A look at the upcoming features for 10.1.2

If you’ve been an EDGE user in the past few weeks, or following our Roadmap items for the upcoming 10.1.2 release, you may have noticed a number of new security and privacy related items. I wanted to take a moment to clarify what some of these new features are and what they will do.


— PersonaCrypt —

The first of the new features is a new CLI utility called personacrypt. This command will allow the creation and usage of a GELI backed encrypted external media for your users $HOME directory. We are using it internally to keep our user profiles on USB 3.0 – 256GB hybrid SSD / flash memory stick (Coarsair flash Voyager GTX specifically). This is tied into the PCDM login manager, and user manager, so when you create a new user account, you can opt to keep all your personal data on any external device. The device is formatted with GPT / GELI / ZFS, and is decrypted at login via the GUI, after entering your encryption key, along with the normal user password.

Additionally, the personacrypt command uses GELI’s ability to split the key into two parts. One being your passphrase, and the other being a key stored on disk. Without both of these parts, the media cannot be decrypted. This means if somebody steals the key and manages to get your password, it is still worthless without the system it was “paired” with. PersonaCrypt will also allow exporting / importing this key data, so you can “pair” the key with other systems.

— Tor Mode —

We’ve added a new ability to the System Updater Tray, so you can with a single-click, toggle between running in Tor mode, and regular “Open” mode. This switch to Tor mode, will do the following:

1. Launch the Tor daemon, and connect to the Tor network
2. Re-write all the IPFW rules, blocking all outgoing / incoming traffic, except for traffic to and from the Tor daemon
3. Re-route all DNS / TCP requests through Tor using its transparent proxy support

This allows applications on the system to now connect to the internet through Tor, without needing explicit SOCKS proxy support.

Obviously this alone isn’t enough to keep your identity safe on the Internet. We highly recommend that you read through their excellent FAQ and wiki articles on the subject.

— Stealth Mode —

One of the features we just added to personacrypt is something we are calling “stealth” mode. It is integrated into PCDM, and does the following:

During the login, if stealth mode is selected, the users $HOME directory will be mounted with a GELI backed ZVOL with GELI’s onetime key encryption. This $HOME directory is setup with the default /usr/share/skel data, and is pretty much a “blank” slate, allowing you to login, and run apps as if on a fresh system each time. At logout the dataset is destroyed, or should the system be rebooted, the onetime key is lost, rendering the data useless. Think of it as a web browser’s “private” mode, except for your entire desktop session.

— LibreSSL —

We’ve made the switchover to convert our ports to use LibreSSL by default instead of the base systems OpenSSL. (Thanks to Bernard Spil for his work on this). Our hope is that LibreSSL will help make the system security better, and reduce the number of OpenSSL exploits that our packages may be vulnerable to.

— Encrypted Backups —

The Life-Preserver utility has had the ability for a while now to replicate your system to another box running FreeBSD, such as FreeNAS. This backup is done via ZFS send/recv using SSH, but the data on the remote end was stored un-encrypted and could be read by whomever was administrating the remote box. To provide an extra measure of security to backups, we are in the process of adding support for fully-encrypted backups, using GELI backed iSCSI volumes. This allows us to use ZFS send/recv over the wire, with all the data leaving the box already being encrypted via GELI. Your data on the remote side is fully-encrypted, and only accessibly with the key file you have stored on the client side. This is still in active development and should show up in the EDGE repo in the upcoming weeks, along with some additional details on usage.



We hope you’ve enjoyed this sneak-peek of whats happening with PC-BSD development right now. As always, we love people to test these features in our EDGE repo, and let us know of issues via our bug tracker:

Share This Post:
  • Digg
  • Facebook
  • Twitter
  • email
  • LinkedIn
  • Slashdot

Written by Kris Moore. Posted in 10.1, new features

Trackback from your site.

Comments (26)

  • sg1efc
    March 4, 2015 at 9:16 am |

    These new security and privacy items are really cool. Thanks a lot Kris, Bernard Spil and everyone else. 🙂

  • sean
    March 4, 2015 at 11:17 am |


    Really great features added! Now we’ll just have to wait for freebsd to support graphics on my intel NUC.

    Are you (Kris) or anyone else concerned about the read/writes with USB drives? The one referenced is very expensive but it has very high read/write rates.

    I’m partly thinking about the USB drive an SSD drive in some external case.

    Any suggestions?


  • Zetta
    March 4, 2015 at 1:54 pm |

    This is fantastic. We need more people like you guys being proactive in helping users keep their privacy/secure their data.

    Big thumbs up!!

  • […] Si deseas conocer todos los detalles al respecto, deberás remitirte al blog oficial de PC-BSD […]

  • Toby
    March 4, 2015 at 6:39 pm |

    These are fantastic features. Really, really exciting & totally unique when compared to the constant stream of bland & buggy Linux distro respins. PC-BSD is the only OS that gets me hyped about *nix on the desktop anymore. Can’t wait to try out the new release. Keep up the great work.

  • Zoltán Hegedüs
    March 5, 2015 at 1:38 am |

    How can I find the release schedule/roadmap? I am interested in the release date of 10.1.2, 10.2.0, 10.2.1, 11.0.0, 11.0.1. Thank you.

  • Geoff
    March 5, 2015 at 1:48 am |

    Great work guys, I’ve liked PC-BSD from the start and it just keeps getting better. I’m especially impressed with the most recent versions and these new privacy features are sure to be well received. It’s also great to see PC-BSD getting more coverage on news sites like phoronix. Great work and thanks!

  • diego
    March 5, 2015 at 11:20 am |

    support for OpenOffice, please!

    • Ken Moore
      March 5, 2015 at 12:06 pm |

      diego » Both OpenOffice and LibreOffice are available in the AppCafe (as well as other office applications/suites). Just install and use the one you like.

  • Lyam
    March 5, 2015 at 2:31 pm |

    Wow, I’m really liking these features that you guys keep coming out with!

  • ivosevb
    March 6, 2015 at 10:02 pm |

    brilliant. great features.

  • rcd
    March 7, 2015 at 9:01 am |

    I saw great potential in this distribution of BSD since I started using Isotope in 2010. It only kept multiplying release after release. This release will be exponential. I commend the your efforts guys!

  • Todd
    March 9, 2015 at 9:40 pm |

    Thanks all givings! Tor is needed indeed, anytime!
    You guys have a gift, present from UNIX-like OS. pcBSD hold it smartly.
    There are so many things charming, but also some noises in GUI and Application. Desktop can be reconfigured, so we have a lot of work with many various items.
    Here now, GUI is unfrendly for aimming to, because more much bolder aspect of icons & borders & buttons seated there, more space occupied and no way to reduce (Hide,Resize,Collapse&Combine), the MenuBar could married with LocationBar? HotKey instead of Buttons?

    More reduced, More powerful — That’s UNIX/GNU Linux.
    More customized, More sparkle —It should be GUI for UNIX/GNU Linux.
    Preferences is like a DOOR — You have a ROOM(Max Window & Min Dashboard) with EVERTHING while it closed. Is this a REASON of ChromeOS/FirefoxOS launching? I think so.

    For Aplications,NetworkTools items(Ping,Tracert…) tablized vertically, and perhaps be next to ipfw in a united GUI …
    It seems that MS-Windows take off PC world, so pcBSD should take it over via NTFS-autoMount-default, I wish.

  • […] Detail fitur bisa dilihat di laman blog PC-BSD. […]

  • cship
    March 14, 2015 at 2:50 am |

    It would be nice to have “proxy mode” in lieu of, or along side “tor mode,” to extend the described “tor mode” functionality to OpenVPN too.

    Tor is a useful proxy but it is unusable for many applications and OpenVPN is able to fill those gaps for me. I use OpenVPN daily and tor much less frequently.

  • Jon
    March 16, 2015 at 3:45 pm |

    When is 10.1.2 being released? Sounds really cool. Want to try it out.


  • tymat
    March 16, 2015 at 5:59 pm |

    No support for ASLR yet?

  • Harald Arnesen
    March 24, 2015 at 8:33 am |

    Suspend-to-ram and hibernate-to-disk – and I will install it on my laptops.

  • A Japanese
    March 30, 2015 at 11:52 pm |

    Please fix a problem of Japanese input.

  • William R Blankley
    April 21, 2015 at 9:04 am |

    having been forced back to win7 for the third or forth time in four months i hope this works.before you ask: it got in via firefox and trashed the BIOS and pc-bsd. then the fallback was no good, just stopped after the date, on a cursor, when booting.

    this is a minor inconvenience: but a foul chore!

    love the look and feel of BSD and want to keep it.
    so, it is now to big to download before the day of judgement: have to buy a disk when available as your upgrade is (expletive deleted)!


Leave a comment


Please leave these two fields as-is:

Help the Project, Donate Today!