Book: BSD UNIX Toolbox: 1000+ Commands for FreeBSD, OpenBSD and NetBSD
Business Wire press release:
`` This handy, compact guide teaches you to use BSD UNIX systems as the experts do: from the command line. Try out more than 1,000 commands to find and get
software, monitor system health and security, and access network resources. Apply the skills you learn from this book to use and administer servers and desktops running FreeBSD, OpenBSD, NetBSD, or any other BSD flavor.
Expand your BSD UNIX expertise in these and other areas:
For more information, see the
Business Wire press release
and of course the
publisher's information on the book.
- Using the shell
- Finding online software
- Working with files
- Playing with music and images
- Administering file systems
- Backing up data
- Checking and managing running processes
- Accessing network resources
- Handling remote system administration
- Locking down security''
[Tags: books, freebsd, openbsd, Products]
Congratulations to the OpenBSD team
... for finding their second
remote hole in the default install,
in more than 10 years!
| - || from a contributer of NetBSD,
| || which had the least number of incidents reported for BSDs,
| || as confirmed by the US-Cert in the past four years
[Tags: hubertf, openbsd, Security]
Driver development hints
There is a
OpenBSD driver development hints
over at the
I guess much of this applies to NetBSD as well, and
it's nice to start with. More data is available
in the NetBSD Internals Guide,
Jochen Kunz's Writing Device Drivers
and of course
all section 9 manpages.
(If someone wants to include Jochen's text into the NetBSD Internals
Guide, that'd be great... just like any other work in that area.
Any takers? Send your patches to netbsd-docs@, feel free to CC:
[Tags: Docs, kernel, openbsd]
There were a number of interesting items in the past week or so
that I didn't manage to put here so far. Instead of putting them
into seperate entries, I'll take the liberty to assemble them
into one entry here:
So much for now. Enjoy!
- The Newsforge article
"Which distro should I choose?"
refers us to a
Comparison between NetBSD and OpenBSD,
the website apparently allows other comparisons.
``powerful, easy to use, cost effective desktop virtualization solution that empowers PC users with the ability to create completely networked, fully portable, entirely independent virtual machines on a single physical machine.''
In other words "something like VMware".
In contrast to the leading(?) product in that area,
Parallels supports NetBSD as guest OS officially.
is a PC-like computer from NEC that has a Intel CPU and that was
only sold in Japan. Due to some subtle differences from
the "original" (IBMesque) PC architecture, it can't run
NetBSD/i386 and was so far supported e.g. by FreeBSD/PC98.
Now, Kiyohara Takashi has made patches and a floppy image
available for a NetBSD/pc98 port - see
Kiyohara's mail to tech-kern for more details,
and also some discussion about further abstraction of the
current x86 architecture to support machines with Intel
CPUs that can't run NetBSD/i386.
- Staying on the technical side, David Young has a need to tunnel
packets through consumer-grade (and consumer-intelligence)
devices, which are unlikely to cope with anything outside of
the IP protocol. As such, he has posted patches to
tunnel gre(4) over UDP.
Now let's hope this works as a foundation for
Teredo (tunneling IPv6 over UDP)... :-)
- Verified Exec
is a security subsystem inside NetBSD that verified
fingerprints of binaries before loading them. This prevents
binaries from being changed unnoticed, e.g. by trojan horses.
Now when NetBSD runs such a system and memory becomes tight,
only the process' data is paged to disk, the executables text
is simply discarded with the assumption that it can be paged
in from the disk again when needed.
Of course this assumes that the binary won't change, which
may not be true in a networked scenario with NFS or a
disk on a fiber channel SAN that may be beyond control of the
local system administrator. To prevent attacks of this kind,
Brett Lymn has worked to generate per-page fingerprints that
are kept in memory even when the executable pages are freed,
for later verification when they are paged in from storage
The code is currently under review and available as a patch
set - see
Brett's mail to tech-kern
for all the details!
- While talking about security subsystems, Elad Efrat, who also
worked on veriexec previously continued his work to factor out
authentication inside the kernel: After introducing the
framework and replacing all manual checks for
"am I running as root" or "does the current secure level allow
this operating" with calls to it, the next step is to
seperate the the place where those calls are made from
a back-end implementation that will determine what is allowed
and what is not, who is privileged and what is not, etc.
While these questions are traditionally answered via special
user ids (0, root), group membership or secure levels,
other methods like capability databases could be imagined.
Elad has been working along these lines, and he has posted
the next step in his work, outlining the upcoming
security model abstraction - see
Elad's mail to tech-security
for details & code references.
- NetBSD 3.1 is around the corner, which will be an update to
NetBSD 3.0 with lots of bugfixes and some minor feature enhancements
like new drivers and also support for Xen 3 DomainU.
NetBSD 3.1 Release Candidate 1
available - be sure to have a look!
- FWIW, I've also updated the
overview of NetBSD release branches
a few days ago, as I still see a lot of people that are
confused over NetBSD's three lines of release branches
(well, counting the development branch NetBSD-current as release
branch :), and the differences between what a branch and what
a release is.
With NetBSD 3.0, 3.0.1 and 3.1 this sure makes my little head spin...
- But there's more than NetBSD 3.x! If you've watched the above
link, you will understand that the next release after the
NetBSD 3.x set of releases is NetBSD 4.x.
The release cycle for NetBSD 4.0 has started a few days
ago, and there's also
an announcement about the start of the NetBSD 4.0 release process
by the NetBSD 4.0 release engineer Jef Rizzo which has information
on schedule, how YOU can help and getting beta binaries and sources.
- The working period of the Google Summer of Code is over, and
while mentors are still evaluating the code submitted by students,
there are some public status reports:
Alwe MainD'argent about the status of the 'ipsec6' project
Sumantra Kundu about the 'congest' project
- Sysjail 1.0 has been released!
Includes some interesting
- As reported in the #NetBSD Community Blog,
an alpha version of
was released: It's a NetBSD-based system for easy installation
on USB sticks and CF cards.
[Tags: Articles, google-soc, gre, kauth, networking, openbsd, parallels, pc98, releases, sbsd, Security, sysjail, veriexec, vmware]
``CARP is a tool to help achieve system redundancy, by having multiple
computers creating a single, virtual network interface between them, so
that if any machine fails, another can respond instead, and/or allowing
a degree of load sharing between systems.''
Liam J. Foy worked on porting CARP to NetBSD, and has a first patch
available for posting, see
for more information and example usage.
Information on CARP is available in
the OpenBSD FAQ.
[Tags: carp, openbsd]
Article: OpenBSD founder pulls no punches
I've stumbled across
this interview with Theo de Raadt
which is a bit dated (done 2004), but which I think is very
interesting (and on-topic here!) as it gives some details
on the very first days of how NetBSD (and FreeBSD)
emerged from 386BSD.
Funny enough, I found a printout of slides from the conference
where Chris Demetriou presented NetBSD, with his and Theo's name
on them the other day.
[Tags: Articles, history, openbsd]
OpenBGPd is an exterior routing daemon who speaks the
Border Gateway Protocol. Thomas 'TGEN' Spanjaard has ported
it to NetBSD, including support for TCP MD5 and signatures.
his mail to tech-net
for a lot more details.
[Tags: networking, openbgpd, openbsd]
Article: How not to respond to a security advisory (Updated)
The best thing that can happen to you is to find out your
software has no security problems.
But what to do if so, and also what better not to do?
The Register has an article up on
"How not to respond to a security advisory".
Actually the register article is re-published after it first
[Tags: Articles, openbsd, Security]
How to run OpenBGPD on FreeBSD/NetBSD
I read a comment about running openbgpd on NetBSD,
and wondered if there was any chance to do it.
ISTR that it relied on a number of kernel features from a previous
I've heared, but at least according to this
"How to run OpenBGPD on FreeBSD/NetBSD"
page it seems pretty straight forward and userland only.
Has anyone actually tried this on NetBSD? Feedback welcome!
[Tags: networking, openbgpd, openbsd]
Windows drives me nuts, too ...
... but I'm not sure it could me to
switch to OpenBSD. ;-)
(Unless someone shows me the only reason *I* run Windows works on
OpenBSD -> Counter Strike :-)
[Tags: openbsd, windows]
Article: A technical look at the OpenBSD operating system from a NetBSD perspective
As work related to my PhD
thesis, I wanted to see if OpenBSD runs equally well in qemu as
NetBSD and FreeBSD do. While there, I wanted to see what is there in
OpenBSD that is not there in NetBSD, given that OpenBSD forked from
NetBSD some time ago.
my findings, and hope people in NetBSD pick up some of the things
noted in there - I think they're worthwhile.
[Tags: Articles, netbsd, openbsd]
Book extract: systrace in OpenBSD
The book "Secure Architectures with OpenBSD has a chapter
systrace in OpenBSD, which may very well apply to NetBSD's systrace as well,
given that Niels Provos, the creator of systrace himself, ported and
now maintains systrace on NetBSD. Systrace is a tools that allows
monitoring, interception and restriction of system calls.
[Tags: openbsd, Security, systrace]
More OpenBSD bullshit, and GeNUA
So I had to add two new entries to my RIPOFF
file today: One about some small change in the PUC driver, where
credit was given, but after carefully digging out the NetBSD developer's
private email address instead of using the official NetBSD address from
the source-changes message. See "20020602" entry of the
The second entry is more annoying, as it's hurting NetBSD's reputation
in a print magazine:
The company GeNUA, producer of firewalls from Germany, was
abandoning BSDi and looking at alternatives. In an interview
in the german magazine "freeX" they describe how they choose
OpenBSD. NetBSD was not chosen as the NetBSD developer group was
considered too closed and to rarely pick up inspirations from
outside, which makes it hard to integrate it into release
``Problematisch ist es dagegen fuer GeNUA, dass die
NetBSD-Entwicklung von einer sehr geschlossenen Gruppe
betrieben wird, die externen Anregungen nur selten
aufgreift. So ist es schwierig, zukuenftig benoetigte
Features sicher in die Release-Planung einzubringen.
Aus diesem Grund konnte GeNUA nicht auf NetBSD als
Basis fuer die weitere Entwicklung von GeNUGate setzen.''
(FreeX 1/2005, Seite 8)
Contacting the chief of GeNUA who was also interviewed in that
article, Magnus Harlander, how this impression came and whom
they talked to, I got the answer that this was the response
that they got from several OpenBSD developers(!) they had asked,
which apparently tried to report several NetBSD kernel bugs.
While I welcome everyone to choose whatever OS they want to use,
and while I'm even more happy to see people use a (OS based on a)
decent OS, BUT making wrong statements about project NetBSD in
public annoys me, and I guess I'll have to think what to best do
to answer this whole incident.
- GeNUA never contacted NetBSD directly (in contrast to
what the article makes one think)
- OpenBSD developers apparently never made it clear they
were talking for someone else when they communicated
- Given personal experience and history of relation between
NetBSD and OpenBSD, I'd be surprised if the contact was
made in a constructive manner. (I have no further details
here, so just a guess)
[Tags: openbsd, rants]
NetBSD - supplier of Open Source operating system technology
Thanks to NetBSD, some other open source operating systems can boast
about having in-kernel PPPoE
and SMP support.
Kinda makes me wonder why there's need for
so many BSD forks
when they all just take code from
the same BSD variant.
[Tags: openbsd, rants]
LSD can help you imagine ... (updated)
... that a NetBSD-spinoff has some security problems. (Stunning news, amusing truth :-)
[Tags: funny, openbsd]
Grab the RSS-feed,
or go back to my regular NetBSD page
Disclaimer: All opinion expressed here is purely my own.
No responsibility is taken for anything.