Related link: http://www.pcbsd.org/

I saw a post regarding a new BSD “distro” based on FreeBSD with a GUI installer over on bsdnews.com the other day, so of course I burned a copy of the ISO and gave it a try.

Now, I’ve been using FreeBSD as my main desktop since 1999 and have probably installed over a thousand FreeBSD desktops for the students in my labs. In short, I have no complaints regarding the install or maintenance of FreeBSD desktops. However, I’m always on the lookout for advocacy tools and media to give out at conference booths. And yes, I’ve been known to pass out CDs of open source operating systems and tools to complete strangers at the local computer store.

This is one CD I’ll definitely be passing out and I look forward to watching this project mature and achieve its goals. Having installed pretty well every i386 operating system out there, this install asks the least amount of questions of any installer I’ve seen. What you see at the screenshots section of the website is what you get.

Installation walk-through

The installation is very easy: simply insert the CD and boot the system. Anyone used to an open source Unix will see the familiar startup messages as the kernel is loaded and hardware is probed. As is to be expected with FreeBSD, all of my hardware was found, my NIC got an address from the DHCP server, and best of all, the installer configured X at a very nice resolution.

Once X was configured, I was presented with the screens seen on the screenshots page. Anyone who has installed RedHat before will recognize the anaconda-like interface.

First, I was asked on which harddrive to install. I like that the installer gives both the FreeBSD and a human friendly name so you can easily select the correct drive on a multi-drive system. For example, my drive looked like this:

/dev/ad0:9787MB<QUANTUM FIREBALLlct20> 10/AP

I was then asked to select on which partition to install or if I wished to use the entire disk. I tried the CD on a few systems I had laying around and it correctly found existing Microsoft, Linux and FreeBSD partitions.

When I chose to use the entire disk, I received this message:

The disk (/dev/ad0) will be formatted. All data will be lost. Do you wish to continue? I pressed OK.

Finally, I was asked which boot loader to use. And then the install began and a familiar blue bar proceeded towards the right. The Install Tips included these:

“The installer is now extracting your PC-BSD system. This process will take several minutes, so please sit back and relax. The program will let you know when it is ready to continue.

PC-BSD has as its goal to be one of the easiest to install and use BSD OS’s available. For this reason, your install comes pre-loaded with KDE 3.4.0, which lets you work in a purely graphical environment. Check out www.pcbsd.org
for further information and to grab pre-packaged software for your system.

Still want to use the traditional port system? If so, you can easily download the ports system by logging in as root, and running this command:

cvsup /root/ports-supfile

Your ports directory will then be populated automatically!”

My only nit with the installer is that it doesn’t proceed to the next screen when the install is finished; I had to press Next when the blue bar indicated 100%.

I was then prompted to set the root password and create a user account. The side tip had a nice reminder that you don’t login as root and you only become root when necessary.

I was then prompted to reboot into the new system. The system booted up to KDM. While the screenshot doesn’t show it, the Menu button gives these options:

Session Type Alt+T : Default, Custom, KDE, MWM, TWM, and Failsafe
Remote Login Alt+R
Console Login Alt+N
Shutdown ALT+S

Post installation Poke about

Rather than logging into KDE, I dropped down to a terminal (CTRL ALT F1) to do some investigation.

As expected, the GUI was on CTRL ALT F9 and there were 8 terminals from CTRL ALT F1 to CTRL ALT F8.

I started with df:

df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s1a 8714188 1498986 6518068 19% /
devfs 1 1 0 100% /dev

A little disappointed to see one large partition, but I suppose it’s a necessary evil to keep the install idiot proof. And I’m certainly used to seeing one large partition in Windows and Linux desktop-land.

I was pleased to see that sockstat -4 only showed sendmail, sshd, syslogd and dhclient open as is to be expected on a default FreeBSD install. (I dare you to compare that to a netstat -an on any non-BSD system.)

pkg_info showed 153 installed packages which was quite impressive considering KDE and xorg are installed. My main FreeBSD desktop has 253 packages installed and my FreeBSD laptop has over 280. Compare this to my last Fedora install which had over 1100 packages.

portupgrade wasn’t installed, but pkg_add -r portupgrade took care of that and also indicated that this was a 5.3-RELEASE kernel.

KDE 3.4.0 was built without kdetoys, so I had to pkgdb -F before portversion -l “<" worked. Was pleasantly surprised to see that most of the software was up-to-date.

I ran that cvsup /root/ports-supfile command which retrieved ports-all from cvsup13.FreeBSD.org. That took a while, so next time I’ll just download the ports tarball and untar it.

In short, this was a FreeBSD system. As an administrator, I could continue doing all of the stuff I normally do on a desktop. I certainly wouldn’t turn this install into a server system due to X and the one big partition, but I have no problem with this as a desktop.

Conclusion

This project shows great promise. Especially if it can deliver a GUI package management system targetted at the novice user.

This CD is ideal for those who want to give FreeBSD a try. Especially if they’ve tried an install before and perhaps gave up at configuring X (which can be a daunting task for any Unix novice). I’d also rather give a manager a CD to check out then tell him “well, you have to go to this website and make 3 floppies, then answer these questions during the install…” I haven’t met that many managers that have the time to learn technical details in order to check something out. While it’s sometimes hard for us techies to admit, a CD with a graphical interface is a much more effective advocacy tool.

I was sorry that I did my test install on an ancient AMD 700 with 128 MB of RAM and an even older CDROM drive. My install took just over an hour; I’m sure that time would be greatly reduced on a newer system. I was also reminded that KDE is a hog. If you plan on giving the CD a go, pick a system with a good processor and lots of memory.

Related link: http://www.apachesecurity.net

My book, Apache Security, is finally out, after a year and a half of hard labour. I began talking to the publisher in the summer of 2003, and began research shortly after. I began writing in March 2004 and finished in December 2004. O’Reilly had it in stock on March 1st 2005, but it only become widely available in late March.

The work itself was great fun. It is a great privilege to be able to explore the boundaries of your own knowledge in detail. I did have periods of despair, of course. But I was prepared for them from reading blog entries of other book writers. I knew how difficult it was going to be. The biggest challenge I had was deciding what to cover, and what to leave out. It was never going to be a book for absolute beginners (officially, it’s an “intermediate to advanced” type of book) but I didn’t want to write a book that would be understood only by a few people who are already Apache experts. On an another level, it was also not possible to look at the security of the Apache web server in isolation. A book that pretends to provide “everything you need to know to secure your Apache web server” must delve into topics such as networks security, host security, and web application security. As it turned out I had to deal with these questions every single day. It was a struggle to keep the book from growing too much. Initially, the book was supposed to be around 280 pages long. In the end, it grew to over 400 pages.

As my work progressed I began to think more and more about the process. The traditional book writing process restricts the author to his experience, the experience of his immediate peers, and the experience of the technical reviewers. While this may work in some, or even many cases, I came to believe that a piece of technical writing can achieve its best only through the collaboration process with the readers. Now that the book is out, this is exactly what I am looking forward to.

The first step, the book’s web site, is already completed. In the following months I plan to put more material from the book online, start adding fresh content, and generally try to engage the public by offering them the stuff they are interested in. The way I see it, my work has just began.

Related link: http://www.bsdcan.org

One of the many exciting events at BSDCan 2005 is the two Meet the Author book signing sessions. You can read more about it here.

The following authors will be available:

Richard Bejtlich, author of The Tao of Network Security Monitoring: Beyond
Intrusion Detection.

Dru Lavigne, author of BSD Hacks.

Michael W.Lucas, author of Absolute BSD: The Ultimate Guide to FreeBSD , Absolute OpenBSD: UNIX for the Practical Paranoid and Cisco Routers for the Desperate.

Greg Lehey, author of Porting Unix Software and
The Complete FreeBSD.

George V. Neville-Neil coauthor of
The Design and Implementation of the FreeBSD Operating System.

Marshall Kirk McKusick, coauthor of
The Design and Implementation of the FreeBSD Operating System. and
The Design and Implementation of the 4.4 BSD Operating System.

If you’re planning on attending BSDCan, bring copies of your books for the signing sessions. If you don’t have a copy of your favourite book yet, copies will be available for sale.

What else should you bring to BSDCan? Business cards and a pen! You will meet so many people, it will be impossible to remember them all. Ask for their card, and jot a quick note on the back so you remember who they were when you get back home.

Don’t have a business card or the budget to buy some? Make your own which include your name and email address. Either print them yourself on stiff paper or spend a few bucks at a local printer shop. Trust me, you’ll be glad to have something to hand out as you meet people.

Which reminds me, I better print off some of my own. See you there :-)

Related link: http://www.mysqluc.com/cs/mysqluc2005/view/e_sess/6219

This afternoon, I attended John Paul Ashenfelter’s Data Warehousing With MySQL talk at the MySQL Users Conference.

I was trying to come up with some way of saying how completely and totally useful it was to me. After all, I realized after sitting there for the afternoon why I’d been struggling with my own implementation of a data warehouse at my workplace. I saw what he was defining as “classic mistakes” as being synonymous with “things I had just implemented”.

I struggled for a while until I read John Adams’ post about the talk (as given at a previous conference), and realized that John had said nearly everything I wanted to say, but done so much more eloquently than I could have.

While the talk was centered on MySQL, in reality it had much more to do with data warehousing in general (and I firmly beleive that an Oracle or SQL Server DBA in attendance would have gotten as much out of the session as all of us MySQL users did). It was, by and large, agnostic to the database being used, and more about the design and mindset behind the data warehouse itself.

I feel like I want to rush home now, tell my marketing guy to stop using the existing warehouse implementation while I completely gut it and start from scratch with something that he’ll be a lot happier with.

Am I right? Am I wrong? What do you think?

Related link: http://avc.blogs.com/a_vc/2005/03/internet_axis_o.html

Here is a fun blog entry, summarizing what this venture capitalist considers to be ‘Internet Axis of Evil’:

• Spam and Viruses
• Adware/Spyware
• Comment Spam/Link Spam
• DNS Hacking
• Phishing

What do they all have in common? Well, for one he says that ‘there is money to be made in each of them’. Great! Also, it seems that most of the entries appear to affect consumers/end users rather than businesses (at least, not directly) and that seems to contradict the above. Interesting!

Related link: http://www.honeynet.org/scans/scan34/

If you happen to feel that security log analysis and intrusion investigation is a fun subject :-) take a look at the latest Honeynet Project security challenge. It involves analyzing various log files from a honeynet in order to confirm the compromise.

Related link: http://www.computerworld.com/printthis/2005/0,4814,100720,00.html

At the risk of manifesting shameless self-promotion (since I link to my own article here), I want to bring up this paper on security incident response mistakes. Lots of people say how incident response is important and how it should be organized , but fail to mention the common pitfalls that lurk on the way to effective incident program. Hence, this paper…