May
28

PC-BSD 10.1.2: an Interview with Kris Moore

PC-BSD 10.1.2 has been released, so we thought we’d talk to project lead, Kris Moore, to see what’s in store!

Q: What new features and improvements are available in PC-BSD 10.1.2?

This quarterly update got a LOT of new features, partly so we would have time to really play with them before the 10.2 release later this summer.  Most of them are security and privacy focused, but there are some other neat things as well.  In no particular order, these are some of the best ones:

* PersonaCrypt – Our new privacy utility that offers a few cool new features.

In its default mode, it can setup your entire user $HOME directory on a geli-backed external device, such as a fast SSD Flash Stick (Using the 256GB Corsair Flash Voyager GTX here). At the login screen, you will then enter your normal user password, along with a decryption password to mount your home-directory. The GELI key is split in two, so you can “pair” the memory stick with your system, so even if the stick is stolen, and somebody gets the password, it is still worthless without the “paired” system. Another benefit of this technology is that you can bring your work with you when you travel between desktops, or jump from a desktop to laptop. I’m using it now for conferences and being on the road, since all my development work and important data is on my $HOME, meaning I can just unplug and keep working on my laptop without  having to keep files in sync.

Another side of PersonaCrypt is something we call “Stealth” mode, which allows you to do a desktop login with a one-time GELI-key encrypted $HOME directory with no personal data. Think of it as privacy mode  in a web-browser, but for your entire desktop session. This also plays nicely with the following new feature.

* Tor transparent proxy support

10.1.2 includes an easy way to switch between your normal internet connectivity, and “Tor” mode by clicking a single button on the system tray. In Tor mode, the firewall acts as a transparent proxy, forcing all internet traffic to be routed through the Tor network, including DNS requests. All other traffic which may expose your system on the internet is blocked. This goes a step beyond just running Tor as a browser proxy, since you can’t always trust plugins (cough *flash/java*) and other apps to behave properly.

* 4K Monitor support

While most things already worked with 4K monitors, we did go through our toolchain and fixed a number of scaling bugs, mouse cursors and fonts which needed tweaking to look better “out of box”. I’m currently using an nvidia card with DisplayPort, and running in 4K at 60Hz, and yes my eyes thank me every day.

* Encrypted ZFS replication

Our Life-Preserver utility got an update to support doing backups to an encrypted zpool, using GELI and iSCSI. Both the zpool and GELI are initialized on the client side, so that when doing backups, nothing ever goes “over the wire” that isn’t already encrypted. LP also gives the ability to export the connection settings and GELI key to a password-protected GELI file, which means I don’t have to copy the plaintext key to another system for importing the pool / recovery. It also can be used by the install media to do a “bare-metal” restore from a backup, which is handy if your system dies badly. I’m currently using this feature to backup my PersonaCrypt home-directory.

LP was also updated to now do per-dataset replication, allowing us to do recursive replication with excludes, and preparing us for resumable ZFS send/recv in the near future.

* Media Center Support

Our installer now provides support to install Kodi or PlexHomeTheater.  Along with the automatic update feature, it makes PC-BSD great for the 10ft experience. My evil plan going forward is to add Steam Big Picture mode to this list, possibly for 11.

* LibreSSL / OpenNTPD

We switched all our ports to now using LibreSSL instead of OpenSSL, along with moving from NTP -> OpenNTPD. This is done in response to there being so many PR’s against this two particular pieces of code, hopefully reducing the number of PR’s we are vulnerable to.

* AppCafe web-interface

The new AppCafe web-interface is now live, allowing remote management of PBI/pkg, and basic jail support. This means you can run a  PC-BSD/TrueOS box headless, and manage your Applications, Jails, and Updates all via web-browser or mobile device. This is our first release of the web-based system, and we already have plans on adding more features to it, in particular to jail management and support for 3rd party repositories in
jails.

* IPFW Firewall

We’ve also switched our default firewall from PF over to IPFW, with the plan of enabling VIMAGE for 10.2 later this year. Once we ship with VIMAGE enabled, we will then be doing some planned updates to the Warden networking support.

Q: What feature(s) do you think will have the biggest impact for users?

Personally I think PersonaCrypt is just the coolest. Since I travel a bit, it is really nice to be able to bring my entire home development environment and workstation with me. I can actually shut the machine off at home now since all my files and work comes with me.  I can also see how that would be helpful for those who alternate between home and office, not needing to lug around a laptop to work from home.

From a marketing perspective though, we are hearing from a lot of dis-enfranchised Linux users. Over things like ShellShock, Heartbleed, SystemD and the like. While Tor mode isn’t for everybody, that coupled with LibreSSL, PersonaCrypt and the like helps demonstrate that PC-BSD is very security conscious, making some of the best security and privacy technology more user-friendly.

Q:  Did any of these features pose a particular challenge?

Switching over to LibreSSL was quite a challenge, I worked with  Bernard Spil (Whom should be getting a port-commit bit soon), to find and fix lots of packages that still used really old and vulnerable OpenSSL functionality. It was really eye-opening, and I think proves the point why we should somewhat frequently “cull” the old and obsolete code, because you never know what is still lurking around that uses it.

Q: What features do you plan on tackling next?

For 10.2 we will be working on getting VIMAGE enabled and better supported by Warden. Along with that will be updates to the AppCafe for more jail functionality, and beefing up the number of PBIs in our tree which have configuration UIs. I also plan on doing some infrastructure work, so that we can do more frequent builds of packages for -CURRENT and EDGE users, along with other architectures down the road.

Q: What does the upgrade path to 10.1.2 look like?

Upgrading from 10.1.1 is pretty easy. Our new updater went into the previous release, and it allows doing a “background” update of all your packages to the 10.1.2 set. Basically a new boot-environment is created, and fresh 10.1.2 packages are installed into it via a chroot. This means you can keep working throughout the update, and when its done you only have to reboot to get into the new BE and be on 10.1.2 with the new features.

Share This Post:
  • Digg
  • Facebook
  • Twitter
  • email
  • LinkedIn
  • Slashdot

Written by Mark VonFange. Posted in Uncategorized

Trackback from your site.

Comments (10)

  • May 28, 2015 at 10:16 pm |

    Thank you guys. I have just installed PCBSD 10.1.2.
    You made my day!!!

  • […] PC-BSD 10.1.2: an Interview with Kris Moore. […]

  • Nom
    May 30, 2015 at 11:23 am |

    The picture link is broken, seems to be pointing to some local staff domain for iXsystems.

  • AJIT BAKRE
    May 31, 2015 at 1:26 am |

    Hi Kris Moore,
    You are great. Simply great. I am running PC-BSD – 10.1.2 on assembled system having only 3.0 gb DDR2 RAM with installation on 40 GB HDD – Slave.
    My master contains 160 GB devided in to two partitions. One having Windows 8.1 and the another is Deepin Linux.
    Initially, after first install it was not getting proper resolution and hence all images were bigger. In fact it did not recognized my NVIDI card of 512 MB. But to reset to higher resolution I did following:
    1. su
    passwd
    in root prompt
    I entered beadm create ajit (openindiana command)
    boot environment ‘ajit’ is created successfully.
    beadm activate ajit
    ajit activated successfully.
    Then I changed my be to ‘ajit’
    Then It showed desktop configuration.
    It recognized my NVIDIA graphic card.
    Well one more thing. Before doing so, I also installed NVIDIA graphic card driver from the APPCAFE.
    Now in next comment I shall tell you the difference between PC-BSD 10.1.1 and 10.1.2
    Congratulations to all the developers of PC-BSD over there. Keep on doing good work and enjoy what you do.

    Regards to all

    Ajit

  • William R Blankley
    May 31, 2015 at 8:34 am |

    linux migration
    i was drawn to pcbsd before all the fuss. in my seventy years of playing radio i find that the problem is a “power grab” when the project is coming to a successful conclusion. the linux community do not realise the danger.

    upgrades and changes
    not before time. i have had at least two computer-quakes mag. 12 here. all i can say is that pc-bsd remains a plaything and all the serious ham-hobby work is done utilising win 7. if asked, i would have to say that i have found the system neither stable nor reliable for my narrow purpose.

    pcbsd 11

    tried to install this but my FX3800 nvidia card is not supported any more. this on the principle that it is better to have a useful crash that will help development than wait to be sunk without trace by the current, stable? issue.

    Apologies for the tone of this post but i am, in fact, a chicken and chickens can’t cry but i have started to “feather pluck”.

    william

  • May 31, 2015 at 11:23 pm |

    Hi all,
    In linuxes, and in perticular unixes, there is separate HCL which is called hardware compatibility test that shows what hardware is compatible with the perticular operating system.
    Please keep in mind the more developer and the more user community for a perticular OS, the more support it gets OR else
    if should have commercial backing.
    In case of Linux, there are more than 100 distros at the moment and all have their own developer community alongh with free lancers who are contributing.
    However, in case of BSD, the situation is different. But REMEMBER, when anything is developed in BSD, it is rock solid.
    See the burning example of IOS, Apple OS
    And another OS used by very few but rock solid is SOLARIS AND ITS DISTROS MAINLY Solaris 11, Openindiana, Opensxce, Tribblix, these are all evolving and developing.
    If you happen to look in to their code, you will come to know that it has got 99% less error than the windows programming code.
    So all my PC-BSD critics, please be patient and observe the development.
    I also request the PC-BSD developers to take it easy and test and retest your release before declaring it for production use.
    Also please get the data regarding the users who are using PC-BSD at commercial scale and the support provided to them. Please provide actual data if possible.
    However, I am an amateur who is a life science professional turning to OS observations.

    Best of luck.

  • AJIT
    June 1, 2015 at 11:27 pm |

    After installing the GNOME and GNOME classic my KDE is disappeared. Even i tried to install it through APPCAFE, but still it is not displayed and I cannot log in to KDE.
    GNOME and CLASSIC GNOME is working fine. Using around 600 MB of RAM, where as KDE is using more than 1.0 gb of RAM.
    But where is KDE?? Can any one help me???

  • June 12, 2015 at 1:15 pm |

    Well, I installed PC-BSD 10.0. Considering I am not a gee nor a bugs follower, it worked fine (in a GateWay N507e Laptop, with 04 GB RAM).

    I could not install WINE.

    I could not find a full fledged tool to deal with the ZFS partition (nat even GParted and the like).

    So, for a newcommer from Windows XP/7, WINE should be a must (have). And beeing new to ZFS, I can accept ZFS to take the whole HD (512 GB).

    That is why I had to leave it. Sorry for me.

  • Robert Burmeister
    August 21, 2015 at 10:41 pm |

    I recently installed PC-BSD 10.1.2 on a new system; now the Update Manager is cycling and getting stuck due to Bug #7231 “Updating the base system via freebsd-update fails”.

    Is there an upgrade path to 10.2?

Leave a comment

*

Please leave these two fields as-is:

Help the Project, Donate Today!