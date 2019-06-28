Language Selection

BSD: FreeBSD 11.3 RC3 and NetBSD on Old Computers

Submitted by Roy Schestowitz on Saturday 29th of June 2019 12:25:20 PM
BSD
  • FreeBSD 11.3-RC3 Now Available
    The third RC build of the 11.3-RELEASE release cycle is now available.

Installation images are available for:

o 11.3-RC3 amd64 GENERIC
o 11.3-RC3 i386 GENERIC
o 11.3-RC3 powerpc GENERIC
o 11.3-RC3 powerpc64 GENERIC64
o 11.3-RC3 sparc64 GENERIC
o 11.3-RC3 armv6 BANANAPI
o 11.3-RC3 armv6 BEAGLEBONE
o 11.3-RC3 armv6 CUBIEBOARD
o 11.3-RC3 armv6 CUBIEBOARD2
o 11.3-RC3 armv6 CUBOX-HUMMINGBOARD
o 11.3-RC3 armv6 RPI-B
o 11.3-RC3 armv6 RPI2
o 11.3-RC3 armv6 PANDABOARD
o 11.3-RC3 armv6 WANDBOARD
o 11.3-RC3 aarch64 GENERIC

Note regarding arm SD card images: For convenience for those without
console access to the system, a freebsd user with a password of
freebsd is available by default for ssh(1) access.  Additionally,
the root user password is set to root.  It is strongly recommended
to change the password for both users after gaining access to the
system.

Installer images and memory stick images are available here:

    https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.3/

The image checksums follow at the end of this e-mail.

If you notice problems you can report them through the Bugzilla PR
system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing
system, use the "releng/11.3" branch.

A summary of changes since 11.3-RC2 includes:

o Regression fix in mountd(8) (PR 238725)

o Regression fix in NAT64LSN.

A list of changes since 11.2-RELEASE is available in the releng/11.3
release notes:

    https://www.freebsd.org/releases/11.3R/relnotes.html

Please note, the release notes page is not yet complete, and will be
updated on an ongoing basis as the 11.3-RELEASE cycle progresses.

=== Virtual Machine Disk Images ===

VM disk images are available for the amd64, i386, and aarch64
architectures.  Disk images may be downloaded from the following URL
(or any of the FreeBSD download mirrors):

    https://download.freebsd.org/ftp/releases/VM-IMAGES/11.3-RC3/

The partition layout is:

    ~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label)
    ~ 1 GB  - freebsd-swap GPT partition type (swapfs GPT label)
    ~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label)

The disk images are available in QCOW2, VHD, VMDK, and raw disk image
formats.  The image download size is approximately 135 MB and 165 MB
respectively (amd64/i386), decompressing to a 21 GB sparse image.

Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI
loader file is needed for qemu-system-aarch64 to be able to boot the
virtual machine images.  See this page for more information:

    https://wiki.freebsd.org/arm64/QEMU

To boot the VM image, run:

    % qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt  \
	-bios QEMU_EFI.fd -serial telnet::4444,server -nographic \
	-drive if=none,file=VMDISK,id=hd0 \
	-device virtio-blk-device,drive=hd0 \
	-device virtio-net-device,netdev=net0 \
	-netdev user,id=net0

Be sure to replace "VMDISK" with the path to the virtual machine image.

=== Amazon EC2 AMI Images ===

FreeBSD/amd64 EC2 AMIs are available in the following regions:

  eu-north-1 region: ami-07d990eaeb497323d
  ap-south-1 region: ami-001b7b067fd8e781d
  eu-west-3 region: ami-01052697e06e3a45e
  eu-west-2 region: ami-0cfee448feeb2a851
  eu-west-1 region: ami-0ce7400d6a08a9862
  ap-northeast-2 region: ami-0b16c2014116bd358
  ap-northeast-1 region: ami-0818328d0efcec703
  sa-east-1 region: ami-077fc22d100770c52
  ca-central-1 region: ami-0c414f2c140fd13cb
  ap-southeast-1 region: ami-0f5fe631ff1d2578a
  ap-southeast-2 region: ami-06bf072735d282208
  eu-central-1 region: ami-0a1cbb609ac331456
  us-east-1 region: ami-05a73406ad7ece248
  us-east-2 region: ami-0a21294420f709f19
  us-west-1 region: ami-0bb877ce5c712ad4f
  us-west-2 region: ami-0a231251af9d35604

=== Vagrant Images ===

FreeBSD/amd64 images are available on the Hashicorp Atlas site, and can
be installed by running:

    % vagrant init freebsd/FreeBSD-11.3-RC3
    % vagrant up

=== Upgrading ===

The freebsd-update(8) utility supports binary upgrades of amd64 and i386
systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

	# freebsd-update upgrade -r 11.3-RC3

During this process, freebsd-update(8) may ask the user to help by
merging some configuration files or by confirming that the automatically
performed merging was done correctly.

	# freebsd-update install

The system must be rebooted with the newly installed kernel before
continuing.

	# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new
userland components:

	# freebsd-update install

It is recommended to rebuild and install all applications if possible,
especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 11.x.  Alternatively, the user can install misc/compat11x and
other compatibility libraries, afterwards the system must be rebooted
into the new userland:

	# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove
stale files:

	# freebsd-update install
  • Cameron Kaiser: And now for something completely different: NetBSD on the last G4 Mac mini (and making the kernel power failure proof)

    I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.

today's howtos

Security: OpenPGP, Huawei, Unchanged Passwords and BGP Filters

  • Community Impact of OpenPGP Certificate Flooding

    I wrote yesterday about a recent OpenPGP certificate flooding attack, what I think it means for the ecosystem, and how it impacted me. This is a brief followup, trying to zoom out a bit and think about why it affected me emotionally the way that it did. One of the reasons this situation makes me sad is not just that it's more breakage that needs cleaning up, or even that my personal identity certificate was on the receiving end. It's that it has impacted (and will continue impacting at least in the short term) many different people -- friends and colleagues -- who I know and care about. It's not just that they may be the next targets of such a flooding attack if we don't fix things, although that's certainly possible. What gets me is that they were affected because they know me and communicate with me. They had my certificate in their keyring, or in some mutually-maintained system, and as a result of what we know to be good practice -- regular keyring refresh -- they got burned. Of course, they didn't get actually, physically burned. But from several conversations i've had over the last 24 hours, i know personally at least a half-dozen different people who i personally know have lost hours of work, being stymied by the failing tools, some of that time spent confused and anxious and frustrated. Some of them thought they might have lost access to their encrypted e-mail messages entirely. Others were struggling to wrestle a suddenly non-responsive machine back into order. These are all good people doing other interesting work that I want to succeed, and I can't give them those hours back, or relieve them of that stress retroactively.

  • Nokia disowns CTO's comments about Huawei's 'sloppy' 5G kit

    The firm's chief technology officer Marcus Weldon warned: "That means being wary of adding Chinese vendors into network infrastructure, as long as these security vulnerabilities are either provably there or likely to be there based on past practices."

    Wheldon, referring to recent research from Finite State which saw it uncover back doors in more than 55 per cent of Huawei devices, added: "We read those reports and we think okay, we're doing a much better job than they are.

  • Nokia distances itself from boss's warning over Huawei 5G kit

    In the UK, Huawei equipment has been subject to close scrutiny by a unit staffed by GCHQ. It has produced reports severely critical of the security of some software, although it has not found backdoors in the firm's products.

  • An IoT worm Silex, developed by a 14 year old resulted in malware attack and taking down 2000 devices

    Larry Cashdollar, an Akamai researcher, the first one to spot the malware, told ZDNet in a statement, “It’s using known default credentials for IoT devices to log in and kill the system.”

  • 14-year-old creates dangerous malware, starts bricking thousands of IoT devices
  • Huawei Gets ‘Green Signal’ From Trump To Resume Trade In US

    The possibly lifiting of the ban doesn’t come as a surprise. Last month, President Trump gave an unsatisfactory explanation of the Huawei ban and hinted that it could end soon. Huawei is currently on 90-day temporary license in the US which was issued immediately after the ban was announced.

  • Trump Says He’ll Allow China’s Huawei to Buy From U.S. Suppliers

    President Donald Trump said he’ll allow Huawei Technologies Co. to buy products from U.S. suppliers, in a concession to China after talks with the country’s President Xi Jinping on Saturday. “U.S. companies can sell their equipment to Huawei,” Trump said at a news conference following the Group of 20 summit in Osaka, Japan. “We’re talking about equipment where there’s no great national security problem with it.” The Commerce Department last month moved to blacklist Huawei, cutting it off from U.S. suppliers, though many companies have managed to skirt the restrictions. Trump met with Xi on Saturday on the sidelines of the Group of 20 summit in Osaka, Japan, and agreed to pause the trade war between their countries.

  • The Infrastructure Mess Causing Countless Internet Outages

    The patchwork problem was on full display with the Cloudflare incident this week. Pennsylvania steel company Allegheny Technologies uses two internet providers for connectivity. It received accidental, inaccurate routing information from one provider, a small Midwest ISP, and unintentionally passed it on to its other provider, Verizon. The smaller ISP started the routing error, but Verizon—an internet backbone behemoth with massive resources—also had not implemented the BGP filters and authentication checks that would have caught the mistake. Without these protections in place, Verizon's other customers worldwide, including Cloudflare, experienced outages and failures. Verizon did not return a request for comment about the incident.

VMware Openwashing and Microsoft Entryism/EEE

  • Darren Hart | Sr Director / Open Source Technology Center At VMware

    In this interview, Darren Hart, Sr Director / Open Source Technology Center at VMware talks about how Open Source has democratized the development of new platforms.

  • Microsoft Seeks To Join the Official Linux-Distros Mailing List [Ed: See the comments here. People are not as foolish as Microsoft hoped, in spite of the expensive lying campaign of Microsoft.]
  • Microsoft is seeking to join Linux private security board [Ed: EEE. Classic EEE. Who welcomes it? The Novell facilitator of Microsoft, Greg K-H. Now in the "Linux" Foundation.]

    The application was made by Sasha Levin, and if approved would allow the Redmond giant to be part of private discussions on vulnerabilities and ongoing security issues. One of the criteria for membership is to have a Unix-like distro that makes use of open source components, and Levin mentioned Windows Subsystem for Linux 2 and Azure Sphere, which are still in public preview and slated for general availability in 2020.

Kernel: Linux 5.3, Systemd and Wacom Tablets

  • A Look At What's On The Table For Linux 5.3 Features

    With the Linux 5.2 kernel due to be released in a few weeks and that marking the opening of the Linux 5.3 merge window, here is a look at some of the likely features coming to this next version of the Linux kernel. Based upon our close monitoring of the different "-next" Git branches of the Linux kernel and mailing lists, here is a look at what you're likely to see merged with Linux 5.3 in July. Linux 5.3 will then debut as stable in September.

  • Systemd Now Allows Custom BPF Programs To Be Loaded On Cgroups

    Systemd now allows loading of custom BPF programs for network traffic filtering that are applied to all sockets created by processes of a given systemd unit. The motivation for this stems from a feature plan drawn up last year for having systemd install BPF (Berkeley Packet Filter) programs into cgroups. The benefit of this is associating a BPF program for IP filtering with a unit file so systemd can install them once a cgroup is setup.

  • Linux 5.3 To Support The $1,500 Wacom MobileStudio Pro Tablet

    In addition to the latest Wacom Intuos Pro Small drawing tablet to be supported by the Linux 5.3 kernel, the high-end (circa $1,500 USD) Wacom MobileStudio Pro tablet is also set to now be supported by this next kernel cycle. MobileStudio Pro support on Linux with the existing Wacom driver ended up being incredibly quite simple and just adding the new device IDs. That support is now queued into the "-next" branch ahead of the Linux 5.3 merge window opening in July. At $1,500, the Wacom MobileStudio Pro ends up being an actual premium tablet computer as opposed to just a drawing tablet device as is most Wacom products.

