Kris and Ken attended BSDCan 2015 last week and had an amazing conference. The videos of the conference were just put online within the last couple days, so if you were not able to attend, you might want to take a look!
- BSDCan 2015 Videos from the conference (not all of them were video recorded, but a lot were).
- The video of Ken’s session about Lumina-DE. There is a bit missing at the beginning of the talk, but not too much was missed. The video is fairly dark, but you can also find all of Ken’s slides on SlideShare.
- It does not appear that a video was recorded for Kris’s session about package/jail management, but you can find the summary/paper on the conference website linked above.
- EDIT: There was a video recording of Kris’s session, but it has just not been put up yet. Stay tuned to the BSDCCan playlist to catch it when it gets uploaded. You can also find Kris’s slides from the session here.
At the same time as BSDCan, Joshua Smith attended the SouthEast Linux Fest (SELF) and gave a presentation titled “PC-BSD 10.1.2: Whats New?”.
If you have the opportunity to attend one of these conference in the future I highly recommend going!
PC-BSD 10.1.2 has been released, so we thought we’d talk to project lead, Kris Moore, to see what’s in store!
Q: What new features and improvements are available in PC-BSD 10.1.2?
This quarterly update got a LOT of new features, partly so we would have time to really play with them before the 10.2 release later this summer. Most of them are security and privacy focused, but there are some other neat things as well. In no particular order, these are some of the best ones:
* PersonaCrypt – Our new privacy utility that offers a few cool new features.
In its default mode, it can setup your entire user $HOME directory on a geli-backed external device, such as a fast SSD Flash Stick (Using the 256GB Corsair Flash Voyager GTX here). At the login screen, you will then enter your normal user password, along with a decryption password to mount your home-directory. The GELI key is split in two, so you can “pair” the memory stick with your system, so even if the stick is stolen, and somebody gets the password, it is still worthless without the “paired” system. Another benefit of this technology is that you can bring your work with you when you travel between desktops, or jump from a desktop to laptop. I’m using it now for conferences and being on the road, since all my development work and important data is on my $HOME, meaning I can just unplug and keep working on my laptop without having to keep files in sync.
Another side of PersonaCrypt is something we call “Stealth” mode, which allows you to do a desktop login with a one-time GELI-key encrypted $HOME directory with no personal data. Think of it as privacy mode in a web-browser, but for your entire desktop session. This also plays nicely with the following new feature.
* Tor transparent proxy support
10.1.2 includes an easy way to switch between your normal internet connectivity, and “Tor” mode by clicking a single button on the system tray. In Tor mode, the firewall acts as a transparent proxy, forcing all internet traffic to be routed through the Tor network, including DNS requests. All other traffic which may expose your system on the internet is blocked. This goes a step beyond just running Tor as a browser proxy, since you can’t always trust plugins (cough *flash/java*) and other apps to behave properly.
* 4K Monitor support
While most things already worked with 4K monitors, we did go through our toolchain and fixed a number of scaling bugs, mouse cursors and fonts which needed tweaking to look better “out of box”. I’m currently using an nvidia card with DisplayPort, and running in 4K at 60Hz, and yes my eyes thank me every day.
* Encrypted ZFS replication
Our Life-Preserver utility got an update to support doing backups to an encrypted zpool, using GELI and iSCSI. Both the zpool and GELI are initialized on the client side, so that when doing backups, nothing ever goes “over the wire” that isn’t already encrypted. LP also gives the ability to export the connection settings and GELI key to a password-protected GELI file, which means I don’t have to copy the plaintext key to another system for importing the pool / recovery. It also can be used by the install media to do a “bare-metal” restore from a backup, which is handy if your system dies badly. I’m currently using this feature to backup my PersonaCrypt home-directory.
LP was also updated to now do per-dataset replication, allowing us to do recursive replication with excludes, and preparing us for resumable ZFS send/recv in the near future.
* Media Center Support
Our installer now provides support to install Kodi or PlexHomeTheater. Along with the automatic update feature, it makes PC-BSD great for the 10ft experience. My evil plan going forward is to add Steam Big Picture mode to this list, possibly for 11.
* LibreSSL / OpenNTPD
We switched all our ports to now using LibreSSL instead of OpenSSL, along with moving from NTP -> OpenNTPD. This is done in response to there being so many PR’s against this two particular pieces of code, hopefully reducing the number of PR’s we are vulnerable to.
* AppCafe web-interface
The new AppCafe web-interface is now live, allowing remote management of PBI/pkg, and basic jail support. This means you can run a PC-BSD/TrueOS box headless, and manage your Applications, Jails, and Updates all via web-browser or mobile device. This is our first release of the web-based system, and we already have plans on adding more features to it, in particular to jail management and support for 3rd party repositories in
* IPFW Firewall
We’ve also switched our default firewall from PF over to IPFW, with the plan of enabling VIMAGE for 10.2 later this year. Once we ship with VIMAGE enabled, we will then be doing some planned updates to the Warden networking support.
Q: What feature(s) do you think will have the biggest impact for users?
Personally I think PersonaCrypt is just the coolest. Since I travel a bit, it is really nice to be able to bring my entire home development environment and workstation with me. I can actually shut the machine off at home now since all my files and work comes with me. I can also see how that would be helpful for those who alternate between home and office, not needing to lug around a laptop to work from home.
From a marketing perspective though, we are hearing from a lot of dis-enfranchised Linux users. Over things like ShellShock, Heartbleed, SystemD and the like. While Tor mode isn’t for everybody, that coupled with LibreSSL, PersonaCrypt and the like helps demonstrate that PC-BSD is very security conscious, making some of the best security and privacy technology more user-friendly.
Q: Did any of these features pose a particular challenge?
Switching over to LibreSSL was quite a challenge, I worked with Bernard Spil (Whom should be getting a port-commit bit soon), to find and fix lots of packages that still used really old and vulnerable OpenSSL functionality. It was really eye-opening, and I think proves the point why we should somewhat frequently “cull” the old and obsolete code, because you never know what is still lurking around that uses it.
Q: What features do you plan on tackling next?
For 10.2 we will be working on getting VIMAGE enabled and better supported by Warden. Along with that will be updates to the AppCafe for more jail functionality, and beefing up the number of PBIs in our tree which have configuration UIs. I also plan on doing some infrastructure work, so that we can do more frequent builds of packages for -CURRENT and EDGE users, along with other architectures down the road.
Q: What does the upgrade path to 10.1.2 look like?
Upgrading from 10.1.1 is pretty easy. Our new updater went into the previous release, and it allows doing a “background” update of all your packages to the 10.1.2 set. Basically a new boot-environment is created, and fresh 10.1.2 packages are installed into it via a chroot. This means you can keep working throughout the update, and when its done you only have to reboot to get into the new BE and be on 10.1.2 with the new features.
With the amount of changes to the Lumina desktop environment and the increasing number of questions/comments we are receiving, I thought it would be a good time to post a status report about it and answer many of the commonly asked questions.
As always, please post any bug reports or feature requests on the PC-BSD Bug tracker.
If you wish to get involved in the development of the Lumina Desktop Environment, you can find the source code in our repository on GitHub.
Lumina Desktop FAQ/Status Update:
What is the Lumina Desktop Environment?
- The Lumina Desktop Environment (sometimes referred to as Lumina-DE or just Lumina) is a BSD-licensed, FreeDesktop-compliant graphical interface for a desktop operating system.
- It has been written from scratch in C++/Qt5 (it is not based on any existing DE code-base). It uses Fluxbox for the window management in the background and xscreensaver for screensaver/screenlocking functionality. The only other runtime dependencies are a couple of small X11 utilities (xnumlock, xbrightness, xterm, xrandr).
- This results in a very lightweight, very smooth desktop experience with minimal system overhead.
What is the current development status?
- While the current version (0.8.4) is still considered to be “Beta” quality, that is primarily because there are still a couple external utilities which have not had in-house replacements written yet (Fluxbox and xscreensaver primarily).
- In its current state it is very stable and completely usable on a daily basis for both developers and non-developers alike.
- The only caveat for its “beta” status is that since there are some backend systems which are still in major development, we reserve the right to break a user’s customized settings during the transition to these new systems (the window manager and screensaver settings are where I anticipate this happening once the replacement systems are in place). However, we already have a good track record of backwards compatibility with older settings formats, and will continue to work on ensuring a smooth transition between different versions of the desktop (even during heavy development/backend changes).
What are some of the features of Lumina?
- Restore files from ZFS snapshots directly through the Insight file manager (lumina-fm).
- View picture slideshows or play multimedia files through the Insight file manager.
- Completely configurable – the interface is designed around a plugin-based mentality where everything you see/use is a compiled-in plugin (ensuring that every plugin is guaranteed to work). This means that you can create an interface custom-tailored to your specific needs.
- Easy-to-use configuration utility (lumina-config). This single utility controls all the different configuration options for the desktop in one simple location.
- Total system search capabilities through the lumina-search utility (without having a daemon eating memory in the background).
- Screenshot functionality through the lumina-screenshot utility (also tied to the “print screen” key by default).
- Multi-monitor support through xrandr (every monitor is treated as a distinct screen, with it’s own background, interface, etc..). Lumina also provides a graphical utility for adding/removing monitors from within the Lumina session (lumina-xconfig).
- Simple system controls through the “System Dashboard” for things like audio volume, screen brightness, battery status/notifications, and workspace switching.
- Easily select which application to use when opening a file and set that as the default for the next time. If you happen to remove that default application, it will automatically re-open the application selection dialog the next time you open that type of file again. This utility (lumina-open) is also tied into the commonly used xdg-open utility so that 3rd party applications will automatically use this utility for opening files outside of the application scope.
How is it different from other desktop environments?
- Designed on PC-BSD, specifically for the BSD community at large (although it is easily ported to any OS, including Linux distros).
- Does not require any of the commonly-used desktop implementation frameworks (DBUS, policykit, consolekit, systemd, HALD, etc..).
- Does not come bundled with any “end-user” applications (web browsers, email clients, multimedia software, office suites, etc..). The only utilities that Lumina brings to the table by default are the ones written specifically for the project and are generally for background/utilitarian functionality (the largest utility is the file manager).
- Simple text-based configuration file for setting system-wide defaults for new users. This allows distributors of the desktop to easily pre-set the system defaults/interface so it just works for the end user.
- Plugin-based interface design. This allows the user to make the desktop as light/heavy as desired (within reason) simply by choosing which plugins to have running on their desktop/panels.
Are there any PC-BSD specific features?
- Hardware-level screen brightness control (sysctl control through pc-sysconfig on PC-BSD 10.1.2+).
- Links to the PC-BSD Control Panel and AppCafe are embedded directly into the Lumina interface for system control/modifications.
- Detects when system updates are in progress and prevents the user from shutting down the system until that is complete (you can log out of Lumina and then shutdown the computer from the PCDM login manager if absolutely necessary) .
- Designed to work hand-in-hand with the PC-BSD utilities (mounttray, AppCafe, Life Preserver, etc.) preventing conflicts between DE and OS utilities.
Is it available for any other operating systems?
- There are currently source files in the project for building/using Lumina on: FreeBSD/PC-BSD, OpenBSD, DragonFlyBSD, kFreeBSD, Debian, and generic “Linux” distributions.
- Please contact the package management/distribution team for your particular OS to determine the availability of pre-compiled packages.
What does it look like?
- Due to the flexibility of the interface design and the ease with which the themes may be customized, the Lumina desktop can take many various forms. Here are a just a few of the variations that I have assembled on my system:
- As we continue to create more plugins with every new version of Lumina, the variability of the interface just continues to grow. If you have a particular plugin/feature that you would like, please post a feature request on the PC-BSD bug tracker!
What plugins are currently available (as of version 0.8.4)?
- Panel Plugins: AppLauncher, AppMenu, BatteryMonitor, Clock, DesktopBar, DesktopSwitcher, HomeButton, Spacer, SystemDashboard, SystemTray, TaskManager(with or without grouping), UserButton.
- Desktop Plugins: AppLauncher, AudioPlayer, Calendar, DesktopView, Notepad
- Menu Plugins: AppLauncher, AppMenu, LineBreak, OpenTerminal, OpenFileManager, SettingsMenu, WindowList
- More plugins are being created all the time!
What is being worked on right now?
- Right now, we are mainly focused on expanding the scope of the desktop through creation of new plugins and enhancement of the existing plugins.
- The next “big” change planned is the move to a new window manager which is in the process of being written right now. This change will correspond with version 0.9.0.
- We are also working on tweaking the default themes and colors right now, and are looking into adding new themes & color schemes “out of box” for people to be able to simple select and use.
A new window manager? Is something wrong with Fluxbox?
- Fluxbox is a great WM, and the Lumina project will be still be using it for quite some time yet while the replacement is being written. The main reason a new WM is planned is for better integration with the Lumina desktop in the following areas:
- Interface/font scaling
- Keyboard shortcuts (particularly with using the default application registrations in Lumina)
- Addition of WM “modes” for use on various types of devices.
- Allow compositing between windows (for better transparency effects)
- Uniform Theme/Appearance
- In addition, having a custom WM specifically for Lumina allows us to be able to combine the functionality of a few common background daemons into a single utility (since at their core they all revolve around responding to particular base system events).
- Window Manager (ICCCM/EWMH events)
- Screensaver/Screen Locker (All Input Events – transparent watcher)
- Keyboard shortcuts (Keyboard Input Events)
- Application message logger/viewer (some EWMH events – transparent watcher)
- Power management (system events through devd/HALD/other)
- Having all these systems within the same utility allows us to be able to create a much tighter level of inter-functionality between them. For a few quick examples:
- Temporarily disable the screensaver while a window is full-screen (such as when watching a video)
- While the screen is locked, prevent the window manager from showing any new windows on the screen and stop all keyboard shortcut handling (preventing possible security issues), while still allowing some notifications and background procedures.
- Enable different levels of power management while the screen is locked or the screensaver is active.
- This is a fairly massive undertaking, so I want to re-iterate that I expect it to be quite some time until this new window manager is ready for use and we will continue to use Fluxbox in the meantime. The Lumina desktop will remain within the 0.8.x series of version numbers while this new utility is in development.
How can I get involved?
- If you are a C++/Qt developer, there are tons of areas where you could contribute! Some of them are: finding/fixing bugs, writing new interface plugins, adding functionality to existing plugins, and more!
- If you are a CSS developer, then you might be interested in making new themes for Lumina (using QSS: it is very similar to CSS but specifically for Qt applications/widgets). These themes can be created/modified directly within the Lumina configuration utility, and also provides an easy way to directly implement the user’s current color scheme. Once you have a theme put together that you like, you can just send us that file (located in ~/.lumina/themes) and we can get that included with any future versions of the desktop.
- If you want to create new color schemes, you can do so via the Lumina configuration utility. Once you have one that you like, just send in that file (located in ~/.lumina/colors) and we can get that included with any future versions of the desktop.
- If you found a bug or have an idea for a cool new feature, you can post bug reports or feature requests on the PC-BSD bug tracker!
How can I contact the developer(s) with questions/comments/snide remarks?
- IRC: The #Lumina-DE or #pcbsd channels on Freenode
- Mailing List: The PC-BSD “testing” mailing list
- GitHub: Post an issue on the Lumina source repository or directly contact me
A minor hotfix update to the 10.1.2 ISO’s has been released today. This includes fixes to advanced installation using raidz, cache and log devices, as well as a fix to the text-installer when booted in UEFI mode. Users who have already installed 10.1.2 will not need to download, and can instead online-update to install any fixes.
The PC-BSD team is pleased to announce the availability of the next PC-BSD / TrueOS quarterly release, 10.1.2.
PC-BSD 10.1.2 Notable Changes:
- New PersonaCrypt Utility
- Allows moving all of users $HOME directory to an encrypted USB Drive. This drive can be connected at login, and used across different systems
- Stealth Mode – Allows login to a blank $HOME directory, which is encrypted with a one-time GELI key. This $HOME directory is then discarded at logout, or rendered unreadable after a reboot
- Tor mode – Switch firewall to running transparent proxy, blocking all traffic except what is routed through Tor.
- Migrated to IPFW firewall for enabling VIMAGE in 10.2
- Added sound configuration via the first boot utility
- Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media
- New HTML handbook, updated via normal package updates
- Media Center support allowing direct login to Kodi and PlexHomeTheater for the 10ft user experience
- Switch to new AppCafe interface, with remote support via web-browser
- Improvements to Online Updater, along with GRUB nested menus for Boot-Environments
- Migrate all ports to using LibreSSL instead of OpenSSL
- Switch from NTPD to OpenNTPD
- Lumina desktop 0.8.4
- Chromium 42.0.2311.135
- Firefox 38.0
- NVIDIA Driver 346.47
- Pkg 1.5.2
Users currently running the 10.1.1 release can now apply the updates via their Update Manager utility. Users running TrueOS or CLI can start the update with the following command:
# pc-updatemanager pkgupdate
10.1.2 DVD/USB media can be downloaded from the following URL via HTTP or Torrent. http://www.pcbsd.org/en/download.html
Found a bug in 10.1.2? Please report it (with as much detail as possible) to our bugs database. https://bugs.pcbsd.org
The PC-BSD project is pleased to announce the availability of our 11.0-CURRENTMAY2015 images.
WARNING: These images are considered “bleeding-edge” and should be treated as such.
The DVD/USB ISO files can now be downloaded from this URL.
We hope to continue rolling these -CURRENT images as a way for testers and developers to tryout both FreeBSD and PC-BSD bleeding edge features, often months before a planned release. These images include a full PKG repository compiled for that months image. Users of this system will also be able to “upgrade” when the next monthly image is published.
This is a great way to test features and report bugs well before the release cycle begins for the next major .0 release.
For bugs in PC-BSD, please report to https://bugs.pcbsd.org.
For FreeBSD / Port / Kernel / World bugs, please report to https://bugs.freebsd.org/bugzilla/enter_bug.cgi.
Updating from 10.1-RELEASE
There was a bug we found in freebsd-update when upgrading from 10.1-RELEASE to 11.0.
This has been fixed in 10.1-RELEASE-p21 (Check the output of freebsd-version), please update to it before attempting to change branch to 11.0.
Once you have the -p21 fix, run the following to “upgrade” your system to 11.0-CURRENTMAY2015svn282515
# pc-updatemanager chbranch 11.0-CURRENTMAY2015svn282515
This process will take a while, downloading new packages / world / kernel for the system. When done you can reboot, and the updater will finish up the update process.