Slashdot Mirror
FreeBSD 4.0 Released
Claes Leufven was one of the first to write in with the news that FreeBSD 4.0 is
now available for download. Features added to 4.0 since it diverged
from 3.x include: IPv6 and IPSec support built in (courtesy of the
KAME project), OpenSSL and OpenSSH are integrated in to the base system,
jail(2) ("chroot(2) on steroids") to help build secure environments,
many, many NFS bug fixes and performance improvements, bug fixes and
performance improvements to the VM subsystem, netware file and client
connection support, gcc upgraded to 2.95.2 as the base compiler, better
support for laptops, a much more complete threads library. . . see the
Alpha or i386 release notes for more details. And before you all rush off to upgrade
your production servers, read on for a brief message from Jordan Hubbard,
FreeBSD's Release Engineer, and to find out where to download the release from.
"As with all FreeBSD releases ending in .0, the project recommends that production environments wait at least one or two releases after it before moving mission-critical services over. These dot-zero releases are primarily aimed at the developers and early adopters who are willing to work on refining the technology until it's production-ready. The 4-stable branch will also not be created until just before 4.1 is released, the period following a .0 release being the best time to collect serious feedback before branching the tree."
For a static list of mirrors, see this section in the FreeBSD Handbook. Alternatively, try Gavin Cameron's automatically updating list of mirror sites.
jail(2) is basically chroot(2) plus some other stuff (it actually calls chroot(2) internally). One of its more interesting features is that the structure passed to jail(2) contains an IP address. All IP traffic send to or from the program running in the jail is forced to use the specified IP address. This would obviously be very cool in a virtual hosting environment. For more information, see the jail(2) man page.
Well, I've always found FreeBSD installation to be surprisingly painless. The biggest difference that I've found is that FreeBSD programs install very close to default. Most Linux users are used to getting a KDE/Gnome desktop pre-configured with massive amounts of software. FreeBSD doesn't do this. BUT, it makes up for it.
/usr/ports/x11/gnome && make install
You see, FreeBSD has a feature that only debian seems to rival for pure beauty. It's the ports directory. To install gnome, for instance, it's cd
and there you are, it'll fetch everything it needs, checksum the files for validation, and ramble on nicely.
I used to be a huge Linux fan. I still love Linux, but prolonged exposure to the BSD family as well as Linux has raised my desires for an OS almost unreachably. Try it, use it for a few months, and enjoy all the *ixs.
----------------------------
--
Brian Fundakowski Feldman
I would say from personal experience, that I found Linux more comfortable than FreeBSD coming from a Solaris background (or more specifically Solaris 2.5.1 and 2.6 with a GNU utils to replace the braindead Solaris ones).
/usr/ports is the coolest thing I have ever used on any platform and is the reason I plan to try FreeBSD again now that I have a better network connection.
That being said, I think
--
"L'IT c'est moi!"
I wonder if they use any tools for program validation. Stuff like the boundschecking gcc, or stuff similiar to Purify. Is it really only experienced devlopers staring at the code? Guess the NASA does er.. did slightly better in the past.
I'm not convinced that OpenBSD's "increased security" is significant enough to justify using it over FreeBSD or NetBSD. Except I'm going to be likely to start off a religious war with THIS one.
A system like FreeBSD is evolving quickly. Every day lots of lines of code get changed. Not every change has implications that are easy to grasp. To me, not experienced in security auditing, only exposed to theory of program testing, this looks like I either have a secure but slow evolving system or a quickly evolving system with potentially new security holes opening up.
Let's take the change to IPv6 for instance. You can't tell me that this will not go hand in hand with a lot of holes.
Back to automated testing:
I know that this is very hard to be done with complex programs, one reason being that it is not easy to come up with a formal specification to test against. I also don't expect that someone is able to give pre- and post conditions for every statement. But it should be able to perform a lot of the static and dynamic tests that are known to computer science.
Is this methodology not used in the domain of operating systems security or do they not talk about it? Or is it simply not possible or useful?
You should have no trouble at all with already ported Linux apps. For example try this
marc@oranje$ cd /usr/ports/www/linux-netscape47-navigator
marc@oranje$ make install clean
marc@oranje$ netscape
and you can fire up Linux Netscape after a while.
For non ported applications the only trick to know is that a Linux binary perceives the file/directory hierarchy a bit different - it sees all stuff beneath /usr/compat/linux/usr as beneath /usr. Example:
marc@oranje$ pwd
/usr/compat/linux ../bin/bash # Linux bash /usr
/usr /bin/pwd # a pwd within FreeBSD
/usr/compat/linux/usr # you see the mapping?
marc@oranje$ uname
FreeBSD
marc@oranje$
marc@oranje$ uname
Linux
marc@oranje$ cd
marc@oranje$ pwd # a pwd within Linux system
marc@oranje$
marc@oranje$
Hope that helps - if not seed me an e-mail!
>Being relatively new to the world of *nix,
/etc/X11/XF86Config or download a XFree server binary...)
>is the installer for this new BSD or any other
>fairly "friendly"?
It sounds like you're ahead of the curve (i.e., clueful of what to do at a shell prompt, knows
the what and why of disk partitioning at least for workstation configs, won't totally freak out if you have to add your HorzSync and VertRefresh to
The installer for freebsd is a fairly friendly dialog-based script; the packages are tar.gz's.
Check the supported hardware before you even start though, as you should do for any os.
There are a few potential snags, but if you thought installing suse and slackware was easy, you'll be able to install freebsd in your sleep.
-fb Everything not expressly forbidden is now mandatory.
I tried FreeBSD 3.3 a few months back. There were a few things I liked about it (Linux' partitioning sucks real bad by comparison, etc) and a few I didn't (media auto-detection on my network card didn't work, the installation of bash didn't have cursor keys or tab completion enabled, etc) but by and large I didn't see enough interesting in FreeBSD to make it worth my while learning how to do the things that it does differently. By the same token, I don't imagine the average *BSD user would find much in Linux that would be worth learning all the differences, either.
We're on the subject of FreeBSD and its newer security features, which I find very cool... but in the process of our conversations I've noticed quite a few errors in the posts tonight which covered FreeBSD's cousin, OpenBSD. Errors which could erroneously tarnish people's images of the OpenBSD system. I would really like to point to the OpenBSD website to get some correct facts. Unfortunately its so late in this article's life span, I doubt anyone will actually read this.
As seen somewhere in the posts:
>OpenBSD is more secure because 'they' say so.
>Now, why do 'they' say this?
>At one time, all the code was gone through line >by line looking for problems.
My response: (and other responses to other concerns follow. I qoute the OpenBSD website alot.)
Its not "at one time" as in past tense only concerning the security audit. Please read the security section-audit process of the OpenBSD website:
We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers a the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills>.
The most intense part of our security auditing happened immediately before the OpenBSD 2.0 release and during the 2.0->2.1 transition, over the last third of 1996 and first half of 1997. Thousands (yes, thousands) of security issues were fixed rapidly over this year-long period; bugs like the standard buffer overflows, protocol implementation weaknesses, information gathering, and filesystem races. Hence most of the security problems that we encountered were fixed before our 2.1 release, and then a far smaller number needed fixing for our 2.2 release. We do not find as many problems anymore, it is simply a case of diminishing returns. Recently the security problems we find and fix tend to be significantly more obscure or complicated. Still we will persist for a number of reasons.
The auditing process is not over yet, and as you can see we continue to find and fix new security flaws.
Concerning comments about how OpenBSD doesn't install 100's extra non-vital programs by default (somehow making it bad), or have "xyz" service enabled - I go back to the OpenBSD website again:
To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.
So here's my thoughts.. If you want Foo app. Get it. Install it. Use the ports. The whole point of OpenBSD is to be secure and correct. Some of the philosophies which they use to achieve their goals may rub you the wrong way. Thats ok, don't use OpenBSD. Please just don't unnecesarrily disparrage it. I've just noticed an overall trend of a lack of understanding of the OS here on multiple posts and I wanted share a few concerns I had.
Oh yeah, I forgot. The license determines the bloat and cruft. Thanks for reminding me. Now go learn how to program.
A Government Is a Body of People, Usually Notably Ungoverned
IIRC that functionality was not always there.
;-)
the dd method is ancient, the cp functionality is fairly recent...
oh, and matt, we have an officers' meeting tomorrow (I guess its today now)
We are all in the gutter, but some of us are looking at the stars --Oscar Wilde
Grrr. my nick is "Forward the Light Brigade"...
oh, and matt, we have an officers' meeting tomorrow (I guess its today now) ;-)
:-) Next time, send me an email, 'kay? :-)
Heh.... you're lucky I was up late playing Zelda64
hahahaha offtopic, perhaps?
"Software is like sex- the best is for free"
-Linus Torvalds
Can someone please confirm whether Tom is indeed dead?
No, I'm sure he's not dead, otherwise it would have made Slashdot headlines. He probably got fed up with these goddamn trolls and the rest of the bullshit that Slashdot's comments section has deteriorated to and moved on to better places. I'm starting to get fed up with it as well.
"Software is like sex- the best is for free"
-Linus Torvalds
Yep, it's done installing now, I'm typing this from my new FreeBSD box :-)
/usr/ports RULES!!! All I did was:
/usr/ports/x11/gnome
:-)
cd
make install
Wow... it downloaded gnome, realized it needed gtk, gnome-libs, and a bunch of other stuff, downloaded that, compiled, installed, and worked PERFECTLY. Wow. Another FreeBSD convert here (and I've only been running for 15 minutes!
"Software is like sex- the best is for free"
-Linus Torvalds
As a longtime (6+ years) Linux user, I'm installing FreeBSD 4.0 right now. I've never used it before, so we'll see how it works. /usr/ports sounds verrrrry interesting...
:-)
:-) (although I've been kicked off probably 10 times in the last 5 minutes.... I want to go smoke a cigarette but want the install to keep going....)
As a side note, though, the damn FTP server keeps kicking me off and I have to keep reconnecting, and none of the other servers have 4.0. Well, it's a good thing this FTP install is well-written and I don't have to start over every time
Anyway, I'm getting 70 KB/sec when it's working, so I guess it's not slashdotted too horribly
"Software is like sex- the best is for free"
-Linus Torvalds
Grab the image, rawrite/dd it onto a floppy. FTP installations are supported, in fact... its the only way I install it! An ISO won't help you there...
/dev/fd0
I don't understand why people always say to use dd to make boot floppies. Why not just do this:
cp kern.img
?
Works fine for me here (under Linux, anyway)
"Software is like sex- the best is for free"
-Linus Torvalds
1. This is because there is not yet a CD. ISO's will pop up in short order.
.0 releases apply to *all* software. You should always be wary about the stability of a "dot oh" release. If it's not for production, you've got nothing to worry about. (NOTE: I've been running 4.0 since August 99 and I've neither been worried or had a problem.)
2. Yes. Install options are: CD, FTP (the two most popular), NFS, and local filesystem (Existing FreeBSD installation or DOS.) PPP and DHCP are provided for FTP installs.
3. KDE is not a "Linux" program (I know you didn't say that, but I can't stress it enough.) It's not "part" of FreeBSD anymore than it is a part of Linux. It's a third party program. If you install X during the installation, you're asked what Window Manager to install, and you can choose from KDE, Afterstep, WindowMaker & GNOME (not sure which WM.) Even if you don't, you can get the source for KDE and compile it yourself (Or let the Ports System do it for you.) It's also available as pre-compiled Packages (which is what sysinstall uses.)
4. FreeBSD comes with booteasy, but you can use any boot manager you want. There's better to choose from than LILO (and booteasy too.)
5. Warnings about using
6. 3.3 is old already. The latest release from the 3.X branch is 3.4. There will still be a 3.5-RELEASE(May), and then that will be the last from the 3.X-STABLE branch. 4.0-STABLE now exists, and 4.1-RELEASE will be a snapshot of that some time in June. 5.0-CURRENT is now 2 days old, and branched from 4.0. That's where all the development (and merging of BSD/OS code) will take place.
Sound is not in the GENERIC (default) kernel. That's something you'll have to compile in yourself. (MUCH easier than a Linux kernel compile btw. Add one line and do the config & make, etc. You don't have to sit through a Q&A session. [Not saying that's bad, just informing you of the ease with which a BSD kernel is made.])
Decent resolution? I assume that means X (XFree86 in this case), and like KDE, X is a third party program. The resolution you achieve now will be the same no matter if you use Linux or FreeBSD.
For hardware support in 4.0, read the link to the release notes that were provided in the story. (Sorry, you'll have to do that one on your own you lazy bum.)
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
I'm NOT a BSDite, so I have no way of knowing the answer to this question: Who is Theo?
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
Does anyone know which version of X is included? I couldn't find any references to it in the release notes.
Cthulhu for President!
(darren)
I have wiped and installed 4.0-RELEASE my company's DNS caching machine (which was running FreeBSD 3.2) and so far, the machine takes less time to boot up and to go through the process of downloading and updating any changed DNS maps.
Recompiling the kernel definitely takes less time, so I guess I could say that the performance on the machine (which is a P5-200 with 48MB of RAM and a 1GB hard drive) has improved and can handle several more EMACS sessions (I like `ee' for it's ease of use) than before.
Of what I've heard, USB support is much better now, which would help improve desktop support. Unfortunately, FreeBSD is not quite as desktop-ready as Linux when it comes to drivers, some appliations and possibly ease of use, but all of those things should be caught up in no time.
I haven't used the multimedia stuff on FreeBSD since most of my work on it is setting up mail, DNS and FTP servers.
My last linux installs were debian 2.0 hamm and redhat 5.something
Yes, FreeBSD's installer is considered the most userfriendly. I find an install easier, and more powerful (Do a "Standard" install, the power of Custom is there, except it makes it harder for you to shoot yourself in the foot) than either of these two Linux distributions.
Yes, you can set up XFree86 during installation. With either Windowmaker, fvwm, KDE, or Enlightment (maybe another choice?)
Yes, a FreeBSD install should be very easy to install and use. /stand/sysinstall will hold your hand while you get used to the system. /usr/ports will make software installation easy. You don't outgrow ports (But you'll outgrow sysinstall for post-installation administration)
-bugg
I use FreeBSD on all of my workstations. I don't know why one would see Linux as more fit- I'm running linux-netscape, wordperfect8, staroffice, etc. As for hardware, multimedia or otherwise, Linux and FreeBSD are about equal. FreeBSD has the edge on things like USB and NICs. FreeBSD supports TV cards and all of those other toys too.. Go read LINT for a good idea on the hardware supported in kernel :) (http://bugg.strangled.net/LINT)
-bugg
For one thing, it's relatively stable and scalable.
This is why companies like Hotmail, Yahoo!, Google, and the world's largest anonymous ftp server (ftp.cdrom.com, a.k.a., ftp.freesoftware.com) use it. Note that slashdot uses FreeBSD for certain functions, and the staff have spoken highly of it.
Because of the BSD license, it's easier for companies to take it and make embedded systems out of it. This is why companies like IBM/Whistle use it in the InterJet and InterJet II, not to mention the GNATbox, the NetWolves FoxBox, the Stallion ePipe, etc....
So, since you get your mail at hotmail.com, you can thank FreeBSD for being so stable and scalable!
--
Brad Knowles
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
Unfortunately there are some age-old personality clashes that have left very deep wounds (like serious threats of physical bodily harm), and the problems underlying are not likely to go away any time soon.
I anticipate that there will be increased overlap between FreeBSD and the other members of the BSD family, as the folks at BSD, Inc. go out of their way to work closely with developers in each of the other camps -- to the benefit of everyone involved.
Whether Theo will ever come in out of the cold is another question entirely, however.
--
Brad Knowles
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
...run Lokisoft games? I know Civilization Call to Power runs under FreeBSD 3.2 but Heroes III didn't. Has anyone got it to run under FreeBSD 4.0? These are important issues when choosing OS :-) Most Linux distributions are such a mess that I'd really rather run FreeBSD.
-- SIGFPE
Also: I am excited to see that FreeBSD4 is out. This is a great step for the FreeBSD crowd, although I will admit I don't use FreeBSD(yet.. I'm building a Linux box though. I just got the case and modem today :-)
JeremyI TechSeek- http://www.tech-seek.com
I have never installed BSD on either an X86 or Mac based machine. Being relatively new to the world of *nix, is the installer for this new BSD or any other fairly "friendly"?
I have installed Red Hat V4 and up and found them very easy, Slack the same, and Suse could be installed by a one armed, blind, Yak herder with the IQ of your average houseplant. Those installers were all not only easy, but detected most of my hardware on installation except Suse, which didn't use my sound card until I re-built the kernel, NBD.
How is BSD for that? I would like to have a go at it some time, but unfortunately my time for tinkering with new OS's is fairly limited so I prefer the installation to be as painless as I can manage.
Ceci n'est pas une sig.
I met Theo at Beyond HOPE (Hackers on Planet Earth) in New York in the summer of 97. Besides being a cool guy, he did seem to have some pretty deep seated bad feelings about the NetBSD team. If his feelings then are any indication, it's not likely he'll ever work closely with them again.
...and why should he? He set out to write the world's most secure operating system and he succeeded. I'm hate to see a codebase fork as much as the next guy, but we've got a great product here... OpenBSD doesn't try to be all things to all people and that's exactly what we needed.
BRENT ROCKWOOD, EST'd 1975
I like Free BSD , but sometimes I wonder about it.. like some of the commands in Free BSD sometimes act a little whacky, but every operating system has its quirks, Free BSD is no exception.
In my home I have two Free BSD boxes, one is basically a web server and the other does mail and ftp.. Free BSD has proven a good solution for my needs and i wouldn't give Free BSD up. GNU/Linux still fulfills my needs for a Great Workstation and dialup ppp server, all in all Linux and Free BSD are nice packages.
wow you sound pretty convincing.. but i dont have $300 to spare for a new OS
Windows 2000 Professional is the operating system for desktops and notebooks for all sizes of business. Windows 2000 Server is an entry-level solution for running more reliable and manageable file, print, intranet, communications and infrastructure services. Windows 2000 Advanced Server includes additional functionality to enhance availability and scalability of e-commerce and line-of-business applications.
Gee- ZDNET and CNet both have managed not to mention this at all. IPv6, for example- talk about a buzzword feature! Yet not a peep.
But perhaps I ask too much. Maybe they will bring themselves to mention this sometime soon. Or maybe OSS will continue to be synonymous with Linux as if Linus invented Open Source. Not that I dislike Linux or Linus, but it irks me that it hogs the spotlight so. BSD is STILL more mature in many(most?) ways, and, as this pays testement, is still improving.
*sigh* - At least there will always be Slashdot.
-N
I am the one true god. However, as an atheist, I don't believe in myself. I guess I have a self-esteem problem.
A leg up on OpenBSD?! OpenBSD already has OpenSSH and IPsec. And yes, during install you can choose the US or International crypto, but OpenBSD is done out of the US, so lame-laws need not directly hinder it. Its more an issue being a US business and wanting to pay or not pay RSA lisc. fees.
OpenBSD and its dev's played a big role in OpenSSH.
OpenBSD places alot of importance on security and doing it right. Read all about it and get facts.
http://www.OpenBSD.org
http://www.openssh.com
I have worked with both Linux and FreeBSD, and can say that both are stable, and fast. It is good to see FreeBSD take an upgrade on GCC and the threaded libraries. The only reason I can see to chose one over the other is that some people prefer a BSD style environment over the POSIX/SYS5/BSD hodgepodge that Linux offers. Both environments are very good, and none is necessarily better than the other. Choose whatever you are most comfortable with. If you come from SunOS or even Solaris, then FreeBSD is probably a better fit. If you come from AIX, SCO, or HP/UX than Linux is probably a better fit. If you are new, pick either, you can't go wrong. Ofcourse, this is just my humble opinion. Anyhow, congrats FreeBSD folks, keep the up the excellent work!
-Master Switch, one more element in the machine
OpenBSD has traditionally differentiated itself by being way ahead on the security front. Hell, look at their cryptography pages - "because we can". And a damn good reason for doing something that is too. But, the world is changing now: FreeBSD has just sprouted a serious number of security enhancements, and the "because we can" argument is starting to look watered down.
:)
So, maybe we can add to some of that "BSDi are integrating their code" good feeling by starting to patch things up with Theo and the OpenBSD crowd. Note that it's important to not underestimate the quality of work that has gone into OpenBSD - you're not going to buffer overrun that bastard, believe you me.
And please, no FreeBSD RULEZ! OpenBSD SUX! crap (or vice versa). It just seems like a great opportunity to make three great server OS's (BSDi, FreeBSD, OpenBSD) into one absurdly great server OS.
Dave
I write a blog now, you should be afraid.
What they've done is actually quite cool. They have linked the crypto libraries to stubs, and the stubs reference either the US or export versions of the crypto libraries (as appropriate for your system), and if you don't have either installed they issue an error message that tells you how to install them.
This is handled automatically during the normal install procedure, so the right crypto stuff is grabbed from the right archive site, and it all just plain works.
Way cool, and a leg up on even OpenBSD as far as this is concerned!
--
Brad Knowles
Brad Knowles
http://daily.daemonnews.org/ -- if you're not