Archive for the ‘BSD’ Category

« Older Entries
Newer Entries »

Install issue with GNUCash from the FreeBSD ports

Tuesday, March 21st, 2006

So, I went to install GnuCash on a machine running FreeBSD 6.1 Prerelease (“cd /usr/ports/finance/gnucash; sudo make install”) a couple of days back (19-03-2006). Just as I was rejoicing at all the dependencies being handled automatically (and goodness knows there were many), the install died.

===> gnucash-1.8.12_1 depends on executable: gmake – found
===> gnucash-1.8.12_1 depends on file: /usr/local/bin/perl5.8.8 – found
===> gnucash-1.8.12_1 depends on file: /usr/local/bin/intltool-extract – found
===> gnucash-1.8.12_1 depends on executable: pkg-config – found
===> gnucash-1.8.12_1 depends on shared library: guile.15 – found
===> gnucash-1.8.12_1 depends on shared library: guppi.16 – found
===> gnucash-1.8.12_1 depends on shared library: popt.0 – found
===> gnucash-1.8.12_1 depends on shared library: ofx.2 – found
===> gnucash-1.8.12_1 depends on shared library: gw-standard.0 – not found
===> Verifying install for gw-standard.0 in /usr/ports/devel/g-wrap
===> g-wrap-1.3.4_8 depends on file: /usr/local/share/guile/slibcat – not found
===> Verifying install for /usr/local/share/guile/slibcat in /usr/ports/lang/slib-guile
===> slib-guile-3a1 is marked as broken: Does not install.
*** Error code 1

Stop in /usr/ports/lang/slib-guile.
*** Error code 1

Stop in /usr/ports/devel/g-wrap.
*** Error code 1

Stop in /usr/ports/finance/gnucash.

Sure enough, the makefile (“/usr/ports/lang/slib-guile/Makefile”) for slib-guile in the ports tree identified the port as BROKEN.

BROKEN= Does not install

A quick search of the FreeBSD ports mailing list archives, and there was a recent post pointing to the following workaround.

1) Use portdowngrade to grab the slib-3a1_2 version, and install it.
gnucash/guile does not like 3a3.
2) Use pkgtools.conf to ‘hold’ slib-*.
3) remove the “BROKEN” status from slib-guile-3a1

Attempt ‘make install clean’ of gnucash.

(Note: The use of “sudo” proceeding these commands is not necessary if you are root, of course.)

I thought “slib-3a3″ was automatically installed as a dependency of GNUCash, but, before I removed it, I checked to make sure that was the case and there were no dependencies on “slib-3a3″.

  • pkg_info -R slib-3a3

No packages were listed as depending on “slib-3a3,” so I removed it.

  • sudo pkg_delete slib-3a3

I did not have “portdowngrade” installed, so I needed to install that.

  • cd /usr/ports/sysutils/portdowngrade
  • sudo make install

I tried using “portdowngrade” with SSH, but it fails as unsupported, which meant the USA anoncvs mirrors were out. I then tried the French anoncvs server, but this failed with some sort of read error for lang/slib. So, then I went to Japan.

  • sudo portdowngrade -o -s:pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/slib$

When prompted, I entered the password “anoncvs” (without quotes).

During step 3 of the 6 step process, a list of previous versions was provided, from which you could select one to downgrade to. I selected the number corresponding to “3a1_2″ (#3 when I was performing these steps), confirmed that I wanted to downgrade, and was downgraded.

As instructed by “portdowngrade,” I updated my ports database since I use “portupgrade” (this could have been performed later).

  • sudo portsdb -Uu

With that completed, I installed the downgraded port, “slib-3a1_2″.

  • cd /usr/ports/lang/slib
  • sudo make install

I then edited “/usr/local/etc/pkgtools.conf” to hold “slib” and “slib-guile” by adding “slib-*” to the “HOLD_PKGS” array.

  • sudo vi /usr/local/etc/pkgtools.conf

My HOLD_PKGS ending up looking as follows.

   HOLD_PKGS = [
     'bsdpan-*',
     'slib-*',
	]

I then edited the Makefile for “slib-guile” and commented out the “BROKEN= Does not install” line.

  • sudo vi /usr/ports/lang/slib-guile/Makefile

With that all set, I was ready to build and install GNUCash.

  • cd /usr/ports/finance/gnucash
  • sudo make install clean

Perfect.

(Completely unrelated, this is quite interesting.

With new technologies constantly being invented in corporate and academic labs around the world, identifying which ones will transform computing, medicine, telecommunications and business always is a challenge. In “10 Emerging Technologies,” a special package in the March/April issue of Technology Review, MIT’s magazine of technology, the editors name those that they feel will soon have a significant impact. The ten technologies are also featured at www.technologyreview.com/special/emerging.

via Infectious Greed)

Posted in BSD | 2 Comments »

NYC BUG Meeting March 2006, etc.

Saturday, March 4th, 2006

So, I had what was supposed to be an informal meeting with a small business to discuss how to go about upgrading their current infrastructure to support their growth from 3 people to a planned 10 people over the course of this year. We were originally going to meet in a bar, but ended up in a conference room, where I briefly presented about what I have experienced during such a transition and then was interrogated for quite a while.

After this meeting, I was on my way to the NYCBUG meeting, when I remembered the meetings had been changed from 6:00PM EST to 6:30PM, so, being in the area of Heathers, I popped in for a drink. Heather soon came in, and she mentioned that she used to do some tech support for Macs. We discussed that I may need more Mac people in the future, and, while she was not directly interested in such a role, she knew people who would be. Good to know.

Unfortunately, the next thing I knew, it was after 6:30PM, so I dashed out of Heathers and ran up to Baruch college on E 25th. By the time I made my way to the proper room (through two security checkpoints), it was the question and answer (QnA) portion of Ray Lai’s presentation on systrace. I was disappointed to only catch the last 15 minutes of his talk, as systrace is a good topic and its use is not as widespread as i’d expect in OpenBSD server environments.

My notes on the QnA follow.

-

There was a question about whether systrace has had any security issues itself, which made me chuckle a bit. Ray answered that it had on NetBSD (not OpenBSD), the last one that he knew of discovered back in 2004 (a quite simple local exploit).

There was some discussion about using systrace to debug applications, which I had never really thought of explicitly in those terms before and so had me mumbling to myself a little in thought. For example, whenever an application crashes because systrace limited its access, well, you then go about debugging what access that application thinks it needs and why. I think the gist was taking the concept of that example and using it to learn about limiting an application’s privileges during development and testing.

Johnny Lam chimed in about using systrace to lockdown builds. When you download the source code for some rogue application and build it, you really don’t know what is going to happen during that build process. Since building generally requires a very limited set of permissions, it is easy to run the build in systrace with a very strict policy and note any weird access attempts. (I have really enjoyed hearing Johnny Lam discuss his NetBSD development environment, from encrypted file-backed domains in Xen with keys stored on a token to builds conducted using systrace.)

Ray noted that the OpenBSD ports have the option to use systrace during builds, although this option is not enabled by default (set the “USE_SYSTRACE” variable to “Yes”).

There was some discussion about systrace being easier to implement in server environments, where the services provided are normally well-defined and quite limited, versus a desktop environment, where there is a wide variety of software that a user may wish to run and covering all of it with systrace can be a huge, complicated task.

Systrace is part of base on both NetBSD and OpenBSD.

-

The presentation slides are available online here, and an audio recording of the presentation can be found here. (I am listening to it right now.)

Thanks to Ray Lai for presenting and NYCBUG for its continued efforts.

Posted in BSD, Conferences, D-Kriptik, NYCBUG | No Comments »

Upcoming NYCBUG and dorkbot-nyc meetings (Mar 2006)

Wednesday, March 1st, 2006

Systrace at the next NYCBUG meeting. (The systrace chapter from “Secure Architectures with OpenBSD” is freely available here.)

March 01, 2006
Ray Lai: Systrace for Slackers

NEW Time & Location!
And it is necessary to RSVP

Please send an email to rsvp at lists dot nycbug dot org with `RSVP` and your full name in the subject line

6:30 pm, Baruch College, CUNY
Building H, Room 620
E 25th Street between 3rd Ave & Lexington
Map

Systrace is a facility to confine programs to doing what they are supposed to do. When do they do “bad” things? When they get exploited, of course!

Most people either never heard of Systrace or don`t know how to use it. I hope to change both these problems.

Fortunately, the NYCBUG team found a temporary location for the NYCBUG meetings, which will be used for the March and April meetings. There is this though.

IMPORTANT: It is compulsory to RSVP for this meeting. . . so you MUST do
the following:

EMail to rsvp at lists.nycbug.org with the subject line of:

RSVP FirstName LastName

The cutoff time for the RSVP is 3 pm on Wednesday. You only need to
RSVP once for either or both meetings. Obviously, if you’re not sure
whether you’ll be attending the meetings or not, RSVP anyway.

Also, make sure you have an ID with you.

I have to grab a beer with a prospective client early in the evening, but I will run over to this meeting afterward. Hopefully, I will not be too late.

Also, the next dorkbot-nyc meeting is taking place the same night.

The nine million and twenty ninth dorkbot-nyc meeting will take place on Wednesday, March 1st at 7pm at Location One in SoHo.

Featuring,

  • almost certified by k.cain and b.crabtree – “almost certified (grade A noise for non-discerning consumers) is a mechanical sound installation and informative publication. a distributed network of precarious egg-tapping robots.”
  • Whorld by Chris Korda – “Whorld is a free, open-source Windows program that offers a unique approach to creating live digital art. Whorld generates real-time animation, but unlike most visualizers, it’s designed for performing, and includes MIDI support and other features more commonly found in clip-based VJ programs.”
  • Heddatron by the botmatrix – “For the past year and a half The Botmatrix collaborated with The Les Freres Corbusier theater company on their latest play Heddatron: An adaptation of Henrik Ibsen’s classic play Hedda Gabler complete with 5 robots.”

Unfortunately, I will most likely not make it to this dorkbot-nyc meeting due to the NYCBUG meeting being held in east midtown for the time being. If anyone else is planning to attend and wants to do a brief write-up, please let me know.

Both events are always a good time, and you will meet some cool people. Check them out.

Posted in BSD, Conferences, NYCBUG | No Comments »

Phone tracking, data erasing, BSD talking, stopped reading, and models eating

Wednesday, February 8th, 2006

My mobile phones are mainly turned off these days because they are old, their batteries barely last a day, and I have other means of receiving calls/messages. Plus, the selling of cell phone records and the tracking capabilities do not make me smile. Nevertheless, once a certain line of phones is updated by my provider, I will upgrade and use mobile phones a bit more again – a consumer to the bone.

Anyway, we all know cell phones can be used to track us. Well, here is another example of that.

On the website, I see the familiar number in my list of “GSM devices” and I click “locate”. A map appears of the area in which we live, with a person-shaped blob in the middle, roughly 100 yards from our home. The phone doesn’t go off at all. There is no trace of what I’m doing on her phone.

If you care enough, it has long been time to turn off that cell phone, or just leave it at home (locked in a safe ;) ).

via cypherpunks

-

NIST has published a draftGuidelines for Media Sanitization” for public comment.

When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, or electrical representation of data that has been deleted is not easily recoverable. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed.

This guide will assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information. It does not, and cannot, specifically address all known types of media; however, the described sanitization decision process can be applied universally.

Basically, destruction is best, but overwriting may be satisfactory, depending on one’s needs. Of course, the ideal is to never let sensitive data hit the storage media in plaintext, if it has to hit storage media at all. (Still, RAM and what have you will touch plaintext data and keys.)

Peter Gutmann published the classic paper on wiping data from magnetic storage and solid-state media (I normally refer to this as Gutmann grade wipes – 1-4 pass wipes using random data, or 35 pass wipes using particular patterns and random data for those that like security theater on today’s storage media), and his follow-up covering semiconductor devices. The DOD has published techniques for wiping media (I normally refer to this as military grade wipes – 1 or 3 pass wipes using a single character, or a single charater, its complement, and random data).

via Rootsecure.net

-

bsdtalk has been flying through podcasts with popular figures in the BSD community.

-

[here i stopped reading] had me rolling with laughter. Perhaps Ptacek didn’t get the memo – everyone is stoopid that does not use Linux[here i ran out of sarcasm]

-

In case you didn’t know, models eat.

Posted in Anonymity & Privacy, BSD, Off-topic, Security | 1 Comment »

Services and software 2

Tuesday, February 7th, 2006

Someone I know pointed this article out to me.

Instead, the past two years has seen a proliferation of smaller companies building Web-based applications, sometimes referred to as Web 2.0, as well as open-source companies. Many of these firms can get off the ground with relatively small up-front investments, not the tens of millions of dollars that venture capitalists pumped into new software ventures in years past.

Web 2.0 bubbles aside, this brought to mind an old post here, in reference to businesses catering to small businesses and home users.

Selling software is so last century, much like long distance call fees. New software is distributed for free virtually immediately after its development, regardless of a company’s desire to sell it, and we could chat about ways to control that, but I don’t think there is much point in that. Services are what matter now. A company could build custom software into your architecture and then provides services to clients through this infrastructure. Or, a company could give away their software, perhaps even open source it, and then support customers in using it – build a custom architecture for clients out of it, add specific features requested by customers, support customer developers in modifying it, etc. You know, services.

All of this reminded me of a discussion I had over the holidays with a CTO of a medium-sized business. I talked briefly about my business, and my belief that free software was the future for small businesses and home users, and that businesses would sell services, not software, to support small businesses and home users.

This opinion did not go over well at first, and I am not sure why as there was no explanation. However, the concept gained momentum as the day turned to evening, and the rain picked up. (My opinions are well known, so I will just briefly note some of his thoughts.)

There was some discussion about usability improving in many open source projects, and he said that he could see the big boy distributors like Dell saving on costs by removing expensive software licensing requirements and switching to open source in the future.

We discussed how each of our mothers use their computers, and he made the general point that, given Firefox and Thunderbird running on a Debian derivative GNU/Linux distro with a windows manager like KDE (I said Gnome), and they would be all set. (Of course, as things stand now, this would have to be pre-configured to just work, which may not be trivial, but after that, their normal use would be covered. Sure, they would need our help from time to time, but that is no different from Windows XP.)

Most interesting of all and on the small business side of things, we talked about backend servers. He works at a medium-sized business, and they use information technology quite robustly. In this groove, he discussed their choice of Solaris as a rock solid platform a few years ago, but they have now switched to Enterprise Redhat, which they have found to be just as reliable, fully supported by RedHat, and a fraction of the cost of Solaris. (I am partial to BSD flavors myself, and FreeBSD would have been my choice here based on what he told me about their architecture.)

And, that brings us back to the article that began this post.

Freely available open-source software is becoming increasingly robust and powerful hardware servers are relatively cheap. Five years ago, start-ups would have had to spend tens or hundreds of thousands of dollars for equivalent products.

Totally unrelated…

A paper providing a security proof for what was already generally accepted.

HMAC (Bellare, Canetti and Krawczyk, 1996) is a cryptographic-hash-function-based MAC that is widely used both as a MAC and as a PRF. To prove it secure as a PRF, BCK96 assumed both that the compression function was a PRF and that the hash function was weakly collision resistant. In this paper we show that the second assumption is unnecessary, proving the construct is a PRF (and hence a MAC) under the sole assumption that the compression function is a PRF. This helps explain the strength that HMAC has shown even when implemented with hash functions like MD5 and SHA-1 whose weak collision resistance is (fully in the first case and partially in the second) compromised by known attacks. (Known attacks do not compromise the compression functions as PRFs.)

Also, I note the following paper because it is by the designers of AES. The results are purely academic and meaningless to someone like me.

In this paper we study the probability of differentials and characteristics over 2 rounds of the AES with the objective to understand how the components of the AES round transformation interact. We extend and correct the analysis of the differential properties of the multiplicative inverse in GF($2^n$). We show that AES has characteristics with a fixed-key probability that is many times larger than the EDP.

Posted in BSD, Crypto, D-Kriptik | No Comments »

NYC BUG Meeting February 2006

Monday, February 6th, 2006

I made my way over to the NYCBUG meeting a few days ago, which was a talk by Johnny Lam on using Xen with NetBSD.

The meeting started out with administrative announcements. The next NYCBUG meeting will be held somewhere else, as the Apple store is about to undergo some rennovations, but where has yet to be determined. NYCBUG has a TOR node, and Roger Dingledine should be speaking at an upcoming meeting about TOR, which is a talking I am really looking forward to hearing. This was the 2nd anniversary of the NYCBUG public meetings. The NYCBUG web site has been redone, and there are some cool new features, such as submitting port requests. There were also requests for other people to present material at BUG meetings. (I’d love to give a presentation, so hopefully a topic will come to my mind that merges my focuses with subject matter relevant to these meetings. As it stands, the majority of my contribution has been meeting attendance and a couple of glossy posts to the NYCBUG mailing lists. Given TOR is going to be a topic, perhaps the gap is not as wide as I thought.)

After this administrative stuff, Johnny Lam arrived and spoke about Xen. He seemed quite used to public speaking, which is not always the case at NYCBUG meeting (the meetings often serve as a practice forum).

The beginning of the talk was just high level discussion about why to use virtualization at all. The main use is to effectively isolate users and processes, which Unix alone should accomplish by design, but which is often quite hard to accomplish in practice. Johnny discussed the two sides of the spectrum in accomplishing this isolation, and then he discussed virtualization as part of the middle between those extremes. On the one extreme, all servers have their own physical machines. So, the FTP server would be on a separate physical machine from the web server, etc., and so forth and so on. On the other extreme, all servers would be on one machine, and the operating system would be relied upon to keep separation between them all. So, the FTP daemon would be kept separate from the web daemon by process separation, permissioning, etc., and so forth and so on. Virtual machines sort of merge these two extremes, allowing for multiple, logical machines to be running on one physical machine. In theory, each virtual machine is distinct from the other virtual machines and can be viewed as its own machine (although how true that is in practice is a question in my mind).

Johnny went on to talk briefly about Xen and his particular setup. He talked about the privileged domain (domain 0 – think root) and the guest (unprivileged) domains (domain U – think everyone else). Domain 0 essentially serves to manage the guest domains, so Johnny runs only the bare minimum needed to do this in domain 0. The guest domains run everything else.

What really caught my attention though was the usage of file-backed guest domains using encrypted (CGD) virtual disks (VND) (pardon my attempt at NetBSD terminology). Domain 0 would setup the encrypted virtual disks and then configure the guest domains to use them. The setup reminded me of my post about using encrypted memory disks in FreeBSD, as this would be a really cool way to use encrypted memory disks. Take those encrypted memory disks and use them for your virtual machines, which could mean that everything that machine tries to write to disk is encrypted first, but without the fanagling necessary to try to setup FreeBSD with boot/root encrypted. Combine that with encrypted swap for domain 0, and perhaps all the bases are covered. Cool stuff.

That is about it for my notes. Slides can be found here, and audio of the presentation can be found here. Put the two together, and there you go.

Thanks to Johnny for a good talk and to the efforts of NYCBUG.

-

On a related note, I stumbled across the following.

First off, I found this blog, which seems to keep up with lots of virtualization news, and in it was this post. So, it looks like more than a player is going to be out there for free by VMWare. Cool.

An email circulating in these hours reports GSX Server is going to change name in VMware Server, distributed for free from 6th February.

Second, I found this site via that blog, which discusses the efforts to port Xen to FreeBSD. (I am excited about this, as jails seem more like glorified chroots than full blown virtual machines, unless I am missing something.)

This page is intended to document the work on FreeBSD on Xen and the sun4v hypervisor.

No domain 0 yet, but it is coming.

-

Totally unrelated, I have heard Berlin’s The Metro mixed seamlessly in quite a few DJ sets recently. That icy track is as cool today as it was in 1982. Who would have imagined transitions like Bloc Party’s Banquet to Berlin’s The Metro back 20 odd years ago when the latter came out? It reminds me of UFS or the unix epoch.

Oh, and a brief post on the last dorkbot-nyc meeting is forthcoming.

Posted in BSD, Conferences, NYCBUG | 2 Comments »

Upcoming NYCBUG and dorkbot-nyc meetings (Feb 2006)

Wednesday, February 1st, 2006

Time for NYCBUG meeting Xen.

Johnny Lam: Xen and the Art of SysAdmin

6 pm, Soho Apple Store at 103 Prince Street

This presentation will be about using Xen in the real world to simplify the maintenance of BSD systems. There will be a short introduction to Xen and how it works, an in-depth look at the details of one particular Xen setup along with some performance results, and how using Xen simplifies life as an admin.

I have been slowly (i.e., as time permits) taking a greater interest in virtualization (mainly VMWare, which apparently has a free player now) and first heard of the opensource Xen in this post on the Illuminata Perspective blog (a blog that does a good job of keeping up with various pieces of virtualization news). So, I am curious to hear about people’s experiences with it, especially on BSD.

After this wraps up, I will try to swing by dorkbot-nyc meeting, as I did last month.

The nine million and twenty ninth dorkbot-nyc meeting will take place on Wednesday, February 1st at 7pm at Location One in SoHo.

Featuring…

  • Ge Wang – “ChucK, On-the-fly programming, and the Audicle are different parts of a new programming system and paradigm for real-time audio synthesis and multimedia.”
  • Anton Perich – “I dreamed of a machine that would paint. No more hand made paintings, but machine made, with sharp electric lines, on and off, like Morse code, short and long. So in 1977/78 I built such a machine, using surplus materials from Canal Street stores.”
  • Carrie Dashow – “I will show some work from what I call the Negotiable Camera Ensemble, synchronized multi-camera people games, Red Light Relay; a public houselight event performed by downtown residents of Troy, NY, and my attempts at a self-editing video installation called the Informants, video pods who exist after the people have descended and are no longer necessary to a revived earth.”

Feel free to say hello!

(I liked this post – a nice, simple framework. Oh, and the PROTOS project has various protocol fuzzers out there for download, which have revealed problems in SNMP implementations that made the news a while back.)

Update: Whoops, I wrote “(Feb 2005)” in the title originally. This was almost immediately corrected to “(Feb 2006)”, and I fixed the “post slug” as well.

Posted in BSD, Conferences, NYCBUG | No Comments »

Wired on Anonym.OS

Wednesday, January 18th, 2006

A reader pointed this Wired article about Anonym.OS out to me.

Titled Anonym.OS, the system is a type of disk called a “live CD” — meaning
it’s a complete solution for using a computer without touching the hard drive.

The idea is sound and nothing new. Live CDs have been around for quite a while, and goodness knows how many flavors of them are now available (Knoppix is probably the most well known). IIRC, DSL was used on a token that provided similar services to the Anonym.OS live CD. BartBE is available, if you want to use Windows. Anyway, customize and mix (shaken, not stirred) with your favorite anonymity tools, and there you go.

Also, a response to one of my posts to Practical Security comes to mind, which is part of a discussion about covering one’s tracks.

Date: Thu, 17 Nov 2005 17:12:57 -0800
From: coderman <xxxxxxxx@xxxxxxxx.xxx>
Subject: Re: [PracticalSecurity] Read Only / Ephemeral OS Instances; was Evaluating Commercial Counter-Forensic Tools

On 11/12/05, lists <xxxxxxxx@xxxxxxxx.xxx> wrote:
[...]
> This could result in booting off of trusted,
> read-only media, such as a CD, and having no ability to write to any
> storage media (this could be nicely portable)

this is an excellent idea and something i strongly recommend to anyone
in a hostile environment. i have built custom knoppix iso’s for
friends to use at hacker / security conferences. they take their hard
drive out and use the wireless/wired networks at the cons without
worry.
[...]

Of course, the devil is in the details, and it takes effort to build these things, which this team has put in. There is a slide presentation here, which discusses at a high level the tweaks (e.g., hardening) the authors made to a variety of platforms (BSD, Linux, etc.) for anonymity purposes.

Side note, I see the following in the article.

OpenBSD running in secure mode is relatively rare among desktop users. So to
keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In
everything from the way it actively reports itself to other computers, to
matters of technical minutia such as TCP packet length, the system is designed
to look like Windows XP SP1. “We considered part of what makes a system
anonymous is looking like what is most popular, so you blend in with the
crowd,” explains project developer Adam Bregenzer of Super Light Industry.

I love OpenBSD, but I am left wondering why it is being touted as so essential to security here or even why it is a good choice. The system should be totally striped down, not running any daemons listening for incoming connections from the outside world (and firewalled off on top of this), and have no access to writeable storage media, so the exposure of this system is quite limited, regardless of OS. And, OpenBSD does not support as large a range of hardware as other OS options, which seems to be quite important to the goals here.

Posted in BSD, Security | No Comments »

NYC BUG Meeting January 2006

Thursday, January 5th, 2006

I got to the NYCBUG meeting a little after 6:00PM EST, just as it was starting up. Trish Lynch discussed building chat servers running the FreeBSD operating system and application software built in Java. He presented in a friendly, comfortable manner, and it felt more like hanging out with some geeky buddies than a formal presentation, which I enjoyed.

Trish had to build chat servers for Paltalk, which is a provider of enterprise chat services. When he got to Paltalk, they were originally running Linux, but the performance of the chat servers was less than stellar and protections against network attacks like denial of service (DoS) were difficult to implement. Trish switched to FreeBSD due to its stability and performance, especially the ability to fine tune network settings, which allowed for easily optimizing the network settings to meet the needs of the chat application and provide better network DoS attack mitigation. Also, Trish was already familiar with ipfw, so that was a plus for him.

Getting Java to work well on FreeBSD required a lot of tweaking. Sun Java has to be installed as source per its license agreement, and the build process for Java has a lot of dependencies, many of which would not otherwise have been on a server platform, such as window managers. Once the packages were built though, he could then scipt installations from then on.

Trish displayed lists of tweaks and settings that he used, but it was way too much to write down (slides). To get Java working properly, max users and nmbclusters needed tuning, and max open files needed tuning (for some reasons, Java opened tons more files on FreeBSD than on Linux). Threads worked well on FreeBSD 6, which was a performance boost (and goodness knows Java needs a performance boost). Outside of Java, there was a lot of FreeBSD network tuning to get the systems properly setup for the chat applications they would be running.

Trish said that try different patch levels and versions when trying to get Java working on FreeBSD. Unfortunately, this also requires rebuilding Java, which is time consuming (~6 hours on dual 2.4 GHz processor systems). He was able to get Sun Java 1.3 running on FreeBSD 5, but Sun Java 1.4 and 1.5 had to be on FreeBSD 6. When all else fails, the Linux compatibility versions of Java work well enough, but you have to throw in lots of additional Linux compatibility software, which may not be desirable.

The presentation wrapped up around 7PM EST after lots of QnA. My favorite moment was when Trish quoted Paltalk’s CEO after the migration from Linux to FreeBSD, to the effect of “Linux is a child’s toy compared to this,” this being FreeBSD.

The presentation slides can be found here, and an audio recording of the presentation can be found here.

Thanks to Trish Lynch for giving this talk and NYCBUG for keeping up their great efforts.

(And, yes, I did make it over to the dorkbot-nyc meeting. It was packed and I did not take any notes, but I may do a quick write-up, as the people were quite interesting. We’ll see.)

Posted in BSD, Conferences, NYCBUG | 1 Comment »

BUG meeting and dorkbot-nyc perhaps (Jan 2006)

Wednesday, January 4th, 2006

I will be heading over to the NYCBUG meeting tonight. Using FreeBSD in hammered environments is a good topic, especially when the complication of Java is thrown in.

Trish Lynch: Java on FreeBSD

6 pm, Soho Apple Store at 103 Prince Street

Java on FreeBSD in Heavy Production

The name Trish Lynch is not unknown in BSD circles. Trish has been around since the mid-1990’s doing advocacy and some small development, but what Trish is known for is deploying BSD into companies that have networks in disrepair or otherwise strained to the limits using Linux, and turning them into works of gold. First doing this at VA Linux/Andover.Net, Trish is known for putting BSD firewalls in front of Slashdot, a well-known and heavily trafficked Linux news site, later on, Trish won an Emmy Award by using FreeBSD in a high performance network designed to handle millions of viewers for interactive television at ABC’s Enhanced TV. These days, Trish is deploying FreeBSD boxes with java on them to multiplex video and voice at the 4th largest private Instant Message infrastructure, Paltalk.

These meetings are scheduled to run from 6PM-8PM EST, but generally they wrap up a bit early. So, if all works out, I may shoot over to the dorkbot nyc meeting a few blocks away. I have never been to one of those, but I expect it to be interesting.

The nine million and twenty second dorkbot-nyc meeting will take place on Wednesday, Jaunary 4th at 7pm at Location One in SoHo.

The featured artists are as follows.

  • Mikey Sklar – “Mikey Sklar will be explaining the process he used to install a $2 RFID tag in his left hand”
  • Alyce Santoro – “alyce santoro will discuss the evolution of “sonic fabric”, an audible textile woven from recycled, recorded audiocassette tape, from its humble beginnings as a work of conceptual art to its potential as a manufactured product with commercial viability.”
  • Luke DuBois – “I’ve been working for the past year or so on a technique called ‘time-lapse phonography’, which uses a time compression algorithm on sound to allow a large-scale piece of music to be compressed to just a few seconds duration.”

Posted in BSD, Conferences, NYCBUG | No Comments »

« Older Entries
Newer Entries »