FreeBSD
FreeBSD: Not a Linux Distro https://www.youtube.com/watch?v=wwbO4eTieQY https://www.youtube.com/results?search_query=freebsd+raspberry+pi
Re: FreeBSD
On Wed, Apr 12, 2017 at 10:35 PM, grarpamp wrote: > FreeBSD: Not a Linux Distro > https://www.youtube.com/watch?v=wwbO4eTieQY > > https://www.youtube.com/results?search_query=freebsd+raspberry+pi Somewhat dated, but still relevant: http://www.over-yonder.net/~fullermd/rants/bsd4linux/01
Re: FreeBSD
On Wed, Apr 12, 2017 at 11:50:28PM -0700, Kurt Buff wrote: > On Wed, Apr 12, 2017 at 10:35 PM, grarpamp wrote: > > FreeBSD: Not a Linux Distro > > https://www.youtube.com/watch?v=wwbO4eTieQY > > > > https://www.youtube.com/results?search_query=freebsd+raspberry+pi > > Somewhat dated, but still relevant: > http://www.over-yonder.net/~fullermd/rants/bsd4linux/01 TY - been wanting something like this.
FreeBSD moving to Git -- OpenBSD FreeBSD: Why and How
Well, good news for OS diversity fans - FreeBSD is transitioning, to Git that is :) FreeBSD Can Now Be Built From Linux/macOS Hosts, Transition To Git Continues https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-Q3-2020-Report .. - On the Git front, their transitioning from Subversion to Git they hope to have a beta repository by the end of October. .. - The FreeBSD Ports collection surpassed 40,000 ports/packages. .. - As of September it's now possible to build a functioning buildworld and buildkernel environment from macOS and Linux hosts. This is done due to some CI tools only supporting Linux/macOS and wanting to use them for constructing the FreeBSD base system and was sponsored by DARPA. Apparently even dinosoars can evolve, after all ;) On Thu, Nov 14, 2019 at 02:08:56PM +1100, Zenaan Harkness wrote: > A primary thing *BSD needs for "hip young newbie" attractiveness is > something less geriatric than CVS as their source code distribution > system... no matter how secure, stable etc it is, it's $CURRENT_YEAR > already and I for one welcome our Git overlords. > > There's "conservative, stable processes", then there's simply a lack > of will to engage the learning curve required to properly learn and > deploy that which is fundamentally superior in very way (except of > course, that the commands are different, and from the ultra > conservative view, that is, in fact, inferior). > > > > > On Wed, Nov 13, 2019 at 07:40:17PM -0700, Kurt Buff - GSEC, GCIH wrote: > > https://www.over-yonder.net/~fullermd/rants/bsd4linux/01 > > > > On Wed, Nov 13, 2019 at 6:03 PM grarpamp wrote: > > > > > > https://sivers.org/openbsd > > > https://news.ycombinator.com/item?id=21521774 > > > > > > https://openbsd.org/ > > > https://freebsd.org/
FreeBSD 11.0 Released
Alternative OS news [not Windows, not Linux]... https://www.freebsd.org/releases/11.0R/announce.html https://www.freebsd.org/releases/11.0R/relnotes.html https://www.freebsd.org/features.html https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ https://forums.freebsd.org/ ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/
FreeBSD Status Report
https://www.freebsd.org/news/status/report-2016-07-2016-09.html As focused as we are on the present and what is happening now, it is sometimes useful to take a fresh look at where we have come from, and where we are going. This quarter, we had our newest doc committer working to trace through the tangled history of many utilities, and we also get a glimpse looking forward at what may come in FreeBSD 12. Though 11.0-RELEASE was not finalized until after the period covered in this report, we can still have some anticipatory excitement for the features that will be coming in 12.0. The possibilities are tantalizing: a base system with no GPL components, arm64 as a Tier-1 architecture, capsicum protection for common utilities, and the CloudABI for custom software are just a few. The work of the present is no less exciting, with 11.0 making its way out just after the end of Q3, the new core coming into its own, and much more that you'll have to read and find out.
FreeBSD 2017Q2 Report
https://www.freebsd.org/news/status/report-2017-04-2017-06.html
Re: FreeBSD 11.0 Released
https://www.freebsd.org/ports/
Re: FreeBSD 11.0 Released
On Tue, Oct 11, 2016 at 01:50:20AM -0400, grarpamp wrote: > Alternative OS news [not Windows, not Linux]... > > ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/ Nice to see open source competition :) How do I verify the ISOs from the above plain ftp url, there is no crypto signature and downloading the checksums from the same (possibly owned) site doesn't make much sense. As an aside, why big vendors choose linux (android, wireless routers, etc) instead of the permissive BSD license (do the fuck what you want, no GPL, no Stallman)? (BSD appears to support less hardware, but for few bucks this can be solved).
Re: FreeBSD 11.0 Released
Is anyone here using FreeBSD? I started using OpenBSD for my personal computer and I am quite impressed. Why would anyone choose FreebSD over OpenBSD? Number of packages available? Also, what's the deal with HardnedBSD[1]? Anyone used it? Any good impressions? [1] https://hardenedbsd.org/ On 10/11/2016 02:53 AM, grarpamp wrote: > https://www.freebsd.org/ports/ > -- Kind Regards, Ben Mezger https://benmezger.nl
Re: FreeBSD 11.0 Released
On Tue, Oct 11, 2016 at 01:07:51PM -0300, Ben Mezger wrote: > Is anyone here using FreeBSD? I use it at home and we use it at work (hundreds of FreeBSD boxes). It is stable, maintainable, good to update, has pretty good hardware support and superior performance. > Why would anyone choose FreebSD over > OpenBSD? Number of packages available? FreeBSD has a way larger developer community and is in wide use, especially by companies. You didn't ask, but: if you ever use FreeBSD for a longer time, you'll never go back to Linux. At least not voluntarily :) - Tom
Re: FreeBSD 11.0 Released
As I am still trying to understand OpenBSDs core, is there a main reason I should check out FreeBSD (except the reasons you pointed out)? How is the default security on FreeBSD? I've read it somewhere something like: "FreeBSD devs don't really care much about security as much as they should" How true is this statement? 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? 2. How easy can I sandbox software? Using jails only? 3. How about W^X? 4. Trusted Path Execution? Thanks! On 10/11/2016 02:08 PM, Tom wrote: > On Tue, Oct 11, 2016 at 01:07:51PM -0300, Ben Mezger wrote: >> Is anyone here using FreeBSD? > > I use it at home and we use it at work (hundreds of FreeBSD boxes). > It is stable, maintainable, good to update, has pretty good hardware > support and superior performance. > >> Why would anyone choose FreebSD over >> OpenBSD? Number of packages available? > > FreeBSD has a way larger developer community and is in wide use, > especially by companies. > > You didn't ask, but: if you ever use FreeBSD for a longer time, you'll > never go back to Linux. At least not voluntarily :) > > > - Tom > -- Kind Regards, Ben Mezger https://benmezger.nl
Re: FreeBSD 11.0 Released
>> ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/ > > crypto signature and downloading the checksums from the same (possibly They're in the release announcement linked in OP. As I've said before, FreeBSD has issues with strong cryptographic provenance, stemming from their choice of repo, on out to iso's and packages. But they're getting better fast. ie: They're almost, if not 100%, reproducible builds now... see new flags to ar(1) for a simple example, commitlogs 'reproducible'. > As an aside, why big vendors choose linux (android, wireless routers, > etc) instead of the permissive BSD license (do the fuck what you want, > no GPL, no Stallman)? (BSD appears to support less hardware, but for few > bucks this can be solved). Vendors are cheap, including not paying devs to "do the fuck they want", so they choose whatever licence won't get them sued (either is fine), and whatever os has been cobbled together for their hardware, and is known to the vendors cobbled together team. That's usually linux, or windows.
Re: FreeBSD 11.0 Released
Yes I use FreeBSD 10 for a couple of servers. I chose it over openbsd because i have more familiarity with it, no other reason :) I'm quite happy with it, aside from some weird port pkg interactions... And it has supported PF for a long time, which it basically stole from openbsd (who stole it from Darren Reed). PF is great... I'm still on FreeBSD 10. John > On Oct 11, 2016, at 12:07 PM, Ben Mezger wrote: > > Is anyone here using FreeBSD? I started using OpenBSD for my personal > computer and I am quite impressed. Why would anyone choose FreebSD over > OpenBSD? Number of packages available? > > Also, what's the deal with HardnedBSD[1]? Anyone used it? Any good > impressions? > > [1] https://hardenedbsd.org/ > >> On 10/11/2016 02:53 AM, grarpamp wrote: >> https://www.freebsd.org/ports/ > > -- > Kind Regards, > Ben Mezger > https://benmezger.nl
Re: FreeBSD 11.0 Released
On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote: > As I am still trying to understand OpenBSDs core, is there a main reason > I should check out FreeBSD (except the reasons you pointed out)? In the end you'll need to compare them yourself, features, policies, hardware support, security, whatever. I just happen to like FreeBSD more and Theo de Raadt less :) > How is the default security on FreeBSD? Why, pretty good I'd say. > "FreeBSD devs don't really care much about security as much as they should" > How true is this statement? Replace "FreeBSD Users" with "human beings" and the sentence might be true. Of course there are uncaring FreeBSD users, as are uncaring Windows, OSX or OpenBSD users. Oh - and not caring about security doesn't lead to an insecure system neccessarily. Many years ago we made an audit of some BSDi machine: it had all patches installed and was top secure. However, nobody have been logged in since a couple of years. So, why was it so secure? Because: 0 * * * * cd /usr/src && make world :-) > 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? > 3. How about W^X? > 4. Trusted Path Execution? I'm not sure about all those things, google will help you with details. Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might be better suited from this perspective. > 2. How easy can I sandbox software? Using jails only? There's bhyve. I use jails and am very happy with it. - Tom
Re: FreeBSD 11.0 Released
Thanks Tom, I will look into it more and perhaps give it a try. OpenBSD has lots of packages, but unfortunately not the ones I really need. >> Oh - and not caring about security doesn't lead to an insecure system >> neccessarily. Many years ago we made an audit of some BSDi machine: it >> had all patches installed and was top secure. However, nobody have been >> logged in since a couple of years. So, why was it so secure? Because: >> >> 0 * * * * cd /usr/src && make world Looks really promising. Doing something like this automatically on the Linux Kernel + monkey patching, would probably break in the first try. Same goes with the Gentoo port system. On 11/10/16 15:43, Tom wrote: > On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote: >> As I am still trying to understand OpenBSDs core, is there a main reason >> I should check out FreeBSD (except the reasons you pointed out)? > > In the end you'll need to compare them yourself, features, policies, > hardware support, security, whatever. > > I just happen to like FreeBSD more and Theo de Raadt less :) > >> How is the default security on FreeBSD? > > Why, pretty good I'd say. > >> "FreeBSD devs don't really care much about security as much as they should" >> How true is this statement? > > Replace "FreeBSD Users" with "human beings" and the sentence might be > true. Of course there are uncaring FreeBSD users, as are uncaring > Windows, OSX or OpenBSD users. > > Oh - and not caring about security doesn't lead to an insecure system > neccessarily. Many years ago we made an audit of some BSDi machine: it > had all patches installed and was top secure. However, nobody have been > logged in since a couple of years. So, why was it so secure? Because: > > 0 * * * * cd /usr/src && make world > > :-) > >> 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? >> 3. How about W^X? >> 4. Trusted Path Execution? > > I'm not sure about all those things, google will help you with details. > Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might > be better suited from this perspective. > >> 2. How easy can I sandbox software? Using jails only? > > There's bhyve. I use jails and am very happy with it. > > > > - Tom > -- Kind Regards, Ben Mezger Met vriendelijke groet, Ben Mezger
Re: FreeBSD 11.0 Released
On Tue, Oct 11, 2016 at 2:28 PM, John Newman wrote: > Yes I use FreeBSD 10 > it has supported PF > for a long time, which it basically stole from > openbsd (who stole it from Darren Reed). No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been dropped by Open and Dragonfly BSD, for license and other reasons, including being a dead project. last release: e9d51c6e58f549c4ab499254c81c90d2 PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, NPF is Net's, IPFW3 is Dragon's. All actively maintained by their own communities. PF is ported to all.
Re: FreeBSD 11.0 Released
>>> 0 * * * * cd /usr/src && make world > > Looks really promising. Doing something like this automatically on the > Linux Kernel + monkey patching, would probably break in the first try. Open uses continuous integration, they're picky about it. Free spreads the same idea across whatever RELENG_M branches are open... 9,10,11 right now, and adds release branches. Linux is on it's own M.m.r release model. It's all pretty reliable so long as you look over your output to detect relatively rare build fail. > Same goes with the Gentoo port system. Ports on any os seem like will always be spotty, far too many dependencies and upstream change. That's more or less expected.
Re: FreeBSD 11.0 Released
On Wed, 2016-10-12 at 01:50 -0400, grarpamp wrote: > Linux is on it's own M.m.r release model. It is important not to confuse Linux, the kernel, with GNU, the actual operating system. Linux, the kernel, and GNU, the operating system, are developed mostly independently of each other. Technically, there is no requirement that one run only a GNU variant under Linux, the kernel, or that GNU must run only under Linux, the kernel (in fact there is or at least was a port of GNU to the FreeBSD kernel at one time). Also of note that GNU also has its own kernel, Hurd (microkernel-based), which is still under development a couple of decades later. -- Shawn K. Quinn
Re: FreeBSD 11.0 Released
On Wed, Oct 12, 2016 at 2:04 AM, Shawn K. Quinn wrote: > It is important not to confuse Linux, the kernel, with GNU, the actual I don't. Sure there's bsd-gnuland and linux-bsdland hybrids now too. Yet to a bsd user, the linux kernel is the most visible trackable thing to them guiding what they can do with any linux (even though to match a bsd base you have to pack at least binutils and glibc to linux kernel... but that's mostly moot herein). > Also of note that GNU also has its own kernel, Hurd (microkernel-based), > which is still under development a couple of decades later. So is plan9 and a bunch of other stuff that still hasn't gone anyware. Oh well.
Re: FreeBSD 11.0 Released
On Wed, Oct 12, 2016 at 02:18:40AM -0400, grarpamp wrote: > > Also of note that GNU also has its own kernel, Hurd (microkernel-based), > > which is still under development a couple of decades later. > > So is plan9 and a bunch of other stuff that still hasn't > gone anyware. Oh well. But don't worry, it's already scheduled for 2057. Be prepared ... - Tom
Re: FreeBSD 11.0 Released
On Tue, Oct 11, 2016 at 1:08 PM, Tom wrote: > You didn't ask, but: if you ever use FreeBSD for a longer time, you'll > never go back to Linux. At least not voluntarily :) Many don't get that the Linux "distros" are often just that, distributions... of the same damn thing... they make some app bundling and packager choices but that's about it. Except for the commercial ventures like RedHat which do contribute sizeable raw development. Whereas the BSD's all picked something long ago and generally stick with it to this day, with blending across them... Open - secure, free Free - serving, all around utility, hardware, storage Dragon - clustering Net - platforms including your toaster > In the end you'll need to compare them yourself, features, policies, > hardware support, security, whatever. That's the key as always. Someone really needs to maintain a giant wiki table with this and the bsd's.
Re: FreeBSD 11.0 Released
> On Oct 12, 2016, at 12:48 AM, grarpamp wrote: > >> On Tue, Oct 11, 2016 at 2:28 PM, John Newman wrote: >> Yes I use FreeBSD 10 >> it has supported PF >> for a long time, which it basically stole from >> openbsd (who stole it from Darren Reed). > > No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been > dropped by Open and Dragonfly BSD, for license and > other reasons, including being a dead project. > last release: e9d51c6e58f549c4ab499254c81c90d2 > > PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, > NPF is Net's, IPFW3 is Dragon's. All actively maintained > by their own communities. PF is ported to all. Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you want to call it. Pf has made some nice improvements in the years since, but there is no doubt it started as a clone of IPF so Theo could include the superior software firewall mechanism in openbsd without the license restrictions. John
Re: FreeBSD 11.0 Released
> On Oct 12, 2016, at 7:04 AM, John Newman wrote: > > >>> On Oct 12, 2016, at 12:48 AM, grarpamp wrote: >>> >>> On Tue, Oct 11, 2016 at 2:28 PM, John Newman wrote: >>> Yes I use FreeBSD 10 >>> it has supported PF >>> for a long time, which it basically stole from >>> openbsd (who stole it from Darren Reed). >> >> No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been >> dropped by Open and Dragonfly BSD, for license and >> other reasons, including being a dead project. >> last release: e9d51c6e58f549c4ab499254c81c90d2 >> >> PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, >> NPF is Net's, IPFW3 is Dragon's. All actively maintained >> by their own communities. PF is ported to all. > > Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you want > to call it. > > Pf has made some nice improvements in the years since, but there is no doubt > it started as a clone of IPF so Theo could include the superior software > firewall mechanism in openbsd without the license restrictions. > > > John I've always thought the IPFW mechanism in FreeBSD was crap, compared to IPF/PF, just as an aside... Years ago IPF was actually also ported to Solaris and Linux. I used it on some Sun boxes when I was just a little guy a long fucking time ago. John >
Re: FreeBSD 11.0 Released
On Wed, Oct 12, 2016 at 07:16:47AM -0400, John Newman wrote: > >> No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been > >> dropped by Open and Dragonfly BSD, for license and > >> other reasons, including being a dead project. > >> last release: e9d51c6e58f549c4ab499254c81c90d2 > >> > >> PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, > >> NPF is Net's, IPFW3 is Dragon's. All actively maintained > >> by their own communities. PF is ported to all. > > > > Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you > > want to call it. > > > > Pf has made some nice improvements in the years since, but there is no > > doubt it started as a clone of IPF so Theo could include the superior > > software firewall mechanism in openbsd without the license restrictions. > > > > > > John > > I've always thought the IPFW mechanism in FreeBSD was crap, compared to > IPF/PF, just as an aside... > > Years ago IPF was actually also ported to Solaris and Linux. I used it on > some Sun boxes when I was just a little guy a long fucking time ago. > > > John > > > Off-topic - I can't stand the way the phone email clients I habitually use format email. The results come out looking horrible. It's rare that I have a chance to reply to the list from an actual computer (generally I'm too busy when I'm in front of a real computer)... Anyway, I suppose I could start using mutt on android :P John signature.asc Description: PGP signature
Re: FreeBSD Status Report
A lot of people don't know the Jolitz 386BSD (precursor to all the modern BSDs) was out and fully running in like 92. I'm almost positive it had fuller functionality than the early ancient Linux distros. I think there were some licensing issues that had people iffy on the "legality" of running it early on... John > On Nov 15, 2016, at 3:05 AM, grarpamp wrote: > > https://www.freebsd.org/news/status/report-2016-07-2016-09.html > > As focused as we are on the present and what is happening now, it is > sometimes useful to take a fresh look at where we have come from, and > where we are going. This quarter, we had our newest doc committer > working to trace through the tangled history of many utilities, and we > also get a glimpse looking forward at what may come in FreeBSD 12. > > Though 11.0-RELEASE was not finalized until after the period covered > in this report, we can still have some anticipatory excitement for the > features that will be coming in 12.0. The possibilities are > tantalizing: a base system with no GPL components, arm64 as a Tier-1 > architecture, capsicum protection for common utilities, and the > CloudABI for custom software are just a few. > > The work of the present is no less exciting, with 11.0 making its way > out just after the end of Q3, the new core coming into its own, and > much more that you'll have to read and find out.
OpenBSD FreeBSD: Why and How
https://sivers.org/openbsd https://news.ycombinator.com/item?id=21521774 https://openbsd.org/ https://freebsd.org/
Exploit Lecture: Writing FreeBSD Malware
https://www.youtube.com/watch?v=bT_k06Xg-BE Without exploit mitigations and with an insecure-by-default design, writing malware for FreeBSD is a fun task, taking us back to 1999-era Linux exploit authorship. Several members of FreeBSD's development team have claimed that Capsicum, a capabilities/sandboxing framework, prevents exploitation of applications. Our in-depth analysis of the topics below will show that in order to be effective, applying Capsicum to existing complex codebases lends itself to wrapper-style sandboxing. Wrapper-style sandbox is a technique whereby privileged operations get wrapped and passed to a segregated process, which performs the operation on behalf of the capsicumized process. With a new libhijack payload, we will demonstrate that wrapper-style sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat, we'll talk about advances being made with libhijack, a tool announced at Thotcon 0x4. The payload developed in the Capsicum discussion will be used with libhijack, thus making it easy to extend. We will also learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC framework places hooks into several key places in the kernel. We'll learn how to abuse the MAC framework for writing efficient rootkits. Attendees of this presentation should walk away with the knowledge to skillfully and artfully write offensive code targeting both the FreeBSD userland and the kernel. https://twitter.com/lattera/status/989602709950029824 Shawn Webb is a cofounder of HardenedBSD, a hardened downstream distribution of FreeBSD. With over a decade in infosec, he dabbles in both the offensive and defensive aspects of the industry. On the advisory board for Emerald Onion, Shawn believes in a more free and open Internet. His whole house is wired for Tor. Getting on the Tor network is only a network jack away! https://www.youtube.com/user/CarolinaConVideos/videos CarolinaCon was started in 2005 and has been held every year since. With each passing year the conference continues to grow and attract more attendees and speakers. As has always been the case, CarolinaCon is put together and run by an all-volunteer staff. CarolinaCon is proudly brought to you by "The CarolinaCon Group". The CarolinaCon Group is a non-profit organization registered in the state of NC, dedicated to educating the local and global communities about technology, information/network/computer security, and information rights. The CarolinaCon Group is also closely associated with various 2600 chapters across NC, SC, TN, VA, LA, DC, GA, PA and NY. Many of the volunteers who help develop and deliver CarolinaCon come from those chapters.
Re: OpenBSD FreeBSD: Why and How
https://www.over-yonder.net/~fullermd/rants/bsd4linux/01 On Wed, Nov 13, 2019 at 6:03 PM grarpamp wrote: > > https://sivers.org/openbsd > https://news.ycombinator.com/item?id=21521774 > > https://openbsd.org/ > https://freebsd.org/
Re: OpenBSD FreeBSD: Why and How
A primary thing *BSD needs for "hip young newbie" attractiveness is something less geriatric than CVS as their source code distribution system... no matter how secure, stable etc it is, it's $CURRENT_YEAR already and I for one welcome our Git overlords. There's "conservative, stable processes", then there's simply a lack of will to engage the learning curve required to properly learn and deploy that which is fundamentally superior in very way (except of course, that the commands are different, and from the ultra conservative view, that is, in fact, inferior). On Wed, Nov 13, 2019 at 07:40:17PM -0700, Kurt Buff - GSEC, GCIH wrote: > https://www.over-yonder.net/~fullermd/rants/bsd4linux/01 > > On Wed, Nov 13, 2019 at 6:03 PM grarpamp wrote: > > > > https://sivers.org/openbsd > > https://news.ycombinator.com/item?id=21521774 > > > > https://openbsd.org/ > > https://freebsd.org/
Re: OpenBSD FreeBSD: Why and How
HI KURT Original Message On Nov 13, 2019, 6:40 PM, Kurt Buff - GSEC, GCIH wrote: > https://www.over-yonder.net/~fullermd/rants/bsd4linux/01 > > On Wed, Nov 13, 2019 at 6:03 PM grarpamp wrote: >> >> https://sivers.org/openbsd >> https://news.ycombinator.com/item?id=21521774 >> >> https://openbsd.org/ >> https://freebsd.org/
Re: Exploit Lecture: Writing FreeBSD Malware
On Fri, Apr 27, 2018 at 10:39:38PM -0400, grarpamp wrote: > https://www.youtube.com/watch?v=bT_k06Xg-BE > > Without exploit mitigations and with an insecure-by-default design, > writing malware for FreeBSD is a fun task, taking us back to 1999-era > Linux exploit authorship. Several members of FreeBSD's development > team have claimed that Capsicum, a capabilities/sandboxing framework, > prevents exploitation of applications. Our in-depth analysis of the > topics below will show that in order to be effective, applying > Capsicum to existing complex codebases lends itself to wrapper-style > sandboxing. Wrapper-style sandbox is a technique whereby privileged > operations get wrapped and passed to a segregated process, which > performs the operation on behalf of the capsicumized process. seL4 for the lowest-latency IPC for any such wrapping, sanboxing, secure-by-default design you might dream up. > With a > new libhijack payload, we will demonstrate that wrapper-style > sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports > neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat, > we'll talk about advances being made with libhijack, a tool announced > at Thotcon 0x4. The payload developed in the Capsicum discussion will > be used with libhijack, thus making it easy to extend. We will also > learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC > framework places hooks into several key places in the kernel. We'll > learn how to abuse the MAC framework for writing efficient rootkits. > Attendees of this presentation should walk away with the knowledge to > skillfully and artfully write offensive code targeting both the > FreeBSD userland and the kernel. > > https://twitter.com/lattera/status/989602709950029824 > > Shawn Webb is a cofounder of HardenedBSD, a hardened downstream > distribution of FreeBSD. With over a decade in infosec, he dabbles in > both the offensive and defensive aspects of the industry. On the > advisory board for Emerald Onion, Shawn believes in a more free and > open Internet. His whole house is wired for Tor. Getting on the Tor > network is only a network jack away! > > https://www.youtube.com/user/CarolinaConVideos/videos > > CarolinaCon was started in 2005 and has been held every year since. > With each passing year the conference continues to grow and attract > more attendees and speakers. As has always been the case, CarolinaCon > is put together and run by an all-volunteer staff. CarolinaCon is > proudly brought to you by "The CarolinaCon Group". The CarolinaCon > Group is a non-profit organization registered in the state of NC, > dedicated to educating the local and global communities about > technology, information/network/computer security, and information > rights. > > The CarolinaCon Group is also closely associated with various 2600 > chapters across NC, SC, TN, VA, LA, DC, GA, PA and NY. Many of the > volunteers who help develop and deliver CarolinaCon come from those > chapters.
Fwd: Paying to port to FreeBSD
-- Forwarded message -- From: "James B. Byrne Reply-To: byrn...@harte-lyne.ca Date: Thu, 14 Jan 2021 Subject: Paying to port to FreeBSD I wish to trial a software package (aubit4gl) on FreeBSD. The application is written in C and has a maintainer. However, he is not familiar with FreeBSD insofar as I can determine and he is busy with other things. The source package is available as a tarball from sourceforge, or I can provide it. What I need is someone familiar with building software on FreeBSD to configure and build this application in a manner suitable for adding to ports if possible, but to compile and run properly on FreeBSD at a minimum. I am willing to pay to have this done if it can be accomplished in a reasonably short period of time and without a great deal of expense. I anyone is interested then please contact me directly. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
IBM Power9 now running FreeBSD and AMDGPU
https://news.ycombinator.com/item?id=18531022 https://github.com/POWER9BSD/freebsd https://www.phoronix.com/scan.php?page=article&item=power9-x86-servers https://www.phoronix.com/scan.php?page=news_item&px=Blackbird-POWER9-Pre-Orders https://www.phoronix.com/scan.php?page=article&item=power9-threadripper-core9 https://www.phoronix.com/scan.php?page=news_item&px=Talos-2-Initial-Hands-On https://git.raptorcs.com/git/ https://www.raptorcs.com/ RaptorCS accepts Bitcoin BTC
Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
On Wed, Feb 28, 2018 at 10:43 AM, mick wrote: > On Tue, 27 Feb 2018 14:47:06 -0500 > grarpamp allegedly wrote: > >> If ovh vps gives root, bypass the fee with: md(4) vnode > geli > >> mount. >> >> Then again, if the iron isn't dipped in epoxy (not done), in your own >> secure datacenter (not extant), on trusted #OpenHW (not AMD / Intel / >> or any other to date), built in trusted #OpenFabs (non extant), >> running validated #OpenSW (non extant), in a voluntarist libertarian >> environment free from force, one's use case might be moot. >> > > Gotta love you Grarpamp. :-) > > But in the real world we /have/ to trust someone, somewhere, somehow, > sometime. What everyone has to decide for themselves is /how much/ trust > to give, to whom, when, where and why. And that depends entirely on your > threat model and your appetite for risk. Sorry, but with decades of both plausible and exploited risk extant, with however many million millionaires and significant billionaires, and crowdfunding (further enhanced by the dawn of cryptocurrency and all its new models that can be brought to bear)... there is no rational reason to continue this global head in sand downplay and refusal to get moving and start building #OpenHW in #OpenFabs. The old goalpost of who, where, how, when, and how much open and even explicitly proven trust exists in HW / Fabs simply must start shifting for the better until it becomes the new "real world". Further, such trust is profitable business model. If kids can build home semiconductor labs making open IC's, you can bet the above sponsors with those visionaries can easily scale beyond a billion gates. https://www.youtube.com/results?search_query=home+semiconductor+fab (Obligatory credit given to #OpenSW for at least being opensource, but they're hardly under open validation programs yet either.)
Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based
For consideration... SVN really may not offer much in the way of native internal self authenticating repo to cryptographic levels of security against bitrot, transit corruption and repo ops, external physical editing, have much signing options, etc. Similar to blockchain and ZFS hash merkle-ization, signing the repo init and later points tags commits, along with full verification toolset, is useful function. https://www.monotone.ca/ https://en.wikipedia.org/wiki/Monotone_(software) https://git-scm.com/ https://en.wikipedia.org/wiki/Git Maintaining the kernel's web of trust https://lwn.net/Articles/798230/ Distributing kernel developer PGP keys via pgpkeys.git https://lkml.org/lkml/2019/8/30/597 Signing patch flow https://lwn.net/Articles/737093/ Compromised security happens https://lwn.net/Articles/464233/ https://security.stackexchange.com/questions/67920/how-safe-are-signed-git-tags-only-as-safe-as-sha-1-or-somehow-safer https://stackoverflow.com/questions/28792784/why-does-git-use-a-cryptographic-hash-function http://fossil-scm.org/index.html/doc/trunk/www/hashpolicy.wiki https://ericsink.com/vcbe/html/cryptographic_hashes.html https://svn.haxx.se/dev/archive-2015-06/0052.shtml http://git.661346.n2.nabble.com/Verifying-the-whole-repository-td1368311.html https://shattered.io/ https://www.youtube.com/watch?v=G8wQ88d85s4 https://en.wikipedia.org/wiki/Data_degradation https://git-scm.com/docs/git-fsck https://marc.info/?l=git&m=118143549107708 https://en.wikipedia.org/wiki/Comparison_of_version-control_software https://en.wikipedia.org/wiki/Deterministic_compilation https://www.monotone.ca/monotone.html#Trust-Evaluation-Hooks How does one know their entire copy of repo obtained on DVD, "mirror", or elsewhere cryptographically matches the authoritative repo... that any commits were actually signed off on... or that any reproducible builds are even reproducing the main repo... etc... cannot be done without secure crypto infrastructure at the very core. "User also knows that even if someone should break into the shared hosting server and tamper with the database, they won’t be able to inject malicious code into the project, because all revisions are signed by the team members, and he has set his Trust Evaluation Hooks so he doesn’t trust the server key for signing revisions. In monotone, the important trust consideration is on the signed content, rather than on the replication path by which that content arrived in your database." Note also CVS, which some BSD's still use (ahem: Open, Net), is even worse than SVN with zero protection at all in any component regarding this subject. It really time to migrate repo tech to year 2020.