After a release cycle that turned out to be a tad bit longer than originally intended, NetBSD 1.5 was released by the end of November 2000. This article presents you some of the changes in the latest release of the world's most portable Open Source operating system.
Ports to New Platforms
One of the key strengths of the NetBSD Open Source operating system is its portability to many hardware platforms using a single source tree. Proving this first major goal true, NetBSD has been ported to a number of new platforms since the last major release:
Unfortunately not all of these new ports are included in the binary release, and are available "only" in the NetBSD 1.5 source release. If you're interested in any of these ports, feel free to join in and subscribe to the port-arch mailing list. See http://www.netbsd.org/MailingLists/ for more information.
If you want to live on the fast lane, then grab the latest snapshot and test-drive the latest code on your hardware. Many of the ports will be part of the next (patch) release, NetBSD 1.5.1.
NetBSD continues to provide state-of-the-art security services with the 1.5 release. Several subsystems were tuned to keep NetBSD ready for today's hostile network environments as often found in ISP and e-commerce environments. NetBSD is secure out-of-the-box, preventing any intrusion or compromise of services. The default install has all network services turned off, relieving the system administrator from having to turn that service off or monitoring the services. Methods for secure remote access are provided by a Secure Shell implementation as well as IPsec.
Thanks to the much less restrictive export restrictions of the U.S., it is now possible to make further crypto mechanisms available in the form of OpenSSL, Kerberos 4 and 5 compatible client and server facilities as well as an implementation of the Rijndael AES encryption algorithm for IPsec.
Besides strong crypto and network security, substantial work was done in the area of host-based security by replacing the traditional kernel-reading interface for process data structures with a sysctl-based implementation, resulting in top, ps and other programs to not require special privileges any more to retrieve that information from the kernel, which prevents them from being vulnerable for buffer overflows e.g. as recently found in the top process monitor.
Another effort for hardening NetBSD were several proactive code audits to identify and fix code where string routines were used without bound checking, and where format strings were used in an unsafe way, allowing arbitrary data entered by (possibly) malicious users to overwrite application code, and leading from Denial of Service attacks to compromised systems.
Changes in Kernel and Networking Code
The UVM virtual memory system was tuned for more performance and stability. The scheduler was changed to prevent processes with nice -20 to take CPU time from processes with nice 0. A mechanism for a platform-specific scheduler clock was also added. A rearrangement of the scheduler and addition of generic locking code inside the kernel will be available for future works in the area of symmetric multi-processing.
The emul system was enhanced to support legacy applications from foreign operating systems not running native on NetBSD, making it easy to switch from Linux, OSF/1 or Solaris to NetBSD. Using this system it's also possible to run applications not available natively for NetBSD.
Thanks to the excellent work of the KAME project, NetBSD is now proud to ship with the next generation Internet Protocol, IPv6, as well as IPsec to allow network-level encryption and authentication for both today's IPv4 and IPv6. Standard services like telnet, FTP, SMTP and SSH are available, and with the new transport independent RPC code we are also the first Open Source operating system to offer you NFS over IPv6.
Further services like the Apache web server, the Samba SMB/CIFS protocol server suite and many other services are are available from the NetBSD Packages Collection, which by now contains more than 1600 applications ready to install. During the 1.5 release cycle it was ensured that as many packages built as possible - we got it down to 7 (seven!) packages not building out of these over 1600 on the i386 port. We have some vacuum on pkg build machines available for some other ports, but we're working on that to provide as many precompiled binary packages as possible for our users' maximum comfort.
File Systems & Data Storage
Probably the most noticeable change in this area is the incorporation of Kirk McKusick's softdep code, which caches updates of meta data (e.g. state information of directories and files in existence) in memory. Using the new "softdep" mount option on any FFS filesystem will result in data operations modifying files and/or directories being sped up somewhat. In combination of this, the codepath to flush dirty buffers back to disk was changed to do this continuously while the system has spare I/O resources, instead of forcing a full sync in fixed intervals. You'll notice that the "update" process is gone, and was replaced by the "ioflush" kernel thread for this purpose.
The RAIDframe software RAID driver now offers autodetection of RAIDframe components and autoconfiguration of RAID sets, making it easier to configure the system when disks were shuffled, maybe due to a failed disk. For more system reliability it's also possible to have the root filesystem (/) on a RAID set.
Other new features include support for NTFS, though readonly at this stage, many improvements on the log structured filesystem (LFS) and changes for revision 1 of the Linux ext2fs. Joliet extensions have been added to the cd9660 CD filesystem, allowing it to properly handle CDs using Windows-style long file names. Several fixes were made to some layered filesystems (like unionfs) that make locking against other layers actually work, and the rpc.lockd, responsible for NFS locking, now works reliably too.
Bus-independent drivers for PCIBIOS, pcmcia, cardbus and USB allow accessing devices on various architectures, including i386, hpcmips, sparc and macppc based notebooks. The i386 port's "laptop" installation now takes care for USB, PCMCIA and Cardbus, supporting a wide range of devices commonly found in these machines today.
An architecture-independent implementation of a driver for IBM's Microchannel Architecture (MCA) is available in NetBSD 1.5. It's currently used on the i386 port to support NetBSD on the "old" MCA IBM PCs. Stay tuned to see this used on other machines using MCA!
Many drivers were added for USB - various USB-ethernet adapters, audio devices, keyboards, mice, printer and modem devices, mass storage like floppies, ZIP drives and digital cameras, and devices like the Prolific host-to-host adapter and the Handspring Visor come to mind. Other areas with new drivers include IEEE 802.11 wireless LAN, audio, 10/100/gigabit ethernet, etc.
The most significant change in the userland code is the way the system boots. The monolitic /etc/rc script was replaced by a number of small scripts, each doing a well-defined job. Order of execution of the scripts is defined using a Provides/Requires mechanism evaluated by the rcorder(8) tool. Configuration of the services is defined in one central place, /etc/rc.conf, which takes its defaults from /etc/defaults/rc.conf. This new layout makes it easy to start/stop single services easily and allows 3rd party software to provide ready-to-drop-in scripts.
The long-standing lack for proper user management tools was ended by importing a set of System V compatible commands in NetBSD 1.5. Available commands include useradd(8), usermod(8), userdel(8), groupadd(8) groupmod(8) and groupdel(8). If you are not familiar with the SysV tools, be sure to give the -m option to useradd to actually create the new user's home dir.
The NetBSD operating system includes a number of programs written and maintained by external parties. Many of the programs were updated to their latest versions in NetBSD: BIND, IPfilter, ppp, sendmail; postfix is now included as an alternative to sendmail, and the games in /usr/games were updated with patches from several other operating systems.
How to Get NetBSD
If you got curious about NetBSD and want to install/upgrade, here are some URLs that you may find of interest: