintainable) scripting code
  • dashboard: fixed the main link to always land on the dashboard to not confuse a restricted ACL setup
  • traffic shaper: layer 7 filter removed as the project has been abandoned (ETA for a replacement is 16.1)
  • system/settings: added an FTP proxy feature for clients trying to do active transfers
  • menu: replaced the old one with the new MVC equivalent plus assorted improvements
  • ACL: replaced the old one with the new MVC equivalent
  • login: polished the login screen behaviour
  • backend: don’t try to send a signal to non-existing process
  • user: can now change the password via “User: Change Password” from the menu
  • firmware: enforce signed packages on upgrade for our mirrors
  • rrd: fixed directory create-after-use
The images can be acquired from here:
https://opnsense.org/download/


GhostBSD 10.1 Beta 1 now available

I am pleased to announce the availability the first BETA build of the 10.1-RELEASE of the Release cycle which is available on SourceForge for the amd64 and i386 architectures.
Changes and fix between 10.1-ALPHA2 and 10.1-BETA1 include:
  • Mouse integration suport for VirtualBox
  • Instant verification for user and root to know if the password is strong and match on the system installer
  • Host name and user name auto completion when typing the real name
  • Guake has been added as default software
  • Vim has been added as default software
  • PCDM Locales fixed
The image checksums, ISO images and USB images are available here: http://www.ghostbsd.org/download-10.1
Please be aware that this release provides beta tester and developers with a system to test out new features for the upcoming release. This release may contain buggy code and features, so we encourage you to run it only on non-critical systems.
We encourage you to use our new issue system build with MantisBT http://issues.ghostbsd.org/main_page.php.


News

Verisign Announces vBSDcon 2015 

Following the success of the inaugural vBSDcon, Verisign has elected to host a second vBSDcon in Reston, Va at the Sheraton Reston hotel the weekend of September 11, 2015. vBSDcon is a technical conference focused on the BSD family of operating systems including, but not limited to, FreeBSD, OpenBSD, NetBSD, and others. Any user, developer, engineer, or innovator involved with any of the BSD family of operating systems will want to mark these dates. vBSDcon will feature plenary talks, Birds of a Feather discussions, lightning talks, and much more. Full details are available at http://www.vBSDcon.com/. Additionally, While vBSDcon currently does not operate an “official” call for presentations, proposals will be accepted until June. Anyone wishing to submit a talk is invited to do so by emailing [email protected] The event agenda is expected to be finalized and published in mid-June. 

[05/05/2015] Mumblehard - Malware that affects Linux and BSD Systems. 

Several websites have discussed this writeup by Marc-Etienne M.Leveille of ESET in regards to the Mumblehard malware ESET discovered while working with a customer. Though Linux malware (just like OSX malware) is nothing new, this software included a very interesting binary packer that actually detects BSD systems. The attack vector for this malware was by way of Joomla and Wordpress exploits, and an illegal copy of DirectMailer, which installs the backdoor once the software is loaded (M.Leveille, 2015). 

Below the Clouds | BSD Now 88  

This time on the show, we'll be talking with Ed Schouten about CloudABI. It's a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week's BSD news and answers to your emails, on BSD Now - the place to B.. SD.  

OpenBSD 5.7 Shipping, First Pre-orders Arriving  

After a delay due to unfortunate production problems (the first such delay in 20 years), the OpenBSD Store announced that all pre-orders had been shipped.
And it seemed like only moments later that Raf Czlonka was the first to report on the misc@ mailing list that his pre-ordered OpenBSD 5.7 CD set had arrived.
Even if you hadn't preordered, you still have a chance to order your CD set and other swag by visting the OpenBSD Store. If you want to support the project financially in other ways, the Donations page is, as always, a good place to start.


HardenedBSD Teams Up With OPNSense


We are excited to formally announce teaming up with OPNSense to provide HardenedBSD-backed builds of OPNSense. For the past little while, we have been investigating OPNSense for our own purposes. We have been talking with Franco Fichtner, a core OPNSense developer, about the process of building customized builds. He has provided a lot of great input and feedback, answering all our questions.
Last week, we backported our work from the hardened/current/master branch (11-CURRENT) to 10-STABLE. This opened the door to HardenedBSD-based builds of OPNSense. The OPNSense team is already working on using LibreSSL instead of OpenSSL in their distribution. Franco has received multiple requests for HardenedBSD + LibreSSL. OPNSense is working towards using FreeBSD 10.1-RELEASE then will investigate rebasing with HardenedBSD.
We will provide periodic automated builds. The builds will have ASLR, PAGEEXEC/NOEXEC, and all our other various hardening features baked in.
Having an expertly hardened version of OPNSense will create a solid and secure experience. Work is moving at a fast pace. We are looking forward to this new relationship and are excited to see what it brings to the world.


Code stuff

More Intel video testing
New disklabel(8) templates make for a more flexible autoinstall 
Broadwell support, other video changes 
In Other BSDs for 2015/05/09

Interesting articles

DragonFly server and desktop 
Hands on experience with EdgeRouter ERLite-3 

Wallpaper of the week

as found at http://speciesseven.deviantart.com/art/NetBSD-blue-409694386

BSD News 04/05/15

Last week in BSD


BSDSec

kernel patch available 
tar/pax/cpio patch available
 

Releases

 MidnightBSD 0.6-RELEASE 

This release is primarily a security fix and mport package tool release. 

OpenBSD 5.7 Released 

May 1st, 2015, Calgary, AB, CA and elsewhere:
OpenBSD 5.7 has been released. The brand new 5.7 subdirectory should now be available and filled up on all relevant mirrors for those of you who have yet to receive your CD orders.
The release announcement, posted on project mailing lists earlier today, and the release home page both mention some highlights of the new release, while the complete changelog for the release is available on the OpenBSD website.
While you are too late to be the first to preorder a shiny OpenBSD release CD set, you can order one of your own, as well as a very cool 5.7-release poster.

5.7 CDs delayed 

PC-BSD 10.1.2-RC1, Lumina Desktop 0.8.4 Released! 


The PC-BSD team is pleased to announce the availability of RC1 images for the upcoming quarterly 10.1.2 release. Please test these images out and report any issues found on our bug tracker.
What else is new in PC-BSD 10.1.2? How about a new version of the Lumina Desktop Environment! PC-BSD users who stick to the “Production” branch of packages will find that the Lumina desktop has evolved/improved an incredible amount since the last quarterly update for PC-BSD (10.1.1), so I highly recommend that you try it out! The release notes for this new version are also listed at the bottom of this announcement for those of you who have been tracking along with its development, so please try it out and let us know what you think!


News

OpenBSD has accepted projects from Google Summer of Code 2015

The OpenBSD page for Google Summer of Code 2015 has been updated with the list of accepted projects for this year.
Asynchronous USB Transfers From Userland
ARM SD/MMC Driver & Controller Driver In libsa For OpenBSD
Port HAMMER2 to OpenBSD
Implement KMS Driver For Cirrus Cards
Improving USB Userland Tools And ioctl(2)
Automating Module Porting
Many thanks to those that responded, and we wish the best of luck on all projects!  

On the List | BSD Now 87

Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD. 

FreeBSD January–March, 2015 Status Report

The January–March, 2015 Status Report is now available.

Code stuff

 Hammer spreads via GSoC
 In Other BSDs for 2015/05/02 
 HardenedBSD Backport to 10-STABLE 

Interesting Articles

 EU study recommends OpenBSD 
 TrueNAS High-Availability (HA) Explained 
From the Trenches, Tips & Tricks Edition: Hacking "/ on ZFS" and GELI Encrypted Drives, the Old-School Way 
 [04/29/2015] jail.conf hack when upgrading from FreeBSD 9.x to 10. 

Wallpaper

as found at
http://www.forwallpaper.com/wallpaper/wallpapers-netbsd-orange-desktop-technologies-technology-783441.html






BSD News 27/04/15

Last week in BSD

Releases: MidnightBSD, OPNSense
Other news: p2k15, DragonFly BSD, EuroBSDCon, PC-BSD, OPNsense, BSDnow, MidnightBSD, BSDSec,


BSDSec

[Midnightbsd-security] 0.6-RELEASE

Relases

Midnightbsd 0.6-RELEASE 

0.6-RELEASE NOTES 
This release is primarily a security fix and mport package tool release. 

If you are updating an existing system, after installing 0.6, you can use mport upgrade to update packages with 0.6 versions. It is recommended that you delete /usr/mports/Packages and run mport clean to remove old package remnants.

OPNsense version 15.1.9.2 Released 


Here is the full change log of 15.1.9.2:
  • captive portal: fixed rule generation on empty IP
  • gui: print current user in upper right corner along with the hostname
  • user manager: fixed empty password error when creating a new user
  • high availability: don’t trigger sync when not configured
  • interfaces: added the hn(4) interfaces as ALTQ capable
  • configuration: do not overwrite the default configuration on firmware updates
  • ipsec: fixed road warrior authentication
  • openvpn: fixed client edit link
  • ports: sqlite 3.8.9 http://www.sqlite.org/releaselog/3_8_9.html
  • ports: strongswan fix for xauth (road warrior-related)
  • ports: PHP 5.6.8 http://php.net/ChangeLog-5.php#5.6.8
  • ports: pkg(ng) 1.5.1 https://lists.freebsd.org/pipermail/freebsd-stable/2015-April/082234.html
  • development: kickstarted language support via English translation (.pot file)
  • development: further progress on the proxy feature/MVC framework
  • development: improved the live mount to propagate the mounted version into the dashboard
The update is not available via install media, but you can just as well download 15.1.9 from a mirror and upgrade with a few simple clicks:
https://opnsense.org/download/



Other news

Business as Usual | BSD Now 86   

Coming up this time on the show, we'll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we'll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now - the place to B.. SD.

CfP extended for EuroBSDCon 2015 


Due to overwhelming response, the deadline for submitting talks to EuroBSDCon has been extended:
Since there was a huge rush of submissions just on the very last day, we have decided to give a second chance for all of you that didn’t quite finish your talk or tutorial proposal in time for the deadline.
The new date is set to May 22nd, but you don’t have to wait until the very last moment. Send in your suggestions right away. We think there still is room for some more topics related to *BSD left to present.
For those of you who already have sent in yours, we are very happy to see so many good submissions. Don’t hesitate to add another topic to your submissions if you haven’t run out of good ideas yet.
If you've been sitting on that paper, now's the time to ship it! 

PC-BSD and 4K — Oh my!


I had recently seen some chatter on IRC about 4K monitor support. One of the people discussing stated that PC-BSD didn’t support 4K monitors, which was curious to me, since I hadn’t tried it yet. This week I did something about that, and ended up getting two 4K monitors and a new video card (With triple DisplayPort) to do some testing.



Code stuff

p2k15 Hackathon Report: schwarze@ on USE_GROFF
CPU, RAM temperature monitoring
GCC 5 released, switched 
Building only one compiler 
NFS and Hammer slaves 
Building only one compiler 
In Other BSDs for 2015/04/25


Wallpaper of the week


as found at http://www.midnightbsd.org/art/dtps/graymidnightwallpaper.jpg