2008 November

Bjoern commits multi-address capable jails

On November 29, 2008, In FreeBSD, by Remko

Bjoern Zeeb from the FreeBSD Development team (and collegue security team member); just committed an important addon/featureset for “FreeBSD jails“. This featureset is scheduled to be part of FreeBSD 7.2 and ofcourse 8.x and beyond.

If you want to run it, you need to run -CURRENT at the moment.

The changelog that Bjoern used to do the commit (including credits):

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB ‘show jails’ command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
– Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
– Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
– Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
– John Baldwin (jhb) for his help.
– Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
– My employer, CK Software GmbH, for the support so I could work on this.

Buying a house

On November 28, 2008, In Weblog, by Remko

So, lately Denise and I had been wondering around , visiting houses etc. to find a place where we are going to live in the aftermath of our parental support .

While we ofcourse appreciate the efforts from both our parents, it’s time to stand up and do things on our own. We are a family in a family which is just difficult to keep up every now and then so it was time.

Well, we found our home. We communicated with the owners of a house that we saw lately and did the bid and accept game, which was finally accepted. So if all goes well we have found our new place to live. Some of the things on the internet you need to keep private, so I’m not going to share the exact location yet but the house is very nice, large, and future-proof

Both Denise and I are in a very good mood because of this, so hookup and celebrate with us!

FreeBSD 6.4 released

On November 28, 2008, In FreeBSD, Weblog, by Remko

The FreeBSD Release Engineering Team is pleased to announce the availability
of FreeBSD 6.4-RELEASE. At this time 6.4-RELEASE is expected to be the
last of the 6-STABLE releases. Some of the highlights:

- New and much-improved NFS Lock Manager (NLM) client
- Support for the Camellia cipher
- boot loader changes allow, among other things, booting
from USB devices and booting from GPT-labeled devices
with GPT-enabled BIOSes
- DVD install ISO images for amd64/i386
- KDE updated to 3.5.10, GNOME updated to 2.22.3
- Updates for BIND, sendmail, OpenPAM, and others

For a complete list of new features and known problems, please see the
online release notes and errata list, available at:

http://www.FreeBSD.org/releases/6.4R/relnotes.html

http://www.FreeBSD.org/releases/6.4R/errata.html

For more information about FreeBSD release engineering activities,
please see:

http://www.FreeBSD.org/releng/

The FreeBSD Security Team intends to support 6.4-RELEASE until
November 30th, 2010.

Availability
————-

FreeBSD 6.4-RELEASE is now available for the amd64, i386, pc98, and sparc64
architectures. The builds for the alpha architecture have not completed
yet and will be announced later. FreeBSD 6.4-RELEASE can be installed
from bootable ISO images or over the network; the required files can be
downloaded via FTP or BitTorrent as described in the sections below.
While some of the smaller FTP mirrors may not carry all architectures,
they will all generally contain the more common ones, such as i386 and
amd64.

MD5 and SHA256 hashes for the release ISO images are included at the
bottom of this message.

The contents of the ISO images provided as part of the release has changed
for most of the architectures. Using the i386 architecture as an example,
there are ISO images named “bootonly”, “disc1″, “disc2″, “disc3″, “docs”,
and “dvd1″. The “bootonly” image is suitable for booting a machine to do
a network based installation using FTP or NFS. The “disc1″, “disc2″, and
“disc3″ images are CDROM-sized (700MB media) and are used to do a full
installation that includes a basic set of packages and does not require
network access to an FTP or NFS server during the installation. In addition,
“disc1″ supports booting into a “live CD-based filesystem” and system rescue
mode. The “docs” image has all of the documentation for all supported
languages. The “dvd1″ image is DVD-sized and includes everything that is
on the CDROM discs. So “dvd1″ can be used to do a full installation that
includes a basic set of packages, it has all of the documentation for all
supported languages, and it can be used for booting into a “live CD-based
filesystem” and system rescue mode. Most people will find that “disc1″,
“disc2″ and “disc3″ are all that are needed if their machine does not have
a DVD-capable drive. For people with machines that do have a DVD-capable
drive “dvd1″ should be all that is required. If you intend to install ports
from source instead of using the pre-built packages included with the release
only “disc1″ is needed.

FreeBSD 6.4-RELEASE can also be purchased on CD-ROM from several
vendors. One of the vendors that will be offering FreeBSD 6.4-based
products is:

~ FreeBSD Mall, Inc. http://www.freebsdmall.com/

BitTorrent
———-

6.4-RELEASE ISOs are available via BitTorrent. A collection of torrent
files to download the images is available at:

http://torrents.freebsd.org:8080/

FTP
—

At the time of this announcement the following FTP sites have
FreeBSD 6.4-RELEASE available.

ftp://ftp.freebsd.org/pub/FreeBSD/
ftp://ftp3.freebsd.org/pub/FreeBSD/
ftp://ftp7.freebsd.org/pub/FreeBSD/
ftp://ftp9.freebsd.org/pub/FreeBSD/
ftp://ftp10.freebsd.org/pub/FreeBSD/
ftp://ftp12.freebsd.org/pub/FreeBSD/
ftp://ftp.at.freebsd.org/pub/FreeBSD/
ftp://ftp.cz.freebsd.org/pub/FreeBSD/
ftp://ftp.dk.freebsd.org/pub/FreeBSD/
ftp://ftp.fi.freebsd.org/pub/FreeBSD/
ftp://ftp.fr.freebsd.org/pub/FreeBSD/
ftp://ftp2.ie.freebsd.org/pub/FreeBSD/
ftp://ftp.se.freebsd.org/pub/FreeBSD/
ftp://ftp.si.freebsd.org/pub/FreeBSD/
ftp://ftp1.ru.freebsd.org/pub/FreeBSD/
ftp://ftp2.uk.freebsd.org/pub/FreeBSD/
ftp://ftp3.us.freebsd.org/pub/FreeBSD/
ftp://ftp7.us.freebsd.org/pub/FreeBSD/
ftp://ftp9.us.freebsd.org/pub/FreeBSD/
ftp://ftp11.us.freebsd.org/pub/FreeBSD/

However before trying these sites you may want to check your regional
mirror(s) first by going to:

ftp://ftp..FreeBSD.org/pub/FreeBSD

Any additional mirror sites will be labeled ftp2, ftp3 and so on.

More information about FreeBSD mirror sites can be found at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html

For instructions on installing FreeBSD, please see Chapter 2 of The
FreeBSD Handbook. It provides a complete installation walk-through
for users new to FreeBSD, and can be found online at:

http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html

FreeBSD Update
————–

The freebsd-update(8) utility supports binary upgrades of i386 and amd64
systems running earlier FreeBSD releases. Systems running 6.3-RELEASE,
6.4-BETA, 6.4-RC1, or 6.4-RC2 can upgrade as follows:

# freebsd-update upgrade -r 6.4-RELEASE
During this process, FreeBSD Update may ask the user to help by merging
some configuration files or by confirming that the automatically performed
merging was done correctly.

# freebsd-update install
The system must be rebooted with the newly installed kernel before continuing.
# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new
userland components, and the system needs to be rebooted again:
# freebsd-update install
# shutdown -r now

Note that FreeBSD Update stores downloaded upgrades in /var/db/freebsd-update,
so at least 400MB should be free in /var before running freebsd-update; if
the /var partition is too small, the -d option to freebsd-update can be used
to indicate that the upgrades should be stored in a different directory.

For more information, see:

http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html

Acknowledgments
—————-

Many companies donated equipment, network access, or man-hours to
finance the release engineering activities for FreeBSD 6.4 including
The FreeBSD Foundation, FreeBSD Systems, Hewlett-Packard, Yahoo!,
Network Appliances, and Sentex Communications.

The release engineering team for 6.4-RELEASE includes:

Ken Smith Release Engineering,
amd64, i386, sparc64 Release Building,
Mirror Site Coordination
Robert Watson Release Engineering, Security
Konstantin Belousov Release Engineering
Marc Fonvieille Release Engineering, Documentation
Maxime Henrion Release Engineering
Bruce A. Mah Release Engineering, Documentation
George Neville-Neil Release Engineering
Hiroki Sato
Release Engineering, Documentation
Murray Stokely Release Engineering
Wilko Bulte Alpha Release Building
Takahashi Yoshihiro PC98 Release Building
Kris Kennaway Package Building
Joe Marcus Clarke Package Building
Erwin Lansing Package Building
Mark Linimon Package Building
Pav Lucistnik Package Building
Colin Percival Security Officer
Peter Wemm Bittorrent Coordination

Trademark
———

FreeBSD is a registered trademark of The FreeBSD Foundation.

ISO Image Checksums
——————-

MD5 (6.4-RELEASE-amd64-bootonly.iso) = 922fa2b990b3fd58bc558e08707dec47
MD5 (6.4-RELEASE-amd64-disc1.iso) = 33e9801d546a9bd379d97c4dc9bf833f
MD5 (6.4-RELEASE-amd64-disc2.iso) = 10e4a74cd4e80b52845adbabeb017532
MD5 (6.4-RELEASE-amd64-disc3.iso) = 986d99df8a44cb3e8647b53e1551a56b
MD5 (6.4-RELEASE-amd64-docs.iso) = be48876a37812fa19fb67aebe0c847de
MD5 (6.4-RELEASE-amd64-dvd1.iso) = efd0dd71c5b13b8464d8a7fce8a90cbc

MD5 (6.4-RELEASE-i386-bootonly.iso) = d3704b309b224fadeba29423511fbcff
MD5 (6.4-RELEASE-i386-disc1.iso) = 3bf0054bf0d650c1c7289e3076f2a24f
MD5 (6.4-RELEASE-i386-disc2.iso) = 2e5c68f0e8e82907e28394248973f2f6
MD5 (6.4-RELEASE-i386-disc3.iso) = 75c4b9ed4bfc836471ca6aad7ff071db
MD5 (6.4-RELEASE-i386-docs.iso) = a7e89a2006b34d5904ce74c907932918
MD5 (6.4-RELEASE-i386-dvd1.iso) = 01d1b4445bbb70e643e7a096562ca4a3

MD5 (6.4-RELEASE-pc98-bootonly.iso) = 6137dac091894d4eb620b02a94e3ddb6
MD5 (6.4-RELEASE-pc98-disc1.iso) = 1ac648575affdb79e6f345b1210fee1b

MD5 (6.4-RELEASE-sparc64-bootonly.iso) = 060cdc6c4fbcc96dcc13a88c09005079
MD5 (6.4-RELEASE-sparc64-disc1.iso) = 2e2f264f9cdbfd73c531943631174dac
MD5 (6.4-RELEASE-sparc64-docs.iso) = 33187d3f0459dbb2d1145aa8a4731497

SHA256 (6.4-RELEASE-amd64-bootonly.iso) = 228cfe8b5d06bdf3131a656972d94919b594371464e5f1c68e068af17b88f382
SHA256 (6.4-RELEASE-amd64-disc1.iso) = 6e8f24e153d78518268129db62e5efd3cd7b75e428a3c22bddf89eb901efa79e
SHA256 (6.4-RELEASE-amd64-disc2.iso) = 33697f3290e9754baada1feeb560f5797a8794f80ea36ecc8b0305c0ab32f07a
SHA256 (6.4-RELEASE-amd64-disc3.iso) = 59905ac81bc49be620e6a1465aba667be78b9276d999d820cca30357b073c263
SHA256 (6.4-RELEASE-amd64-docs.iso) = 1bf1445e2cf19c108adfa973cab26891c3c9ee19664de3650f38fc11c67d9f9e
SHA256 (6.4-RELEASE-amd64-dvd1.iso) = 88a0bd7818ecc2c26a6d304bffa9257f9bd192d6fb3b51ab1b538a5ef0e78130

SHA256 (6.4-RELEASE-i386-bootonly.iso) = 82377be5c922610e7613f70066919da6d39c1e3fc753b6b925eae9bdd22ac946
SHA256 (6.4-RELEASE-i386-disc1.iso) = c4f688013a27632e97caefc71296f59c9597abdb4e724385130d72dbd9abd218
SHA256 (6.4-RELEASE-i386-disc2.iso) = 4936aaede7c55c29f1acb07724a86690ae220f53ba2f67b441f15fa0a4b282e8
SHA256 (6.4-RELEASE-i386-disc3.iso) = 0c0ea48e2a07f2fc78c7d9448ad7cc24ffd224bbe4a9c1f7731358d7ce00d377
SHA256 (6.4-RELEASE-i386-docs.iso) = 13ef3a3fe8799b71130ac2041e63156b30751d292d9d2df68f2b4a4318cbcc98
SHA256 (6.4-RELEASE-i386-dvd1.iso) = 40b70eb8b36a5a13ef012592335d8e53cb9dea129a8b59971a999e84659ec6a8

SHA256 (6.4-RELEASE-pc98-bootonly.iso) = 2d0fc39c377c8bf6e3ff1ab61b8ecd9b94231e3331bc442be7f26b37ed4cf59d
SHA256 (6.4-RELEASE-pc98-disc1.iso) = dd2679fe503f7936fd4f7a6f5aa30e9c699d7eb78d382bef46eb9106dd0ab892

SHA256 (6.4-RELEASE-sparc64-bootonly.iso) = eeabf33aa11cc764f41ea9bb50ae9109817953a60d22ed4af8c6bf61885ed648
SHA256 (6.4-RELEASE-sparc64-disc1.iso) = c20f0a43732d72071cfdc17d788f3e04c1ac33e5ba122ce82fbd705ade482860
SHA256 (6.4-RELEASE-sparc64-docs.iso) = 1728658de8be72e62afbc10bc50243cf07c532b8b4cf7426c5f74f09dc5b8243

Bowling

On November 6, 2008, In Weblog, by Remko

[lang_en]Yesterday evening I went Bowling with Denise in Spijkenisse, I remember being there once but when we entered I didn't see anything familiar, so perhaps I was wrong at that point .

The lanes looked very nice, good shoes that one needed to change because of the underground, I have seen worse and good help where possible with ordering drinks and that kind of things.

We had a fantastic evening, we had a lot of fun, and I would to recommend this to anyone that would like to have a nice evening without too much hassle but with great fun![/lang_en]

[lang_nl]Gisteravond ben ik gaan bowlen met Denise in Spijkenisse, ik herinnerde me dat ik er een keer geweest was, maar toen we binnenkwamen herkende ik niets, dus wellicht had ik het fout op dat punt .

De banen zagen er super mooi uit, er waren goede schoenen die aangetrokken moseten worden vanwege de ondergrond, maar ik heb ze veel slechter gezien . Ook was er goede hulp waar nodig voor het bestellen van drankjes en dat soort dingen.

Al met al hebben we een hele leuke avond gehad, ik raad het iedereen aan om eens te doen als je een leuke avond wilt hebben zonder teveel rand-dingetjes maar wel met veel plezier![/lang_nl]

The FreeBSD Dutch Documentation Project

On November 2, 2008, In FreeBSD, FreeBSD Doc, by Remko

[lang_en]The project is doing rather well recently. Mostly that is because Rene had done a lot of work (and Wouter also started joining us) on translating and updating the current versions. I am running a little behind on his updates because of busy days, which seems to happen more often. So I decided to take the opportunity and request a commit bit for Rene. The Documentation team reported that they had received the request so far, but no progress had been yet there. Hopefully they will agree with the bit so that I have a bit more time and options to work on different things.

Will keep you posted about this![/lang_en]

[lang_nl]Het project loopt redelijk goed de laatste tijd. Dat komt met name door de inzet van Rene welke een grote hoeveelheid werkt heeft gedaan de laatste tijd (en Wouter die ook helpt) door het vertalen en updaten van de huidige versies. Ik loop iets achter in het controleren en importeren van alles, doordat het een drukke tijd is geweest, wat de laatste tijd wel vaker gebeurd. Dus ik heb van de gelegenheid gebruik gemaakt om Rene voor te stellen als nieuwe committer. Het Doceng@ team heeft inmiddels aangegeven dat de mail ontvangen is, maar verdere info ontbreekt tot heden. Hopelijk gaan ze accoord met het voorstel; zodat ik ook wat meer tijd heb om andere zaken te regelen.

Ik houd jullie op de hoogte![/lang_nl]

Multimedia setup

On November 2, 2008, In Weblog, by Remko

[lang_en]As most people I am a fan of good music (Rock in my case) and movies where possible. I do this to relax and make sure that I can keep managing things

For this I had setup an cool environment in my room to make sure I can enjoy that experience. First of all I have a linksys 24port managed switch (with 4 gbit ports) which makes sure that all my hardware can be attached to it and have some spare ports. These are splitted into a few VLAN's to make sure there are certain barries that one has to cross before being able to use resources

Within one of those vlans is a fileserver (Guardian) together with a tiny device from conceptronic. This device is connected to my television (the device is HDMA ready) and connected with digital coax to my Logitech speakerset (500watt's sustained, 1000 watt peak).

I have stripped many of my DVD's and the DVD's within this house towards the fileserver, and I play them throgh the conceptronic device. With that I gain digital quality for the sounds (Which is obviously better then the stereo output that I normally have for my movies) and I am able to easily select which movie or music I want to experience through the multimedia setup.

The connection from the multimediabox to the fileserver is arranged through NFS, which makes streaming media easy. Playing a movie takes around 8mbits of data, which is a good ratio for the amount of data that is being streamed.

I didn't need to do a lot to set this up, just attach a few cables and make sure things are visible through the shares (Which is dead easy if you used nfs before).[/lang_en]

[lang_nl]Zoals de meeste mensen ben ik ook een fan van goede muziek (veelal Rock muziek in mijn geval) en films waar mogelijk. Ik kijk en luister daarnaar om te zorgen dat ik kan relaxen en om te zorgen dat ik gewoon doorkan met mijn dingetjes

Om dit te kunnen doen heb ik een coole omgeving opgezet in mijn kamer om hier optimaal van te kunnen genieten. Allereerst staat er een linksys 24 ports managed switch (waarbij 4 gigabit poorten zijn) die ervoor zorgt dat alle hardware gekoppeld kan worden en dat ik wat reserve poorten heb. Deze zijn allemaal opgedeeld in een aantal VLAN's om te zorgen dat er een aantal muurtjes zijn die eerst genomen moeten worden voordat er bronnen gebruikt kunnen worden.

Binnen deze vlans staat een fileserver (Guardian) tezamen met een klein apparaatje van conceptronic. Dit apparaatje is bevestigd aan mijn TV (het apparaat is HDMA voorbereid) en door middel van een digitale coax kabel verbonden met mijn Logitech speakerset (500watt gemiddeld, 1000 watt piek vermogen).

Ik heb de meeste van mijn eigen DVD's en de DVD's hier in huis gestripped en op de fileserver gezet, welke ik door het apparaat heen afspeel. Hierdoor kan ik gebruik maken van digitale audio (wat uiteraard beter is dan de standaard stereo die ik normaliter heb) en kan ik makkelijk en simpel kiezen welke film of muziek ik wil beluisteren/bekijken door de opstelling.

De verbinding vanaf de multimedia box naar de fileserver wordt geregeld doormiddel van NFS, wat het uitermate geschiktmaakt voor streaming media. Het afsprelen van een film neemt gemiddeld zo'n 8mbit van data in beslag, wat een goede verhouding is voor de hoeveelheid data die verstuurd wordt.

Ik heb niet heel veel hoeven doen om dit op te zetten, alleen wat kabels inprikken en zorgen dat de shares zichtbaar waren, wat kinderlijk eenvoudig is als je vaker met NFS gewerkt hebt.[/lang_nl]

[lang_en]Testing WordPress 2.7[/lang_en][lang_nl]Testen van WordPress 2.7[/lang_nl]

On November 1, 2008, In Weblog, by Remko

[lang_en]After a recent announcement I was testing WordPress 2.7 which looks very cool so far. I used the same method as I am using now for my current blog on a different URL and all things appear to be working still (except a few plugins here and there, but they need to be updated I think). The new layout looks very neat although I prefer my Leopard admin skin instead

Tom also looked around on the new pages and he was also impressed as far as I could tell. I will be testing it a bit more in the foreseeable future to see what we can do with it so far Kuddo's to the WordPress team![/lang_en]

[lang_nl]Na een recente melding ben ik WordPress 2.7 gaan testen welke er tot heden best gaaf uit ziet! Ik gebruik dezelfde opzet als ik nu doe voor mijn huidige blog op een andere URL en alles lijkt gewoon netjes te werken (op een paar plugins na die nog geupdate moeten worden denk ik zo); de nieuwe layout ziet er erg leuk uit ook al geef ik de voorkeur aan mijn leopard admin skin

Tom heeft ook een kijkje genomen op de nieuwe pagina's en die was volgens mij ook wel onder de indruk, binnenkort nog een beetje meer testen om te zien wat we er nu precies mee kunnen. Tot heden alle lof voor het wordpress team![/lang_nl]

Pretium

On November 1, 2008, In Weblog, by Remko

[lang_en]A while ago I wrote a dutch blog regarding the dutch telecom provider Pretium (can be found here). They lured my granny into an account with them and luckily we were bright enough to stop them immediatly. That story luckily ended well; for many others however it didn't yet.

Recently I was called by Pretium myself; after hearing their name I informed them that I am not going to do any business with them and I hung up.

Apparently that is not informative enough; my dad was called a few days later with the same story (they initially didn't say their name, but they started with "you have an KPN account now right?"); after he inquired for their name and they told him, he also responded with " I am not doing business with you".

So their activities are still ongoing, please be aware. Do not let yourself get fooled by them, just tell them to go away. At some point it will stop.[/lang_en]

[lang_nl]Een tijd geleden heb ik een nederlandstalig blog geschreven over de Nederlandse telecom leverancier Pretium (de blog kan hier gevonden worden). Ze hadden mijn oma misleid om een abonnement te krijgen bij hen, maar gelukkig waren we zo slim om dat meteen af te zeggen. Dit verhaal eindigde goed, voor veel anderen is dat echter niet het geval.

Recentelijk werd ik echter zelf gebeld door Pretium; nadat ik hun naam gehoord had heb ik hen verteld dat ik geen zaken met ze wil doen en ik had opgehangen.

Blijkbaar is dat niet informatief of duidelijk genoeg; mijn vader was ook gebeld een paar dagen later met het zelfde verhaal (in het begin vertelde ze hun naam niet, maar ze begonnen met "U heeft nu een KPN abonnement he?"); nadat hij hun naam navroeg en dat verteld werd heeft hij ook teruggekoppeld dat wij geen zaken met ze doen.

De activiteiten gaan dus nog steeds door let op! Laat jezelf niet verleiden door ze, vertel ze gewoon dat ze moeten weggaan, op enig moment zullen ze vanzelf stoppen.[/lang_nl]

Evilcoder.org