BSD News 11/05/15

Last week in BSD

Releases: OPNsense,, GhostBSD
Other news: vBSDCon, OpenBSD, BSDnow, NetBSD, Mumblehard, HardenedBSD, Wallpaper


OPNsense version 15.1.10 Released 

The full change log of 15.1.10 is as follows:
  • kernel: cleaned up the custom legacy patches to move the underlying FreeBSD back to more standard behaviour
  • kernel: removed dysfunctional dummynet patches and traffic shaper / limiter GUI feature (ETA for a replacement is 15.7)
  • kernel: stripped FAIRQ and CODELQ disciplines as they are no longer supported by FreeBSD
  • kernel: isolated MPD (Multi-link PPP daemon) alteration patches (will be dropped in a future release)
  • kernel: fixed IPSec dropping connections in some scenarios
  • images: a new NanoBSD-based image has been added to the release bundle (directly written to SD or HD)
  • notable ports updates: curl 7.42.1, ca_root_nss: 3.18.1
  • installer: omit swap and add noatime to root partition in quick/easy install when available space is under 30GB, fixed faulty exit on importer cancel
  • development: the ports tree is now kept fully in sync with FreeBSD
  • development: improved the ports build script in terms of error reporting and rebuilding speed
  • development: simplified file system path handling in most files to make the code easier to maintain
  • development: fixed a bug that prevented extracting our packages on ZFS
  • core: replaced most of the legacy PHP module usage with more portable (and maintainable) scripting code
  • dashboard: fixed the main link to always land on the dashboard to not confuse a restricted ACL setup
  • traffic shaper: layer 7 filter removed as the project has been abandoned (ETA for a replacement is 16.1)
  • system/settings: added an FTP proxy feature for clients trying to do active transfers
  • menu: replaced the old one with the new MVC equivalent plus assorted improvements
  • ACL: replaced the old one with the new MVC equivalent
  • login: polished the login screen behaviour
  • backend: don’t try to send a signal to non-existing process
  • user: can now change the password via “User: Change Password” from the menu
  • firmware: enforce signed packages on upgrade for our mirrors
  • rrd: fixed directory create-after-use
The images can be acquired from here:

GhostBSD 10.1 Beta 1 now available

I am pleased to announce the availability the first BETA build of the 10.1-RELEASE of the Release cycle which is available on SourceForge for the amd64 and i386 architectures.
Changes and fix between 10.1-ALPHA2 and 10.1-BETA1 include:
  • Mouse integration suport for VirtualBox
  • Instant verification for user and root to know if the password is strong and match on the system installer
  • Host name and user name auto completion when typing the real name
  • Guake has been added as default software
  • Vim has been added as default software
  • PCDM Locales fixed
The image checksums, ISO images and USB images are available here:
Please be aware that this release provides beta tester and developers with a system to test out new features for the upcoming release. This release may contain buggy code and features, so we encourage you to run it only on non-critical systems.
We encourage you to use our new issue system build with MantisBT


Verisign Announces vBSDcon 2015 

Following the success of the inaugural vBSDcon, Verisign has elected to host a second vBSDcon in Reston, Va at the Sheraton Reston hotel the weekend of September 11, 2015. vBSDcon is a technical conference focused on the BSD family of operating systems including, but not limited to, FreeBSD, OpenBSD, NetBSD, and others. Any user, developer, engineer, or innovator involved with any of the BSD family of operating systems will want to mark these dates. vBSDcon will feature plenary talks, Birds of a Feather discussions, lightning talks, and much more. Full details are available at Additionally, While vBSDcon currently does not operate an “official” call for presentations, proposals will be accepted until June. Anyone wishing to submit a talk is invited to do so by emailing [email protected] The event agenda is expected to be finalized and published in mid-June. 

[05/05/2015] Mumblehard - Malware that affects Linux and BSD Systems. 

Several websites have discussed this writeup by Marc-Etienne M.Leveille of ESET in regards to the Mumblehard malware ESET discovered while working with a customer. Though Linux malware (just like OSX malware) is nothing new, this software included a very interesting binary packer that actually detects BSD systems. The attack vector for this malware was by way of Joomla and Wordpress exploits, and an illegal copy of DirectMailer, which installs the backdoor once the software is loaded (M.Leveille, 2015). 

Below the Clouds | BSD Now 88  

This time on the show, we'll be talking with Ed Schouten about CloudABI. It's a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week's BSD news and answers to your emails, on BSD Now - the place to B.. SD.  

OpenBSD 5.7 Shipping, First Pre-orders Arriving  

After a delay due to unfortunate production problems (the first such delay in 20 years), the OpenBSD Store announced that all pre-orders had been shipped.
And it seemed like only moments later that Raf Czlonka was the first to report on the [email protected] mailing list that his pre-ordered OpenBSD 5.7 CD set had arrived.
Even if you hadn't preordered, you still have a chance to order your CD set and other swag by visting the OpenBSD Store. If you want to support the project financially in other ways, the Donations page is, as always, a good place to start.

HardenedBSD Teams Up With OPNSense

We are excited to formally announce teaming up with OPNSense to provide HardenedBSD-backed builds of OPNSense. For the past little while, we have been investigating OPNSense for our own purposes. We have been talking with Franco Fichtner, a core OPNSense developer, about the process of building customized builds. He has provided a lot of great input and feedback, answering all our questions.
Last week, we backported our work from the hardened/current/master branch (11-CURRENT) to 10-STABLE. This opened the door to HardenedBSD-based builds of OPNSense. The OPNSense team is already working on using LibreSSL instead of OpenSSL in their distribution. Franco has received multiple requests for HardenedBSD + LibreSSL. OPNSense is working towards using FreeBSD 10.1-RELEASE then will investigate rebasing with HardenedBSD.
We will provide periodic automated builds. The builds will have ASLR, PAGEEXEC/NOEXEC, and all our other various hardening features baked in.
Having an expertly hardened version of OPNSense will create a solid and secure experience. Work is moving at a fast pace. We are looking forward to this new relationship and are excited to see what it brings to the world.

Code stuff

More Intel video testing
New disklabel(8) templates make for a more flexible autoinstall 
Broadwell support, other video changes 
In Other BSDs for 2015/05/09

Interesting articles

DragonFly server and desktop 
Hands on experience with EdgeRouter ERLite-3 

Wallpaper of the week

as found at


Jan Hovancik

software developer - guitar player - poetry lover