Unix News Tutorials Events and Stuff: 2010

Sunday, November 21, 2010

Asterisk

What is Asterisk?

Asterisk is an open source PBX (Personal Branch Exchange). A PBX is a phone system commonly found in office settings that allows you to make calls between cubicals just by dialing that extension. A PBX also allows things like Automated Attendant, which creates those annoying messages that say "Press 1 to talk to a human" or "Press 2 if you are willing to pay to talk to a human".

Asterisk however takes this to a new level by integrating the Internet into your PBX and allowing you to do Voice Over IP (VOIP). The big benefit of VOIP is now your office doesn't have to be located in one place. You can have phones ring is several places at the same time and who ever picks it up first gets the call.

You are not even confined to the same country. For instance, you can get a US based phone number and have it ring in Australia. As long as your phone can plug into the internet, you can make and receive phone calls as though you were in your office. If you are extension 1234 at work, just take your phone with you and when you plug it in to the Internet, you will still be extension 1234.

Because it is open source, it is quite a bit cheaper than most commerical PBX systems.

Asterisk comes in two pieces: the PBX which is called asterisk and the hardware drivers for phones and phonelines called zaptel. You can use asterisk without any of the hardware drivers if you only need VOIP capabilities.

I've mostly used asterisk for voip and analog lines. Analog lines come in two flavors: FXO and FXS. What kind of line it is depends on whether or not it has a dial tone. An FXO line can receive a dial tone and functions much like a computer modem. An FXS line generates a dial tone. For instance, a telephone handset and a computer modem are both FXO devices. Neither of them generates the dial tone. So, if you were to plug a telephone into the computer modem, you wouldn't get a dial tone. An FXS line emulates the incoming line from the telephone company.

If you attach a telephone to the FXS line in an Asterisk box, it will give you a dial tone and allow you to make outgoing calls. It then passes the digits you dial to an FXO line that is connected to the telephone company, thus completing your call. Asterisk can also make FXS to FXS calls, where one extension rings another internal extension off the same PBX.

FXS -> PBX -> FXO -- Make an outgoing call.
FXS -> PBX -> FXS -- Ring an internal Extension
FXO -> PBX -> FXS -- Incoming call passed to Extension

When you add VOIP in to the mix, the combinations become endless. But I think you get the picture.

Friday, November 19, 2010

Linux Days 2011 Call for Speakers

We are happy to announce to you the 13th Chemnitz' Linux Days[1]
in March, 2011. Linux Days are the most popular uncommercially
organised event regarding Linux and open source software in
Germany. The two-day event offers a wide lecture programme with
just about 90 lectures about basics, projects, workings, and
findings. Furthermore, we provide an exhibition space to present
a lot of projects to the public. As in previous years, more than
2.500 visitors were greatly impressed by the event in 2010.
Pictures and blog entries give an impression[2].

Chemnitz' Linux Days 2011, themed "Living Freedom", take place on
March 19 and 20, 2011. The Call for Lectures[3] and the Call for
Presentations[4] have already started. If you would like to
showcase your project as well, please sign up yourself and do not
forget to enter a convincing description. All speakers,
exhibitors and helpers get free entry, full board, and a free
ticket for the evening event on saturday. In case of open
queries, please do not hesitate to contact live@linux-tage.de
related to the exhibition or vortraege@linux-tage.de related to
lectures and workshops.

Kind regards from Chemnitz

[1] http://www.linux-tage.de/
[2] http://chemnitzer.linux-tage.de/2010/info/bilder.html
[3] http://chemnitzer.linux-tage.de/2011/vortraege/call_form
[4] http://chemnitzer.linux-tage.de/2011/live/call_form

Thursday, November 18, 2010

Interview with Henning Brauer of OpenBSD

OpenBSD Journal has an interview with Henning Brauer:

Henning started using OpenBSD around the 2.7 Release; a very popular release for many developers. At around the same time but after having spent four years as a software developer, he started his own ISP. Not long after starting this new venture, he was hit with a nasty attack on one of his Linux servers. He then turned to the other BSDs for options. He replayed the same attack on FreeBSD and OpenBSD, with the latter handling the attack much better. It didn't take him too long to realize that OpenBSD was a better fit for his needs.

BSD at FOSDEM 2011 - Call for speakers

Marius Nünnerich has put out a call for speakers.

FOSDEM 2011 will take place February 5-6, 2011 in Brussels, Belgium.
We want to continue the great success of the last years and again we
have a booth and a devroom.

Please submit your proposal to me asap. We have a devroom on
saturday this time. Talks will be 45 minutes including discussion (feel
free to ask if you want to have a longer/shorter slot).

Every talk is welcome, from internal hacker discussion to real-world
examples and presentations about new and shiny features. The talk
committee consists of Daniel Seuffert and me.

Please submit your proposals to:

marius@nuenneri.ch

and include the following information:

* Your name
* The title of your talk (please be descriptive, as titles will be
listed with ~250 from other projects)
* A short abstract of one to two paragraphs
* A short biography introducing yourself
* Links to related websites/blogs etc.

The deadline for submissions is 20th December 2010. The proposals will
be considered by committee. If your proposal has been accepted, you
will be informed by email within one week of the submission deadline.

Best regards,

Marius

Sleeping Beauty - NetBSD on Modern Laptops, Jörg Sonnenberger

Modern laptops don't have APM support, just ACPI. One way to handle suspending is to suspend-to-RAM of the live system. The more long term suspend requires suspending to disk.

PMF is the new power management system for NetBSD. It does device power management in layers. This allows the system and hardware devices to be shutdown in a logical order and properly bail out if a problem is encountered.

It also powers down optional hardware that supports power save or turning off.

It polls devices like audio devices, network devices, etc to capture their state and restore the state on resume.

It implements an event interface that allows you to send event notifications to specific devices or the whole system. Events that are already implemented include things like lid close/open, etc.

Much of the ACPI code in NetBSD was rewritten to support PMF. The ACPI Embedded Controller code was rewritten to use a dedicated kernel thread for handling SCIs.

You can see all the slides here:
http://www.netbsd.org/gallery/presentations/joerg/asiabsdcon2008/powermanagement.html

Sunday, November 14, 2010

Old Fashioned Peer-to-Peer Networking

In the movies, you often see visitors (Space aliens, foreign exchange students, mermaids, etc) learn our language by watching TV. Having learned a foreign language, I wondered if this was really possible. I remember all the hard work I put in to study and learn all the vocabulary, grammar, and characters. Any of you who know me will remember that while I am a native English speaker, I do a fair job of speaking Korean. I thought it would be fun to brush up on it by watching TV in Korean. However, like most Americans in rural America it's absolutely impossible to find TV in a foreign language other than Spanish.

So, I turned to the Internet. It didn't take me long to discover that there is a huge underground exchange of TV shows that have been "Fan Subbed" into English, with the audio still in the native language. The quality of both the video and the translation varies markedly.

You will find everything you would normally find on a peer-to-peer sharing network and a whole lot you wouldn't. What I am explaining is really nothing new and actually from the technology being utilized, I expect it pre-dates most "peer-to-peer" sharing software. The forum is one we all know and love, IRC.

I ran into six issues in this arena that made things a bit difficult. Three of them technical, and the rest just a result of the chaos that is IRC.

IRC Client -- You need an IRC client that will handle DCC chat and DCC file receive. Not really an issue as most any irc client you use will have this function. My favorite is xChat.
dccserver -- This is a feature of mIRC that isn't readily available in any other IRC client. mIRC uses dccserver to share files and it uses port 59, which on Unix is in the restricted range and you have to be root to access it. However, some coders have gone through the trouble of creating an open source version of dccserver that will handle the features needed to download files. It's a command line application, so it will operate independent of your irc client.
Video Player -- Because of the wide variety of video codecs and the randomness of who decides to record and "fansub" a TV show, you never know which video codec you will need to watch the show you download. I do most of my video watching on my Mac OS X laptop and Quicktime just doesn't do the job. First, it never seems to have the right codecs and 2nd, you have to pay for the pro version to watch things in full screen mode. Recently I discovered an open source video player called Video Lan Client. It claimed to have BSD and Linux versions, but it also had a native Mac OS X version. And the best part is that is has never complained of not having a video codec and it does full screen mode without me paying a dime.
Its IRC. Things aren't organized at all. Its also very hard to find anything. There are more IRC networks than you can count on both your fingers and toes. To solve this problem, I found IRC search engines. It's an IRC search engine that spiders the different channels on IRC and does what it can to organize them into a searchable database so you can find the channel you want. Finding the right IRC network and channel makes all the difference. I went looking for Inu Yasha, a Japanese anime that had been playing on late night Cartoon Network and found it on irc.aniverse.com #inuyasha
Knowing what things are -- If you know what you are looking for, this is a very easy forum to find stuff. A bit of searching and you end up on a channel with people interested in the same stuff. The hard part is figuring out what shows you want to watch. The most obvious way is to just start downloading stuff and see if it is what you want. Usually, each show will have a website explaining what it is, however many I have found are only in the foreign language and difficult to decipher if you aren't fluent. My only advice on this topic is to do your research and ask your friends.
Learning the channel rules and commands -- Every channel has its own set of rules and rule breakers are quickly banned from the channel, hopefully not permanently. Usually the quickest way to make friends on these channels is to setup your own file server and start sharing files.

I found what I was looking for, access to Korean TV dramas that I can't find here in the States. I expect that all the same legalities apply to this forum as apply to most peer-to-peer sharing networks and I expect all of you will be using it for educational purposes only. ;-) I've watched the last 100 episodes of Inu Yasha already and I think my Japanese vocabulary has grown by at least 10 words.

Friday, November 12, 2010

bsdtalk202 - DragonFlyBSD 2.8 with Matthew Dillon

Also Available via Phone: +1 (210) 957-5481

This is an interview from day 2 of MeetBSD California. He interviews Matthew Dillon about the recent Dragonfly BSD 2.8 release.

New Features include:

Linux LVM (most of it)
NetBSD DM ( Disk Manager / Storage Manager) which includes striping and crypto
GUI release image working for this release
A lot of stability work.
A lot of Multi-Processor improvements
Simplified the kernel framework to use kqueue everywhere
Hammer Filesystem is doing well.
swap cache improvements.

A GSoc project for dedupe for hammer is going into the code this week.
Software crypto was only using a single CPU, but in this release they did a bunch of work on the opencrypto in the kernel to make it Multi-Processor aware.

Crypto options for the installer are going into the codebase shortly. The entire Hammer partition will be able to be encrypted. Some VM adjustments after the release fix a heavily loaded machine working in low memory. They just went it to the code.

Clustered Single Instance System
This is still a goal but they have backed off the SSI system for now. What they are doing is the clustered, multi-master filesystem and cache coherency. This is a much more doable goal. The focus recently has been on Multi-Processor work. They are almost done removing the Giant Lock. Nearly the entire backend is MP safe. All the network stack, the entire IO path is MP safe through Hammer. The front end is using token locks. About half of them are actually still getting locks.

The removal of the locks from the back end has improved performance a lot. The system is no longer single threaded.

NFS

They fixed a lot of issues with NFS. The RPCs are now asynchronous. The OS now dedicates 2 kernel threads. One for reading and one for writing. Performance has been very good.

Hammer

They now have a catastrophic recovery tool. It can't recover in place, but it can restore a hammer drive to another disk. It requires almost no knowledge of the disk topography, but it handles it all automatically. This utility was written because a user needed to recover a disk that had read errors and there were no backups. A couple of the errors were right in the middle of the Hammer filesystem. An fsck tool was just impossible for Hammer, but a recovery tool was very simple. It was written in just a couple of days. The user was able to recover 99% of his files.

Swapcache

A lot of people don't understand how this works and how important it is. It works with a single regular harddrive and a 20G SSD drive. Even a small SSD creates major improvements to the original disk.

Wednesday, November 10, 2010

Help! Its Dark, I'm on the Command Line and I can Smell UNIX.

The Unix command line can be a daunting and scary place for the first time Unix user. The first thing you need to do is assess your situation. While all command prompts may look the same, and most act the same, they can be very different. We are going to answer two questions. Which operating system am I on and which shell am I using?

Which Operating System
Unix comes in many flavors. The version you are using will make a difference in how you interact with the system and where the programs are located. For example, Linux stores most additional applications in /opt/ directory where BSD stores the same programs in /usr/local/. Mac OS X is also a flavor of Unix and it stores the applications in different locations as well.

To find out which operating system you are on, you will use the uname(1) command. The (1) on the uname command refers to where it is found in the unix manual. There may be two different sections that refer to this command, so we differentiate in documentation using (1) to denote the section. To use this command just type uname and press the return key. You will get back the name of the operating system.

On my Mac OS X system, I get:
uname
Darwin

On my work computers:
uname
FreeBSD

But that isn't all that it can do. Lets try again with some options. Actually, all the options, the -a implies all the options.

uname -a

Darwin admins-macbook-pro.local 10.4.0 Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010; root:xnu-1504.7.4~1/RELEASE_I386 i386

You can see from this output I got that, I typed the command on a Mac OS X box. Darwin is the Unix subsystem of Mac OS X.

Here it is again on my work computers.

uname -a

FreeBSD roadrunner.loonytunes.lan 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Mon Jul 12 19:23:19 UTC 2010 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64

There is a lot of information here. The Operating System. The host name, or the name of the computer. The operating system version, when it was compiled and by whom. It also includes the platform or processor type.

Once you know which system you are on, its much easier to look up specific information about the commands you need to learn.

Which Shell

So far, we have discovered which operating system we are working on by typing in a single command to the command line. The next thing we need to do if figure out which shell we are using. The command line you are typing at is called a "shell". It accepts your commands and does its best to carry them out. The shell is set as a user preference. You can switch shells without changing operating systems. You can even use the same shell when switching to a new brand of Unix.

The most common shells are: bash, tcsh and zsh. All shells have a common set of commands, but each shell has its own set of unique extended features that make life easier. If you learn the bash shell on Linux, you can use the same shell on Mac OS X, or FreeBSD. This makes transferring between operating systems much easier.

To figure out which shell you are on type:

ps -p $$

This is actually a pretty complex command that searches the running processes and finds the one that is your shell and prints out its name.

> ps -p $$
PID TT STAT TIME COMMAND
75196 p0 Ss 0:00.01 -tcsh (tcsh)

The > is the tcsh prompt that I typed the command at. The rest is the output from the ps(1) command. To determine your shell, all you really need to look at is what is at the end.

$ ps -p $$

PID TTY TIME CMD

4729 ttys000 0:00.02 bash

For this one, the $ is the prompt that I typed at and bash is my shell.

Once you know where you are, it will make getting around much easier.

Tuesday, November 9, 2010

OpenBSD developer needs USB devices

Spotted over on the OpenBSD Journal:

Jacob Meuser (jakemsr@) recently asked for more USB gear on the want.html page. Jacob's been working on (USB) audio equipment for some time and is now expanding his work into the USB stack. He's already done some great work there (see for example here, here and here) but lacks some devices for testing. Please send him some USB gear, note that he specifically asks for network devices. Please read on for Jacob's message.

Looks like a lot of good work happening on USB. Read more Here.

Monday, November 8, 2010

GraceTech builds human-friendly computer with wood and NetBSD

I found this news item over at Hubert's blog. A wooden computer is just awesome.

Google News pointed me at Austrian company Gracetech today, founded by a long-time visionaire and NetBSD user Raphael Langerhorst. The website is currently only available in German language, but the product in focus here is announced under the label "Unified Computing". It unifies hardware, operating system and the user environment in a unique experience. This is implemented with a hardware that's built of a wooden(!) case around an ARM CPU running the NetBSD operating system. The user environment is built by GraceTech's own G Universe system. See the flyer for more information.

Sunday, November 7, 2010

Managing Filesystems: fstab

Understanding how the BSD filesystem manages disk space is critical to successfully managing a BSD server or workstation. However, this topic is generally overlooked since it is rarely used outside of installation and upgrades. It is also a very simple topic and most people assume you understand how it all works.

This article gives a quick synopsis on filesystem layout and tries to briefly explain how to understand /etc/fstab. The fstab(5) man pages, while good, do little to teach the basics to new sysadmins.

The first thing to realize when dealing with the Unix filesystem is that everything can be addressed as a file. Even system hardware has a file representation that is used to access it. Those special files live in /dev.

The second thing to understand is the starting location for all these files is / and pronounced "root". Those are the two points of Unix doctrine that everyone expects you to already understand before even thinking about trying BSD.

But what does that mean to me? First, if you have used a Microsoft operating system, you will notice there is no "C:" drive or any other drive letters. Unix has no concept of the drive letter mentality. With Unix all things exist in one directory structure. This may seem very unusual at first given the way you may be used to dealing with removable media. Instead of assigning a drive letter to removable media, you must find a place in the existing file structure to attach it.

Think of it like docking a module on to a very large space station. You find an empty docking station, connect the module. While the module is connected, the entire contents of the module are accessible for storage or removal by authorized personnel.

bsdtalk201 - PC-BSD 9 Alpha with Kris Moore

Also Available via Phone: +1 (210) 957-5481

This is an interview of Kris Moore of PC-BSD. This Interview is from MeetBSD. All the exciting new changes are going to be in PC-BSD 9. (Which means its based on FreeBSD 9)

The biggest change is the addition of new window environments. They are no longer KDE centric. Before there was some choice of window managers, but now there is a big change to the back end with the addition of PC-BSD meta packages so you can manage the parts of your desktop that you want.

Some of the features from FBSD that they are most excited about is softupdates with journaling and USB 3.0.

The 2nd biggest PC-BSD change is a re-implementation of the PBI package infrastructure. Its now shell driven instead of QT4. The new QT4 gui sits on top of that, so you won't notice the changes much.

They also reduce disk space by sharing libraries. PBIs are now signed from the build server. They have added binary patches and they store binary diffs. This will reduce upgrade time, especially for slow connections.

They have added pbi -r features to remotely get pbi format packages.

Friday, November 5, 2010

First PC-BSD 9.0 Alpha Snapshot Available for Testing

Kris Moore has just announced that the first testing snapshot is available for download (both 32 and 64 bit versions). You can help us make 9.0 an awesome release by trying out the snapshots (there will be many between now and the first beta some time next spring) and providing feedback about any bugs you find. Since these are testing snapshots, it is recommended that you try them out on a spare system or using a virtual environment such as VirtualBox. If you're planning on trying out all of the new desktop environments, you should use a virtual machine of at least 20 GB.

You can read the rest here.

Thursday, November 4, 2010

CloudSigma launches FreeBSD 8.1 & ZFS in the Cloud

CloudSigma AG announcea the addition of FreeBSD and by extension ZFS to its cloud computing platform. A FreeBSD 8.1 pre-installed cloud server is now available for instant deployment from CloudSigma's public drives library.

Patrick Baillie, CEO commented 'We've had many requests for FreeBSD over the last few months so I'm very happy to be able to offer its latest iteration directly from our drives library. We are continuing our strategy of keeping an open software layer and expanding the number of ready cloud server choices we offer over time.'

FreeBSD has a number of key differentiating factors from competing Linux and Windows platforms and is not generally available for deployment from other leading cloud vendors. As with all cloud servers from CloudSigma, customers have full software level control and sole root access to their FreeBSD servers.

NYCBSDCon is getting close

NYCBSDCon is coming up very soon. Knowing the caliber of people who are putting this on, it would and awesome conference to attend. The price seems right too:

"As in years past, the admission fee is low. Very low. Early registration, which ends November 1st, is only $95 for an excellent technical conference packed with great presentations. And considering the price includes four meals in Manhattan, we are convinced the price is disturbingly low!"

They always seem to have the best parties after their events too.

I hope they post videos of the sessions.

Tuesday, November 2, 2010

OpenBSD 4.8 Released

Theo announced the release of OpenBSD 4.8.

The new version boasts many new enhancements and fixes. Such as better suspend/resume for most machines with Intel/ATI video. Improved hardware support and new tools like ldapd and iked.

Looks like an awesome new release that I'm going to have to stick on a machine and give it a test drive.

CDs are available for purchase and you can download it directly from one of the mirrors:

As of Nov 1, 2010, the following ftp mirror sites have the 4.8 release:

ftp://ftp.eu.openbsd.org/pub/OpenBSD/4.8/ Stockholm, Sweden

ftp://ftp.bytemine.net/pub/OpenBSD/4.8/ Oldenburg, Germany

ftp://mirror.aarnet.edu.au/pub/OpenBSD/4.8/ Brisbane, Australia

ftp://ftp.wu-wien.ac.at/pub/OpenBSD/4.8/ Vienna, Austria

ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.8/ CO, USA

ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.8/ CA, USA

ftp://obsd.cec.mtu.edu/pub/OpenBSD/4.8/ Michigan, USA

Monday, November 1, 2010

Hardening Apache

Your apache + PHP installation may not be as secure as you think it is. I recently did some nessus scans on servers I was getting ready to deploy and found they weren't configured as securely out of the box as I had hoped.

Here are a few of the things I changed on them to make them more secure. The first obvious thing I did was upgrade all the software to the latest version.

Backup CGIs shouldn't be downloadable
This problem includes files such as .old, .bak, files ending in ~ (an extension used by some backup programs), and .save, etc. These files are not being handled properly by apache to hide them from prying eyes and can be downloaded as source files, which may reveal sensitive information. It also includes .svn or .cvs files that you may have unwittingly copied into a web directory that you keep under source control. Just add this to the httpd.conf file.

<FilesMatch "(\.inc|.*sql|.*~|.*bk|.*sav|.*save|.*old|.*bak.php|.bk.php|.*bakup.php|.*bak|.*bakup|.*backup|.*backup.tgz|.*backup.tar.gz|.*backup.tar|.*backup.gz|.*backup.bz2|.*backup.zip)" >

Order allow,deny

Deny from all
</FilesMatch>

<DirectoryMatch .*\.svn/.*>
Deny From All
</DirectoryMatch>

<DirectoryMatch .*\.cvs/.*>
Deny From All
</DirectoryMatch>

Disabling Trace
Trace can be used in cross site scripting attacks, so we need to turn it off. This can be done in httpd.conf

TraceEnable off

Enable Strong Encryption
I use SSL certificates to encrypt access to some of my websites. You want to be sure to remove the low encryption suites. People who don't support encryption will then be limited to your unsecure sections. This goes in the httpd.conf or included files.

SSLCipherSuite HIGH:MEDIUM

Remove Easter Eggs

I'm not that happy that people have allowed easter eggs into PHP source code. It would be nice if the pkg_src/ports maintainers patched this code out as part of a security patch. But for the mean time, we can disable expose_php in the php.ini file and it will suffice.

expose_php off

Remove Directory Indexes

Directory indexes allow people to see all of your files listed in a directory.

Remove Indexes from the Options directive in httpd.conf

These few things will make your web servers much more secure.

Sunday, October 31, 2010

Dealing with Disconnection

I sometimes work at home from a VPN Internet connection. I also have a small home network of about 4 computers of various types. All of them route through my BSD box to the Internet. However, like most people I travel back and forth to the office each day. Sometimes, when I'm working, I don't want to stop what I'm working on remotely just because its time to leave.

I use ssh from my BSD desktop to connect to the computers I work on. They are all remotely hosted and I have never actually seen any of the boxes. Usually, I am editing files using vi(1), managing asterisk servers from the console or setting up opensips processes.

My biggest problem working remote is not the lack of speed, highspeed internet really solved that, not like in the old days when I first started doing this. I remember dealing with that - push a key, go eat lunch, no real problem. But when working remote, the biggest problem is getting disconnected. Its really frustrating when I am in the middle of a project and the VPN gets disconnected or the WiFi just loses signal because someone turns on the microwave and I lose all my work. vi(1) can sometimes be forgiving, but it's far from the ideal method. I can usually recover part of my work.

Back when dialup was the only option, I would often get disconnected and log back in and the program I was working on was still running. Using w(1), I could see that the server still thought that I was logged in and hadn't terminated the program.

I was still working from dialup back when a friend of mine introduced me to screen(1). He ranted and raved about how wonderful screen(1) was and how the world needed to know about it. I've been using it ever since.

DragonFlyBSD 2.8 Released

DragonflyBSD 2.8 was just released. You can download it here.

From the Release Notes:

Big-ticket items

Return of the GUI - The 2.8 release includes a larger 4G USB image with a working X environment and full sources in addition to the standard 700M ISO and 1G USB images.

Crypto support - A cryptsetup compatible cryptographic device mapper target was written for DragonFly. This means that it is now possible to encrypt DragonFly partitions (e.g., HAMMER and UFS). While it is possible to only encrypt any partition like /home/, it is also possible to encrypt the whole root file system. The latter is especially useful for mobile devices. It is also possible to encrypt the swap partition while still being able to dump a kernel core. Further, the code is SMP aware, so expect a speedup if using multi-core machines and don't have cryptographic hardware support.

Packet Filter (pf) - Pf was updated to a version based upon OpenBSD 4.2. The previous version of pf in DragonFly was based on OpenBSD 3.5. This, in addition to laying the ground for further following OpenBSD's implementation, introduced several performance gains: Information like route-to, altq, tags, etc are now stored in the mbuf header directly. This was partially already the case up to DragonFly 2.6, but now the implementation corresponds to OpenBSD's. Furthermore an often unnecessary checksumming was removed, which gains another 10% performance. Also state tables and interface bound states were reimplemented and the pf_test_*() functions where fold into pf_test_rule() to make things clearer. DragonFly-specific additions, support for fairq packet queueing and pickups, have remained intact.

WiFi Stack Update - FreeBSD's WiFi (802.11) network stack has been ported. While not all WiFi drivers have been ported the ability to port drivers from FreeBSD much more easily will allow us to ultimately add support for more and newer WiFi devices in the near future.

MP Performance - The multiprocessor work that has been ongoing in DragonFly is really starting to bear fruit. The MPLOCK (The primary lock, that when held ensures only a single cpu is operating within the kernel) has been pushed back significantly with this release. Most of the frontend code now uses soft tokens instead of the MPLOCK, though for safety these particular soft tokens still acquire the MPLOCK. We will be phasing out the safety feature as work progresses. More importantly, HAMMER now runs with a per-mount lock and has specific optimizations to run 100% MPSAFE in the cached read & stat paths. Much of the system backend including the buffer cache, the networking subsystem (protocol stacks and netif drivers), and the AHCI disk driver are now completely MP-safe and do not acquire the MPLOCK at all. For most intents and purposes the system is running MP-safe. I don't want to sell this short because large portions of the core infrastructure have been MP-safe for years. But now those MP-safe paths for the first time can reach all the way from userland to the device drivers on the backend.

Friday, October 29, 2010

Invite to MeetBSD 2011

Matt Olander invites us to attent MeetBSD 2011

Come discuss all the BSD flavors with your peers next week at MeetBSD
California! It's on Friday and Saturday, November 5th & 6th at
Hacker Dojo, in Mountain View, California, USA.

We have an interactive Unconference on the first day. This means that
the attendees will get to decide the topics in real time.
For the second day, a more traditional format of speakers and
works-in-progress will be followed. It's highly hackable, informative,
and fun.

Of course, a legendary BSD-party featuring special guests, activities,
and entertainment will occur Saturday evening at the Dojo ;)

Thanks to our generous sponsors, the cost is only $25 USD which includes
snacks, lunches, and admission to the after-party.

If you are planning on attending, please reserve your space now:
http://www.meetbsd.com

Wednesday, October 27, 2010

Philip Paeps - FreeBSD, Detangling and debugging

Philip recommends debugging without using the debug tools.

"Debugging is universally anticipated with distaste, performed with reluctance and bragged about forever" -- anonymous.

One of the biggest drawbacks to using the debug tools is losing an entire day rebuilding the system to include the debug symbols and then to figure out that the problem was a simple typo that you could have caught with five minutes of critical thinking and some code review.

Suggestions to debug without the debugger

Printf's are boring. Instead when your program crashes, have it print a stack trace.
Cookies -- Write an unsigned long as a global variable and use it as a poor man's running stack trace. Write to it (fiddle with the bits) in the different subsystems to keep track of where you have been. Works great for embedded systems.
GCC is your friend. Don't silence the debugger with a cast, fix the problem.
use GCC -E -- It goes through the pre-processor and prints out the info.
Know your -w flags. Use -w Error to stop the program on warnings and fix them. Lots of problems can go away when you fix the warnings.
Use GCC instrumentations -- Very useful in userspace, not so much in kernel.
Do an object dump. -- Useful, but you need to know a lot to use it. Also you have to remove the -fomit-frame-pointer flag on intel platforms, or this process is useless. You can use this method to disassemble your program and figure out where the program crashed. Very useful in trace analysis.

Summary

Try not to debug, try to think first.

Take shortcuts. You have already broken something, cheating won't make it worse.

Remember who your friends are, like nm and object dump.

Document your clever tricks.

Tuesday, October 26, 2010

New Episode of The BSD Show: John Hixson

The guys at The BSD Show try an impromptu program with an iXSystems developer. Originally, he was hired to do the Flash port to FreeBSD, but Adobe withdrew and didn't cooperate. So that is why Flash doesn't work natively on BSD. John has been working with FreeNAS and PCBSD recently.

They discuss the future of Sysinstall and all the die hard sysinstall users who won't migrate to MSI files.
Lots of good sysinstall vs PC Sysinstall conversations and its time to migrate to PC Sysinstall for FreeBSD.

PC Sysinstall handles a lot of the new features such as ZFS and gmirror, gpt paritions, etc. It doesn't currently support PXE booting yet, but it will. It does have cool stuff like zfs root.

PC Sysinstall has support for scripting, so you could use PC Sysinstall as a backend and script your own front end for whatever you were doing.

Much discussion, swearing and planning for MeetBSD ensues.

Monday, October 25, 2010

Sławek Żak - NoSQL

He gives a good explanation of what databases do well and what they don't do well. Then he gets into how NoSQL makes things better.

Sunday, October 24, 2010

SSH Primer

When you ask how you can make your BSD box more secure, the first thing people will tell you is to use SSH if you aren't already. If you are new to BSD or Unix in general, you might still be mastering the art of logging in to the console and not have given a thought to logging in remotely. If you are using Mac OS X, you may not have even realized that you can log in remotely.

When you login to the console, BSD gives you a login: prompt and asks for your user name. You are then prompted for your password. If you successfully give both, it logs you in and presents you with a shell prompt. The alternative situation is if you are using a GUI login such as xdm, kdm, or Mac OS X. The login process will be the same; however, you will be presented with a windowing system upon login instead of the shell. To get to a shell from this point, you will need to run an xterm or the Terminal App in Mac OS X, which is found in the utilities folder.

From the shell prompt, you can use the ssh utility. In its most basic form, ssh gives you secure, console access to another computer. All the traffic that goes between the two computers is encrypted so it can't be intercepted in transit. Previously a utility called telnet handled the same duties, however it did so using unencrypted protocols. It became very easy for hackers to intercept telnet sessions and discover passwords used to remotely manage systems.

OpenBSD, NetBSD, FreeBSD, Mac OS X, and Darwin all come with OpenSSH installed as part of the base installation. OpenSSH was developed by the OpenBSD project and has quickly become the de facto standard for ssh. If you don't like using ssh as a command line, people have developed GUI front ends to ssh, but I'm not covering that in this article.

AsiaBSDCon 2011 -- Call for Papers

Hiroki Sato is calling for papers for AsiaBSDCon 2011.

It will be held on March 17-20th 2011 in Tokyo Japan. That would be an fun conference to attend. I've been to asia before, but not Japan specifically.

The details on submitting a paper for the conference can be found at http://2011.asiabsdcon.org/. Submission deadline is December 20th, 2010.

I'm going to have to go back and watch all the videos from last year to catch up.

Friday, October 22, 2010

Remove .svn entries from your web site

I have several websites that are managed by subversion. I didn't realize till I did a security scan of my web server that the .svn directories have been exposed to the public.

I did a search and found this code to add to my httpd.conf file.

<directorymatch .*="" .*\.svn="">
Deny From All
</directorymatch>

I added that code and restarted apache and it worked like a charm.

Thursday, October 21, 2010

error: the --with-apr parameter is incorrect

If you are upgrading apache, you will need to notice that the apr port has upgraded a major version. The old version you have installed is now apr1 and the new version is just apr in the ports tree. However, things like portupgrade don't notice it.

You have to manually remove the old port to get things working again.

# cd /usr/ports/devel/apr1
# make deinstall clean

This fixed my errors and allowed me to get apache22 upgraded successfully.

Wednesday, October 20, 2010

pcre error with php5-filter and php5-zip

I upgraded to PHP 5.3.3 and found that pcre has been included into PHP5 instead of being a separate add on in the BSD ports/pkg_src collection. This caused a couple of problems when I tried to upgrade all the modules I was using on FreeBSD 7.3.

I had to force an extra include path so it could find the pcre.h file that was missing.

# cd /usr/ports/archivers/php5-zip/
# make install CFLAGS=-I/usr/local/include

I did the same thing for php5-filter

# cd /usr/ports/security/php5-filter/
# make install CFLAGS=-I/usr/local/include

I expect they will fix the ports before too long.

Tuesday, October 19, 2010

Advances in Embedded ARM processors, for performance

Dimitri works for Marvell, a semiconductors company. Most of the chips they make have to do with networking. I was surprised to learn how many ARM cpus there are out there. ARM processors are optimized for cost, but still very high performance, reaching up to 2Ghz as of this video.

Marvell makes a point of working with compliers like GCC and operating systems like BSD and Linux to make sure all the advanced features of the CPU can be taken advantage of.

Marvell also makes a plug computer. A small computer that plugs into an outlet. Seems like its a micro server that fits in a plug and is designed to work in a home setting. The entire plug computer consumes less than 15 watts of power.