Un-edited Live session – http://youtu.be/UTKYoTh0uUk
Tony Bemus, Mat Enders, and Mary Tomich
Sound bites by Mike Tanner
Absolute OpenBSD 2nd Edition
Review by Mat Enders
Well I have not yet finished the book, but I was so impressed with Michael W. Lucas’s writing style and ability to impart information in a relative and entertaining way that I went and bought his book “SSH Mastery”. You can get the e-book version from his website Tilted Windmill Press, or physical books from createspace.
Now for the “Absolute OpenBSD 2nd Edition review part one. First with technical reviewers like Henning Brauer, major contributor to the OpenBSD network stack, and Peter Hansteen, the god of pf and author of the “Book of PF”, how could it go wrong. Well it doesn’t I have only read 10 chapters of 23 (181pgs of 440pgs) but so far this book is incredible. Michael Lucas takes the OpenBSD novice by the hand and guides the through the complex maze that is OpenBSD.
Now let’s take a quick look at each chapter:
1) Getting Additional Support Talks about the OpenBSD documentation both the incredible man pages and where to find information online. It also gives the reader a pretty clear warning. Do your homework! If you ask questions that have been asked and answered before at best you will be ignored, at worst the flames will melt your monitor. The OpenBSD developers make OpenBSD for themselves and if it happens to be useful for you well, bonus.
2) Installation Preparations A whole chapter on what you need to know before you actually install OpenBSD. This is an important chapter as disk partitioning is explained quite thoroughly. This is a very different process than any partitioning I had ever done in Linux. Do not skip this part unless you are already familiar with OpenBSD partitioning.
3) Installation Walk-Through This walks you through the entire installation procedure. This is very helpful especially if you’re one of those spoiled kids who only ever used a graphical installer.
4) Post-Install Setup This chapter walks you through all the things you need to get a secure production environment up and running. From setting the root password to, ntpd, to your timezone, and networking.
5) The Boot Process The title pretty says it all. This chapter explains the entire boot process and your different options available to you e.g. single-user mode, alternate kernel, alternate hard disk. It walks you through setting up a serial console (all you whippersnappers out there are saying what’s a serial console my response to you is if you don’t know you don’t need it and if in the future you do Google it). Then it explains /etc/rc, /etc/rc.conf, /etc/rc.conf.local, and so on that you need to use to ensure the system starts the way you need it to.
6) User Management This chapter will explain how to manage your users (I know a shocker but yes that is what’s covered). It explains why running as root is a bad idea (yes Thom Dushane a bad idea). Walk you through adding a user both interactively and noninteractively. Setting resource limits on a per user basis. Changing the authentication method used (this is not going to explain ldap, kerberos, or radius just tell you how set OpenBSD up to use those and other authentication methods). It will then go on to explain unprivileged user and why you want to use them.
7) Root, and How to Avoid It This will explain how to set up users privileges and permissions. It will explain how to do this without the incredibly difficult POSIX acls. Instead it is going to do it with user and group permissions along with sudo.
8) Disks and Filesystems Explains the different device noes available in OpenBSD, and how to use each. It explains disklable and how to use it, and the different mount options. Managing disk usage, adding new disks.
9) More Filesystems Disk management gets two chapters. It will explain things like altroot, mfs, and foreign filesystems. Covered also will be removable media, mounting disk images, nfs, and soft raid.
10) Securing Your System This chapter tells you how to ensure that only the people you want on your system are the ones on your system. First it defines the different types of intruders. Then it will cover the many different built in OpenBSD security measures, remember their moto “Secure by Default”. Then it goes on to explain securelevels, which if you’ve only used Linux will be completely new to you so pay attention.
My thoughts so far are that this is an excellent book. Michael Lucas’s ability to pass on information in such inviting and friendly way is amazing. I have read my fair share of technical books and this by far is a stand out. I am looking forward to finishing this book, you should be looking forward to the rest of this review.
Born from the fires of FreeBSD and packing 3.5GB of beastie goodness, this week’s review is a special one…PC-BSD. I spent last week familiarizing myself with this BSD flavor. As a Linux user I would compare my PC-BSD experience driving in Canada as an American (It’s the only way I’ve driven in Canada, actually). It looks somewhat like America, but if you look closer you’ll see things area little different, eh? So, would my adventure find me scurrying back to the Land of Linux, or would I find a lot of BSD bliss…
Name: PC-BSD 9 (Isotope Edition)
Maintainer: Kris Moore is the main developer.
Derivative: It’s FreeBSD with extra Desktop customizations
Review Desktop: LXDE (overheating issues) KDE
If you want to run PC-BSD in a live environment, you’ll need to download the USB image, choosing between the full version or the PC-BSD lite, with the the LXDE desktop and none of the extras.
Initially I did not intend test PC-BSD’s live environment, but ended up downloading the PC-BSD live USB image. I copied to a USB drive, set it to boot flag and away I went. A portion of the way into the boot, I was informed that no terminal type was specified and not TERM environmental variable . The the question : Did I want to expand the file system for this live media? It could take up to 15 minutes. So I opted to re-size and waited… After 10 minutes or so, the system rebooted. I ran into an issue when it attempted to configure X. I ended up with a BSD, “Black Screen of Death.” PC-BSD plays a video at the start and it may have choked on that step. Anyway, I decided to pull the plug on the live environment test.
Note that PC-BSD does not, by default, come with a partition manager. The PC-BSD wiki suggests using the live version of PartedMagic for partitioning activity. On my Linux, I opened Gparted to format a USB drive for UFS and discovered that it was not available. XFS was, however. And although it’s supported in FreeBSD in an experimental mode, my PC-BSD laptop could read it without a problem. Your mileage may vary.
The Install Process:
The initial install screen immediately impressed me. A button in lower left corner opened a hardware compatibility diagnostic screen confirming my laptop’s degree of hardware compatibility with PC-BSD – Video driver, resolution, Ethernet, wifi, sound—all green checks. However a second Dell on which I installed PC-BSD on had an issue with the wireless—but I appreciated knowing it up front.
The System selection Process includes navigation arrows to show the various system options: FreeBSD Server, TrueOS Server (console-based), followed by desktop options KDE, LXDE, Gnome, XFCE.
In addition you can select a) Development packageds(Qt, embedded, web, etc, b) Hardware Drivers, e.g. Nvidia, c) Misc (Compiz, mythTV, VmwareGuest, VirtualBox, XBMC d) 11 Unsupported Desktops, including Awesome, Evil, i3, rat poison, enlightenment, etc etc. I don’t think any desktop has been left out except mate and cinnamon.
I choose Gnome which installed to a very functional Gnome 2 desktop. LXDE- which appeared to have power management issues—my laptop ran extremely hot and did a self-power down once. KDE is the default desktop, so most my testing was done in that environment, but I spent little time looking at KDE stuff.
Next screen: Disk selection – a summary screen displays the current disk partitions. The customize button opens another window, a wizard that offers three options for partitioning:
1. Basic (New to BSD or disk partitioning
2. Advanced (experienced with file systems)
3. FreeBSD experts (CLI mode)
I decided to choose Advanced and stepped through the process. BSD offers two file systems. UFS (Unix File System) for 32bit and systems with < 2GB. ZFS for 64-bit and more than 2GB. UFS is automatically chosen for me. The check-box for install boot-able MBR is also selected.
I am presented with four partitions: Root, swap, /var, and /usr. I use the defaults and click Install. 40 minutes later the system is installed and ready for reboot.
Rebooting plays a snazzy little video complete with catchy tune. During a couple of test installs it hung at this step, never actually playing the video. After the video completes, I am back to the initial install screen but without the options menu –this time it’s to wrap up time zone, root password, and create a user.
The last is connect to a network – very slick display of the available wireless networks along with strength and security. I select my network and PC-BSD does the rest. It takes a little longer than usual to connect but I do connect. The screen then advances to the next window telling me Set up is complete Press Finish to login.
The initial login presented me with a welcome screen and opportunity to read through a quick start guide, noting the App Cafe (install programs), Configure system (PC-BSD control panel). Preserve files (LifeSaver app to sync with Remote FreeNAS or other networked data server.Update icon explanation (color coded) I downloaded and installed updates. My favorite “Beastie Fix”
Browser: Gnome: Epiphany; KDE: Konqueror
Mail Client: Gnome: Evolution; KDE: Kmail (plus Thunderbird, Sylpheed, Mutt, Claws Mail)
File Manager: Gnome: Nautilus; KDE: Dolphin
Office Suite: None installed and there was no LibreOffice installer, either.
PC-BSD has a graphical package manager called AppCafe. It’s similar to Ubuntu’s software center and provides over 1200 useful programs to download and install, many of which were very familiar to me. PC-BSD takes a slightly different tack regarding installing software. I was not required to provide a root password for the software I selected. According to the site, applications such as web browsers, games, mail clients, and productivity software do not need a root password to be installed. If you want to install server software, root password is required.
Another interesting aspect to PC-BSD installs is that the required files arrive in an install file called a PBI (push button installer). PBI files are self-contained installation programs and use a .pbi extension.
All the run-time and library dependencies required by the software you’re installing are included. This explained why LibreOffice was over 800MB when I downloaded it (Firefox was 187MB, Yakuak, a shocking 435MB!) According to PC-BSD’s web site, during installation, the PBI system compares the currently installed libraries and files with the ones contained within the PBI file. It will only install the ones that are not already installed on the system. PC-BSD includes a hash database to eliminate dependency problems while allowing the computer to share libraries between different programs. Subsequent downloads to upgrade a PBI are significantly smaller as only what has changed in the new version will be downloaded.
The app cafe also gave me the option for automatic updating as well as adding menu or desktop icons, an option I initially missed. The AppCafe contained 95% of what I like to have on my desktop. Missing was Netflix but since it’s available for Linux via a ppa , I was not too surprised.
EasyPBI is a graphical application that makes it easy to build a PBI module from a FreeBSD port. To use it, I had to download the FreeBSD ports. As its name implies, EasyPBI makes it easy to build an app from the ports tree. Here is the process:
1. Create the module. Doesn’t take much time (getting ingredients)
2.Build and test the module (baking the ingredients)
3. If all tests OK, then navigate to the folder and install the program
PC-BSD also has a third way to install programs, via the CLI. The basic syntax is pbi_add –opions name-of-program.pbi
Life Preserver – On Linux systems, the life preserver icon represents help. On PC-BSD systems it’s the access to the backup system called, amazingly Life Preserver. I didn’t have a chance to test this feature.
Other interesting Programs:
Hulu Desktop- a “ ‘lean-back’ viewing experince (sic) providing streaming TV and movies directly from Hulu.”
Warden – PC-BSD’s implementation of FreeBSD’s jails system, was redesigned for 9.1.
New features includes the ability to create three types of jails: a traditional FreeBSD jail for running network services, a (less secure) ports jail for safely installing and running FreeBSD ports/packages from your PC-BSD® system, and a Linux jail for installing Linux. If you plan to install a Linux jail, you’ll point the wizard to the installation script (a shell script which invokes a Linux network installation. In the case of Debian Squeeze, it invokes the debootstrap command) to be used to install the specified Linux distribution. At this time, installation scripts for Debian Squeeze and for Gentoo are provided. Scripts for other distros will be added over time.
Once you select the install script, the wizard will ask if you would like to start the jail at boot-time
Each jail is considered to be a unique PC-BSD operating system and whatever happens in that jail stays in that jail, and will not affect your operating system or other jails running on the PC-BSD system.
Cabextract – A unix utility for extracting Microsoft cab files.
Phoronix Test Suite –
Forkbomb -a tool for stress testing. It can create many processes using fork(), bring up some zombie processes, etc. you can fine-tune the stress that you put on your machine.
Kmysqladmin- software to manage mysql-servers written with QT and KDE
MariaDB – open source database management system.
ZoneMinder – security and surveillance camera for viewing and analyzing security camera feeds.
Asterisk – Open source PBX and telephony toolkit.
1. If you have a wireless mouse plugged in during boot-up, the video display can go black. Mine did a couple of times. Remove the mouse and reboot.
2. Wireless connection strength regularly showed 0% but I was connected, browsed, updated my system without a problem.
3. Logging out – I expected to be taken back to a login screen. Instead I got the BSD – Black Screen of Death. After removing the wireless mouse dongle and trying it again, the system preformed as expected….I was transitioned to a login screen.
Rating: 3.8+ I liked it A LOT!!
On 6/7 the FreeBSD project announced the release of version 8.4. Some of you might be saying what I thought they released version 9.1 back in December. Well they did but FreeBSD maintains two releases at a time, “Production Releases” for the latest and greatest along with “legacy Releases” which are for those who want a more conservative upgrade path. This release includes many bug fixes and updates to key systems such as OpenSSL, OpenSSH, named, NFS, AWK, tcsh, and BZIP2 to name a few. They have also updated to Gnome 2.32.1 and KDE 4.10.1, along with support for all LSI storage controllers.
OpenBSD hackathon in Toronto, ran from May 30 to June 5. Some of the participants were:
Bob Beck – buffer cache improvements
Joshua Stein – ACPI, CVS, multitouch
Stefan Sperling – /usr/share/locale additions
Darren Tucker – ssh improvements
Brandon Mercer – beagle and panda support
Henning Brauer – pf
Ted Unangst – SMP and thread related issues
Great progress was made on several improvements and fixes.
Interesting BSD Sitses
BSD Talk Podcast
Raspberry Pi & FreeBSD!
FreeNas Home server
KDE Ships June Updates to Plasma Workspaces, Applications and Platform
On June 5, KDE released updates for its Workspaces, Applications and Development Platform. These updates continue the series of monthly stabilization updates to the 4.10 series. 4.10.4 updates bring many bugfixes and translation updates on top of the 4.10 release and are recommended updates for everyone running the 4.10 release series. As this release only contains bugfixes and translation updates, it will be a safe and pleasant update for everyone.
Calligra 2.6.4 Released
On June 4, 2013, the Calligra team has released version 2.6.4, probably the last of the bugfix releases of the Calligra Suite, and Calligra Active in the 2.6 series. This release contains a number of important bug fixes to 2.6.3 and we recommend everybody to update. Bugfixes in This Release…
Is it Alive (or is it Open, Free, or NetBS)?
During this segment of the show, I challenge Mat and Tony to identify whether a Linux Distro is alive or dead? Every other week, I twist the concept for our game show and challenge Mat and Tony to decide if the named entity was a Linux distribution or something else.
This week is a special edition of Is It Alive—a BSD with a twist. I challenge Mat and Tony to decide whether the named BSD OS based on Free, Open, or Net BSD. As is customary on twist week, extra credit will be given if after Mat and Tony correctly identify the distro, they also correctly identify whether it is alive or dead. The items for this week’s show are:
NAS4Free is an embedded open-source NAS (Network-Attached Storage) distribution based on FreeBSD. NAS4Free supports sharing across multiple operating systems and is easy to set up in most home and enterprise environments.
VERDICT: FreeBSD – Alive
FrenzyOS is a “portable system administrator toolkit,” LiveCD based on FreeBSD. It generally contains software for hardware tests, file system check, security check and network setup and analysis. Size of ISO-image is 200 MBytes (3″ CD)
VERDICT FreeBSD, Alive
BSDanywhere was a bootable live CD image based on OpenBSD. It consisted of the entire OpenBSD base system (without a compiler), plus a graphical desktop, BSDanywhere can be used as an educational UNIX system, rescue environment or hardware testing platform
VERDICT : OpenBSD, Dead
DesktopBSD was an operating system based on FreeBSD and the FreeSBIE live CD. I
VERDICT FreeBSD, Dead
Jibbed is a (non-installable) live CD based on NetBSD
VERDICT: NetBSD; alive
OliveBSD was live CD based on OpenBSD with graphical environment (IceWM) and various software packages.
VERDICT OpenBSD; Dead
Tony beat Mat by five!!
It’s called ipcalc, and keeps you from having to juggle ip addresses and netmasks in your head. For instance, I needed to calculate a range larger than a /24 (which is 255 addresses), so I fired up ipcalc:
Address: 192.168.111.0 11000000.10101000.0110 1111.00000000
Netmask: 255.255.240.0 = 20 11111111.11111111.1111 0000.00000000
Wildcard: 0.0.15.255 00000000.00000000.0000 1111.11111111
Network: 192.168.96.0/20 11000000.10101000.0110 0000.00000000
HostMin: 192.168.96.1 11000000.10101000.0110 0000.00000001
HostMax: 192.168.111.254 11000000.10101000.0110 1111.11111110
Broadcast: 192.168.111.255 11000000.10101000.0110 1111.11111111
Hosts/Net: 4094 Class C, Private Internet
You can use either CIDR style netmasks or the traditional style, so it understands a /24 netmask or 255.255.255.0.
In addition, you can give it a range of IPs and it will deaggregate them if necessary:
deaggregate 192.168.111.0 – 192.168.116.255
show (at) smlr.us or 313-626-9140
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.