Slashdot Mirror

Slashbacked below are a handful of updates, corrections and followups, on topics ranging from Tito in space to who really developed the next-generation OS/2. Please enjoy.

But who's counting? Martin Bogolmoni wrote in response to the report on the well-and-truly networked Dutch gaming fest called The Gathering, as mentioned here and praised for it's huge number of available gaming connections.

" The Gathering 99 -- 5300 switchports, but only 2,500 attendees (tickets). 2500 tickets has been all that can be sold for the last few years. TG01 was the first time that more than that have been sold .. 4,100. Also, for people coming from out of the Netherlands, (USA, England, etc..) there is no entrance fee. You are considered a VIP. -grin- Just a quick correction, since I love attending and working with The Gathering. (Not to mention speaking there...) "

Thanks, Martin :)

Whodunnit, really? A number of people emailed (some of them even politely!) to correct the story about the new eComStation, including Bob St John of Serenity Systems International, to point out that " the developer is not Mensys .. they are our distributor ... Serenity Systems is the developer."

Radu Trimbitas adds: "Mensys (like Indelible Blue in U.S.) is the main distributor of eComStation in Europe, among other things (Linux, BeOS, etc. distributors). They are very OS/2-friendly, so they made efforts to support this distribution, providing a web site with infos, support, etc."

Money may not talk but it has great facial expressions. Darren.Moffat writes "OSOpinion has updated their story and the OpenGroup also now mentions Apple this came from Daily Daemon News"

Space for me, and not for thee. csy writes "Dennis Tito returns jubilant to Earth. Meanwhile, John Glenn criticizes Tito's trip as a "misuse of a spacecraft designed for research". I guess space junkets by geriatric senators must count as research. Read the story on CNN."

And speaking of reactions, DelphiGeek writes: "There have been a plethora of stories on Microsoft's Mundie and his comments on Open Source. Postings of ESR, Linus and others rebuttals were posted here. However, I never saw anything displaying RMS' response. I find this odd seeing how the GPL was the license that was directly attacked. Here is a link to RMS' official response. Also on GNU there are several documents that are older that state his postion."

You'll note that RMS does not find "conciliatory" in his personal dictionary ;)

Nobody's opening any kimonos here, pal!

"Since the kimono has already been opened...

RLX is going to be demoing the RLX System 324 Web Server at Networld+Interop. RLX is not on the show floor but if you want to see it, look on their website and call the number or email sales@rlxtechnologies.com to get the info and get into see it.

Just a few notes of what has already been done with these things. An initial 220 Node Beowulf Cluster in one rack in under two man days, just as a proof of concept. On that line, RLX has been working with Scyld, (people like Don Becker and the original Beowulf crew), on some real cool integration of Scyld Beowulf. Brings the time down for a beowulf from days to hours. The rumor is they will even have a small cluster using the Scyld stuff at N+I.

questionlp writes "The waiting is over! The May issue of Daemon News is now available on-line here. The new issue covers a wide range of topics from Webmin, web security via encryption and authentication, and the usual monthly Answerman column, plus a lot more." and jim writes "This month's first FreeBSD'zine issue includes articles on running BIND in a jail, scanning email for virii, an introduction to mutt, and keeping your FreeBSD docs tree up-to-date. Go take a look." Its also worth mentioning that starting this month, the 'zine will be released twice a month

PapaZit asks: "Laptop and home users don't alway have access to a network. There are many tasks that can be done off-line, but require an occasional network connection (reading and responding to email, for example). In the Free Unix front, there has been some work in this direction, but it hasn't made it anywhere outside of Windows. Coda has made it possible for me to work with centralized files offline, and I have some ugly scripts involving perl, fetchmail, and procmail that handle email, but I wouldn't inflict them on others. An OS with automated "Network indifference" seems like it would be useful to both novice users and power users, and it's the sort of thing that could make these alternative operating systems more appealing to the masses. Are there any efforts in this direction that could use support or testers? Are people waiting until networking becomes so ubiquitous that the problem goes away?"

A reader writes: "Every time BSD gets mentioned on Slashdot, the usual round of questions get asked. Most queries want to know what the differences in the BSDs are. For the April DaemonNews, James Howard has written the answer."

A reader writes: "Every time BSD gets mentioned on Slashdot, the usual round of questions get asked. Most queries want to know what the differences in the BSDs are. For the April DaemonNews, James Howard has written the answer."

mr writes "The boys and girls at Evans Data want to sell you a 178 page report about Linux. Now, they had a page that put FreeBSD between Caldara and Debian as far as how often it is used as a web server. They have pulled FreeBSD from the list. Seems Evans Data just figured out that FreeBSD isn't Linux. Did Evens Data use pages from TigerSoftware or perhaps the crack staff of Tucows?" There's also a Daily DaemonNews story with some figures.

jmallett writes: "xMach, the microkernel BSD Operating System, first made an announcement on Daily DaemonNews stating that there were some new source and binary snapshots available. Also, OsOpinion has an article I wrote about my experiences so far, entitled 'Giving Birth to xMach'. Development of xMach currently is limited to the microkernel and its servers, but a userland (based on that from the good people at OpenBSD) will be worked on shortly. Some of the primary focuses on xMach are data storage, security, and non-bloat."

An unnamed reader writes "Daily DaemonNews is running a story about Chili!Soft doing a port of Chili!Soft ASP to FreeBSD. It seems they're trying to gather enough interest to make a port worth while. A phone number and link is mentioned in the article."

An unnamed reader writes "Daily DaemonNews is running a story about Chili!Soft doing a port of Chili!Soft ASP to FreeBSD. It seems they're trying to gather enough interest to make a port worth while. A phone number and link is mentioned in the article."

Gregory Sutter wanted to let us know that "Daemon News now has a get-it-in-your-snail-mail print publication that you'll actually receive. The Daemon News Magazine is about to ship issue #3 to subscribers, and due to all the hungry-mailman problems that we experienced with the last mailing, we're including issue #2 with all #3 subscriptions received within the next 24 hours. (After tomorrow, subscriptions will start with issue #3.) We've tamed the angry mailmen, so you'll actually get your mags on time. The DN Magazine has original BSD and Open Source content not found in the DN ezine."

Gregory Sutter wanted to let us know that "Daemon News now has a get-it-in-your-snail-mail print publication that you'll actually receive. The Daemon News Magazine is about to ship issue #3 to subscribers, and due to all the hungry-mailman problems that we experienced with the last mailing, we're including issue #2 with all #3 subscriptions received within the next 24 hours. (After tomorrow, subscriptions will start with issue #3.) We've tamed the angry mailmen, so you'll actually get your mags on time. The DN Magazine has original BSD and Open Source content not found in the DN ezine."

Gregory Sutter wanted to let us know that "Daemon News now has a get-it-in-your-snail-mail print publication that you'll actually receive. The Daemon News Magazine is about to ship issue #3 to subscribers, and due to all the hungry-mailman problems that we experienced with the last mailing, we're including issue #2 with all #3 subscriptions received within the next 24 hours. (After tomorrow, subscriptions will start with issue #3.) We've tamed the angry mailmen, so you'll actually get your mags on time. The DN Magazine has original BSD and Open Source content not found in the DN ezine."

Gregory Sutter wanted to let us know that "Daemon News now has a get-it-in-your-snail-mail print publication that you'll actually receive. The Daemon News Magazine is about to ship issue #3 to subscribers, and due to all the hungry-mailman problems that we experienced with the last mailing, we're including issue #2 with all #3 subscriptions received within the next 24 hours. (After tomorrow, subscriptions will start with issue #3.) We've tamed the angry mailmen, so you'll actually get your mags on time. The DN Magazine has original BSD and Open Source content not found in the DN ezine."

Every BSD article posted, trolls come out and post about BSD dying. Naysayers at every turn, mostly pro-Linux, say that BSD doesn't have the marketing and advocacy to succeed. Greg Lehey, author of The Complete FreeBSD and FreeBSD core team member, takes a look at naysayer's claims, the history of BSD, the root of the "quiet" BSD advocates, and the relationship of Linux to it all, in this month's Daemon's Advocate at Daemon News

Every BSD article posted, trolls come out and post about BSD dying. Naysayers at every turn, mostly pro-Linux, say that BSD doesn't have the marketing and advocacy to succeed. Greg Lehey, author of The Complete FreeBSD and FreeBSD core team member, takes a look at naysayer's claims, the history of BSD, the root of the "quiet" BSD advocates, and the relationship of Linux to it all, in this month's Daemon's Advocate at Daemon News

BSD Today ran a comment on Tucows shutting down the Tucows BSD Section after flames from the BSD community about the misinformation they had on the site. Tucows says that they cannot meet the demands of all the "factions" within the BSD camp. It's a cop-out in my opinion; BSD Today and Daemon News seem to do it fine. All any of us asked for was for the inflammatory pro-linux/anti-BSD flavor of it to be toned down, and the misinformation cleared up. DaemonNews also carries some appropriate comments.

BSD Today ran a comment on Tucows shutting down the Tucows BSD Section after flames from the BSD community about the misinformation they had on the site. Tucows says that they cannot meet the demands of all the "factions" within the BSD camp. It's a cop-out in my opinion; BSD Today and Daemon News seem to do it fine. All any of us asked for was for the inflammatory pro-linux/anti-BSD flavor of it to be toned down, and the misinformation cleared up. DaemonNews also carries some appropriate comments.

Last Friday we solicited questions for Robert Watson, hard-core FreeBSD and TrustedBSD developer. His answers (below) are breathtakingly deep and instructive. Whether you're "just curious" about BSD or a FreeBSD user who wants to see what's going on with the inner circle of developers, you'll want to spend the time it takes to read everything here, and possibly even send Mr. Watson a brief "thank you" email.

OS X based on FreeBSD
by Kevinv

OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?

Robert:

The easy answer is that Apple is involved in the open source community, and appears to be strongly committed to releasing their own software as open source, and contributing changes back to other projects whose software they use. Clearly, they're fairly embroiled in their upcoming release process at this point, but I'd expect more news on this front in the future.

They've had a strong presence at various technical conferences, including the BSD Conference in Monterey last year, and they're helping to sponsor and are participating in the Open Packages project. I've visited Apple on two occasions to discuss both FreeBSD and TrustedBSD work with them, and had the opportunity to meet with many of the people in their Core OS Group. While I don't know everything they've been up to, I can speak to their shipping me two iMacs so I could explore the operating system and look at porting some of the TrustedBSD work to it, and must say that

I'm very impressed.

One thing I think the FreeBSD project should do is select a liaison to work with Apple to help them understand our development model better, and help integrate back changes made to Darwin. Especially in light of all the changes coming in FreeBSD 5.0, it's important that we work together to prevent substantial divergence between our source trees (where possible) allowing us to continue to exchange features in the future. I have to give Apple a big thumbs up, and hope they keep up the good work!

what do you do for *money*??
by gskouby

While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills.

Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!

Robert:

Ahh, the perils of capitalism. Needless to say, all core members enjoy employment in some form or another. Some work with companies that pay them to work on FreeBSD (including BSDi), others do independent consulting on (among other things) FreeBSD; others still work on utterly unrelated areas. Since the question was raised, I'll talk a little about what I do, and how it does relate to FreeBSD.

I work for NAI Labs, a research organization that is now associated with PGP, Inc -- about 100 full time researchers doing advanced research and development for the likes of DARPA, other government agencies, industry, and internal research and development. If you don't recognize the name, we used to be the Advanced Research and Engineering (ARE) division of Trusted Information Systems (TIS). At NAI Labs, I'm a Research Scientist in the Network Security research group, and have worked on a variety of projects including securing DNS (DNSsec), DHCP security, active network security, and denial of service research. While most of my work (right now) is relatively unrelated to FreeBSD, we hope to change this in the relatively near future, identifying funding for work on FreeBSD and TrustedBSD, as well as porting work to OpenBSD, and work on Darwin. Other examples of operating system security work on open source here include Software Wrappers and Low Watermark Mandatory Access Control. One of the great things about working at NAI Labs is the opportunity to participate in cutting edge security research, and the opportunity to set your own direction. All in all it's a really nice place to work, and I recommend it highly--in fact, we're actively hiring at this point, so if you're interested, feel free to fire off a resume to rwatson@tislabs.com.

Of course, companies can greatly benefit from employing a FreeBSD developer, as they have the opportunity to influence development of the operating system (subject to the common sense of the developer and consensus of the project as a whole, needless to say). Many FreeBSD developers, looking at the committer community as a whole, are employed to do what they would like to be doing anyway: working on a section of the system that interests them.

TrustedBSD and NSA secure linux
by Xuther

How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?

And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")

Robert:

These compound questions are the killers :-).

I am both aware of and familiar with the NSA Secure Linux work -- a fair amount of the work is being done at NAI Labs under contract from NSA. Stephen Smalley, one of the lead developers on the project, actually works just upstairs from me in the Glenwood, Maryland office of NAI Labs. As such, I've had a number of opportunities to talk with him about the work. One of the advantages of working at NAI Labs is the ability to get wide exposure for a variety of security-related research on many platforms, and relating to many topics.

TrustedBSD and SELinux are similar in many ways, and also differ in many ways. The similarities lie in overlapping functionality and architectural goals; the differences only begin with the choice of operating systems. TrustedBSD introduces a number of features into the FreeBSD operating system including Mandatory Access Control (MAC).

In a broad generalization, MAC allows administrators to define security policies about how users interact with one another. These policies are mandatory in the sense that users are not permitted to change the policies, although some flexibility may be permitted by the policy.

MAC is distinguished from Discretionary Access Control (DAC) in this manner; most Linux or FreeBSD users will be familiar with DAC in the form of file permissions. In DAC models, the owners of objects (and possibly other parties) are permitted to modify protections to reflect their needs. A common mandatory policy is Multi-Level Security (MLS), or the "military security model".

In this model, users are assigned "clearances", and objects are assigned "classifications". MLS prevents users from reading files they are not allowed to read, but it also prevents users from sharing files they are not allowed to share (this is the mandatory component). MLS is just one mandatory policy, there are many others that have been defined and explored in various environments. TrustedBSD implements three mandatory policies in its current prototype form: MLS, a Biba integrity policy that is similar to MLS but protects integrity instead of confidentiality, and a light-weight partitioning scheme that is an extension of the popular jail() mechanism introduced in FreeBSD 4.0-RELEASE.

SELinux provides an implementation of a flexible mandatory access control architecture called Flask for Linux. The architecture is a generalization of Type Enforcement (TE) and can support a wide variety of mandatory security policies. In the Flask architecture, the security policy is encapsulated in a pluggable "security server" component that can be replaced. The example security server provided with SELinux includes support for TE, MLS and a simple form of Role-Based Access Control (RBAC). An important focus of this architecture is separating policy representation and processing from policy enforcement.

SELinux differs from TrustedBSD in that it is a more mature system, having been worked on for several years, that it addresses only mandatory access controls, and that it uses the Flask architecture rather than explicit hard-coded policies. It is certainly the case that we plan to leverage the SELinux implementation now that the source code is available; the abstractions of the Flask architecture are similar to ones that were being considered for TrustedBSD. Having the opportunity to look at the SELinux source will allow us to benefit from their implementation experiences.

As you observe, some TrustedBSD features have already been integrated into the base tree, including extended attributes on files, as well as infrastructure support for capabilities, ACLs, and some of the improved abstractions I spoke about above. The plan is to integrate most of the TrustedBSD features into the base operating system distribution over time; some features are more intrusive, as well as more computationally expensive, than others, meaning that some features may be distributed as modules rather than enabled by default. However, it is a definite goal to make all of the work easily available for FreeBSD installations, and under a two clause BSD-style license. Many of these features will appear in FreeBSD 5.0-RELEASE, although they will presumably mature over time.

The remainder of your questions address clustering; I have to begin by pointing out that I don't have much experience with clustered environments. I can probably safely comment that the TrustedBSD features won't present any substantial additional impediment towards implementing clustering, either in terms of functionality or performance. Most of the of the TrustedBSD features either supplement base UNIX features without substantially changing them in ways that impact applications, or are disabled unless specifically configured.

My understanding is that many of the normal computational clustering tools, such as PVM, are available via the FreeBSD ports/packages collection, and that FreeBSD is used in clustering, but as a non-expert can't speak much to this issue. As clustering means something different to every observer, this may not have answered your question, and I'd welcome follow-up e-mail to discuss this further.

Openpackages?
by Enahs

What's your opinion on the Open Packages project? Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...

Robert:

I think OpenPackages is a great idea: the ports/packages on FreeBSD and other BSD platforms have been an incredible boon for the users of these systems. One of the disadvantages of BSD is that it hasn't presented a single porting target, and that there has been redundant porting work going on. OpenPackages offers a way to reduce redundant work, and improve application portability. I was excited to see Apple on the list of sponsors for the project, it shows continued commitment by Apple to open source.

A few important questions:
by Bob Abooey

1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution

Robert:

I'm not sure how to interpret this question; FreeBSD provides the standard UNIX-like API for memory management (brk(), sbrk(), memory mapping, protection modification, SysV shared memory). This is supported by a Mach-based virtual memory system that has undergone substantial feature evolution and performance optimization. All performance benchmarks I've seen suggest that the FreeBSD virtual memory system is both robust and high-performance under both light and heavy loads. This is one of the features of FreeBSD that has made it so popular for web farms and file servers.

My understanding is that the new VM system under development for Linux takes into account the FreeBSD VM design, and shares many of its design choices and, as a result, performance and stability properties. However, I have not followed that work closely enough to comment in great detail on the topic.

2) Are there plans to rewrite the TCP/IP stack to be multi threaded

One of the major development projects currently underway is "SMPng", or the Next Generation SMP project for FreeBSD. The SMPng project goals include:

• A fully preemptive and reentrant kernel
• Fine-grained data based locking
• An evolutionary development process
• Rapid development cycle leveraging technology donated by BSDi from their next generation SMP support under development for BSD/OS, including debugging tools and operation models
• Thread-based interrupts allowing blocking at will

This should substantially improve performance on SMP machines, as well as modernize the structure of the kernel. It will include work to push down locks (eliminating the giant kernel lock present in other versions of FreeBSD), including in the network subsystem, allowing components of the network stack to execute in parallel on different processors.

3) Will BSD ever migrate away from UFS to a more modern file system?

It depends what you mean by a "modern file system". Right now, FreeBSD actually uses FFS, the Berkeley Fast File System, with the addition of "soft updates" for performance and consistency, and under 5.0-CURRENT (the development branch), the ability to atomically snapshot file systems, as well as the ability to store extended attributes on files, in turn supporting other features such as Access Control Lists (ACLs). Fsck-less booting is currently a work in progress, and will be in 5.0-RELEASE also. In fact, several sites including Yahoo! have already deployed fsckless booting internally. paper presented at the USENIX 2000 Technical Conference discusses the performance and consistency differences between journalled and soft updates consistency mechanisms. The paper in question also discusses two different journalling implementations based on FFS and developed on FreeBSD, which will be made available at some point to the FreeBSD project for possible integration. I think it's safe to say that, by most definitions, FFS on modern BSD operating systems is very much a modern file system.

4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations

One of the FreeBSD Project goals is to comply with appropriate API and user interface standards. Generally speaking, a failure to comply with a relevant standard is considered to be a bug, and should be reported using the standard bug reporting tools (we use GNATS to track bugs). If you are aware of non-compliant features or interfaces, please let us know and we will endeavor to fix them.

Why would you... ?
by SonOfSam

FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.

I am a Windows guy, only because my job says so.

What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?

Robert:

There are a number of aspects to your question, and there are a lot of ways I could explore it. It seems that the first part of the question relates to why I as a user and developer make use of FreeBSD (and open source in general). Another aspect seems to be a question about political motivations.

Open source gives me as a developer the ability to do things that closed source could never allow--I get to determine what features are important and dedicate resources to making them available. As "extensible" as closed source operating systems may be, it is hard to understand how a system works without access to the source, and hard to modify it to do things the designers didn't anticipate. This argument is also a reason why NAI Labs does a great deal of its research and development on open source systems: it's simply impossible to get that level of responsiveness from a closed source system vendor.

As to political motivations? My motivation for pushing FreeBSD is the philosophy of the project, rather than general intuitions about personal freedom. The project (as with many open source projects) has a dedication to technical excellence and openness (of process, as well as source) that is outstanding. I wouldn't force anyone to open source their software as that's a personal (or often corporate) choice, but I recommend open source software widely.

One of the political aspects to open source is the selection of license: I don't see this as a big thing. The BSD license probably does better reflect both my beliefs and needs, but I use and modify software under a variety of licenses, and recognize that the license you release your software under has to reflect your own beliefs and needs. Any other understanding of license selection as a moral argument fails to recognize a contemporary understanding of relativism that is vital to cooperation :-).

As to why FreeBSD as opposed to any other operating system? Well, as I mentioned above, the FreeBSD project has a dedication to technical excellence and openness. What does this mean? It means that I have a high level of confidence in the software (both by reputation, experimentation, and source code inspection). The operating system is stable and performs extremely well, is extensible, and is being actively developed in a variety of ways. There's an attention to detail, as well as the big picture, that reflects a high level of dedication among developers.

Advantages over the traditional Windows platforms have long been stability and performance, as well as openness. I haven't run the performance numbers recently, but understand that Microsoft has made large investments in stability and performance for Windows 2000; it would be a mistake to underestimate their ability to improve in this area. As long as Microsoft remains closed source, however, they will be unable to match the openness that is vital to the work that I do.

The primary difference that I see as important for me when comparing FreeBSD and Linux lies in the development model: there is a central forum and structure for the FreeBSD developer community that provides a forum for communication, group decisions and consensus building. My feeling is that this leads to better design decisions, and a focus that reflects a whole-system view. An important question for the FreeBSD Project as we move forward is whether or not this model can scale easily as we expand. The number of "committers" on the FreeBSD team has dramatically expanded over the last couple of years; many of these developers are working on the ports/packages and documentation, but many of them also work on the base system. Moving towards an elected core team, as well as ongoing debates on the development model and source code management reflect the increasing size and more diverse needs of the developers. The SMPng project's managed development model is another sign of this growth, and an example of a successful attempt to address the need for more structured development practices in the face of a larger audience and more people working on the same code.

Mac OS X appears to have a bright future: Apple has managed to tread in NeXT's footsteps when it comes to combining a mix of strong technical components from the open source and research communities, as well as excellent internally developed work. OS X represents a number of dramatic changes for the Mac user community; Apple has in the past shown a great deal of responsiveness to that community, and OS X looks like it will be an interesting fusion of advanced operating system concepts and a highly usable interface. Part of what will be important in the widespread adoption of Mac OS X is consistency with prior versions, allowing users to migrate in a relatively seamless manner. In Steve Jobs' recent demo and presentation, inclusion of the traditional Apple Menu appears to demonstrate sensitivity to this issue, and responsiveness to the comment submission process. I see a place for a Mac OS X box on my desk in the near future.

Because it leverages FreeBSD work, and because FreeBSD leverages Apple's work, I don't see them as mutually incompatible. It is my firm hope that Apple and the FreeBSD Project find ways to work together more in the future, because I think everyone will benefit from this.

These are just my opinions, and I would expect others to disagree with me. I should point out that in the past, I've recommended the use of a variety of operating systems to both individuals and companies; this includes Windows, Linux, Mac OS, Solaris, and FreeBSD. I'd be a fool to assert that any operating system is appropriate for all uses and environments.

decent literature
by boog3r

instead of asking you a few questions directly, i would like to solve them on my own with the best set of tools. what publications or literature would you recommend for:

the *bsd newbie or learner
the *bsd uber-know-it-all-i-dont-need-any-docs

i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?

Robert:

I'll speak to the FreeBSD section of BSD, since that's what I'm most familiar with. There are several books available describing FreeBSD.

The most commonly used is The Complete FreeBSD by Greg Lehey, which can also come bundled with a CDROM set, making it easy for new or experienced users to go to a single source. The book is currently in its third edition, and apparently there is a fourth edition currently under preparation. I saw this book in the local Barnes and Noble's recently, so it should be fairly easy to locate. A recent addition to the collection of books on FreeBSD is Ted Mittelstaedt's The FreeBSD Corporate Networker's Guide, which also includes a CD-ROM.

The online documentation for FreeBSD is also strong, both in the form of the FreeBSD Handbook, which includes both reference and tutorial materials accessible via a web browser, and the normal UNIX-like man pages. The FreeBSD Handbook is also available in printed form. Both are actively maintained and regularly extended to cover new features.

FreeBSD and BSD books are generally available from BSDi via their FreeBSD Mall Books page, and from the Daemon News Books and Posters page, not to mention your normal online book vendors (Amazon, Barnes and Noble, et al), and quite possibly your local bookstore.

In addition, the BSD Daemon News magazine is now available in print as well as electronic form, and includes articles appropriate for both users and developers.

I suspect the "uber-know-it-all-i-dont-need-any-docs" guy is unlikely to listen to any recommendations from me, but would probably find the man pages most useful as they're more reference than tutorial :-).

To be honest, I don't use security documentation other than the man pages, as I'm familiar with most of the base system features, as they're an area where I've done a lot of work. Out of the box, FreeBSD is a fairly safe beast, as long as you've reviewed recent security advisories for the release you're using. The usual advice applies: don't install or run things you don't need to, and emain up-to-date on security advisories. There's a FreeBSD security how-to on the web site.

For the die-hard "uber-know-it-all", there's always the source, which in the end is authoritative as to how the implementation works, regardless of documentation :-).

----------------

I noticed in the comments, although it didn't make it into the questions in the interview, that there was a lot of curiosity about the relationship between the OpenBSD Project and the TrustedBSD Project, also regarding TrustedBSD and FreeBSD. As it's important to understanding the work I do, and the goals of the project, I figured I should throw in a bonus answer:

TrustedBSD provides a set of extensions to FreeBSD to add support for {ACLs, Capabilities, Mandatory Access Control, Auditing} as well as supporting features to implement them. As I described above, these features are being integrated into the base operating system distribution, with the intent that they be "part of FreeBSD". This is facilitated by having some of the TrustedBSD developers also be FreeBSD Project developers.

The OpenBSD and TrustedBSD projects have largely different thrusts: while the OpenBSD project seeks to provide a correct and bug-free POSIX implementation (where correctness includes a focus on failing to suffer from security holes). It also includes cryptography-related features as a primary development goal, hence early development and integration of IPsec in the base system (and a continuing high level of maturity of their implementation), as well as their work on OpenSSH. The TrustedBSD project seeks to introduce a variety of features, some described in the defunct POSIX.1e draft.

While TrustedBSD targets FreeBSD as the starting operating system, it should be observed that all of the BSD systems stem from the same source base, and remain very similar. This means that porting a feature from FreeBSD to OpenBSD should prove relatively straight-forward. The same goes for Darwin, the kernel from Mac OS X. I list both of these explicitly because we in fact have plans to start porting features to both of these platforms, as resources permit. The starting point in both cases will be to make Extended Attributes available in their file systems; these are used to store the supporting data for ACLs, capabilities on files, and MAC labels. I'd welcome interest in porting these features to other BSD platforms, including NetBSD and BSD/OS as well.

---------------

Last Friday we solicited questions for Robert Watson, hard-core FreeBSD and TrustedBSD developer. His answers (below) are breathtakingly deep and instructive. Whether you're "just curious" about BSD or a FreeBSD user who wants to see what's going on with the inner circle of developers, you'll want to spend the time it takes to read everything here, and possibly even send Mr. Watson a brief "thank you" email.

OS X based on FreeBSD
by Kevinv

OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?

Robert:

The easy answer is that Apple is involved in the open source community, and appears to be strongly committed to releasing their own software as open source, and contributing changes back to other projects whose software they use. Clearly, they're fairly embroiled in their upcoming release process at this point, but I'd expect more news on this front in the future.

They've had a strong presence at various technical conferences, including the BSD Conference in Monterey last year, and they're helping to sponsor and are participating in the Open Packages project. I've visited Apple on two occasions to discuss both FreeBSD and TrustedBSD work with them, and had the opportunity to meet with many of the people in their Core OS Group. While I don't know everything they've been up to, I can speak to their shipping me two iMacs so I could explore the operating system and look at porting some of the TrustedBSD work to it, and must say that

I'm very impressed.

One thing I think the FreeBSD project should do is select a liaison to work with Apple to help them understand our development model better, and help integrate back changes made to Darwin. Especially in light of all the changes coming in FreeBSD 5.0, it's important that we work together to prevent substantial divergence between our source trees (where possible) allowing us to continue to exchange features in the future. I have to give Apple a big thumbs up, and hope they keep up the good work!

what do you do for *money*??
by gskouby

While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills.

Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!

Robert:

Ahh, the perils of capitalism. Needless to say, all core members enjoy employment in some form or another. Some work with companies that pay them to work on FreeBSD (including BSDi), others do independent consulting on (among other things) FreeBSD; others still work on utterly unrelated areas. Since the question was raised, I'll talk a little about what I do, and how it does relate to FreeBSD.

I work for NAI Labs, a research organization that is now associated with PGP, Inc -- about 100 full time researchers doing advanced research and development for the likes of DARPA, other government agencies, industry, and internal research and development. If you don't recognize the name, we used to be the Advanced Research and Engineering (ARE) division of Trusted Information Systems (TIS). At NAI Labs, I'm a Research Scientist in the Network Security research group, and have worked on a variety of projects including securing DNS (DNSsec), DHCP security, active network security, and denial of service research. While most of my work (right now) is relatively unrelated to FreeBSD, we hope to change this in the relatively near future, identifying funding for work on FreeBSD and TrustedBSD, as well as porting work to OpenBSD, and work on Darwin. Other examples of operating system security work on open source here include Software Wrappers and Low Watermark Mandatory Access Control. One of the great things about working at NAI Labs is the opportunity to participate in cutting edge security research, and the opportunity to set your own direction. All in all it's a really nice place to work, and I recommend it highly--in fact, we're actively hiring at this point, so if you're interested, feel free to fire off a resume to rwatson@tislabs.com.

Of course, companies can greatly benefit from employing a FreeBSD developer, as they have the opportunity to influence development of the operating system (subject to the common sense of the developer and consensus of the project as a whole, needless to say). Many FreeBSD developers, looking at the committer community as a whole, are employed to do what they would like to be doing anyway: working on a section of the system that interests them.

TrustedBSD and NSA secure linux
by Xuther

How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?

And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")

Robert:

These compound questions are the killers :-).

I am both aware of and familiar with the NSA Secure Linux work -- a fair amount of the work is being done at NAI Labs under contract from NSA. Stephen Smalley, one of the lead developers on the project, actually works just upstairs from me in the Glenwood, Maryland office of NAI Labs. As such, I've had a number of opportunities to talk with him about the work. One of the advantages of working at NAI Labs is the ability to get wide exposure for a variety of security-related research on many platforms, and relating to many topics.

TrustedBSD and SELinux are similar in many ways, and also differ in many ways. The similarities lie in overlapping functionality and architectural goals; the differences only begin with the choice of operating systems. TrustedBSD introduces a number of features into the FreeBSD operating system including Mandatory Access Control (MAC).

In a broad generalization, MAC allows administrators to define security policies about how users interact with one another. These policies are mandatory in the sense that users are not permitted to change the policies, although some flexibility may be permitted by the policy.

MAC is distinguished from Discretionary Access Control (DAC) in this manner; most Linux or FreeBSD users will be familiar with DAC in the form of file permissions. In DAC models, the owners of objects (and possibly other parties) are permitted to modify protections to reflect their needs. A common mandatory policy is Multi-Level Security (MLS), or the "military security model".

In this model, users are assigned "clearances", and objects are assigned "classifications". MLS prevents users from reading files they are not allowed to read, but it also prevents users from sharing files they are not allowed to share (this is the mandatory component). MLS is just one mandatory policy, there are many others that have been defined and explored in various environments. TrustedBSD implements three mandatory policies in its current prototype form: MLS, a Biba integrity policy that is similar to MLS but protects integrity instead of confidentiality, and a light-weight partitioning scheme that is an extension of the popular jail() mechanism introduced in FreeBSD 4.0-RELEASE.

SELinux provides an implementation of a flexible mandatory access control architecture called Flask for Linux. The architecture is a generalization of Type Enforcement (TE) and can support a wide variety of mandatory security policies. In the Flask architecture, the security policy is encapsulated in a pluggable "security server" component that can be replaced. The example security server provided with SELinux includes support for TE, MLS and a simple form of Role-Based Access Control (RBAC). An important focus of this architecture is separating policy representation and processing from policy enforcement.

SELinux differs from TrustedBSD in that it is a more mature system, having been worked on for several years, that it addresses only mandatory access controls, and that it uses the Flask architecture rather than explicit hard-coded policies. It is certainly the case that we plan to leverage the SELinux implementation now that the source code is available; the abstractions of the Flask architecture are similar to ones that were being considered for TrustedBSD. Having the opportunity to look at the SELinux source will allow us to benefit from their implementation experiences.

As you observe, some TrustedBSD features have already been integrated into the base tree, including extended attributes on files, as well as infrastructure support for capabilities, ACLs, and some of the improved abstractions I spoke about above. The plan is to integrate most of the TrustedBSD features into the base operating system distribution over time; some features are more intrusive, as well as more computationally expensive, than others, meaning that some features may be distributed as modules rather than enabled by default. However, it is a definite goal to make all of the work easily available for FreeBSD installations, and under a two clause BSD-style license. Many of these features will appear in FreeBSD 5.0-RELEASE, although they will presumably mature over time.

The remainder of your questions address clustering; I have to begin by pointing out that I don't have much experience with clustered environments. I can probably safely comment that the TrustedBSD features won't present any substantial additional impediment towards implementing clustering, either in terms of functionality or performance. Most of the of the TrustedBSD features either supplement base UNIX features without substantially changing them in ways that impact applications, or are disabled unless specifically configured.

My understanding is that many of the normal computational clustering tools, such as PVM, are available via the FreeBSD ports/packages collection, and that FreeBSD is used in clustering, but as a non-expert can't speak much to this issue. As clustering means something different to every observer, this may not have answered your question, and I'd welcome follow-up e-mail to discuss this further.

Openpackages?
by Enahs

What's your opinion on the Open Packages project? Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...

Robert:

I think OpenPackages is a great idea: the ports/packages on FreeBSD and other BSD platforms have been an incredible boon for the users of these systems. One of the disadvantages of BSD is that it hasn't presented a single porting target, and that there has been redundant porting work going on. OpenPackages offers a way to reduce redundant work, and improve application portability. I was excited to see Apple on the list of sponsors for the project, it shows continued commitment by Apple to open source.

A few important questions:
by Bob Abooey

1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution

Robert:

I'm not sure how to interpret this question; FreeBSD provides the standard UNIX-like API for memory management (brk(), sbrk(), memory mapping, protection modification, SysV shared memory). This is supported by a Mach-based virtual memory system that has undergone substantial feature evolution and performance optimization. All performance benchmarks I've seen suggest that the FreeBSD virtual memory system is both robust and high-performance under both light and heavy loads. This is one of the features of FreeBSD that has made it so popular for web farms and file servers.

My understanding is that the new VM system under development for Linux takes into account the FreeBSD VM design, and shares many of its design choices and, as a result, performance and stability properties. However, I have not followed that work closely enough to comment in great detail on the topic.

2) Are there plans to rewrite the TCP/IP stack to be multi threaded

One of the major development projects currently underway is "SMPng", or the Next Generation SMP project for FreeBSD. The SMPng project goals include:

• A fully preemptive and reentrant kernel
• Fine-grained data based locking
• An evolutionary development process
• Rapid development cycle leveraging technology donated by BSDi from their next generation SMP support under development for BSD/OS, including debugging tools and operation models
• Thread-based interrupts allowing blocking at will

This should substantially improve performance on SMP machines, as well as modernize the structure of the kernel. It will include work to push down locks (eliminating the giant kernel lock present in other versions of FreeBSD), including in the network subsystem, allowing components of the network stack to execute in parallel on different processors.

3) Will BSD ever migrate away from UFS to a more modern file system?

It depends what you mean by a "modern file system". Right now, FreeBSD actually uses FFS, the Berkeley Fast File System, with the addition of "soft updates" for performance and consistency, and under 5.0-CURRENT (the development branch), the ability to atomically snapshot file systems, as well as the ability to store extended attributes on files, in turn supporting other features such as Access Control Lists (ACLs). Fsck-less booting is currently a work in progress, and will be in 5.0-RELEASE also. In fact, several sites including Yahoo! have already deployed fsckless booting internally. paper presented at the USENIX 2000 Technical Conference discusses the performance and consistency differences between journalled and soft updates consistency mechanisms. The paper in question also discusses two different journalling implementations based on FFS and developed on FreeBSD, which will be made available at some point to the FreeBSD project for possible integration. I think it's safe to say that, by most definitions, FFS on modern BSD operating systems is very much a modern file system.

4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations

One of the FreeBSD Project goals is to comply with appropriate API and user interface standards. Generally speaking, a failure to comply with a relevant standard is considered to be a bug, and should be reported using the standard bug reporting tools (we use GNATS to track bugs). If you are aware of non-compliant features or interfaces, please let us know and we will endeavor to fix them.

Why would you... ?
by SonOfSam

FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.

I am a Windows guy, only because my job says so.

What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?

Robert:

There are a number of aspects to your question, and there are a lot of ways I could explore it. It seems that the first part of the question relates to why I as a user and developer make use of FreeBSD (and open source in general). Another aspect seems to be a question about political motivations.

Open source gives me as a developer the ability to do things that closed source could never allow--I get to determine what features are important and dedicate resources to making them available. As "extensible" as closed source operating systems may be, it is hard to understand how a system works without access to the source, and hard to modify it to do things the designers didn't anticipate. This argument is also a reason why NAI Labs does a great deal of its research and development on open source systems: it's simply impossible to get that level of responsiveness from a closed source system vendor.

As to political motivations? My motivation for pushing FreeBSD is the philosophy of the project, rather than general intuitions about personal freedom. The project (as with many open source projects) has a dedication to technical excellence and openness (of process, as well as source) that is outstanding. I wouldn't force anyone to open source their software as that's a personal (or often corporate) choice, but I recommend open source software widely.

One of the political aspects to open source is the selection of license: I don't see this as a big thing. The BSD license probably does better reflect both my beliefs and needs, but I use and modify software under a variety of licenses, and recognize that the license you release your software under has to reflect your own beliefs and needs. Any other understanding of license selection as a moral argument fails to recognize a contemporary understanding of relativism that is vital to cooperation :-).

As to why FreeBSD as opposed to any other operating system? Well, as I mentioned above, the FreeBSD project has a dedication to technical excellence and openness. What does this mean? It means that I have a high level of confidence in the software (both by reputation, experimentation, and source code inspection). The operating system is stable and performs extremely well, is extensible, and is being actively developed in a variety of ways. There's an attention to detail, as well as the big picture, that reflects a high level of dedication among developers.

Advantages over the traditional Windows platforms have long been stability and performance, as well as openness. I haven't run the performance numbers recently, but understand that Microsoft has made large investments in stability and performance for Windows 2000; it would be a mistake to underestimate their ability to improve in this area. As long as Microsoft remains closed source, however, they will be unable to match the openness that is vital to the work that I do.

The primary difference that I see as important for me when comparing FreeBSD and Linux lies in the development model: there is a central forum and structure for the FreeBSD developer community that provides a forum for communication, group decisions and consensus building. My feeling is that this leads to better design decisions, and a focus that reflects a whole-system view. An important question for the FreeBSD Project as we move forward is whether or not this model can scale easily as we expand. The number of "committers" on the FreeBSD team has dramatically expanded over the last couple of years; many of these developers are working on the ports/packages and documentation, but many of them also work on the base system. Moving towards an elected core team, as well as ongoing debates on the development model and source code management reflect the increasing size and more diverse needs of the developers. The SMPng project's managed development model is another sign of this growth, and an example of a successful attempt to address the need for more structured development practices in the face of a larger audience and more people working on the same code.

Mac OS X appears to have a bright future: Apple has managed to tread in NeXT's footsteps when it comes to combining a mix of strong technical components from the open source and research communities, as well as excellent internally developed work. OS X represents a number of dramatic changes for the Mac user community; Apple has in the past shown a great deal of responsiveness to that community, and OS X looks like it will be an interesting fusion of advanced operating system concepts and a highly usable interface. Part of what will be important in the widespread adoption of Mac OS X is consistency with prior versions, allowing users to migrate in a relatively seamless manner. In Steve Jobs' recent demo and presentation, inclusion of the traditional Apple Menu appears to demonstrate sensitivity to this issue, and responsiveness to the comment submission process. I see a place for a Mac OS X box on my desk in the near future.

Because it leverages FreeBSD work, and because FreeBSD leverages Apple's work, I don't see them as mutually incompatible. It is my firm hope that Apple and the FreeBSD Project find ways to work together more in the future, because I think everyone will benefit from this.

These are just my opinions, and I would expect others to disagree with me. I should point out that in the past, I've recommended the use of a variety of operating systems to both individuals and companies; this includes Windows, Linux, Mac OS, Solaris, and FreeBSD. I'd be a fool to assert that any operating system is appropriate for all uses and environments.

decent literature
by boog3r

instead of asking you a few questions directly, i would like to solve them on my own with the best set of tools. what publications or literature would you recommend for:

the *bsd newbie or learner
the *bsd uber-know-it-all-i-dont-need-any-docs

i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?

Robert:

I'll speak to the FreeBSD section of BSD, since that's what I'm most familiar with. There are several books available describing FreeBSD.

The most commonly used is The Complete FreeBSD by Greg Lehey, which can also come bundled with a CDROM set, making it easy for new or experienced users to go to a single source. The book is currently in its third edition, and apparently there is a fourth edition currently under preparation. I saw this book in the local Barnes and Noble's recently, so it should be fairly easy to locate. A recent addition to the collection of books on FreeBSD is Ted Mittelstaedt's The FreeBSD Corporate Networker's Guide, which also includes a CD-ROM.

The online documentation for FreeBSD is also strong, both in the form of the FreeBSD Handbook, which includes both reference and tutorial materials accessible via a web browser, and the normal UNIX-like man pages. The FreeBSD Handbook is also available in printed form. Both are actively maintained and regularly extended to cover new features.

FreeBSD and BSD books are generally available from BSDi via their FreeBSD Mall Books page, and from the Daemon News Books and Posters page, not to mention your normal online book vendors (Amazon, Barnes and Noble, et al), and quite possibly your local bookstore.

In addition, the BSD Daemon News magazine is now available in print as well as electronic form, and includes articles appropriate for both users and developers.

I suspect the "uber-know-it-all-i-dont-need-any-docs" guy is unlikely to listen to any recommendations from me, but would probably find the man pages most useful as they're more reference than tutorial :-).

To be honest, I don't use security documentation other than the man pages, as I'm familiar with most of the base system features, as they're an area where I've done a lot of work. Out of the box, FreeBSD is a fairly safe beast, as long as you've reviewed recent security advisories for the release you're using. The usual advice applies: don't install or run things you don't need to, and emain up-to-date on security advisories. There's a FreeBSD security how-to on the web site.

For the die-hard "uber-know-it-all", there's always the source, which in the end is authoritative as to how the implementation works, regardless of documentation :-).

----------------

I noticed in the comments, although it didn't make it into the questions in the interview, that there was a lot of curiosity about the relationship between the OpenBSD Project and the TrustedBSD Project, also regarding TrustedBSD and FreeBSD. As it's important to understanding the work I do, and the goals of the project, I figured I should throw in a bonus answer:

TrustedBSD provides a set of extensions to FreeBSD to add support for {ACLs, Capabilities, Mandatory Access Control, Auditing} as well as supporting features to implement them. As I described above, these features are being integrated into the base operating system distribution, with the intent that they be "part of FreeBSD". This is facilitated by having some of the TrustedBSD developers also be FreeBSD Project developers.

The OpenBSD and TrustedBSD projects have largely different thrusts: while the OpenBSD project seeks to provide a correct and bug-free POSIX implementation (where correctness includes a focus on failing to suffer from security holes). It also includes cryptography-related features as a primary development goal, hence early development and integration of IPsec in the base system (and a continuing high level of maturity of their implementation), as well as their work on OpenSSH. The TrustedBSD project seeks to introduce a variety of features, some described in the defunct POSIX.1e draft.

While TrustedBSD targets FreeBSD as the starting operating system, it should be observed that all of the BSD systems stem from the same source base, and remain very similar. This means that porting a feature from FreeBSD to OpenBSD should prove relatively straight-forward. The same goes for Darwin, the kernel from Mac OS X. I list both of these explicitly because we in fact have plans to start porting features to both of these platforms, as resources permit. The starting point in both cases will be to make Extended Attributes available in their file systems; these are used to store the supporting data for ACLs, capabilities on files, and MAC labels. I'd welcome interest in porting these features to other BSD platforms, including NetBSD and BSD/OS as well.

---------------

Last Friday we solicited questions for Robert Watson, hard-core FreeBSD and TrustedBSD developer. His answers (below) are breathtakingly deep and instructive. Whether you're "just curious" about BSD or a FreeBSD user who wants to see what's going on with the inner circle of developers, you'll want to spend the time it takes to read everything here, and possibly even send Mr. Watson a brief "thank you" email.

OS X based on FreeBSD
by Kevinv

OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?

Robert:

The easy answer is that Apple is involved in the open source community, and appears to be strongly committed to releasing their own software as open source, and contributing changes back to other projects whose software they use. Clearly, they're fairly embroiled in their upcoming release process at this point, but I'd expect more news on this front in the future.

They've had a strong presence at various technical conferences, including the BSD Conference in Monterey last year, and they're helping to sponsor and are participating in the Open Packages project. I've visited Apple on two occasions to discuss both FreeBSD and TrustedBSD work with them, and had the opportunity to meet with many of the people in their Core OS Group. While I don't know everything they've been up to, I can speak to their shipping me two iMacs so I could explore the operating system and look at porting some of the TrustedBSD work to it, and must say that

I'm very impressed.

One thing I think the FreeBSD project should do is select a liaison to work with Apple to help them understand our development model better, and help integrate back changes made to Darwin. Especially in light of all the changes coming in FreeBSD 5.0, it's important that we work together to prevent substantial divergence between our source trees (where possible) allowing us to continue to exchange features in the future. I have to give Apple a big thumbs up, and hope they keep up the good work!

what do you do for *money*??
by gskouby

While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills.

Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!

Robert:

Ahh, the perils of capitalism. Needless to say, all core members enjoy employment in some form or another. Some work with companies that pay them to work on FreeBSD (including BSDi), others do independent consulting on (among other things) FreeBSD; others still work on utterly unrelated areas. Since the question was raised, I'll talk a little about what I do, and how it does relate to FreeBSD.

I work for NAI Labs, a research organization that is now associated with PGP, Inc -- about 100 full time researchers doing advanced research and development for the likes of DARPA, other government agencies, industry, and internal research and development. If you don't recognize the name, we used to be the Advanced Research and Engineering (ARE) division of Trusted Information Systems (TIS). At NAI Labs, I'm a Research Scientist in the Network Security research group, and have worked on a variety of projects including securing DNS (DNSsec), DHCP security, active network security, and denial of service research. While most of my work (right now) is relatively unrelated to FreeBSD, we hope to change this in the relatively near future, identifying funding for work on FreeBSD and TrustedBSD, as well as porting work to OpenBSD, and work on Darwin. Other examples of operating system security work on open source here include Software Wrappers and Low Watermark Mandatory Access Control. One of the great things about working at NAI Labs is the opportunity to participate in cutting edge security research, and the opportunity to set your own direction. All in all it's a really nice place to work, and I recommend it highly--in fact, we're actively hiring at this point, so if you're interested, feel free to fire off a resume to rwatson@tislabs.com.

Of course, companies can greatly benefit from employing a FreeBSD developer, as they have the opportunity to influence development of the operating system (subject to the common sense of the developer and consensus of the project as a whole, needless to say). Many FreeBSD developers, looking at the committer community as a whole, are employed to do what they would like to be doing anyway: working on a section of the system that interests them.

TrustedBSD and NSA secure linux
by Xuther

How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?

And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")

Robert:

These compound questions are the killers :-).

I am both aware of and familiar with the NSA Secure Linux work -- a fair amount of the work is being done at NAI Labs under contract from NSA. Stephen Smalley, one of the lead developers on the project, actually works just upstairs from me in the Glenwood, Maryland office of NAI Labs. As such, I've had a number of opportunities to talk with him about the work. One of the advantages of working at NAI Labs is the ability to get wide exposure for a variety of security-related research on many platforms, and relating to many topics.

TrustedBSD and SELinux are similar in many ways, and also differ in many ways. The similarities lie in overlapping functionality and architectural goals; the differences only begin with the choice of operating systems. TrustedBSD introduces a number of features into the FreeBSD operating system including Mandatory Access Control (MAC).

In a broad generalization, MAC allows administrators to define security policies about how users interact with one another. These policies are mandatory in the sense that users are not permitted to change the policies, although some flexibility may be permitted by the policy.

MAC is distinguished from Discretionary Access Control (DAC) in this manner; most Linux or FreeBSD users will be familiar with DAC in the form of file permissions. In DAC models, the owners of objects (and possibly other parties) are permitted to modify protections to reflect their needs. A common mandatory policy is Multi-Level Security (MLS), or the "military security model".

In this model, users are assigned "clearances", and objects are assigned "classifications". MLS prevents users from reading files they are not allowed to read, but it also prevents users from sharing files they are not allowed to share (this is the mandatory component). MLS is just one mandatory policy, there are many others that have been defined and explored in various environments. TrustedBSD implements three mandatory policies in its current prototype form: MLS, a Biba integrity policy that is similar to MLS but protects integrity instead of confidentiality, and a light-weight partitioning scheme that is an extension of the popular jail() mechanism introduced in FreeBSD 4.0-RELEASE.

SELinux provides an implementation of a flexible mandatory access control architecture called Flask for Linux. The architecture is a generalization of Type Enforcement (TE) and can support a wide variety of mandatory security policies. In the Flask architecture, the security policy is encapsulated in a pluggable "security server" component that can be replaced. The example security server provided with SELinux includes support for TE, MLS and a simple form of Role-Based Access Control (RBAC). An important focus of this architecture is separating policy representation and processing from policy enforcement.

SELinux differs from TrustedBSD in that it is a more mature system, having been worked on for several years, that it addresses only mandatory access controls, and that it uses the Flask architecture rather than explicit hard-coded policies. It is certainly the case that we plan to leverage the SELinux implementation now that the source code is available; the abstractions of the Flask architecture are similar to ones that were being considered for TrustedBSD. Having the opportunity to look at the SELinux source will allow us to benefit from their implementation experiences.

As you observe, some TrustedBSD features have already been integrated into the base tree, including extended attributes on files, as well as infrastructure support for capabilities, ACLs, and some of the improved abstractions I spoke about above. The plan is to integrate most of the TrustedBSD features into the base operating system distribution over time; some features are more intrusive, as well as more computationally expensive, than others, meaning that some features may be distributed as modules rather than enabled by default. However, it is a definite goal to make all of the work easily available for FreeBSD installations, and under a two clause BSD-style license. Many of these features will appear in FreeBSD 5.0-RELEASE, although they will presumably mature over time.

The remainder of your questions address clustering; I have to begin by pointing out that I don't have much experience with clustered environments. I can probably safely comment that the TrustedBSD features won't present any substantial additional impediment towards implementing clustering, either in terms of functionality or performance. Most of the of the TrustedBSD features either supplement base UNIX features without substantially changing them in ways that impact applications, or are disabled unless specifically configured.

My understanding is that many of the normal computational clustering tools, such as PVM, are available via the FreeBSD ports/packages collection, and that FreeBSD is used in clustering, but as a non-expert can't speak much to this issue. As clustering means something different to every observer, this may not have answered your question, and I'd welcome follow-up e-mail to discuss this further.

Openpackages?
by Enahs

What's your opinion on the Open Packages project? Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...

Robert:

I think OpenPackages is a great idea: the ports/packages on FreeBSD and other BSD platforms have been an incredible boon for the users of these systems. One of the disadvantages of BSD is that it hasn't presented a single porting target, and that there has been redundant porting work going on. OpenPackages offers a way to reduce redundant work, and improve application portability. I was excited to see Apple on the list of sponsors for the project, it shows continued commitment by Apple to open source.

A few important questions:
by Bob Abooey

1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution

Robert:

I'm not sure how to interpret this question; FreeBSD provides the standard UNIX-like API for memory management (brk(), sbrk(), memory mapping, protection modification, SysV shared memory). This is supported by a Mach-based virtual memory system that has undergone substantial feature evolution and performance optimization. All performance benchmarks I've seen suggest that the FreeBSD virtual memory system is both robust and high-performance under both light and heavy loads. This is one of the features of FreeBSD that has made it so popular for web farms and file servers.

My understanding is that the new VM system under development for Linux takes into account the FreeBSD VM design, and shares many of its design choices and, as a result, performance and stability properties. However, I have not followed that work closely enough to comment in great detail on the topic.

2) Are there plans to rewrite the TCP/IP stack to be multi threaded

One of the major development projects currently underway is "SMPng", or the Next Generation SMP project for FreeBSD. The SMPng project goals include:

• A fully preemptive and reentrant kernel
• Fine-grained data based locking
• An evolutionary development process
• Rapid development cycle leveraging technology donated by BSDi from their next generation SMP support under development for BSD/OS, including debugging tools and operation models
• Thread-based interrupts allowing blocking at will

This should substantially improve performance on SMP machines, as well as modernize the structure of the kernel. It will include work to push down locks (eliminating the giant kernel lock present in other versions of FreeBSD), including in the network subsystem, allowing components of the network stack to execute in parallel on different processors.

3) Will BSD ever migrate away from UFS to a more modern file system?

It depends what you mean by a "modern file system". Right now, FreeBSD actually uses FFS, the Berkeley Fast File System, with the addition of "soft updates" for performance and consistency, and under 5.0-CURRENT (the development branch), the ability to atomically snapshot file systems, as well as the ability to store extended attributes on files, in turn supporting other features such as Access Control Lists (ACLs). Fsck-less booting is currently a work in progress, and will be in 5.0-RELEASE also. In fact, several sites including Yahoo! have already deployed fsckless booting internally. paper presented at the USENIX 2000 Technical Conference discusses the performance and consistency differences between journalled and soft updates consistency mechanisms. The paper in question also discusses two different journalling implementations based on FFS and developed on FreeBSD, which will be made available at some point to the FreeBSD project for possible integration. I think it's safe to say that, by most definitions, FFS on modern BSD operating systems is very much a modern file system.

4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations

One of the FreeBSD Project goals is to comply with appropriate API and user interface standards. Generally speaking, a failure to comply with a relevant standard is considered to be a bug, and should be reported using the standard bug reporting tools (we use GNATS to track bugs). If you are aware of non-compliant features or interfaces, please let us know and we will endeavor to fix them.

Why would you... ?
by SonOfSam

FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.

I am a Windows guy, only because my job says so.

What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?

Robert:

There are a number of aspects to your question, and there are a lot of ways I could explore it. It seems that the first part of the question relates to why I as a user and developer make use of FreeBSD (and open source in general). Another aspect seems to be a question about political motivations.

Open source gives me as a developer the ability to do things that closed source could never allow--I get to determine what features are important and dedicate resources to making them available. As "extensible" as closed source operating systems may be, it is hard to understand how a system works without access to the source, and hard to modify it to do things the designers didn't anticipate. This argument is also a reason why NAI Labs does a great deal of its research and development on open source systems: it's simply impossible to get that level of responsiveness from a closed source system vendor.

As to political motivations? My motivation for pushing FreeBSD is the philosophy of the project, rather than general intuitions about personal freedom. The project (as with many open source projects) has a dedication to technical excellence and openness (of process, as well as source) that is outstanding. I wouldn't force anyone to open source their software as that's a personal (or often corporate) choice, but I recommend open source software widely.

One of the political aspects to open source is the selection of license: I don't see this as a big thing. The BSD license probably does better reflect both my beliefs and needs, but I use and modify software under a variety of licenses, and recognize that the license you release your software under has to reflect your own beliefs and needs. Any other understanding of license selection as a moral argument fails to recognize a contemporary understanding of relativism that is vital to cooperation :-).

As to why FreeBSD as opposed to any other operating system? Well, as I mentioned above, the FreeBSD project has a dedication to technical excellence and openness. What does this mean? It means that I have a high level of confidence in the software (both by reputation, experimentation, and source code inspection). The operating system is stable and performs extremely well, is extensible, and is being actively developed in a variety of ways. There's an attention to detail, as well as the big picture, that reflects a high level of dedication among developers.

Advantages over the traditional Windows platforms have long been stability and performance, as well as openness. I haven't run the performance numbers recently, but understand that Microsoft has made large investments in stability and performance for Windows 2000; it would be a mistake to underestimate their ability to improve in this area. As long as Microsoft remains closed source, however, they will be unable to match the openness that is vital to the work that I do.

The primary difference that I see as important for me when comparing FreeBSD and Linux lies in the development model: there is a central forum and structure for the FreeBSD developer community that provides a forum for communication, group decisions and consensus building. My feeling is that this leads to better design decisions, and a focus that reflects a whole-system view. An important question for the FreeBSD Project as we move forward is whether or not this model can scale easily as we expand. The number of "committers" on the FreeBSD team has dramatically expanded over the last couple of years; many of these developers are working on the ports/packages and documentation, but many of them also work on the base system. Moving towards an elected core team, as well as ongoing debates on the development model and source code management reflect the increasing size and more diverse needs of the developers. The SMPng project's managed development model is another sign of this growth, and an example of a successful attempt to address the need for more structured development practices in the face of a larger audience and more people working on the same code.

Mac OS X appears to have a bright future: Apple has managed to tread in NeXT's footsteps when it comes to combining a mix of strong technical components from the open source and research communities, as well as excellent internally developed work. OS X represents a number of dramatic changes for the Mac user community; Apple has in the past shown a great deal of responsiveness to that community, and OS X looks like it will be an interesting fusion of advanced operating system concepts and a highly usable interface. Part of what will be important in the widespread adoption of Mac OS X is consistency with prior versions, allowing users to migrate in a relatively seamless manner. In Steve Jobs' recent demo and presentation, inclusion of the traditional Apple Menu appears to demonstrate sensitivity to this issue, and responsiveness to the comment submission process. I see a place for a Mac OS X box on my desk in the near future.

Because it leverages FreeBSD work, and because FreeBSD leverages Apple's work, I don't see them as mutually incompatible. It is my firm hope that Apple and the FreeBSD Project find ways to work together more in the future, because I think everyone will benefit from this.

These are just my opinions, and I would expect others to disagree with me. I should point out that in the past, I've recommended the use of a variety of operating systems to both individuals and companies; this includes Windows, Linux, Mac OS, Solaris, and FreeBSD. I'd be a fool to assert that any operating system is appropriate for all uses and environments.

decent literature
by boog3r

instead of asking you a few questions directly, i would like to solve them on my own with the best set of tools. what publications or literature would you recommend for:

the *bsd newbie or learner
the *bsd uber-know-it-all-i-dont-need-any-docs

i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?

Robert:

I'll speak to the FreeBSD section of BSD, since that's what I'm most familiar with. There are several books available describing FreeBSD.

The most commonly used is The Complete FreeBSD by Greg Lehey, which can also come bundled with a CDROM set, making it easy for new or experienced users to go to a single source. The book is currently in its third edition, and apparently there is a fourth edition currently under preparation. I saw this book in the local Barnes and Noble's recently, so it should be fairly easy to locate. A recent addition to the collection of books on FreeBSD is Ted Mittelstaedt's The FreeBSD Corporate Networker's Guide, which also includes a CD-ROM.

The online documentation for FreeBSD is also strong, both in the form of the FreeBSD Handbook, which includes both reference and tutorial materials accessible via a web browser, and the normal UNIX-like man pages. The FreeBSD Handbook is also available in printed form. Both are actively maintained and regularly extended to cover new features.

FreeBSD and BSD books are generally available from BSDi via their FreeBSD Mall Books page, and from the Daemon News Books and Posters page, not to mention your normal online book vendors (Amazon, Barnes and Noble, et al), and quite possibly your local bookstore.

In addition, the BSD Daemon News magazine is now available in print as well as electronic form, and includes articles appropriate for both users and developers.

I suspect the "uber-know-it-all-i-dont-need-any-docs" guy is unlikely to listen to any recommendations from me, but would probably find the man pages most useful as they're more reference than tutorial :-).

To be honest, I don't use security documentation other than the man pages, as I'm familiar with most of the base system features, as they're an area where I've done a lot of work. Out of the box, FreeBSD is a fairly safe beast, as long as you've reviewed recent security advisories for the release you're using. The usual advice applies: don't install or run things you don't need to, and emain up-to-date on security advisories. There's a FreeBSD security how-to on the web site.

For the die-hard "uber-know-it-all", there's always the source, which in the end is authoritative as to how the implementation works, regardless of documentation :-).

----------------

I noticed in the comments, although it didn't make it into the questions in the interview, that there was a lot of curiosity about the relationship between the OpenBSD Project and the TrustedBSD Project, also regarding TrustedBSD and FreeBSD. As it's important to understanding the work I do, and the goals of the project, I figured I should throw in a bonus answer:

TrustedBSD provides a set of extensions to FreeBSD to add support for {ACLs, Capabilities, Mandatory Access Control, Auditing} as well as supporting features to implement them. As I described above, these features are being integrated into the base operating system distribution, with the intent that they be "part of FreeBSD". This is facilitated by having some of the TrustedBSD developers also be FreeBSD Project developers.

The OpenBSD and TrustedBSD projects have largely different thrusts: while the OpenBSD project seeks to provide a correct and bug-free POSIX implementation (where correctness includes a focus on failing to suffer from security holes). It also includes cryptography-related features as a primary development goal, hence early development and integration of IPsec in the base system (and a continuing high level of maturity of their implementation), as well as their work on OpenSSH. The TrustedBSD project seeks to introduce a variety of features, some described in the defunct POSIX.1e draft.

While TrustedBSD targets FreeBSD as the starting operating system, it should be observed that all of the BSD systems stem from the same source base, and remain very similar. This means that porting a feature from FreeBSD to OpenBSD should prove relatively straight-forward. The same goes for Darwin, the kernel from Mac OS X. I list both of these explicitly because we in fact have plans to start porting features to both of these platforms, as resources permit. The starting point in both cases will be to make Extended Attributes available in their file systems; these are used to store the supporting data for ACLs, capabilities on files, and MAC labels. I'd welcome interest in porting these features to other BSD platforms, including NetBSD and BSD/OS as well.

---------------

howardjp writes "DaemonNews will start printing a bi-monthly print magazine starting on January 15th. The magazine will contain new original articles not found on the website. You can preorder a subscription for only 24.95 USD (38.95 USD outside the US) from the DaemonNews Mall."

howardjp writes "DaemonNews will start printing a bi-monthly print magazine starting on January 15th. The magazine will contain new original articles not found on the website. You can preorder a subscription for only 24.95 USD (38.95 USD outside the US) from the DaemonNews Mall."

mikey wrote to us with the news that a new issue of DaemonNews has been released. Get your fill of the little devil there.

Dru writes: "This is an article about a hardware technology that is largely unknown in the new Unix community. In theory, with this inexpensive hardware, your BSD or Linux box could start doing guranteed reboots in under 2 minutes (no fsck required) and super fast database writes. It could leapfrog all of the journaling filesystem projects as well. Yes, I wrote the article. The article is long, detailed, and mentions FreeBSD often. However, I do believe it is relevant to any other PC Unix. If enough people learn about it, maybe they will start demanding it from their favorite hardware vendor." With RAM and hard drive space both continuing to decline, I wonder how the speed / use curve for individual PCs' storage (from L1 cache to backups) will evolve. With a similar bent, Arek urges you to "take a look at our company's Solid State Disk Drives." How'dja like 8 or so gigs of DRAM next time you edit a video or burn a CD?

Anonymous Coward writes "From daily.daemonnews.org we have a link to a very very good article that describes almost exactly why many people (including myself) use FreeBSD." The author makes some good points, including good uses for file attributes and secure levels. An argument for BSD for several specific uses, and Linux for others.

slamdaddy asks: "At my previous place of employment we used CVS's tagging features to move files from the repository to the staging and production environments. I had assumed that they just attached a script to a certain tag (i.e. the tag "ALPHA" sent it to the common dev environment, the tag "BETA" sent it to the QA environment and the tag "LIVE" sent it to the production/staging environment) and the script just ran whenever you tagged a file with the appropriate tag. I've been looking through the CVS documentation at www.cvshome.org and have not found any facility for this. To answer this, I did a search on Google and came up with Nik Clayton's excellent series titled Managing websites with Unix" on DaemonNews. It looks like part five was going to cover everything I need BUT... it was slated to come out in May and never appeared on the site! Are there any other resources that explain how I can use CVS tags to copy the HTML pages to the proper locations?"

slamdaddy asks: "At my previous place of employment we used CVS's tagging features to move files from the repository to the staging and production environments. I had assumed that they just attached a script to a certain tag (i.e. the tag "ALPHA" sent it to the common dev environment, the tag "BETA" sent it to the QA environment and the tag "LIVE" sent it to the production/staging environment) and the script just ran whenever you tagged a file with the appropriate tag. I've been looking through the CVS documentation at www.cvshome.org and have not found any facility for this. To answer this, I did a search on Google and came up with Nik Clayton's excellent series titled Managing websites with Unix" on DaemonNews. It looks like part five was going to cover everything I need BUT... it was slated to come out in May and never appeared on the site! Are there any other resources that explain how I can use CVS tags to copy the HTML pages to the proper locations?"

Greg Lehey, author of several books, including The Complete FreeBSD, and FreeBSD core member, writes about the value of cooperation, not just with other BSDs, but with Linux as well, in this month's Daemon's Advocate in Daemon News.

Greg Lehey, author of several books, including The Complete FreeBSD, and FreeBSD core member, writes about the value of cooperation, not just with other BSDs, but with Linux as well, in this month's Daemon's Advocate in Daemon News.

Upside Today has an article entitled "BSD community learns to get along". The interesting thing is that BSD seems to be getting more media attention lately. One of the notable points is the upcoming regular "dead-tree" edition of Daemon News, meaning that BSD will now have a print magazine in the US, completely devoted to it. The first copy is slated for January 2001, just a month away.

Daemon News reports that the Software Development Times names BSDi a 'survivor' in the software industry. A must-read story for those interested in the financial growth of this BSD company.

Daemon News has done it again, this time with an actual contribution of code to the community. NewsDaemon is a content management system that has enough features to be useful. It is written in PHP and hosted on SourceForge.

gbooker writes " Deamon News has an interesting article about the BSD core of MacOS X Beta. They talk about how it differs from the traditional MacOS AND how it differs from BSD. This is the first installment of what could be an interesting series."

Again, from Daily Daemon News, it looks like the Japanese ISP, Livin' On The Edge has infused BSDi with a 5 million dollar strategic investment to keep developing the iExtreme line of servers and provide backing to the FreeBSD project. The actual press release is here.

Daemon News has this article on Darwin, its relationship to MacOS X and BSD operating systems, and its possible longevity as an Open Source project. I'm personally interested in the technical aspects of Darwin, given that its kernel is related to Mach, with some enhancements coming from BSD, I'm not sure if this makes it a true BSD OS, or some kind of distant cousin.

Daemon News has this article on Darwin, its relationship to MacOS X and BSD operating systems, and its possible longevity as an Open Source project. I'm personally interested in the technical aspects of Darwin, given that its kernel is related to Mach, with some enhancements coming from BSD, I'm not sure if this makes it a true BSD OS, or some kind of distant cousin.

BSD-Pat writes "A new FreeBSD core team has been elected for the first time in the project's history. The BSDToday article can be found here. I'm personally excited that this seems to open up the playing field for developers to get involved on a deeper level with FreeBSD and choose the direction to take for the future." Update: 10/14 01:44 PM by H :BSD-Pat sent an update saying that the story was actually broken by Daily Daemon News.

Prolog-X writes "``6to4 is an ad-hoc mechanism by which anyone can participate in IPv6 without having to make any arrangements to hook up to an existing IPv6 network.'' Nick Sayer wrote a short but useful tutorial on how to set up 6to4 on a FreeBSD system."

bjtuna writes "According to this article at the Daily Daemon News, Apple's Darwin is booting on both Intel chips AND Connectix VirtualPC under MacOS." The screenshots are available as is the original link.

bjtuna writes "According to this article at the Daily Daemon News, Apple's Darwin is booting on both Intel chips AND Connectix VirtualPC under MacOS." The screenshots are available as is the original link.

sirhan writes " I know it's been a while since LinuxWorld 2000 in San Jose, but DeamonNews had this piece about the big BSD presence and a recap of the events."

Chris Coleman is putting his money where his mouth is, after his recent suggestion that the BSDs need a unified package collection. The creation of www.openpackages.org was the next logical step, and Chris discusses this in his latest Daemon News editorial. With representatives from the three free BSD projects, as well as Apple (MacOS X) on board, this certainly has the potential to bring about closer ties between the BSD distributions at a level that will affect a lot of users.

Chris Coleman is putting his money where his mouth is, after his recent suggestion that the BSDs need a unified package collection. The creation of www.openpackages.org was the next logical step, and Chris discusses this in his latest Daemon News editorial. With representatives from the three free BSD projects, as well as Apple (MacOS X) on board, this certainly has the potential to bring about closer ties between the BSD distributions at a level that will affect a lot of users.

Chris Coleman is putting his money where his mouth is, after his recent suggestion that the BSDs need a unified package collection. The creation of www.openpackages.org was the next logical step, and Chris discusses this in his latest Daemon News editorial. With representatives from the three free BSD projects, as well as Apple (MacOS X) on board, this certainly has the potential to bring about closer ties between the BSD distributions at a level that will affect a lot of users.

by by writes "O'Reillynet's OpenBSD Explained column recently explained how to setup IPv6 on OpenBSD. Interesting glimpse into the future of the Internet." True enough. It was my impression that the BSDs all got IPv6 at the same time though, courtesy of the work carried out by the KAME group. On a very much related note, Jim O'Gorman has written an IPv6 Behind a NAT article for this month's Daemon News, which also makes getting involved in IPv6 easier.

by by writes "O'Reillynet's OpenBSD Explained column recently explained how to setup IPv6 on OpenBSD. Interesting glimpse into the future of the Internet." True enough. It was my impression that the BSDs all got IPv6 at the same time though, courtesy of the work carried out by the KAME group. On a very much related note, Jim O'Gorman has written an IPv6 Behind a NAT article for this month's Daemon News, which also makes getting involved in IPv6 easier.

qbasicprogrammer writes "Chris Coleman wrote to Daily Daemon News suggesting a unified package collection. Currently OpenBSD, NetBSD, and FreeBSD maintain separate ports/package trees. Chris points out the various BSD package collections all carry different versions Mozilla; a common ports system would certainly benefit everyone."

qbasicprogrammer writes: "At Daily Daemon News, Josh Pennell says the Reform Party's National Primary Online Election was constantly under attack during the 72-hour election window, however IOActive (the Reform Party's hosting service)'s OpenBSD server kept the kiddies and crackers away. According to the reader comments, Ralph Nader is using BSD/OS, as is the Libertarian Party Web site. It's nice to see political parties believe in freedom of software."

AntiBasic writes "The August 2000 issue of the Daemon News ezine has been published. Content includes the last of the USENIX 2000 coverage (three articles), a Blueprints article on writing an ISA device driver, how to set up FreeBSD on a Compaq iPaq box, and more!"

QBasic_Dude writes "Christian Weisgerber on the openbsd-advocacy list, wrote a summary of his experiences at LinuxTag 2000 in Stuttgart, Germany. Interesting read for anyone in the Stuttgart area."