Issue 9
Published February 26, 2020

This week take a look at a Q&A with the FreeBSD Foundation's Deb Goodkin. Then, as always, we cover all the rest of BSD world with the latest news and tutorials.

Supporting an open source operating system: a Q&A with the FreeBSD Foundation

When discussing alternative operating systems to Microsoft’s Windows or Apple’s macOS, Linux often comes to mind. However, while Linux is a recreation of UNIX, FreeBSD is more of a continuation. The free and open source operating system was initially developed by students at the University of California at Berkeley which is why the BSD in its name stands for Berkeley Software Distribution.

FreeBSD runs on its own kernel and all of the operating system’s key components have been developed to be part of a single whole. This is where it differs the most from Linux because Linux is just the kernel and the other components are supplied by third parties.

To learn more about FreeBSD and its ongoing development, TechRadar Pro spoke to the executive director of the FreeBSD Foundation, Deb Goodkin.

Questions include:

  • What aspects of your job excite you the most?
  • How does the FreeBSD Foundation work to support the development of FreeBSD?
  • How is FreeBSD the antithesis of Linux?
  • FreeBSD doesn’t come with a GUI by default. Why is this and how can users install their own GUI when running FreeBSD?
  • Can you tell us a bit more about how BSD forms the core of macOS?
  • Are there any upcoming features or developments planned for FreeBSD that you can tell us about?
  • What kind of user should consider giving FreeBSD a try?

BSDSec

OpenBSD Errata: February 24th, 2020 (smtpd_envelope)
Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6. An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. After patching, restart the smtpd service.

It's always worth following BSDSec.

News

DragonflyBSD 5.8 has been tagged a few days ago. Release should be soon, but probably not before this weekend.

BSD Users Stockholm Meetup 8. Next meeting will be at the B3 offices in central Stockholm. Mark your calendar for March 3. There will also be some food, interesting discussions and nice company.

checkrestart is a FreeBSD tool to find stale processes that may need restarting after an upgrade. It searches for processes without associated executable or library paths, implying a software upgrade has replaced them since it was started. checkrestart does not perform any system changes itself - it is strictly informational. It is the responsibility of the system administrator to interpret the results and take any necessary action.

FreeBSD vs. Linux Scaling Up To 128 Threads With The AMD Ryzen Threadripper 3990X: This article is looking at the FreeBSD 12.1 performance and seeing how the performance scales compared to Ubuntu 20.04 Linux and the Red Hat Enterprise Linux 8 based CentOS Stream.

Tutorials

How to run Orchestrator on FreeBSD? In this post, author is going to show you how to run Orchestrator on FreeBSD. The instructions have been tested in FreeBSD 11.3 but the general steps should apply to other versions as well. At the time of this writing, Orchestrator doesn’t provide FreeBSD binaries, so we will need to compile it.

Disable Logging into OPNsense as the Root User. After installing OPNsense, the default login is the root user. Logging in as the root user is generally not advised because the root user has full access to files and processes. Linux users, for instance, are asked to create a separate user account upon installation. The user can then use the sudo command to elevate privileges to perform administrative tasks. If the user's account is compromised, in theory the root account is still protected (assuming there is no privilege escalation vulnerability being exploited or the password has been discovered). OpenSSH has an option to disable root user access for the SSH server. It prevents logging in directly as the root user as a security mechanism. OPNsense, being built upon FreeBSD (HardenedBSD to be more precise), is no exception to this recommendation.

Bitwarden is Open Source, available on many platforms and clients and it can be hosted on OpenBSD using Rubywarden. Let's talk about experience of changing from 1Password on iCloud to Bitwarden on OpenBSD.

FreeBSD is a solid choice on a server, and it’s ubiquitous in the infrastructure world, but how does FreeBSD hold up as a desktop machine? As a developer workstation? Article talks:

  • How it was setting it up in 2020
  • What kind of developers can benefit from FreeBSD
  • What you can do to get started

There is also yet another FreeBSD user's experience of following tutorial to get OpenVPN running on FreeBSD.

Project Trident used to be a FreeBSD desktop operating system based on TrueOS but recently the decision was to move it to Void Linux. Since I would like to continue using FreeBSD as my desktop workstation, here is a few simple steps needed to rebase the existing Project Trident installation (prior to Void Linux migration) to GhostBSD. GhostBSD is another alternative of FreeBSD desktop operation system based on TrueOS where the default desktop environment is Mate.

More

As always, there are more sources of BSD goodness. Latest BSD Now talks about Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. The latest is from 2020-02-24.

In Other BSDs for 2020/02/22 is out, too.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week!