“The PC-BSD team is pleased to announce the availability of PC-BSD 1.4 (da Vinci edition)! This release is made available via the efforts of many developers and testers, who have spent the past months refining and improving upon the core PC-BSD experience.” This release comes with Xorg 7.2, KDE 3.5.7, Compiz-Fusion 0.5.2, support for Flash7, and much more. There are release notes, a changelog, and downloads.
Downloading as we speak
Here to, can’t wait to install
Yeeha!
> Flash7
$ rpm -q flash-plugin
flash-plugin-9.0.48.0-release
Just some information around this, PC-BSD is using Flash7 through the linux compatibility layer, and it works great.
The reason we’re not using Flash9 is because, to all intents and purposes, it’s unusable under BSD. We’re currently experimenting with getting Flash9 on the system via wine, and so far it’s a lot more promising
HURRY UP!:) Can’t get access to servers! Too many people downloading Thats a good thing if you really think about it! )
Hooray for PC-BSD!
You’ve heard of Bittorrent, right?
Yes, I have but I don’t use it. I can wait. I was just kidding around……
I was implying that it was great to see so many people wanting to use PC-BSD 1.4
Maybe I’ll be a little more direct in the future.
I just have FreeBSD for my desktop. I even got xorg-7.3 already. Although flash9 still crashes firefox and it’s required in more and more sites now.
With ATI opening up, their support may be not too far away. Flash 9 I hope comes with the open source effort.
I would certainly be willing to try then, but it would have to do a lot to compare to Ubuntu.
What has Adobe Flash to do with ATI?
He’s probably referred to ‘Gnash’ or whatever the open-source GNU Flash effort is called.
Absolutly nothing apart from the earlier poster wanting to see better support from both parties.
I really don’t think you read this post properly as the guy made no reference to Flash and ATI being otherwise related.
Hardly. I also read his post thoroughly and I can see how the misunderstanding could arise.
When iXsystems acquired PC-BSD, I for one hoped that PC-BSD would concentrate on providing an alternative to Windows Server 2003/2008 i.e. develop, integrate, and provide open source graphical frontends to open source server software such as Apache, Postfix and so forth.
Desktop-wise, judging by the roadmap, PC-BSD 2.0 will be where the action is. Nevertheless, it’s good to see movement in the BSD-world.
9/10ths of the time, having a GUI to configure a web service is not a good thing. Apache/(s)FTP/etc… is far too easy a thing to screw up for configuration to be taken lightly. The inclusion of a GUI encourages just any idiot to have a go, rather that someone who sits down and learns what all the implications of what each configuration command are. And in this climate of worldwide botnets and identity theft, everyone has a responsibility to everyone else to properly secure their networks
Having a GUI that smartly selects sane (secure) defaults and warns the casual user IMHO is better than relying on config files magic. Even if I like the latter more.
Maybe you’re right. But many of todays GUIs don’t do that, and probably never will, And having used webmin and various samba GUIs, I know that to make a usable GUI, you have to abstract the raw configuration options somewhat. Thus when you start from a secure default, and select various neccessary options in the GUI, you have no real idea exactly what config statements have been set, even if you understand the config syntax backwards. And in my experince, it is very easy for two GUI settings to conflict and inadvertantly open up a security hole.
KISS avoids mistakes.
“And in this climate of worldwide botnets and identity theft, everyone has a responsibility to everyone else to properly secure their networks”
Responsibility… Yes, you have a valid point here. But unfortunately, problems don’t hurt its creators / supporters too much in order to be taken seriously. This is due to the shrinking difference between user and administrator which causes means of security to be abandoned step by step in order to increase individual feelings of comfort and safeness.
But unfortunately, problems don’t hurt its creators / supporters too much in order to be taken seriously.
From creators point of view per definition true otherwise they wouldn’t create.
From the end users point of view nonsense, if your PC is infested with malignent activity so too speak and tries to infect other peoples PC’s on the subnet the chance is great your internet connection is (temporarily ) cut off. That must make you as user more aware.
You don’t want to know how many customers we had to shut off due to spamming. I know this because i used to work for a big ISP.
This is due to the shrinking difference between user and administrator which causes means of security to be abandoned step by step in order to increase individual feelings of comfort and safeness.
I’m curious to know where specific ( an example?) the difference between the user and admin is schrinking?
security to be abandoned step by step in order to increase individual feelings of comfort and safeness.
Tell me who is 100% safe on the internet.
Hundred percent secure is an utopia. Security is a process with a awfull lot of facets. Even the most talented security practitioners can become the victim themselves. Thereis little you can do against a 0day and at the same time maintain a satisfiable amount of usability.
Anxiety is good for the sales figures.
About time vapourware is been brought more into the spotlight. Especially to expose the good,the bad and the ugly amongst security tools,practices,procedures.
“From creators point of view per definition true otherwise they wouldn’t create.”
Creators of malware just use the functionality that exists on the assumed “customer” computers, along with the usual thinking habits of these “customers” which are predictable in an easy way.
“From the end users point of view nonsense, if your PC is infested with malignent activity so too speak and tries to infect other peoples PC’s on the subnet the chance is great your internet connection is (temporarily ) cut off. That must make you as user more aware.”
Where does such a cut-off occur? Usually, malware acts in the background as soon as it’s activated (secretly or by a well designed communicational event).
One terrible habit is that ISPs deny transfering mail from client systems which have an own mail server running (mail server for sending mail out of the system by its default mail queue), even if masquerading is applied.
Example:
% dmesg | mail -s “This is my dmesg” bob@micros~1.com
Such messages won’t be received, but returned. Instead, you have two options: a) use the SMTP server of your mail provider, and b) use the MX relay of your ISP (in this case you won’t receive status messages about sending success in /var/log/maillog).
Okay, I went off topic. This example should be to illustrate: The ISP wants to do something against spam (infected mail servers), so he cuts off all mail server functionality. But because infected systems use the user’s standard SMTP access to send their mail, this means does not work.
“You don’t want to know how many customers we had to shut off due to spamming. I know this because i used to work for a big ISP.”
I’d like to know how many. Up to now, I didn’t think ISPs do take actions against spammers. Still more than 90% of the mail crossing the Internet is spam. Why? There should be more such interventions.
“I’m curious to know where specific ( an example?) the difference between the user and admin is schrinking?”
The shrinking difference is obvious: Because more and more people run servers (intended or accidently) without knowing what they’re doing in fact (“Oh, that’s a shiny server with many options I can click!”), problems may increase. System administration requires knowledge, experience and, of course, time. Nearly every computer needs some kind of administration. Users don’t administrate, they “just use”. Things like automated updates do help here, but that’s just half of the rent. Because people do install computers by theirselves, a solid OS as a basis is needed. To come back on topic, I think PC-BSD is such a system.
“Tell me who is 100% safe on the internet.”
Everyone without Internet.
“Hundred percent secure is an utopia. Security is a process with a awfull lot of facets. Even the most talented security practitioners can become the victim themselves. Thereis little you can do against a 0day and at the same time maintain a satisfiable amount of usability.”
You’re characterizing the situation well. It’s a process, not a state. The more secure is a system by itself, the less opportunities it gives to potential attackers, the more safe a user environment is designed, the better. 100% security cannot be achieved in this way, that’s true, but you can always do something to make the situation better – for you, and so for everyone connected to the Internet.
“Anxiety is good for the sales figures.”
War is, too.
“About time vapourware is been brought more into the spotlight. Especially to expose the good,the bad and the ugly amongst security tools,practices,procedures.”
The “Budenzauber” applications (“shiny firewall imitation”) I mentioned on another topic. Good that most of this crap doesn’t run on PC-BSD.
a solid OS as a basis is needed. To come back on topic, I think PC-BSD is such a system.
Good point. I also agree FreeBSD is a solid foundation to build on. Similar is debian in case of Ubuntu. Although a lot of work still has to be done.
The “Budenzauber” applications (“shiny firewall imitation”) I mentioned on another topic. Good that most of this crap doesn’t run on PC-BSD.
To be frankly i think the firewall GUI in PCBSD is such a “budenzauber”. I would like to see pf blocking all incoming connections by default. Yet tcp{22,445, 139} ports are open. I expected to see all ports to be filtered. Feel free to see it at http://bp3.blogger.com/_1x0XSMJrRwQ/RvjhHgmDLyI/AAAAAAAAAAg/597b1FT…
“To be frankly i think the firewall GUI in PCBSD is such a “budenzauber”. I would like to see pf blocking all incoming connections by default. Yet tcp{22,445, 139} ports are open. I expected to see all ports to be filtered. “
Filtered? No. Closed, please. There’s a RFC (cannot remember which) that requires closed ports to reply with a RST packet if closed, or ACK if open, but replying nothing is not recommended. Instead, having all ports closed for incomming connections (sending RST on request) would be good. If someone needs (!) to enable a certain connection (e. g. to run a web server, a mail server or allow SSH connections), he should be smart enough to do it on his own. As far as I know, OpenBSD has all ports closed by default and needs enabling by the user afterwards, if intended.
SSH functionality enabled by default is not that bad because it cannot be used without knowledge of a valid user account (name + password). Port 139/tcp is “netbios-ssn” and 445/tcp is “microsoft-ds”, what are these needed for? I wondered in PC-BSD versions prior to 1.4…
A frontend to form pf rulesets could be a good idea, allthough I’d like to mention that I’ve formed my few firewall rules many years ago and never needed to change them.
Filtered? No. Closed, please. There’s a RFC (cannot remember which) that requires closed ports to reply with a RST packet if closed, or ACK if open, but replying nothing is not recommended.
I prefer to return instead of doing anything. to prevent portscans before they are actually happening. To prevent information leakage so to speak.
linux kernel source:
# grep -n -A 12 “void.*send_reset” /usr/src/linux/net/ipv4/tcp_ipv4.c
1161:static void tcp_v4_send_reset(struct sk_buff *skb)
1162-{
1163- struct tcphdr *th = skb->h.th;
1164- struct tcphdr rth;
1165- struct ip_reply_arg arg;
1166-
1167- return; // Modification: Never send RST, always return.
1168-
1169- /* Never send a reset in response to a reset. */
1170- if (th->rst)
1171- return;
1172-
1173- if (((struct rtable*)skb->dst)->rt_type != RTN_LOCAL)
While closed is nicer to the connecting party it has the slight drawback that it doesn’t punish the bad guys. Why would someone connect to a random port on your machine anyway? It’s pretty safe to assume that those connections arent coming from people who wishes you well.
As long as you don’t do something amazingly retarded like carpet block ICMP or echo requests you should be fine. People who block echo requests should be beaten.
Probably written back in the day when the Internet wasn’t plagued with botnets and other bad guys. Those days are long gone.
I don’t have a pristine system available but AFAIK identd, daytime and time services are running in the default install.
I dont know about PC-BSD but the default OpenSSH config have password login disabled so you’d have to both know an account name (but everyone knows “root”) and somehow get a public key onto the system for that account before you could log in.
Windows Networking, aka SMB.
Hmmm, I dunno. How complicated ruleset will a workstation need? I’d say a default of passing everything statefully would be just fine. Either you run a service that you want to be public or you run it on loopback or you dont run it at all.
You could do some really neat stuff with pf,tables, anchors and user rules if you wanted though.
Edited 2007-09-26 07:54
Self-correction: tunneled password logins are enabled, it’s login with empty password that is disabled.
“Port 139/tcp is “netbios-ssn” and 445/tcp is “microsoft-ds”, what are these needed for? I wondered in PC-BSD versions prior to 1.4… ”
I’m sure you know, but just for completeness I’ll add that they’re used by Samba to connect to Windows shares.
“I’m sure you know, but just for completeness I’ll add that they’re used by Samba to connect to Windows shares.”
In fact, I assumed it would have something to do with MICROS~1 products, but I really didn’t know, because I don’t use any of them and didn’t come into closer contact with them for more than 10 years now. For things like mount_smbfs they are not needed (tested this once, we had one “Windows” PC in our LAN at work). I don’t know exactly how “Windows” PCs share ressources, so thanks for this information.
“9/10ths of the time, having a GUI to configure a web service is not a good thing.”
yeah, I think 9/10ths of the time doing it with a text editor is not a good thing…. far to convenient and easy a thing to screw up. Sudddenly everyone thinks they can configure a service. I suggest we get rid of all GUI’s and text editors.
Mice really need to go. They enable all kinds of crazyness. Then replace all keyboards with just a zero or one.
Your sarcasm is misplaced. I don’t dispise GUIs, I use a nice modded version of XP for day-to-day work and for 95% of computer usage, graphical tools are good.
But for security critical applications that are based on textual configuration files, abstracting the configuration is A BAD THING. A bit like relying on autopilot for airplanes. It’s ok ONLY as long as you have a fully qualified pilot sitting ready to get his/her hands dirty.
> But for security critical applications that are based on textual
> configuration files, abstracting the configuration is A BAD THING.
But who said “abstracting”? If you have an option in the config file that can be set to either “yes” or “no”, then a check box in a GUI dialog will give you the exact same choice. Result: The user can use a GUI, need not remember the config file syntax, and concentrate on the essential stuff. A lot of configuration files can be treatet this way.
Of course, some configuration formats feel more like scripting languages than simple (declarative) settings, in the sense that they rely on step-by-step interpretation and massive internal state of the interpreter (e.g. local variables, or even sub-procedures). But then, if the application programmer insists on blatantly violating the KISS principle, he/she shouldn’t be doing security-related programming anyway.
“Mice really need to go. They enable all kinds of crazyness. Then replace all keyboards with just a zero or one.”
Do you think about this one?
http://www.myl.ro/forum/sources/Gallery/display.php?t=f&id=247&ext=…
I have been using PC-BSD for almost a year now and really like it. I have been installing and testing the tri-weekly snapshots and it looks good. I do have a couple of comments on my experiences with V1.4 overall.
I installed it on a friends system where he is using my old Linksys WUSB54G wireless adaptor. there is also an internal LAN card on the system. PC-BSD finds both adaptors and once we configured WPA encryption the wireless worked just fine. The only problem was that we had to restart the networking after booting to get it to connect. The developers provided me with a work around to solve the problem. I just had to add the line /etc/rc.d/netif restart in the /etc/rc.local file.
Also, in comes with Compiz installed but not running by default. Your mileage with that may vary, but on my nVidia 6200 card with 128 MB of memory it really chokes on some programs. Compiz rendered Google Earth V4.0 virtually unusable and caused slowdowns in a few other programs I tried. The effects look really great, but not worth the performance hit on my system. (P-IV, 3.0 GH with HT, 2 GB RAM).
If you are going to try it look in the Quick Guide that installs an icon on the desktop, chapter 4, and read up on ports. It is a very good reference on using ports to install software. They also have two PBI’s, their own package system, that put a GUI on ports. They work for most programs, but I have had a bit better luck doing it from a console.
Check out the digicam PBI. It is a really nice program for downloading and editing your digital photos. And while you are at it check out the PBI library. It is not very big, but it does have most of the programs you will need for normal day to day stuff.
All in all I really have been quite happy with PC-BSD. For now it serves as my second system, PowerMac G5 is primary, and I use it quite a bit. They have put a lot of hard work into it and it shows so DL it and give it a try.
“If you are going to try it look in the Quick Guide that installs an icon on the desktop, chapter 4, and read up on ports. It is a very good reference on using ports to install software. They also have two PBI’s, their own package system, that put a GUI on ports. They work for most programs, but I have had a bit better luck doing it from a console.”
Remember the option of using precompiled binary packages (e. g. pkg_add -r xmms). Using ports or packages is not recommended, allthough it’s entirely possible. Sometimes, using the console is much faster and more comfortable than searching and clicking around.
“Check out the digicam PBI. It is a really nice program for downloading and editing your digital photos.”
You’re talking about Digikam, aren’t you?
“And while you are at it check out the PBI library. It is not very big, but it does have most of the programs you will need for normal day to day stuff.”
This is correct. PC-BSD serves the average usual purposes very well. There’s even good multimedia stuff. Most software is KDE-based, but that’s okay as long as you’re a fan of KDE. Everything that’s not in the PBIs can be installed via ports or packages.
“All in all I really have been quite happy with PC-BSD. […] They have put a lot of hard work into it and it shows so DL it and give it a try.”
I’ll surely do, allthough PC-BSD’s hardware requirements seem to be a bit high in order to get a responsive system on my (older) testing hardware, that is mainly because of KDE, I think. Furthermore, I want to see if KDE’s i18n has gotten better. The last time I checked (PC-BSD 1.3), situations with error messages were problematic: Alltough german language has been chosen, error messages have been displayed in english, making the system “unusable” for the average german user, or put into other words: One english word is enough reason to abandon PC-BSD. Examples: ARTS error, kmplayer. I will have a look on it soon.
Re: KDE’s i18n, why don’t you help with the translation instead of complaining about it?
“Re: KDE’s i18n, why don’t you help with the translation instead of complaining about it?”
Because I don’t use KDE. I only get complains about “strange messages” from users who are unable to read and translate english texts. So it’s not me who’s complaining. Allthough german is my native language, I’m using english-only systems (except OpenOffice) for more than 10 years now because I can’t stand the low translation quality (be it KDE or something else). The english descriptions are more direct, furthermore the base OS is english only.
And let’s just assume I file a report with corrections to be made, what would happen? “That’s not important!” or “But I like thiss wordt bettr.” We have a high rate of functional illitracy in Germany, so (except me and a few others), no one would even notice.
I’ll see KDE’s development in regards of german language soon, as soon as I have set up the testing box again. Maybe it has already reached a quality that will fit average needs. I’ll check error messages and kmplayer (pbi) first.
I’ll check error messages and kmplayer (pbi) first.
To be fair, kmplayer is in KDE-extragear. Extragear is a “collection of programs associated with, and part of, the project, but not part of the Distribution for various reasons.” KMplayer in other words isn’t really part of the main KDE bundle. i18n effort is concentrated on apps that are distributed with KDE.
That doesn’t make your issue go away of course. I’m just saying I think you’ll find german i18n very complete in the apps that are part of KDE proper. It seems a great amount of the devs are german speaking after all
“To be fair, kmplayer is in KDE-extragear. Extragear is a “collection of programs associated with, and part of, the project, but not part of the Distribution for various reasons.” KMplayer in other words isn’t really part of the main KDE bundle. i18n effort is concentrated on apps that are distributed with KDE.”
Thank you for this advice. This seems that language settings in PC-BSD do affect KDE applications only. For example, text mode is not able to use Umlauts ("o"aü "O"A"U and ss) and program output is still in english. So the use of “pure KDE applications” is recommended in order to have a unified system language appearing. Your comment does help me a lot to understand more about this KDE-centered BSD.
For example, you could set LC_* environment variables to make all multilanguage capable programs appear in german (de_DE.ISO8859-15); at another point I’ve learned thatt UTF-8 is recommended instead of ISO charsets. I’m curious how these settings will affect “unpure KDE applications”.
But I’ll still check for error messages which should be displayed in german, too.
“That doesn’t make your issue go away of course. I’m just saying I think you’ll find german i18n very complete in the apps that are part of KDE proper. It seems a great amount of the devs are german speaking after all “
German does not equal german, there are many stages of quality: Inn Germanny we, have Newspeak now ass inn, Englisch too so coregt speling to day iss nott a mater off righd or vrong, butt off personnall preverenze. Thiss iss an ekzample off how to day `s Enlish woult loog laik iff itt wass write’n by a Newspeak condishoned Germann.
As I have seen, KDE’s german language quality is not bad, but still not that precise as it could (or should) be. But as I mentioned before, except me and a few other “language fanatics” (this term not an insult – it’s rather the opposite) nobody would notice.
Just one example: In german, the word “fertigstellen” [fertigshtallan] means “to complete” (e. g. an installation process); instead, “fertig stellen” is often (but not always!) used, but it does not mean “to complete”, it means “to stand complete(ly)” or “to adjust complete(ly)”, which is, of course, nonsense.
German language is not as easy as it seems to be. Even for Germans.
Too true. I for one will always spell it “Schiffahrt”. Three f’s in a row? Not for me
“Too true. I for one will always spell it “Schiffahrt”. Three f’s in a row? Not for me “
It’s Schiffahrt still in Switzerland, and they don’t have ss, they use ss everywhere. But Schiffffahrt is almost harmless. Schlussstrich is much better – five (!) consonants in a row. But Newspeak is more: Concatenated is now divided, divided is concatenated. Capitals are lower case, lower case is upper case, punctuation is a pure game of luck, hyphenation takes place where no one assumes it, and many words have been deleted from the language to reduce expressional diversion. In fact, nobody can really newspeak because there are many contradicting dictionaries around. The worst thing: This scientifical nonsense has been tried by the nazis in the 40s once, without success; today, they have their will. But why bother, the Federal Constitutional Court ruled that everyone can spell as he likes (Bundeesverfassungsgericht, 1 BvR 1640/97), this, of course, eliminates any rules for marks in school. People who have to communicate substantial contents still use the unified orthography, grammar, hyphenation and punctuation. But I’m walking off-topick. =^_^=
To come back on topic, KDE’s german language quality is not that bad because it does not comply many the many rules of Newspeak. An arbitrary subset of the ss has been replaced by ss, along with some other nonsense. But as I mentioned before, no one in Germany will really notice. Germans have gotten tired using their native language properly. So I hope there are dictionaries and hyphenation sets available in standard orthograohy (“old”) for KOffice.
Choice by design!
I'm impressed again too see how a structured and professional treatment can give a solid foundation momentum. Ubuntu and now PCBSD. Kudos to all who made the experiences possible.
PCBSD 1.4 screenshot:
netpython.blogspot.com
or: http://bp3.blogger.com/_1x0XSMJrRwQ/RvjUXgmDLxI/AAAAAAAAAAY/qM7IDvk…
Edited 2007-09-25 09:50
I haven’t used anything but Linux for a few years now, so I’m wondering: can I assume that if my ATI Radeon 7500 works fine with X.ORG’s open source drivers on Ubuntu, that the same will be true with PC BSD?
You are correct. The open source driver provided with XORG works fine with ATI, but only for 2D graphics, so don’t expect compiz-fusion to work with an ATI card… at least not yet. Maybe in the future there will be a full featured ATI driver for the *BSD’s since AMD/ATI have plans to release the specs so people can create an open source version of the driver. If all fails you can always use the VESA driver provided by XORG to get a fully functional desktop.
The open source driver provided with XORG works fine with ATI, but only for 2D graphics, so don’t expect compiz-fusion to work with an ATI card… at least not yet.
Actually, the 3D drivers work as well, though AIGLX will be broken. Even then, there are patches which get AIGLX working which should hopefully be incorporated into the upstream DRM code in a little bit.
Adam
I just happened to go over to PC-BSD’s site the day before the news of 1.4 release hit the wires and found that it had been released. So I downloaded it and did an install that night. I have used it for two days.
I must say that this is one of the best looking kde destops that I have ever seen – Da-Vinci.
The install procedure was one of the easiest I have ever used. The only glitch was that I picked K3b to be installed as extra software from the second cd. It seems that K3b is already installed on the main release but also included as an extra option from the second cd. This resulted in two instances of K3b being displayed in the menu. The first instance would work fine but the second one would lock things up.
I had to remove K3b and then reinstall from a pbi and everything was fine.
I am a Slackware type of guy and the BSD’s seem very familiar to me.
My impressions are that this puppy is fast. Nope, no benchmarks. Just the general feel of it is very snappy.
It seems to be faster in execution than Slackware 12 on my machine.
I tried installing some things from ports and had a couple of failures. Nvu was one of them.
From what I have gathered over a couple of day’s is that this is an easy to use very fast and pleasing BSD.
Just use the pbi’s and everything worked perfectly.
Another one to try if you are interested is DesktopBSD.
It is just as fast, and is just as easy to install.
It doesn’t use pbi’s for software install but has a portsnap package manager that is very nice.
I personally prefer DesktopBSD as it is just a little more FreeBSD-ish for my tastes.
All in all I can see the BSD’s as a viable alternative the the Linux distros.
Also, DesktopBSD using ports seems much more “cleaner” than the PBI system.
Did anybody else notice that the website, http://www.pcbsd.org , renders better in IE than Firefox (on Windows)? If you maximize the window, it’s OK, but not when “windowed.”