Geek Style

Keeping accurate time on a host (either a server or a workstation) is important because:

1- You need to know accurately when you should go for lunch or back home
2- You need accurate time in your event log files for further analysis
3- Many programs need to have the correct date and time to function (e.g. MTA)
4- You need correct timestamps on your files

Given above facts, you will need to enable NTP on your hosts and keep your system clock in sync with public time servers.

First you should make sure that your timezone setting is correct. The latest timezone information can be updated by installing “zoneinfo” port from /usr/ports/misc/zoneinfo:


# cd /usr/ports/misc/zoneinfo/
# make install clean


and run tzsetup(8) to make sure you have selected the correct timezone.

Now, to enable automatic time sync during system startup, you need to add a few lines to your /etc/rc.conf file:

ntpdate_enable="YES"
ntpdate_flags="-b pool.ntp.org"


This will make your system to sync the clock upon startup. I use NTP pool at “pool.ntp.org” that suggests a NTP server from a large pool of available time servers. However you may use your favorite/local NTP server.

You can also synchronize your time manually by invoking ntpdate(8) from command line, passing an NTP server address to it:

# ntpdate time.nist.gov


So after a while, I finally managed to launch a website for my book, “Network Administration with FreeBSD 7“. The new website is actually a blog and I would cross-post the topics related to the book on both websites.

I would really appreciate your feedbacks on the current book and suggestions for future editions.

Network Administration with FreeBSD 7 is the book that I have been working on for past year. And now it is published by Packt and is available for purchase from various bookstores.

This book is something that I have been looking for since I started with FreeBSD back in 1997. I needed a practical book with working examples of how to optimize my FreeBSD installations for various types of applications. And I never found that book, until I recently decided to write one.

“Network Administration with FreeBSD 7” is unique in several ways:

• I tried to cover the exciting new features and improvements introduced in FreeBSD 7
• It is full of tips and tricks on how to optimize your installation from optimizing disk I/O, network, virtual memory, etc.
• It covers IPv4 and IPv6 configuration as well and bridging and routing in FreeBSD
• It has working examples of different IPSec, GRE, PPP and GIF scenarios
• I tried to cover Jail virtualization in working real world examples
• Keeping your system up to date and customizing system for specific applications is thoroughly covered

I tried to stop telling stories in the book and give more real world examples instead, so reading this book would not make you smile

An article named Tunneling with FreeBSD (taken from book) is also available on PACKT website.

Update: The book has its own website at http://freebsdbook.com

I came across this interesting article about upcoming FreeBSD 7 that outlines some of the most important changes in this release.

The upcoming release of FreeBSD 7 is a major milestone for all FreeBSD developers and users. It is the most amazing release I have ever had the chance to play with. There are plenty of new features and many improvements, especially in networking (which is my area of interest).
I have had this chance to play with MySQL 5.1 running on FreeBSD 7 on top of 8 cores of Xeon processor in 64-bit mode. My impression was that it was almost as fast as kris’s benchmarks and totally kicked linux 2.6 in threading and SMP performance.

This is something I expected to see in FreeBSD 6. However FreeBSD seems to be catching up with linux again.

Colin Percival (The original author of freebsd-update and binary diff), spent a few hours to resurrect the dead Depenguinator from ashes.
Using Depenguinator 2.0, you can remotely upgrade a happily living Linux system to the latest version of FreeBSD. To me its extremely useful when upgrading a Linux box to FreeBSD in a hosting facility that does not offer any FreeBSD servers.

The project needs help from community to test and report issues back to the developer in order to improve the software. However it is worth giving a try on your Ubuntu box.

On a related note, I was thinking of porting this into the package repository of various Linux distributions.

Now that Mac OS X 10.5 (Leopard) is due to be released in 26 October, everyone is curious to see what is new in this version and upgrade as soon as its released.
Among the many new features, there has been a few of them that seemed interesting to me:

Create Instruments with DTrace

Monitor system activity from high-level application behavior down to the operating system kernel, all thanks to the power of DTrace and the instrument builder.

Sounds familiar? Yes, its the same DTrace you know from Solaris (also in FreeBSD). It would be very interesting for system developers to get the best out of OS X core system. Of course, there is an eye-candy interface for using DTrace called Xray.

Self-Tuning TCP

Let Leopard adjust TCP buffer size automatically. Get optimum application performance, especially in high-bandwidth/high-latency environments.

Using a BSD kernel, OS X already enjoys a fine-grained TCP/IP protocol stack, which supports latest enhancements and extensions. This self-tuning feature will definitely improve the network throughput in many situations. However I hope this can be disabled since some expert users prefer to configure the low level TCP/IP parameters based on their experience.

Application-Based Firewall

Gain more control over the built-in firewall. Specify the behavior of specific applications to either allow or block incoming connections.

This one was really missing in previous releases and many people were relying on Little Snitch to achieve this feature. Of course I believe brilliant people in Apple were smart enough to make it so it does not annoy users like windows firewall does.

Sandboxing

Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do. It restricts an application’s file access, network access, and ability to launch other applications. Many Leopard applications — such as Bonjour, Quick Look, and the Spotlight indexer — are sandboxed so hackers can’t exploit them.

Something that I am sure has equivalent in Windows, almost like running an application in a chrooted environment. However it sounds more complicated. This will hopefully improve the security in application level and reduce application level exploits (buffer overflow,…) risks.

Multicore Optimized

Take full advantage of modern architectures with multiple processor cores with improved scheduling, memory management, and processor affinity algorithms.

OS X was obviously not optimized for multi-core systems (despite the fact that apple has been shipping multi-core systems for more than a year). This enhancement will definitely improve the core system performance by getting the most out of processor power.

Conclusion

After using OS X for more than a year now, its my favorite Desktop environment. I like the eye-candy user interface while enjoying enterprise grade FreeBSD system core. I cannot wait to upgrade to the latest release, but I am certain that it is worth to wait a few days more.

Finally RELENG_7 is born and the HEAD is now 8.0-CURRENT. I just finished upgrading two of my development boxes to the latest HEAD:

# uname -a
FreeBSD shaun.farrokhi.net 8.0-CURRENT FreeBSD 8.0-CURRENT #10:
Sun Oct 14 11:33:16 IRST 2007     root@shaun.farrokhi.net:
/usr/obj/usr/src/sys/SERVER  i386

Viva FreeBSD!

If you haven’t seen roundcube webmail yet, it’s an eye-candy web based email client based on IMAP protocol. The project has not released version 1.0 yet after two years but being actively developed. If you are interested, there is also a trac website available for the project.
I used to create nightly snapshots from the cvs since 2005, however the project recently announced they are publishing nightly snapshots on their website (finally!).

Enough for an introduction to roundcube.

I have been the maintainer of this project in FreeBSD ports tree for more than a year now, and tried to keep the port up to date using the snapshots I make once in a while.
Using ports, you can easily install and update roundcube on a FreeBSD server.

If you are interested, there are a few tutorials on the net that can help you installing roundcube on your server and get the most out of it:

- Setup Roundcube on FreeBSD
- HOWTO: Install Roundcube Webmail from SVN (was CVS) on FreeBSD
- HOW TO: Setup RoundCube Webmail on Your Server

I have been lazy in updating the ports I maintain in ports tree recently. However a number of patches are ready to be tested and committed once I find sometime during next weekend.

Ivan Voras has done a very good job by putting together a FreeBSD 7.0 based LiveCD.
The CD contains a very recent 7.0 installation + ZFS patches (usable!) and XFCE 4.2.
I spent half an hour to try the LiveCD and it worked fine for me on two different boxes.
I am sure Ivan is planning to bundle a firefox with the LiveCD, along with the graphical installer.

I have always been an ATI fan since nVidia did not exist. And so far it served well on my workstations. I don’t even care that they are part of AMD now.
However, something that was annoying me for a while was ATI’s driver which seems to not as good as nVidia’s in *nix, especially for their newer and high-end cards. I am not sure why ATI does not care much about their non-windows drivers, but I am sure that they are loosing lots of faithful customers and a good market share for just the same reason.