BSD Now

376: Build stable packages

Allan Jude — Thu, 12 Nov 2020 03:00:00 -0800

Err codemadness.org 70 i 86 FreeBSD 12.2 is available, ZFS Webinar, Enhancing Syzkaller support for NetBSD, how the OpenBSD -stable packages are built, OPNsense 20.7.4 released, and more

Err codemadness.org 70 i 87 Err codemadness.org 70 i 88

NOTES
Err codemadness.org 70 i 89 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 90 Err codemadness.org 70 i 91

Headlines

Err codemadness.org 70 i 92 Err codemadness.org 70 i 93

FreeBSD 12.2 Release

Err codemadness.org 70 i 94 Err codemadness.org 70 i 95

Err codemadness.org 70 i 96
The release notes for FreeBSD 12.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Err codemadness.org 70 i 97 Err codemadness.org 70 i 98
Err codemadness.org 70 i 99 Err codemadness.org 70 i 100
ZFS Webinar: November 18th
Err codemadness.org 70 i 101 Err codemadness.org 70 i 102
Join us on November 18th for a live discussion with Allan Jude (VP of Engineering at Klara Inc) in this webinar centred on “best practices of ZFS”
Err codemadness.org 70 i 103 Building Your Storage Array – Everything from picking the best hardware to RAID-Z and using mirrors.
Err codemadness.org 70 i 104 Keeping up with Data Growth – Expanding and growing your pool, and of course, shrinking with device evacuation.
Err codemadness.org 70 i 105 Datasets and Properties – Controlling settings with properties and many other tricks!
Err codemadness.org 70 i 106 Err codemadness.org 70 i 107
Err codemadness.org 70 i 108

Err codemadness.org 70 i 109 Err codemadness.org 70 i 110

News Roundup

Err codemadness.org 70 i 111 Err codemadness.org 70 i 112

Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD

Err codemadness.org 70 i 113 Err codemadness.org 70 i 114

Err codemadness.org 70 i 115
Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.
Err codemadness.org 70 i 116 Err codemadness.org 70 i 117
Err codemadness.org 70 i 118

Err codemadness.org 70 i 119 Err codemadness.org 70 i 120

How the OpenBSD -stable packages are built

Err codemadness.org 70 i 121 Err codemadness.org 70 i 122

Err codemadness.org 70 i 123
In this long blog post, I will write about the technical details of the OpenBSD stable packages building infrastructure. I have setup the infrastructure with the help of Theo De Raadt who provided me the hardware in summer 2019, since then, OpenBSD users can upgrade their packages using pkg_add -u for critical updates that has been backported by the contributors. Many thanks to them, without their work there would be no packages to build. Thanks to pea@ who is my backup for operating this infrastructure in case something happens to me.
Err codemadness.org 70 i 124 Err codemadness.org 70 i 125
Err codemadness.org 70 i 126

Err codemadness.org 70 i 127 Err codemadness.org 70 i 128

OPNsense 20.7.4 released

Err codemadness.org 70 i 129 Err codemadness.org 70 i 130

Err codemadness.org 70 i 131
This release finally wraps up the recent Netmap kernel changes and tests.
Err codemadness.org 70 i 132 The Realtek vendor driver was updated as well as third party software cURL,
Err codemadness.org 70 i 133 libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
Err codemadness.org 70 i 134 of them.
Err codemadness.org 70 i 135 Err codemadness.org 70 i 136
Err codemadness.org 70 i 137

Err codemadness.org 70 i 138 Err codemadness.org 70 i 139

Beastie Bits

Err codemadness.org 70 i 140 Err codemadness.org 70 i 141

Binutils and linker changes
28 Years of NetBSD contributions
Bluetooth Audio on OpenBSD
K8s Bhyve Err codemadness.org 70 i 146 ***

Err codemadness.org 70 i 148 Err codemadness.org 70 i 149

Tarsnap

Err codemadness.org 70 i 150 Err codemadness.org 70 i 151

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 154 Err codemadness.org 70 i 155

Feedback/Questions

Err codemadness.org 70 i 156 Err codemadness.org 70 i 157

Sean - C Flags
Thierry - RPI ZFS question Err codemadness.org 70 i 160 Err codemadness.org 70 i 161
- Thierry's script Err codemadness.org 70 i 163 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 166 ***

]]> Err codemadness.org 70 i 168

375: Virtually everything

Allan Jude — Thu, 05 Nov 2020 03:00:00 -0800

Err codemadness.org 70 i 303 bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more.

Err codemadness.org 70 i 304 Err codemadness.org 70 i 305

NOTES
Err codemadness.org 70 i 306 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 307 Err codemadness.org 70 i 308

Headlines

Err codemadness.org 70 i 309 Err codemadness.org 70 i 310

bhyve - The FreeBSD Hypervisor

Err codemadness.org 70 i 311 Err codemadness.org 70 i 312

Err codemadness.org 70 i 313
FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.
Err codemadness.org 70 i 314 Err codemadness.org 70 i 315
Err codemadness.org 70 i 316 Err codemadness.org 70 i 317
ZFS and FreeBSD Support
Err codemadness.org 70 i 318 Err codemadness.org 70 i 319
Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website!
Err codemadness.org 70 i 320

Err codemadness.org 70 i 321 Err codemadness.org 70 i 322

udf info leak

Err codemadness.org 70 i 323 Err codemadness.org 70 i 324

Err codemadness.org 70 i 325
FreeBSD UDF driver info leak
Err codemadness.org 70 i 326 Analysis done on FreeBSD release 11.0 because that's what I had around.
Err codemadness.org 70 i 327 Err codemadness.org 70 i 328
Err codemadness.org 70 i 329
Fix committed to FreeBSD Err codemadness.org 70 i 330 ***
Err codemadness.org 70 i 331
Err codemadness.org 70 i 332

Err codemadness.org 70 i 333 Err codemadness.org 70 i 334

News Roundup

Err codemadness.org 70 i 335 Err codemadness.org 70 i 336

I'm now a user of Vim, not classical Vi (partly because of windows)

Err codemadness.org 70 i 337 Err codemadness.org 70 i 338

Err codemadness.org 70 i 339
In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.
Err codemadness.org 70 i 340 Err codemadness.org 70 i 341
Err codemadness.org 70 i 342 Err codemadness.org 70 i 343
FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware
Err codemadness.org 70 i 344 Err codemadness.org 70 i 345
With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.
Err codemadness.org 70 i 346 Err codemadness.org 70 i 347
Err codemadness.org 70 i 348 Err codemadness.org 70 i 349
Introduction of a new FreeBSD Remote Process Plugin in LLDB
Err codemadness.org 70 i 350 Err codemadness.org 70 i 351
Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.
Err codemadness.org 70 i 352

Err codemadness.org 70 i 353 Err codemadness.org 70 i 354

Err codemadness.org 70 i 355 Err codemadness.org 70 i 356

OpenBSD Laptop

Err codemadness.org 70 i 357 Err codemadness.org 70 i 358

Err codemadness.org 70 i 359
Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…
Err codemadness.org 70 i 360 Err codemadness.org 70 i 361
Err codemadness.org 70 i 362

Err codemadness.org 70 i 363 Err codemadness.org 70 i 364

Tarsnap

Err codemadness.org 70 i 365 Err codemadness.org 70 i 366

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 369 Err codemadness.org 70 i 370

Feedback/Questions

Err codemadness.org 70 i 371 Err codemadness.org 70 i 372

Ethan - Linux user wanting to try out OpenBSD
iian - Learning IT
johnny - bsd swag

Err codemadness.org 70 i 377 Err codemadness.org 70 i 378

Err codemadness.org 70 i 379 Err codemadness.org 70 i 380

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 382 ***

]]> Err codemadness.org 70 i 384

374: OpenBSD’s 25th anniversary

Allan Jude — Thu, 29 Oct 2020 04:00:00 -0700

Err codemadness.org 70 i 526 OpenBSD 6.8 has been released, NetBSD 9.1 is out, OpenZFS devsummit report, BastilleBSD’s native container management for FreeBSD, cleaning up old tarsnap backups, Michael W. Lucas’ book sale, and more.

Err codemadness.org 70 i 527 Err codemadness.org 70 i 528

NOTES
Err codemadness.org 70 i 529 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 530 Err codemadness.org 70 i 531

Headlines

Err codemadness.org 70 i 532 Err codemadness.org 70 i 533

OpenBSD 6.8

Err codemadness.org 70 i 534 Err codemadness.org 70 i 535

Err codemadness.org 70 i 536
Released Oct 18, 2020. (OpenBSD's 25th anniversary)
Err codemadness.org 70 i 537 Err codemadness.org 70 i 538
Err codemadness.org 70 i 539 Err codemadness.org 70 i 540
NetBSD 9.1 Released
Err codemadness.org 70 i 541 Err codemadness.org 70 i 542
The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
Err codemadness.org 70 i 543 Err codemadness.org 70 i 544
Err codemadness.org 70 i 545

Err codemadness.org 70 i 546 Err codemadness.org 70 i 547

OpenZFS Developer Summit 2020

Err codemadness.org 70 i 548 Err codemadness.org 70 i 549

Err codemadness.org 70 i 550
As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.
Err codemadness.org 70 i 551 • After attending the conference, I wrote up some of my notes from each of the talks
Err codemadness.org 70 i 552 • Part 2
Err codemadness.org 70 i 553 Err codemadness.org 70 i 554
Err codemadness.org 70 i 555

Err codemadness.org 70 i 556 Err codemadness.org 70 i 557

ZFS and FreeBSD Support

Err codemadness.org 70 i 558 Err codemadness.org 70 i 559

Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website!

Err codemadness.org 70 i 560 Err codemadness.org 70 i 561

News Roundup

Err codemadness.org 70 i 562 Err codemadness.org 70 i 563

BastilleBSD - native container management for FreeBSD

Err codemadness.org 70 i 564 Err codemadness.org 70 i 565

Err codemadness.org 70 i 566
Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.
Err codemadness.org 70 i 567 On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.
Err codemadness.org 70 i 568 A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.
Err codemadness.org 70 i 569

Err codemadness.org 70 i 570 Err codemadness.org 70 i 571

Err codemadness.org 70 i 572 Err codemadness.org 70 i 573

Tarsnap – cleaning up old backups

Err codemadness.org 70 i 574 Err codemadness.org 70 i 575

Err codemadness.org 70 i 576
I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.
Err codemadness.org 70 i 577

Err codemadness.org 70 i 578 Err codemadness.org 70 i 579

Err codemadness.org 70 i 580 Err codemadness.org 70 i 581

MWL - BookSale

Err codemadness.org 70 i 582 Err codemadness.org 70 i 583

Err codemadness.org 70 i 584
For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.
Err codemadness.org 70 i 585 Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.
Err codemadness.org 70 i 586 Err codemadness.org 70 i 587
Err codemadness.org 70 i 588

Err codemadness.org 70 i 589 Err codemadness.org 70 i 590

Beastie Bits

Err codemadness.org 70 i 591 Err codemadness.org 70 i 592

Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109
The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974
Using a 1930 Teletype as a Linux Terminal Err codemadness.org 70 i 596 *** Err codemadness.org 70 i 597 ###Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 600 Err codemadness.org 70 i 601

Feedback/Questions

Err codemadness.org 70 i 602 Err codemadness.org 70 i 603

lars - infosec handbook
scott - zfs import
zhong - first episode

Err codemadness.org 70 i 608 Err codemadness.org 70 i 609

Err codemadness.org 70 i 610 Err codemadness.org 70 i 611

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 613 ***

]]> Err codemadness.org 70 i 615

373: Kyle Evans Interview

Allan Jude — Thu, 22 Oct 2020 04:00:00 -0700

Err codemadness.org 70 i 735 We have an interview with Kyle Evans for you this week. We talk about his grep project, lua and flua in base, as well as bectl, being on the core team and a whole lot of other stuff.

Err codemadness.org 70 i 736 Err codemadness.org 70 i 737

NOTES
Err codemadness.org 70 i 738 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 739 Err codemadness.org 70 i 740

Interview - Kyle Evans - kevans@freebsd.org / @kaevans91

Err codemadness.org 70 i 741 Err codemadness.org 70 i 742

Err codemadness.org 70 i 743 Err codemadness.org 70 i 744

Tarsnap

Err codemadness.org 70 i 745 Err codemadness.org 70 i 746

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 749 Err codemadness.org 70 i 750

]]> Err codemadness.org 70 i 752

372: Slow SSD scrubs

Allan Jude — Thu, 15 Oct 2020 03:00:00 -0700

Err codemadness.org 70 i 823 Wayland on BSD, My BSD sucks less than yours, Even on SSDs, ongoing activity can slow down ZFS scrubs drastically, OpenBSD on the Desktop, simple shell status bar for OpenBSD and cwm, and more.

Err codemadness.org 70 i 824 Err codemadness.org 70 i 825

NOTES
Err codemadness.org 70 i 826 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 827 Err codemadness.org 70 i 828

Headlines

Err codemadness.org 70 i 829 Err codemadness.org 70 i 830

Wayland on BSD

Err codemadness.org 70 i 831 Err codemadness.org 70 i 832

Err codemadness.org 70 i 833
After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!
Err codemadness.org 70 i 834 Err codemadness.org 70 i 835
Err codemadness.org 70 i 836 Err codemadness.org 70 i 837
My BSD sucks less than yours
Err codemadness.org 70 i 838 Err codemadness.org 70 i 839
This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems. It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.
Err codemadness.org 70 i 840 Err codemadness.org 70 i 841
Video
Err codemadness.org 70 i 842 Err codemadness.org 70 i 843
Err codemadness.org 70 i 844
EuroBSDCon 2017 Part 1
Err codemadness.org 70 i 845
EuroBSDCon 2017 Part 2
Err codemadness.org 70 i 846
Err codemadness.org 70 i 847

Err codemadness.org 70 i 848 Err codemadness.org 70 i 849

Err codemadness.org 70 i 850 Err codemadness.org 70 i 851

News Roundup

Err codemadness.org 70 i 852 Err codemadness.org 70 i 853

Even on SSDs, ongoing activity can slow down ZFS scrubs drastically

Err codemadness.org 70 i 854 Err codemadness.org 70 i 855

Err codemadness.org 70 i 856
Back in the days of our OmniOS fileservers, which used HDs (spinning rust) across iSCSI, we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement. When we migrated to our current Linux fileservers with SSDs, I didn't bother including these tunables (or the Linux equivalent), because I expected that SSDs were fast enough that it didn't matter. Indeed, our SSD pools generally scrub like lightning.
Err codemadness.org 70 i 857 Err codemadness.org 70 i 858
Err codemadness.org 70 i 859 Err codemadness.org 70 i 860
OpenBSD on the Desktop (Part I)
Err codemadness.org 70 i 861 Err codemadness.org 70 i 862
Let's install OpenBSD on a Lenovo Thinkpad X270. I used this computer for my computer science studies. It has both Arch Linux and Windows 10 installed as dual boot. Now that I'm no longer required to run Windows, I can ditch the dual boot and install an operating system of my choice.
Err codemadness.org 70 i 863 Err codemadness.org 70 i 864
Err codemadness.org 70 i 865 Err codemadness.org 70 i 866
A simple shell status bar for OpenBSD and cwm(1)
Err codemadness.org 70 i 867 Err codemadness.org 70 i 868
These days, I try to use simple and stock software as much as possible on my OpenBSD laptop. I’ve been playing with cwm(1) for weeks and I was missing a status bar. After trying things like Tint2, Polybar etc, I discovered @gonzalo’s termbar. Thanks a lot!
Err codemadness.org 70 i 869 As I love scripting, I decided to build my own.
Err codemadness.org 70 i 870 Err codemadness.org 70 i 871
Err codemadness.org 70 i 872 Err codemadness.org 70 i 873
Beastie Bits
Err codemadness.org 70 i 874 Err codemadness.org 70 i 875
DragonFly v5.8.3 released to address to issues
Err codemadness.org 70 i 876 OpenSSH 8.4 released
Err codemadness.org 70 i 877 Err codemadness.org 70 i 878
Err codemadness.org 70 i 879 Err codemadness.org 70 i 880
Tarsnap
Err codemadness.org 70 i 881 Err codemadness.org 70 i 882
Err codemadness.org 70 i 883
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Err codemadness.org 70 i 884
Err codemadness.org 70 i 885

Err codemadness.org 70 i 886 Err codemadness.org 70 i 887

Feedback/Questions

Err codemadness.org 70 i 888 Err codemadness.org 70 i 889

Dane - FreeBSD vs Linux in Microservices and Containters
Mason - questions.md
Michael - Tmux License.md

Err codemadness.org 70 i 894 Err codemadness.org 70 i 895

Err codemadness.org 70 i 896 Err codemadness.org 70 i 897

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 899 ***

]]> Err codemadness.org 70 i 901

371: Wildcards running wild

Allan Jude — Thu, 08 Oct 2020 03:00:00 -0700

Err codemadness.org 70 i 1029 New Project: zedfs.com, TrueNAS CORE Ready for Deployment, IPC in FreeBSD 11: Performance Analysis, Unix Wildcards Gone Wild, Unix Wars, and more

Err codemadness.org 70 i 1030 Err codemadness.org 70 i 1031

NOTES
Err codemadness.org 70 i 1032 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 1033 Err codemadness.org 70 i 1034

Headlines

Err codemadness.org 70 i 1035 Err codemadness.org 70 i 1036

My New Project: zedfs.com

Err codemadness.org 70 i 1037 Err codemadness.org 70 i 1038

Err codemadness.org 70 i 1039
Have you ever had an idea that keeps coming back to you over and over again? For a week? For a month? I know that feeling. My new project was born from this feeling.
Err codemadness.org 70 i 1040 On this blog, I mix content a lot. I have written personal posts (not many of them, but still), FreeBSD development posts, development posts, security posts, and ZFS posts. This mixed content can be problematic sometimes. I share a lot of stuff here, and readers don’t know what to expect next. I am just excited by so many things, and I want to share that excitement with you!
Err codemadness.org 70 i 1041 Err codemadness.org 70 i 1042
Err codemadness.org 70 i 1043

Err codemadness.org 70 i 1044 Err codemadness.org 70 i 1045

TrueNAS CORE is Ready for Deployment

Err codemadness.org 70 i 1046 Err codemadness.org 70 i 1047

Err codemadness.org 70 i 1048
TrueNAS 12.0 RC1 was released yesterday and with it, TrueNAS CORE is ready for deployment. The merger of FreeNAS and TrueNAS into a unified software image can now begin its path into mainstream use. TrueNAS CORE is the new FreeNAS and is on schedule.
Err codemadness.org 70 i 1049 The TrueNAS 12.0 BETA process started in June and has been the most successful BETA release ever with more than 3,000 users and only minor issues. Ars Technica provided a detailed technical walkthrough of the original BETA. There is a long list of features and performance improvements. During the BETA process, TrueNAS 12.0 demonstrated over 1.2 Million IOPS and over 23GB/s on a TrueNAS M60.
Err codemadness.org 70 i 1050 Err codemadness.org 70 i 1051
Err codemadness.org 70 i 1052

Err codemadness.org 70 i 1053 Err codemadness.org 70 i 1054

News Roundup

Err codemadness.org 70 i 1055 Err codemadness.org 70 i 1056

Interprocess Communication in FreeBSD 11: Performance Analysis

Err codemadness.org 70 i 1057 Err codemadness.org 70 i 1058

Err codemadness.org 70 i 1059
Interprocess communication, IPC, is one of the most fundamental functions of a modern operating system, playing an essential role in the fabric of contemporary applications. This report conducts an investigation in FreeBSD of the real world performance considerations behind two of the most common IPC mechanisms; pipes and sockets. A simple benchmark provides a fair sense of effective bandwidth for each, and analysis using DTrace, hardware performance counters and the operating system’s source code is presented. We note that pipes outperform sockets by 63% on average across all configurations, and further that the size of userspace transmission buffers has a profound effect on performance — larger buffers are beneficial up to a point (∼ 32-64 KiB) after which performance collapses as a result of devastating cache exhaustion. A deep scrutiny of the probe effects at play is also presented, justifying the validity of conclusions drawn from these experiments.
Err codemadness.org 70 i 1060 Err codemadness.org 70 i 1061
Err codemadness.org 70 i 1062

Err codemadness.org 70 i 1063 Err codemadness.org 70 i 1064

Back To The Future: Unix Wildcards Gone Wild

Err codemadness.org 70 i 1065 Err codemadness.org 70 i 1066

Err codemadness.org 70 i 1067
First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013.
Err codemadness.org 70 i 1068 Err codemadness.org 70 i 1069
Err codemadness.org 70 i 1070

Err codemadness.org 70 i 1071 Err codemadness.org 70 i 1072

Unix Wars

Err codemadness.org 70 i 1073 Err codemadness.org 70 i 1074

Err codemadness.org 70 i 1075
Dozens of different operating systems have been developed over the years, but only Unix has grown in so many varieties. There are three main branches. Four factors have facilitated this growth...
Err codemadness.org 70 i 1076 Err codemadness.org 70 i 1077
Err codemadness.org 70 i 1078

Err codemadness.org 70 i 1079 Err codemadness.org 70 i 1080

Tarsnap

Err codemadness.org 70 i 1081 Err codemadness.org 70 i 1082

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 1085 Err codemadness.org 70 i 1086

Feedback/Questions

Err codemadness.org 70 i 1087 Err codemadness.org 70 i 1088

Chris - installing FreeBSD 13-current
Dane - FreeBSD History Lesson
Marc - linux compat
Mason - apropos battery
Paul - a topic idea
Err codemadness.org 70 i 1094 Err codemadness.org 70 i 1095
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 1097 Err codemadness.org 70 i 1098

]]> Err codemadness.org 70 i 1100

370: Testing shutdown

Allan Jude — Thu, 01 Oct 2020 03:15:00 -0700

Err codemadness.org 70 i 1226 The world’s first OpenZFS based live image, FreeBSD Subversion to Git Migration video, FreeBSD Instant-workstation 2020, testing the shutdown mechanism, login_ldap added to OpenBSD, and more

Err codemadness.org 70 i 1227 Err codemadness.org 70 i 1228

NOTES
Err codemadness.org 70 i 1229 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 1230 Err codemadness.org 70 i 1231

Headlines

Err codemadness.org 70 i 1232 Err codemadness.org 70 i 1233

FuryBSD 2020-Q3 The world’s first OpenZFS based live image

Err codemadness.org 70 i 1234 Err codemadness.org 70 i 1235

Err codemadness.org 70 i 1236
FuryBSD is a tool to test drive stock FreeBSD desktop images in read write mode to see if it will work for you before installing. In order to provide the most reliable experience possible while preserving the integrity of the system the LiveCD now leverages ZFS, compression, replication, a memory file system, and reroot (pivot root).
Err codemadness.org 70 i 1237 Err codemadness.org 70 i 1238
Err codemadness.org 70 i 1239

Err codemadness.org 70 i 1240 Err codemadness.org 70 i 1241

FreeBSD Subversion to Git Migration: Pt 1 Why?

Err codemadness.org 70 i 1242 Err codemadness.org 70 i 1243

Err codemadness.org 70 i 1244
FreeBSD moving to Git: Why? With luck, I'll be writing a few blogs on FreeBSD's move to git later this year. Today, we'll start with "why"?
Err codemadness.org 70 i 1245 Video from Warner Losh
Err codemadness.org 70 i 1246 Err codemadness.org 70 i 1247
Err codemadness.org 70 i 1248

Err codemadness.org 70 i 1249 Err codemadness.org 70 i 1250

News Roundup

Err codemadness.org 70 i 1251 Err codemadness.org 70 i 1252

FreeBSD Instant-workstation 2020

Err codemadness.org 70 i 1253 Err codemadness.org 70 i 1254

Err codemadness.org 70 i 1255
A little over a year ago I published an instant-workstation script for FreeBSD. The idea is to have an installed FreeBSD system, then run a shell script that uses only base-system utilities and installs and configures a workstation setup for you.
Err codemadness.org 70 i 1256 Err codemadness.org 70 i 1257
Err codemadness.org 70 i 1258

Err codemadness.org 70 i 1259 Err codemadness.org 70 i 1260

nut – testing the shutdown mechanism

Err codemadness.org 70 i 1261 Err codemadness.org 70 i 1262

Err codemadness.org 70 i 1263
Following on from my recent nut setup, this is the second in a series of three posts.
Err codemadness.org 70 i 1264 The next post will deal with adjusting startup and shutdown times to be sure everything proceeds as required.
Err codemadness.org 70 i 1265 Err codemadness.org 70 i 1266
Err codemadness.org 70 i 1267

Err codemadness.org 70 i 1268 Err codemadness.org 70 i 1269

login_ldap added to OpenBSD -current

Err codemadness.org 70 i 1270 Err codemadness.org 70 i 1271

Err codemadness.org 70 i 1272
With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current
Err codemadness.org 70 i 1273 Err codemadness.org 70 i 1274
Err codemadness.org 70 i 1275
https://marc.info/?l=openbsd-cvs&m=159992319027593&w=2 Err codemadness.org 70 i 1276 ***
Err codemadness.org 70 i 1277
Err codemadness.org 70 i 1278

Err codemadness.org 70 i 1279 Err codemadness.org 70 i 1280

Beastie Bits

Err codemadness.org 70 i 1281 Err codemadness.org 70 i 1282

NetBSD current now has GCC 9.3.0 for x86/ARM
MidnightBSD 1.2.8
MidnightBSD 2.0-Current
Retro UNIX 8086 v1 operating system has been developed by Erdogan Tan as a special purposed derivation of original UNIX v1 Err codemadness.org 70 i 1287 ***

Err codemadness.org 70 i 1289 Err codemadness.org 70 i 1290

Tarsnap

Err codemadness.org 70 i 1291 Err codemadness.org 70 i 1292

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 1295 Err codemadness.org 70 i 1296

Feedback/Questions

Err codemadness.org 70 i 1297 Err codemadness.org 70 i 1298

Rick - rcorder
Dan - machiatto bin
Luis - old episodes
Err codemadness.org 70 i 1302 Err codemadness.org 70 i 1303
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 1305 Err codemadness.org 70 i 1306

]]> Err codemadness.org 70 i 1308

369: Where rc.d belongs

Allan Jude — Thu, 24 Sep 2020 09:00:00 -0700

Err codemadness.org 70 i 1450 High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.

Err codemadness.org 70 i 1451 Err codemadness.org 70 i 1452

NOTES
Err codemadness.org 70 i 1453 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 1454 Err codemadness.org 70 i 1455

Headlines

Err codemadness.org 70 i 1456 Err codemadness.org 70 i 1457

High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated

Err codemadness.org 70 i 1458 Err codemadness.org 70 i 1459

Err codemadness.org 70 i 1460
I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.
Err codemadness.org 70 i 1461

Err codemadness.org 70 i 1462 Err codemadness.org 70 i 1463

Err codemadness.org 70 i 1464 Err codemadness.org 70 i 1465

Building the Development Version of Emacs on NetBSD

Err codemadness.org 70 i 1466 Err codemadness.org 70 i 1467

Err codemadness.org 70 i 1468
I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.
Err codemadness.org 70 i 1469

Err codemadness.org 70 i 1470 Err codemadness.org 70 i 1471

Err codemadness.org 70 i 1472 Err codemadness.org 70 i 1473

News Roundup

Err codemadness.org 70 i 1474 Err codemadness.org 70 i 1475

rc.d belongs in libexec, not etc

Err codemadness.org 70 i 1476 Err codemadness.org 70 i 1477

Err codemadness.org 70 i 1478
Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.
Err codemadness.org 70 i 1479 This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.
Err codemadness.org 70 i 1480

Err codemadness.org 70 i 1481 Err codemadness.org 70 i 1482

Err codemadness.org 70 i 1483 Err codemadness.org 70 i 1484

FreeBSD 11.3 EOL

Err codemadness.org 70 i 1485 Err codemadness.org 70 i 1486

Err codemadness.org 70 i 1487
As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer
Err codemadness.org 70 i 1488 be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly
Err codemadness.org 70 i 1489 encouraged to upgrade to a newer release as soon as possible.
Err codemadness.org 70 i 1490

Err codemadness.org 70 i 1491 Err codemadness.org 70 i 1492

Err codemadness.org 70 i 1493 Err codemadness.org 70 i 1494

OPNsense 20.7.1 Released

Err codemadness.org 70 i 1495 Err codemadness.org 70 i 1496

Err codemadness.org 70 i 1497
Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.
Err codemadness.org 70 i 1498

Err codemadness.org 70 i 1499 Err codemadness.org 70 i 1500

Err codemadness.org 70 i 1501 Err codemadness.org 70 i 1502

MidnightBSD 1.2.7 out

Err codemadness.org 70 i 1503 Err codemadness.org 70 i 1504

Err codemadness.org 70 i 1505
MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.

Err codemadness.org 70 i 1506 It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.

Err codemadness.org 70 i 1507 Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes
Err codemadness.org 70 i 1508

Err codemadness.org 70 i 1509 Err codemadness.org 70 i 1510

Err codemadness.org 70 i 1511 Err codemadness.org 70 i 1512

Beastie Bits

Err codemadness.org 70 i 1513 Err codemadness.org 70 i 1514

Tarsnap podcast
NetBSD Tips and Tricks
FreeBSD mini-git Primer
GhostBSD Financial Reports Err codemadness.org 70 i 1519 ***

Err codemadness.org 70 i 1521 Err codemadness.org 70 i 1522

Tarsnap

Err codemadness.org 70 i 1523 Err codemadness.org 70 i 1524

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 1527 Err codemadness.org 70 i 1528

Feedback/Questions

Err codemadness.org 70 i 1529 Err codemadness.org 70 i 1530

Daniel - Documentation Tooling
Fongaboo - Where did the ZFS tutorial Go?
Johnny - Browser Cold Wars Err codemadness.org 70 i 1534 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 1537 Err codemadness.org 70 i 1538

]]> Err codemadness.org 70 i 1539

368: Changing OS roles

Allan Jude — Thu, 17 Sep 2020 03:00:00 -0700

Err codemadness.org 70 i 1684 Modernizing the OpenBSD Console, OS roles have changed, FreeBSD Cluster with Pacemaker and Corosync, Wine in a 32-bit sandbox on 64-bit NetBSD, Find package which provides a file in OpenBSD, and more.

Err codemadness.org 70 i 1685 Err codemadness.org 70 i 1686

NOTES
Err codemadness.org 70 i 1687 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 1688 Err codemadness.org 70 i 1689

Headlines

Err codemadness.org 70 i 1690 Err codemadness.org 70 i 1691

Modernizing the OpenBSD Console

Err codemadness.org 70 i 1692 Err codemadness.org 70 i 1693

Err codemadness.org 70 i 1694
At the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the "80x25 mode". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).
Err codemadness.org 70 i 1695 OpenBSD uses the wscons(4) console framework, inherited from NetBSD
Err codemadness.org 70 i 1696 Err codemadness.org 70 i 1697
Err codemadness.org 70 i 1698

Err codemadness.org 70 i 1699 Err codemadness.org 70 i 1700

OS roles have changed

Err codemadness.org 70 i 1701 Err codemadness.org 70 i 1702

Err codemadness.org 70 i 1703
Though I do wonder sometimes, with just a slight tweak to history, how things might have been different. In another dimension somewhere, I’m using the latest BeOS-powered PowerPC laptop, and a shiny new Palm smartphone. Both of these represented the pinnacle of UI design in the 1990s, and still in the 2020s have yet to be surpassed. People call me an Apple fanboy, but I’d drop all of it in a second for that gear.
Err codemadness.org 70 i 1704 Err codemadness.org 70 i 1705
Err codemadness.org 70 i 1706

Err codemadness.org 70 i 1707 Err codemadness.org 70 i 1708

News Roundup

Err codemadness.org 70 i 1709 Err codemadness.org 70 i 1710

FreeBSD Cluster with Pacemaker and Corosync

Err codemadness.org 70 i 1711 Err codemadness.org 70 i 1712

Err codemadness.org 70 i 1713
I always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.
Err codemadness.org 70 i 1714 Err codemadness.org 70 i 1715
Err codemadness.org 70 i 1716

Err codemadness.org 70 i 1717 Err codemadness.org 70 i 1718

Wine in a 32-bit sandbox on 64-bit NetBSD

Err codemadness.org 70 i 1719 Err codemadness.org 70 i 1720

Err codemadness.org 70 i 1721
"Mainline pkgsrc" can't do strange multi-arch Wine builds yet, so a 32-bit sandbox seems like a reasonable way to use 32-bit Wine on amd64 without resorting to running real Windows in NVMM. We'll see if this was a viable alternative to re-reviewing the multi-arch support in pkgsrc-wip...
Err codemadness.org 70 i 1722 We're using sandboxctl, which is a neat tool for quickly shelling into a different NetBSD userspace. Maybe you also don't trust the Windows applications you're running too much - sandboxctl creates a chroot based on a fresh system image, and chroot on NetBSD is fairly bombproof.
Err codemadness.org 70 i 1723 Err codemadness.org 70 i 1724
Err codemadness.org 70 i 1725

Err codemadness.org 70 i 1726 Err codemadness.org 70 i 1727

Find package which provides a file in OpenBSD

Err codemadness.org 70 i 1728 Err codemadness.org 70 i 1729

Err codemadness.org 70 i 1730
There is one very handy package on OpenBSD named pkglocatedb which provides the command pkglocate.
Err codemadness.org 70 i 1731 If you need to find a file or binary/program and you don’t know which package contains it, use pkglocate.
Err codemadness.org 70 i 1732

Err codemadness.org 70 i 1733 Err codemadness.org 70 i 1734

Err codemadness.org 70 i 1735 Err codemadness.org 70 i 1736

Beastie Bits

Err codemadness.org 70 i 1737 Err codemadness.org 70 i 1738

OpenBSD for 1.5 Years: Confessions of a Linux Heretic
OpenBSD 6.8 Beta Tagged
Hammer2 and growth
Understanding a FreeBSD kernel vulnerability Err codemadness.org 70 i 1743 ***

Err codemadness.org 70 i 1745 Err codemadness.org 70 i 1746

Tarsnap

Err codemadness.org 70 i 1747 Err codemadness.org 70 i 1748

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 1751 Err codemadness.org 70 i 1752

Feedback/Questions

Err codemadness.org 70 i 1753 Err codemadness.org 70 i 1754

Rob - 7 years
Kurt - Microserver
Rob - Interviews

Err codemadness.org 70 i 1759 Err codemadness.org 70 i 1760

Err codemadness.org 70 i 1761 Err codemadness.org 70 i 1762

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 1764 ***

]]> Err codemadness.org 70 i 1766

367: Changing jail datasets

Allan Jude — Thu, 10 Sep 2020 03:00:00 -0700

Err codemadness.org 70 i 1906 A 35 Year Old Bug in Patch, Sandbox for FreeBSD, Changing from one dataset to another within a jail, You don’t need tmux or screen for ZFS, HardenedBSD August 2020 Status Report and Call for Donations, and more.

Err codemadness.org 70 i 1907 Err codemadness.org 70 i 1908

NOTES
Err codemadness.org 70 i 1909 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 1910 Err codemadness.org 70 i 1911

Headlines

Err codemadness.org 70 i 1912 Err codemadness.org 70 i 1913

A 35 Year Old Bug in Patch

Err codemadness.org 70 i 1914 Err codemadness.org 70 i 1915

Err codemadness.org 70 i 1916
Larry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It's been a faithful alley for a long, long time. I've never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I've discovered a bug that bites this effort twice. It's quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...
Err codemadness.org 70 i 1917

Err codemadness.org 70 i 1918 Err codemadness.org 70 i 1919

Err codemadness.org 70 i 1920 Err codemadness.org 70 i 1921

Sandbox for FreeBSD

Err codemadness.org 70 i 1922 Err codemadness.org 70 i 1923

Err codemadness.org 70 i 1924
A sandbox is a software which artificially limits access to the specific resources on the target according to the assigned policy. The sandbox installs hooks to the kernel syscalls and other sub-systems in order to interrupt the events triggered by the application. From the application point of view, application working as usual, but when it wants to access, for instance, /dev/kmem the sandbox software decides against the assigned sandbox scheme whether to grant or deny access.
Err codemadness.org 70 i 1925 In our case, the sandbox is a kernel module which uses MAC (Mandatory Access Control) Framework developed by the TrustedBSD team. All necessary hooks were introduced to the FreeBSD kernel.
Err codemadness.org 70 i 1926

Err codemadness.org 70 i 1927 Err codemadness.org 70 i 1928

Source Code
Documentation

Err codemadness.org 70 i 1932 Err codemadness.org 70 i 1933

Err codemadness.org 70 i 1934 Err codemadness.org 70 i 1935

News Roundup

Err codemadness.org 70 i 1936 Err codemadness.org 70 i 1937

Changing from one dataset to another within a jail

Err codemadness.org 70 i 1938 Err codemadness.org 70 i 1939

Err codemadness.org 70 i 1940
ZFS has a the ability to share itself within a jail. That gives the jail some autonomy, and I like that.
Err codemadness.org 70 i 1941 I’ve written briefly about that, specifically for iocage. More recently, I started using a zfs snapshot for caching clearing.
Err codemadness.org 70 i 1942 The purpose of this post is to document the existing configuration of the production FreshPorts webserver and outline the plan on how to modify it for more zfs-snapshot-based cache clearing.
Err codemadness.org 70 i 1943

Err codemadness.org 70 i 1944 Err codemadness.org 70 i 1945

Err codemadness.org 70 i 1946 Err codemadness.org 70 i 1947

You don’t need tmux or screen for ZFS

Err codemadness.org 70 i 1948 Err codemadness.org 70 i 1949

Err codemadness.org 70 i 1950
Back in January I mentioned how to add redundancy to a ZFS pool by adding a mirrored drive. Someone with a private account on Twitter asked me why FreeBSD—and NetBSD!—doesn’t ship with a tmux or screen equivilent in base in order to daemonise the process and let them run in the background.
Err codemadness.org 70 i 1951 ZFS already does this for its internal commands.
Err codemadness.org 70 i 1952

Err codemadness.org 70 i 1953 Err codemadness.org 70 i 1954

Err codemadness.org 70 i 1955 Err codemadness.org 70 i 1956

HardenedBSD August 2020 Status Report and Call for Donations

Err codemadness.org 70 i 1957 Err codemadness.org 70 i 1958

Err codemadness.org 70 i 1959
This last month has largely been a quiet one. I've restarted work on porting five-year-old work from the Code Pointer Integrity (CPI) project into HardenedBSD. Chiefly, I've started forward-porting the libc and rtld bits from the CPI project and now need to look at llvm compiler/linker enhancements. We need to be able to apply SafeStack to shared objects, not just application binaries. This forward-porting work I'm doing is to support that effort.
Err codemadness.org 70 i 1960 The infrastructure has settled and is now churning normally and happily. We're still working out bandwidth issues. We hope to have a new fiber line ran by the end of September.
Err codemadness.org 70 i 1961 As part of this status report, I'm issuing a formal call for donations. I'm aiming for $4,000.00 USD for a newer self-hosted Gitea server. I hope to purchase the new server before the end of 2020.
Err codemadness.org 70 i 1962

Err codemadness.org 70 i 1963 Err codemadness.org 70 i 1964

Err codemadness.org 70 i 1965 Err codemadness.org 70 i 1966

Important parts of Unix's history happened before readline support was common

Err codemadness.org 70 i 1967 Err codemadness.org 70 i 1968

Err codemadness.org 70 i 1969
Unix and things that run on Unix have been around for a long time now. In particular, GNU Readline was first released in 1989 (as was Bash), which is long enough ago for it (or lookalikes) to become pretty much pervasive, especially in Unix shells. Today it's easy to think of readline support as something that's always been there. But of course this isn't the case. Unix in its modern form dates from V7 in 1979 and 4.2 BSD in 1983, so a lot of Unix was developed before readline and was to some degree shaped by the lack of it.
Err codemadness.org 70 i 1970

Err codemadness.org 70 i 1971 Err codemadness.org 70 i 1972

Err codemadness.org 70 i 1973 Err codemadness.org 70 i 1974

Tarsnap

Err codemadness.org 70 i 1975 Err codemadness.org 70 i 1976

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 1979 Err codemadness.org 70 i 1980

Feedback/Questions

Err codemadness.org 70 i 1981 Err codemadness.org 70 i 1982

Mason - mailserver
casey - freebsd on decline
denis - postgres Err codemadness.org 70 i 1986 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 1988 ***

]]> Err codemadness.org 70 i 1990

366: Bootloader zpool checkpoints

Allan Jude — Thu, 03 Sep 2020 03:00:00 -0700

Err codemadness.org 70 i 2130 OpenZFS with ZSTD lands in FreeBSD 13, LibreSSL doc status update, FreeBSD on SPARC64 (is dead), Bringing zpool checkpoints to a FreeBSD bootloader, and more

Err codemadness.org 70 i 2131 Err codemadness.org 70 i 2132

NOTES
Err codemadness.org 70 i 2133 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 2134 Err codemadness.org 70 i 2135

Headlines

Err codemadness.org 70 i 2136 Err codemadness.org 70 i 2137

OpenZFS with ZSTD land in FreeBSD 13

Err codemadness.org 70 i 2138 Err codemadness.org 70 i 2139

ZStandard Compression for OpenZFS Err codemadness.org 70 i 2141 > The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort. Err codemadness.org 70 i 2142 > I would advise against doing 'zpool upgrade' or creating indispensable pools using new features until this change has had a month+ to soak.
Rebasing FreeBSD’s OpenZFS on the new upstream was sponsored by iXsystems
The competition of ZSTD support for OpenZFS was sponsored by the FreeBSD Foundation Err codemadness.org 70 i 2145 ***

Err codemadness.org 70 i 2147 Err codemadness.org 70 i 2148

LibreSSL documentation status update

Err codemadness.org 70 i 2149 Err codemadness.org 70 i 2150

Err codemadness.org 70 i 2151
More than six years ago, LibreSSL was forked from OpenSSL, and almost two years ago, i explained the status of LibreSSL documentation during EuroBSDCon 2018 in Bucuresti. So it seems providing an update might be in order.
Err codemadness.org 70 i 2152 Note that this is not an update regarding LibreSSL status in general because i'm not the right person to talk about the big picture of working on the LibreSSL code, my work has been quite focussed on documentation. All the same, it is fair to say that even though the number of developers working on it is somewhat limited, the LibreSSL project is quite alive, typically having a release every few months. Progress continues being made with respect to porting and adding new functionality (for example regarding TLSv1.3, CMS, RSA-PSS, RSA-OAEP, GOST, SM3, SM4, XChaCha20 during the last two years), OpenSSL compatibility improvements (including providing additional OpenSSL-1.1 APIs), and lots of bug fixes and code cleanup.
Err codemadness.org 70 i 2153

Err codemadness.org 70 i 2154 Err codemadness.org 70 i 2155

Err codemadness.org 70 i 2156 Err codemadness.org 70 i 2157

FreeBSD on SPARC64 (is dead)

Err codemadness.org 70 i 2158 Err codemadness.org 70 i 2159

Err codemadness.org 70 i 2160
’m coming pretty late to the party, because SPARC64 support in FreeBSD is apparently doomed: After the POWER platform made the switch to a LLVM/Clang-based toolchain, SPARC64 is one of the last ones that still uses the ancient GCC 4.2-based toolchain that the project wants to finally get rid off (it has already happened as I was writing this – looks like the firm plan was not so firm after all, since they killed it off early). And compared to the other platforms it has seen not too much love in recent times… SPARC64 being a great platform, I’d be quite sad to see it go. But before that happens let’s see what the current status is and what would need to be done if it were to survive, shall we?
Err codemadness.org 70 i 2161

Err codemadness.org 70 i 2162 Err codemadness.org 70 i 2163

Err codemadness.org 70 i 2164 Err codemadness.org 70 i 2165

News Roundup

Err codemadness.org 70 i 2166 Err codemadness.org 70 i 2167

Bringing zpool checkpoints to a FreeBSD bootloader

Err codemadness.org 70 i 2168 Err codemadness.org 70 i 2169

Err codemadness.org 70 i 2170
Almost two years ago I wrote a blog post about checkpoints in ZFS. I didn’t hide that I was a big fan of them. That said, after those two years, I still feel that there are underappreciated features in the ZFS world, so I decided to do something about that.
Err codemadness.org 70 i 2171 Currently, one of the best practices for upgrading your operating system is to use boot environments. They are a great feature for managing multiple kernels and userlands. They are based on juggling which ZFS datasets are mounted. Each dataset has its own version of the system. Unfortunately, boot environments have their limitations. If we, for example, upgrade our ZFS pool, we may not be able to use older versions of the system anymore.
Err codemadness.org 70 i 2172 The big advantage of boot environments is that they have very good tools. Two main tools are beadm (which was created by vermaden) and bectl (which currently is in the FreeBSD base system). These tools allow us to create and manage boot environments.
Err codemadness.org 70 i 2173

Err codemadness.org 70 i 2174 Err codemadness.org 70 i 2175

Err codemadness.org 70 i 2176 Err codemadness.org 70 i 2177

Beastie Bits

Err codemadness.org 70 i 2178 Err codemadness.org 70 i 2179

The First Unix Port
TLS Mastery updates, August 2020
What is the Oldest BSD Distribution still around today

Err codemadness.org 70 i 2184 Err codemadness.org 70 i 2185

Err codemadness.org 70 i 2186 Err codemadness.org 70 i 2187

Tarsnap

Err codemadness.org 70 i 2188 Err codemadness.org 70 i 2189

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 2192 Err codemadness.org 70 i 2193

Feedback/Questions

Err codemadness.org 70 i 2194 Err codemadness.org 70 i 2195

ben - zfs send questions
lars - zfs pool question
neutron - bectl vs beadm

Err codemadness.org 70 i 2200 Err codemadness.org 70 i 2201

Err codemadness.org 70 i 2202 Err codemadness.org 70 i 2203

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 2206 Err codemadness.org 70 i 2207

]]> Err codemadness.org 70 i 2208

365: Whole year round

Allan Jude — Thu, 27 Aug 2020 04:00:00 -0700

Err codemadness.org 70 i 2342 FreeBSD USB Audio, Kyua: An introduction for NetBSD users, Keeping backup ZFS on Linux kernel modules around, CLI Tools 235x Faster than Hadoop, FreeBSD Laptop Battery Life Status Command, and more.

Err codemadness.org 70 i 2343 Err codemadness.org 70 i 2344

NOTES
Err codemadness.org 70 i 2345 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 2346 Err codemadness.org 70 i 2347

Headlines

Err codemadness.org 70 i 2348 Err codemadness.org 70 i 2349

FreeBSD USB Audio

Err codemadness.org 70 i 2350 Err codemadness.org 70 i 2351

Err codemadness.org 70 i 2352
I recently got a Behringer UMC22 sound card for video conferencing and DJing. This page documents what I’ve learned about using this sound card, and USB audio in general, on FreeBSD.
Err codemadness.org 70 i 2353 tl;dr: Everything works as long as the sound card follows the USB audio device class specification.
Err codemadness.org 70 i 2354 Err codemadness.org 70 i 2355
Err codemadness.org 70 i 2356 Err codemadness.org 70 i 2357
Kyua: An introduction for NetBSD users
Err codemadness.org 70 i 2358 Err codemadness.org 70 i 2359
Kyua's current goal is to reimplement only the ATF tools while maintaining backwards compatibility with the tests written with the ATF libraries (i.e. with the NetBSD test suite).
Err codemadness.org 70 i 2360 Because Kyua is a replacement of some ATF components, the end goal is to integrate Kyua into the NetBSD base system (just as ATF is) and remove the deprecated ATF components. Removing the deprecated components will allow us to make the above-mentioned improvements to Kyua, as well as many others, without having to deal with the obsolete ATF code base. Discussing how and when this transition might happen is out of the scope of this document at the moment.
Err codemadness.org 70 i 2361 Err codemadness.org 70 i 2362
Err codemadness.org 70 i 2363

Err codemadness.org 70 i 2364 Err codemadness.org 70 i 2365

News Roundup

Err codemadness.org 70 i 2366 Err codemadness.org 70 i 2367

Keeping backup ZFS on Linux kernel modules around

Err codemadness.org 70 i 2368 Err codemadness.org 70 i 2369

Err codemadness.org 70 i 2370
I'm a long term user of ZFS on Linux and over pretty much all of the time I've used it, I've built it from the latest development version. Generally this means I update my ZoL build at the same time as I update my Fedora kernel, since a ZoL update requires a kernel reboot anyway. This is a little bit daring, of course, although the ZoL development version has generally been quite solid (and this way I get the latest features and improvements long before I otherwise would).
Err codemadness.org 70 i 2371 Err codemadness.org 70 i 2372
Err codemadness.org 70 i 2373

Err codemadness.org 70 i 2374 Err codemadness.org 70 i 2375

Command-line Tools can be 235x Faster than your Hadoop Cluster

Err codemadness.org 70 i 2376 Err codemadness.org 70 i 2377

Err codemadness.org 70 i 2378
As I was browsing the web and catching up on some sites I visit periodically, I found a cool article from Tom Hayden about using Amazon Elastic Map Reduce (EMR) and mrjob in order to compute some statistics on win/loss ratios for chess games he downloaded from the millionbase archive, and generally have fun with EMR. Since the data volume was only about 1.75GB containing around 2 million chess games, I was skeptical of using Hadoop for the task, but I can understand his goal of learning and having fun with mrjob and EMR. Since the problem is basically just to look at the result lines of each file and aggregate the different results, it seems ideally suited to stream processing with shell commands. I tried this out, and for the same amount of data I was able to use my laptop to get the results in about 12 seconds (processing speed of about 270MB/sec), while the Hadoop processing took about 26 minutes (processing speed of about 1.14MB/sec).
Err codemadness.org 70 i 2379

Err codemadness.org 70 i 2380 Err codemadness.org 70 i 2381

Err codemadness.org 70 i 2382 Err codemadness.org 70 i 2383

FreeBSD Laptop Find Out Battery Life Status Command

Err codemadness.org 70 i 2384 Err codemadness.org 70 i 2385

Err codemadness.org 70 i 2386
I know how to find out battery life status using Linux operating system. How do I monitor battery status on a laptop running FreeBSD version 9.x/10.x/11.x/12.x?
Err codemadness.org 70 i 2387 You can use any one of the following commands to get battery status under FreeBSD laptop including remaining battery life and more.
Err codemadness.org 70 i 2388 Err codemadness.org 70 i 2389
Err codemadness.org 70 i 2390

Err codemadness.org 70 i 2391 Err codemadness.org 70 i 2392

Beastie Bits

Err codemadness.org 70 i 2393 Err codemadness.org 70 i 2394

BSD Beer
Err codemadness.org 70 i 2395 Awk for JSON
Err codemadness.org 70 i 2396 Drawing Pictures The Unix Way - with pic and troff
Err codemadness.org 70 i 2397 Refactoring the FreeBSD Kernel with Checked C

Err codemadness.org 70 i 2398 Err codemadness.org 70 i 2399

Err codemadness.org 70 i 2400 Err codemadness.org 70 i 2401

Tarsnap

Err codemadness.org 70 i 2402 Err codemadness.org 70 i 2403

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 2406 Err codemadness.org 70 i 2407

Feedback/Questions

Err codemadness.org 70 i 2408 Err codemadness.org 70 i 2409

Jason - German Locales
pcwizz - Router Style Device
predrag - OpenBSD Router Hardware Err codemadness.org 70 i 2413 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 2415 ***

]]> Err codemadness.org 70 i 2417

364: FreeBSD Wireless Grind

Allan Jude — Thu, 20 Aug 2020 04:00:00 -0700

Err codemadness.org 70 i 2547 FreeBSD Qt WebEngine GPU Acceleration, the grind of FreeBSD’s wireless stack, thoughts on overlooking Illumos's syseventadm, when Unix learned to reboot, New EXT2/3/4 File-System driver in DragonflyBSD, and more.

Err codemadness.org 70 i 2548 Err codemadness.org 70 i 2549

NOTES
Err codemadness.org 70 i 2550 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 2551 Err codemadness.org 70 i 2552

Headlines

Err codemadness.org 70 i 2553 Err codemadness.org 70 i 2554

FreeBSD Qt WebEngine GPU Acceleration

Err codemadness.org 70 i 2555 Err codemadness.org 70 i 2556

Err codemadness.org 70 i 2557
FreeBSD has a handful of Qt WebEngine-based browsers. Falkon, and Otter-Browser, and qutebrowser and probably others, too. All of them can run into issues on FreeBSD with GPU-accelerated rendering not working. Let’s look at some of the workarounds.
Err codemadness.org 70 i 2558

Err codemadness.org 70 i 2559 Err codemadness.org 70 i 2560

Err codemadness.org 70 i 2561 Err codemadness.org 70 i 2562

NetBSD on the Nanopi Neo2

Err codemadness.org 70 i 2563 Err codemadness.org 70 i 2564

Err codemadness.org 70 i 2565
The NanoPi NEO2 from FriendlyARM has been serving me well since 2018, being my test machine for OpenBSD/arm64 related things.
Err codemadness.org 70 i 2566 As NetBSD/evbarm finally gained support for AArch64 in NetBSD 9.0, released back in February, I decided to give it a try on this device. The board only has 512MB of RAM, and this is where NetBSD really shines. Things have become a lot easier since jmcneill@ now provides bootable ARM images for a variety of devices, including the NanoPi NEO2.
Err codemadness.org 70 i 2567

Err codemadness.org 70 i 2568 Err codemadness.org 70 i 2569

Err codemadness.org 70 i 2570 Err codemadness.org 70 i 2571

I'm back into the grind of FreeBSD's wireless stack and 802.11ac

Err codemadness.org 70 i 2572 Err codemadness.org 70 i 2573

Err codemadness.org 70 i 2574
Yes, it's been a while since I posted here and yes, it's been a while since I was actively working on FreeBSD's wireless stack. Life's been .. well, life. I started the ath10k port in 2015. I wasn't expecting it to take 5 years, but here we are. My life has changed quite a lot since 2015 and a lot of the things I was doing in 2015 just stopped being fun for a while.
Err codemadness.org 70 i 2575 But the stars have aligned and it's fun again, so here I am.
Err codemadness.org 70 i 2576

Err codemadness.org 70 i 2577 Err codemadness.org 70 i 2578

Err codemadness.org 70 i 2579 Err codemadness.org 70 i 2580

News Roundup

Err codemadness.org 70 i 2581 Err codemadness.org 70 i 2582

Some thoughts on us overlooking Illumos's syseventadm

Err codemadness.org 70 i 2583 Err codemadness.org 70 i 2584

Err codemadness.org 70 i 2585
In a comment on my praise of ZFS on Linux's ZFS event daemon, Joshua M. Clulow noted that Illumos (and thus OmniOS) has an equivalent in syseventadm, which dates back to Solaris. I hadn't previously known about syseventadm, despite having run Solaris fileservers and OmniOS fileservers for the better part of a decade, and that gives me some tangled feelings.
Err codemadness.org 70 i 2586

Err codemadness.org 70 i 2587 Err codemadness.org 70 i 2588

Err codemadness.org 70 i 2589 Err codemadness.org 70 i 2590

When Unix learned to reboot

Err codemadness.org 70 i 2591 Err codemadness.org 70 i 2592

Err codemadness.org 70 i 2593
Recently, a friend asked me the history of halt, and when did we have to stop with the sync / sync / sync dance before running halt or reboot. The two are related, it turns out.
Err codemadness.org 70 i 2594

Err codemadness.org 70 i 2595 Err codemadness.org 70 i 2596

Err codemadness.org 70 i 2597 Err codemadness.org 70 i 2598

DragonFlyBSD Lands New EXT2/3/4 File-System Driver

Err codemadness.org 70 i 2599 Err codemadness.org 70 i 2600

Err codemadness.org 70 i 2601
While DragonFlyBSD has its own, original HAMMER2 file-system, for those needing to access data from EXT2/EXT3/EXT4 file-systems, there is a brand new "ext2fs" driver implementation for this BSD operating system.
Err codemadness.org 70 i 2602 DragonFlyBSD has long offered an EXT2 file-system driver (that also handles EXT3 and EXT4) while hitting their Git tree this week is a new version. The new sys/vfs/ext2fs driver, which will ultimately replace their existing sys/gnu/vfs/ext2fs driver is based on a port from FreeBSD code. As such, this driver is BSD licensed rather than GPL. But besides the more liberal license to jive with the BSD world, this new driver has various feature/functionality improvements over the prior version. However, there are some known bugs so for the time being both file-system drivers will co-exist.
Err codemadness.org 70 i 2603

Err codemadness.org 70 i 2604 Err codemadness.org 70 i 2605

Err codemadness.org 70 i 2606 Err codemadness.org 70 i 2607

Beastie Bits

Err codemadness.org 70 i 2608 Err codemadness.org 70 i 2609

LibreOffice 7.0 call for testing
More touchpad support

Err codemadness.org 70 i 2613 Err codemadness.org 70 i 2614

Err codemadness.org 70 i 2615 Err codemadness.org 70 i 2616

Tarsnap

Err codemadness.org 70 i 2617 Err codemadness.org 70 i 2618

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 2621 Err codemadness.org 70 i 2622

Feedback/Questions

Err codemadness.org 70 i 2623 Err codemadness.org 70 i 2624

Casey - openbsd wirewall
Err codemadness.org 70 i 2625 Daryl - zfs
Err codemadness.org 70 i 2626 Raymond - hpe microserver

Err codemadness.org 70 i 2627 Err codemadness.org 70 i 2628

Err codemadness.org 70 i 2629 Err codemadness.org 70 i 2630

- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 2632 ***

]]> Err codemadness.org 70 i 2634

363: Traditional Unix toolchains

Allan Jude — Thu, 13 Aug 2020 04:00:00 -0700

Err codemadness.org 70 i 2773 FreeBSD Q2 Quarterly Status report of 2020, Traditional Unix Toolchains, BastilleBSD 0.7 released, Finding meltdown on DragonflyBSD, and more

Err codemadness.org 70 i 2774 Err codemadness.org 70 i 2775

NOTES
Err codemadness.org 70 i 2776 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 2777 Err codemadness.org 70 i 2778

Headlines

Err codemadness.org 70 i 2779 Err codemadness.org 70 i 2780

FreeBSD Quarterly Report

Err codemadness.org 70 i 2781 Err codemadness.org 70 i 2782

Err codemadness.org 70 i 2783
This report will be covering FreeBSD related projects between April and June, and covers a diverse set of topics ranging from kernel updates over userland and ports, as well to third-party work.
Err codemadness.org 70 i 2784 Some highlights picked with the roll of a d100 include, but are not limited to, the ability to forcibly unmounting UFS when the underlying media becomes inaccessible, added preliminary support for Bluetooth Low Energy, a introduction to the FreeBSD Office Hours, and a repository of software collections called potluck to be installed with the pot utility, as well as many many more things.
Err codemadness.org 70 i 2785 As a little treat, readers can also get a rare report from the quarterly team.
Err codemadness.org 70 i 2786 Finally, on behalf of the quarterly team, I would like to extend my deepest appreciation and thank you to salvadore@, who decided to take down his shingle. His contributions not just the quarterly reports themselves, but also the surrounding tooling to many-fold ease the work, are immeasurable.
Err codemadness.org 70 i 2787 Err codemadness.org 70 i 2788
Err codemadness.org 70 i 2789

Err codemadness.org 70 i 2790 Err codemadness.org 70 i 2791

Traditional Unix Toolchains

Err codemadness.org 70 i 2792 Err codemadness.org 70 i 2793

Err codemadness.org 70 i 2794
Older Unix systems tend to be fairly uniform in how they handle the so-called 'toolchain' for creating binaries. This blog will give a quick overview of the toolchain pipeline for Unix systems that follow the V7 tradition (which evolved along with Unix, a topic for a separate blog maybe).
Err codemadness.org 70 i 2795 Unix is a pipeline based system, either physically or logically. One program takes input, process the data and produces output. The input and output have some interface they obey, usually text-based. The Unix toolchain is no different.
Err codemadness.org 70 i 2796 Err codemadness.org 70 i 2797
Err codemadness.org 70 i 2798

Err codemadness.org 70 i 2799 Err codemadness.org 70 i 2800

News Roundup

Err codemadness.org 70 i 2801 Err codemadness.org 70 i 2802

Bastille Day 2020 : v0.7 released

Err codemadness.org 70 i 2803 Err codemadness.org 70 i 2804

Err codemadness.org 70 i 2805
This release matures the project from 0.6.x -> 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.
Err codemadness.org 70 i 2806 Err codemadness.org 70 i 2807
Err codemadness.org 70 i 2808

Err codemadness.org 70 i 2809 Err codemadness.org 70 i 2810

Beastie Bits

Err codemadness.org 70 i 2811 Err codemadness.org 70 i 2812

Finding meltdown on DragonFly
NetBSD Server Outage Err codemadness.org 70 i 2815 ***

Err codemadness.org 70 i 2817 Err codemadness.org 70 i 2818

Tarsnap

Err codemadness.org 70 i 2819 Err codemadness.org 70 i 2820

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 2823 Err codemadness.org 70 i 2824

Feedback/Questions

Err codemadness.org 70 i 2825 Err codemadness.org 70 i 2826

Vincent - Gnome 3 question
Malcolm - ZFS question
Hassan - Video question Err codemadness.org 70 i 2830 Err codemadness.org 70 i 2831
- For those that watch on youtube, don’t forget to subscribe to our new YouTube Channel if you want updates when we post them on YT

Err codemadness.org 70 i 2835 Err codemadness.org 70 i 2836

Err codemadness.org 70 i 2837 Err codemadness.org 70 i 2838

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 2840 ***

]]> Err codemadness.org 70 i 2842

362: 2.11-BSD restoration

Allan Jude — Thu, 06 Aug 2020 05:00:00 -0700

Err codemadness.org 70 i 2942 Interview with Warner Losh about Unix history, the 2.11-BSD restoration project, the Unix heritage society, proper booting, and what devmatch is.

Err codemadness.org 70 i 2943 Err codemadness.org 70 i 2944

Interview - Warner Losh - imp@freebsd.org / @bsdimp

Err codemadness.org 70 i 2945 Err codemadness.org 70 i 2946

BSD 2.11 restoration project

Err codemadness.org 70 i 2947 Err codemadness.org 70 i 2948

Tarsnap

Err codemadness.org 70 i 2949 Err codemadness.org 70 i 2950

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 2953 Err codemadness.org 70 i 2954

Special Guest: Warner Losh.

]]> Err codemadness.org 70 i 2956

361: Function-based MicroVM

Allan Jude — Thu, 30 Jul 2020 04:00:00 -0700

Err codemadness.org 70 i 3029 Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.

Err codemadness.org 70 i 3030 Err codemadness.org 70 i 3031

NOTES
Err codemadness.org 70 i 3032 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 3033 Err codemadness.org 70 i 3034

Headlines

Err codemadness.org 70 i 3035 Err codemadness.org 70 i 3036

Emulex: The Cheapest 10gbe for Your Homelab

Err codemadness.org 70 i 3037 Err codemadness.org 70 i 3038

Err codemadness.org 70 i 3039
Years ago, the hunt for the cheapest 10gbe NICs resulted in buying Mellanox ConnectX-2 single-port 10gbe network cards from eBay for around $10. Nowadays those cards have increased in cost to around $20-30. While still cheap, not quite the cheapest. There are now alternatives!
Err codemadness.org 70 i 3040 Before diving into details, let’s get something very clear. If you want the absolute simplest plug-and-play 10gbe LAN for your homelab, pay the extra for Mellanox. If you’re willing to go hands-on, do some simple manual configuration and installation, read on for my experiences with Emulex 10gbe NICs.
Err codemadness.org 70 i 3041 Emulex NICs can often be had for around $15 on eBay, sometimes even cheaper. I recently picked up a set of 4 of these cards, which came bundled with 6 SFP+ 10g-SR modules for a grand total of $47.48. Considering I can usually find SFP+ modules for about $5/ea, these alone were worth $30.
Err codemadness.org 70 i 3042 Err codemadness.org 70 i 3043
Err codemadness.org 70 i 3044
I have also tried some Solarflare cards that I found cheap, they work ok, but are pickier about optics, and tend to be focused on low-latency, so often don’t manage to saturate the full 10 gbps, topping out around 8 gbps.
Err codemadness.org 70 i 3045
I have been using fs.com for optics, patch cables, and DACs. I find DACs are usually cheaper if you are just going between a server and a switch in the same rack, or direct between 2 servers. Err codemadness.org 70 i 3046 ***
Err codemadness.org 70 i 3047
Err codemadness.org 70 i 3048

Err codemadness.org 70 i 3049 Err codemadness.org 70 i 3050

In Search of 2.11BSD, as released

Err codemadness.org 70 i 3051 Err codemadness.org 70 i 3052

Err codemadness.org 70 i 3053
Almost all of the BSD releases have been well preserved. If you want to find 1BSD, or 2BSD or 4.3-TAHOE BSD you can find them online with little fuss. However, if you search for 2.11BSD, you'll find it easily enough, but it won't be the original. You'll find either the latest patched version (2.11BSD pl 469), or one of the earlier popular version (pl 430 is popular). You can even find the RetroBSD project which used 2.11BSD as a starting point to create systems for tiny mips-based PIC controllers. You'll find every single patch that's been issued for the system.
Err codemadness.org 70 i 3054 Err codemadness.org 70 i 3055
Err codemadness.org 70 i 3056

Err codemadness.org 70 i 3057 Err codemadness.org 70 i 3058

News Roundup

Err codemadness.org 70 i 3059 Err codemadness.org 70 i 3060

Fakecracker: NetBSD as a Function Based MicroVM

Err codemadness.org 70 i 3061 Err codemadness.org 70 i 3062

Err codemadness.org 70 i 3063
In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.
Err codemadness.org 70 i 3064 If you want to learn more on Firecracker‘s internals, here’s a very well put article.
Err codemadness.org 70 i 3065 Err codemadness.org 70 i 3066
Err codemadness.org 70 i 3067

Err codemadness.org 70 i 3068 Err codemadness.org 70 i 3069

First powerpc64 snapshots available for OpenBSD

Err codemadness.org 70 i 3070 Err codemadness.org 70 i 3071

Err codemadness.org 70 i 3072
Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.
Err codemadness.org 70 i 3073 So, if you have a POWER9 system idling around, go to your nearest mirror and fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.
Err codemadness.org 70 i 3074 Err codemadness.org 70 i 3075
Err codemadness.org 70 i 3076

Err codemadness.org 70 i 3077 Err codemadness.org 70 i 3078

OPNsense 20.1.8 released

Err codemadness.org 70 i 3079 Err codemadness.org 70 i 3080

Err codemadness.org 70 i 3081
Sorry about the delay while we chased a race condition in the updates back to an issue with the latest FreeBSD package manager updates. For now we reverted to our current version but all relevant third party packages have been updated as updates became available over the last weeks, e.g. cURL and Python, and hostapd / wpa_supplicant amongst others.
Err codemadness.org 70 i 3082 Err codemadness.org 70 i 3083
Err codemadness.org 70 i 3084

Err codemadness.org 70 i 3085 Err codemadness.org 70 i 3086

Beastie Bits

Err codemadness.org 70 i 3087 Err codemadness.org 70 i 3088

Old School Disk Partitioning
Nomad BSD 1.3.2 Released
Chai-Fi

Err codemadness.org 70 i 3093 Err codemadness.org 70 i 3094

Err codemadness.org 70 i 3095 Err codemadness.org 70 i 3096

Tarsnap

Err codemadness.org 70 i 3097 Err codemadness.org 70 i 3098

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 3101 Err codemadness.org 70 i 3102

Feedback/Questions

Err codemadness.org 70 i 3103 Err codemadness.org 70 i 3104

Poojan - ZFS Question
graceon - supermicro
zenbum - groff

Err codemadness.org 70 i 3109 Err codemadness.org 70 i 3110

Err codemadness.org 70 i 3111 Err codemadness.org 70 i 3112

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 3114 ***

Special Guest: Warner Losh.

]]> Err codemadness.org 70 i 3116

360: Full circle

Allan Jude — Thu, 23 Jul 2020 05:00:00 -0700

Err codemadness.org 70 i 3275 Chasing a bad commit, New FreeBSD Core Team elected, Getting Started with NetBSD on the Pinebook Pro, FreeBSD on the Intel 10th Gen i3 NUC, pf table size check and change, and more.

Err codemadness.org 70 i 3276 Err codemadness.org 70 i 3277

NOTES
Err codemadness.org 70 i 3278 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 3279 Err codemadness.org 70 i 3280

Headlines

Err codemadness.org 70 i 3281 Err codemadness.org 70 i 3282

Chasing a bad commit

Err codemadness.org 70 i 3283 Err codemadness.org 70 i 3284

Err codemadness.org 70 i 3285
While working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.
Err codemadness.org 70 i 3286 We are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.
Err codemadness.org 70 i 3287

Err codemadness.org 70 i 3288 Err codemadness.org 70 i 3289

Err codemadness.org 70 i 3290 Err codemadness.org 70 i 3291

New FreeBSD Core Team Elected

Err codemadness.org 70 i 3292 Err codemadness.org 70 i 3293

Err codemadness.org 70 i 3294
The FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!
Err codemadness.org 70 i 3295

Err codemadness.org 70 i 3296 Err codemadness.org 70 i 3297

Baptiste Daroussin (bapt)
Ed Maste (emaste)
George V. Neville-Neil (gnn)
Hiroki Sato (hrs)
Kyle Evans (kevans)
Mark Johnston (markj)
Scott Long (scottl)
Sean Chittenden (seanc)
Warner Losh (imp) Err codemadness.org 70 i 3307 ***

Err codemadness.org 70 i 3309 Err codemadness.org 70 i 3310

News Roundup

Err codemadness.org 70 i 3311 Err codemadness.org 70 i 3312

Getting Started with NetBSD on the Pinebook Pro

Err codemadness.org 70 i 3313 Err codemadness.org 70 i 3314

Err codemadness.org 70 i 3315
If you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!
Err codemadness.org 70 i 3316 The easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.
Err codemadness.org 70 i 3317 Err codemadness.org 70 i 3318
Err codemadness.org 70 i 3319
A FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: https://twitter.com/kernelnomicon/status/1282790609778905088 Err codemadness.org 70 i 3320 ***
Err codemadness.org 70 i 3321
Err codemadness.org 70 i 3322

Err codemadness.org 70 i 3323 Err codemadness.org 70 i 3324

FreeBSD on the Intel 10th Gen i3 NUC

Err codemadness.org 70 i 3325 Err codemadness.org 70 i 3326

Err codemadness.org 70 i 3327
I have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.
Err codemadness.org 70 i 3328

Err codemadness.org 70 i 3329 Err codemadness.org 70 i 3330

Err codemadness.org 70 i 3331 Err codemadness.org 70 i 3332

pf table size check and change

Err codemadness.org 70 i 3333 Err codemadness.org 70 i 3334

Err codemadness.org 70 i 3335
Did you know there’s a default size limit to pf’s state table? I did not, but it makes sense that there is one. If for some reason you bump into this limit (difficult for home use, I’d think), here’s how you change it
Err codemadness.org 70 i 3336 There is a table-entries limit specified, you can see current settings with
Err codemadness.org 70 i 3337 'pfctl -s all'. You can adjust the limits in the /etc/pf.conf file
Err codemadness.org 70 i 3338 containing the rules with a line like this near the top:
Err codemadness.org 70 i 3339 set limit table-entries 100000
Err codemadness.org 70 i 3340 Err codemadness.org 70 i 3341
Err codemadness.org 70 i 3342
In the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for. Err codemadness.org 70 i 3343 ***
Err codemadness.org 70 i 3344
Err codemadness.org 70 i 3345

Err codemadness.org 70 i 3346 Err codemadness.org 70 i 3347

Beastie Bits

Err codemadness.org 70 i 3348 Err codemadness.org 70 i 3349

tmux and bhyve
Azure and FreeBSD
Groff Tutorial Err codemadness.org 70 i 3353 *** Err codemadness.org 70 i 3354 ###Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Err codemadness.org 70 i 3356 Tarsnap Mastery

Err codemadness.org 70 i 3358 Err codemadness.org 70 i 3359

Feedback/Questions

Err codemadness.org 70 i 3360 Err codemadness.org 70 i 3361

Chris - ZFS Question
Patrick - Tarsnap
Pin - pkgsrc Err codemadness.org 70 i 3365 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 3367 ***

]]> Err codemadness.org 70 i 3369

359: Throwaway Browser

Allan Jude — Thu, 16 Jul 2020 04:00:00 -0700

Err codemadness.org 70 i 3515 Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.

Err codemadness.org 70 i 3516 Err codemadness.org 70 i 3517

NOTES
Err codemadness.org 70 i 3518 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 3519 Err codemadness.org 70 i 3520

Headlines

Err codemadness.org 70 i 3521 Err codemadness.org 70 i 3522

Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes

Err codemadness.org 70 i 3523 Err codemadness.org 70 i 3524

Err codemadness.org 70 i 3525
pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).
Err codemadness.org 70 i 3526

Err codemadness.org 70 i 3527 Err codemadness.org 70 i 3528

Err codemadness.org 70 i 3529 Err codemadness.org 70 i 3530

OpenBSD guest with bhyve - OmniOS

Err codemadness.org 70 i 3531 Err codemadness.org 70 i 3532

Err codemadness.org 70 i 3533
Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.
Err codemadness.org 70 i 3534 This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.
Err codemadness.org 70 i 3535

Err codemadness.org 70 i 3536 Err codemadness.org 70 i 3537

Err codemadness.org 70 i 3538 Err codemadness.org 70 i 3539

News Roundup

Err codemadness.org 70 i 3540 Err codemadness.org 70 i 3541

BSD versus Linux distribution development

Err codemadness.org 70 i 3542 Err codemadness.org 70 i 3543

Err codemadness.org 70 i 3544
Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?
Err codemadness.org 70 i 3545 DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.
Err codemadness.org 70 i 3546 Err codemadness.org 70 i 3547
Err codemadness.org 70 i 3548 Err codemadness.org 70 i 3549
My FreeBSD Laptop Build
Err codemadness.org 70 i 3550 Err codemadness.org 70 i 3551
I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.
Err codemadness.org 70 i 3552 So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.
Err codemadness.org 70 i 3553 Err codemadness.org 70 i 3554
Err codemadness.org 70 i 3555 Err codemadness.org 70 i 3556
FreeBSD CURRENT Binary Upgrades
Err codemadness.org 70 i 3557 Err codemadness.org 70 i 3558
Err codemadness.org 70 i 3559
Disclaimer Err codemadness.org 70 i 3560 This proof-of-concept is not a publication of FreeBSD.
Err codemadness.org 70 i 3561
Description Err codemadness.org 70 i 3562 up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.
Err codemadness.org 70 i 3563
Err codemadness.org 70 i 3564

Err codemadness.org 70 i 3565 Err codemadness.org 70 i 3566

Err codemadness.org 70 i 3567 Err codemadness.org 70 i 3568

Tarsnap

Err codemadness.org 70 i 3569 Err codemadness.org 70 i 3570

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 3573 Err codemadness.org 70 i 3574

Feedback/Questions

Err codemadness.org 70 i 3575 Err codemadness.org 70 i 3576

Karl - pfsense
Val - esxi question
lars - openbsd router hardware
Err codemadness.org 70 i 3580 Err codemadness.org 70 i 3581
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 3583 Err codemadness.org 70 i 3584

]]> Err codemadness.org 70 i 3586

358: OpenBSD Kubernetes Clusters

Allan Jude — Thu, 09 Jul 2020 06:00:00 -0700

Err codemadness.org 70 i 3710 Yubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more

Err codemadness.org 70 i 3711 Err codemadness.org 70 i 3712

NOTES
Err codemadness.org 70 i 3713 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 3714 Err codemadness.org 70 i 3715

Headlines

Err codemadness.org 70 i 3716 Err codemadness.org 70 i 3717

yubikey-agent on FreeBSD

Err codemadness.org 70 i 3718 Err codemadness.org 70 i 3719

Err codemadness.org 70 i 3720
Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some hacking to make it work but overall it wasn’t hard. Following is the roadmap on how to get it set up on FreeBSD. The actual details depend on your system (as you will see)
Err codemadness.org 70 i 3721 Err codemadness.org 70 i 3722
Err codemadness.org 70 i 3723

Err codemadness.org 70 i 3724 Err codemadness.org 70 i 3725

Manage Kubernetes clusters from OpenBSD

Err codemadness.org 70 i 3726 Err codemadness.org 70 i 3727

Err codemadness.org 70 i 3728
This should work with OpenBSD 6.7. I write this while the source tree is locked for release, so even if I use -current this is as close as -current gets to -release
Err codemadness.org 70 i 3729 Update 2020-06-05: we now have a port for kubectl. So, at least in -current things get a bit easier.
Err codemadness.org 70 i 3730 Err codemadness.org 70 i 3731
Err codemadness.org 70 i 3732

Err codemadness.org 70 i 3733 Err codemadness.org 70 i 3734

News Roundup

Err codemadness.org 70 i 3735 Err codemadness.org 70 i 3736

History of FreeBSD Part 1: Unix and BSD

Err codemadness.org 70 i 3737 Err codemadness.org 70 i 3738

Err codemadness.org 70 i 3739
FreeBSD, a free and open-source Unix-like operating system has been around since 1993. However, its origins are directly linked to that of BSD, and further back, those of Unix. During this History of FreeBSD series, we will talk about how Unix came to be, and how Berkeley’s Unix developed at Bell Labs.
Err codemadness.org 70 i 3740 Err codemadness.org 70 i 3741
Err codemadness.org 70 i 3742

Err codemadness.org 70 i 3743 Err codemadness.org 70 i 3744

Running Jitsi-Meet in a FreeBSD Jail

Err codemadness.org 70 i 3745 Err codemadness.org 70 i 3746

Err codemadness.org 70 i 3747
Due to the situation with COVID-19 that also lead to people being confined to their homes in South Africa as well, we decided to provide a (freely usable of course) Jitsi Meet instance to the community being hosted in South Africa on our FreeBSD environment.
Err codemadness.org 70 i 3748 That way, communities in South Africa and beyond have a free alternative to the commercial conferencing solutions with sometimes dubious security and privacy histories and at the same time improved user experience due to the lower latency of local hosting.
Err codemadness.org 70 i 3749 Err codemadness.org 70 i 3750
Err codemadness.org 70 i 3751
Grafana for Jitsi-Meet Err codemadness.org 70 i 3752 ***
Err codemadness.org 70 i 3753
Err codemadness.org 70 i 3754

Err codemadness.org 70 i 3755 Err codemadness.org 70 i 3756

Command Line Bug Hunting in FreeBSD

Err codemadness.org 70 i 3757 Err codemadness.org 70 i 3758

Err codemadness.org 70 i 3759
FreeBSD uses bugzilla for tracking bugs, taking feature requests, regressions and issues in the Operating System. The web interface for bugzilla is okay, but if you want to do a lot of batch operations it is slow to deal with. We are planning to run a bugsquash on July 11th and that really needs some tooling to help any hackers that show up process the giant bug list we have.
Err codemadness.org 70 i 3760 Err codemadness.org 70 i 3761
Err codemadness.org 70 i 3762

Err codemadness.org 70 i 3763 Err codemadness.org 70 i 3764

Beastie Bits

Err codemadness.org 70 i 3765 Err codemadness.org 70 i 3766

Game of Github
+ Wireguard official merged into OpenBSD Err codemadness.org 70 i 3769 ***

Err codemadness.org 70 i 3771 Err codemadness.org 70 i 3772

Tarsnap

Err codemadness.org 70 i 3773 Err codemadness.org 70 i 3774

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 3777 Err codemadness.org 70 i 3778

Feedback/Questions

Err codemadness.org 70 i 3779 Err codemadness.org 70 i 3780

Florian : Lua for $HOME
Kevin : FreeBSD Source Question
Tom : HomeLabs
Err codemadness.org 70 i 3784 Err codemadness.org 70 i 3785
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 3787 Err codemadness.org 70 i 3788

]]> Err codemadness.org 70 i 3790

357: Study the Code

Allan Jude — Thu, 02 Jul 2020 04:00:00 -0700

Err codemadness.org 70 i 3923 OpenBSD 6.7 on PC Engines, NetBSD code study, DRM Update on OpenBSD, Booting FreeBSD on HPE Microserver SATA port, 3 ways to multiboot, and more.

Err codemadness.org 70 i 3924 Err codemadness.org 70 i 3925

NOTES
Err codemadness.org 70 i 3926 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 3927 Err codemadness.org 70 i 3928

Headlines

Err codemadness.org 70 i 3929 Err codemadness.org 70 i 3930

OpenBSD 6.7 on PC Engines APU4D4

Err codemadness.org 70 i 3931 Err codemadness.org 70 i 3932

Err codemadness.org 70 i 3933
I just got myself a PC Engines APU4D4. I miss an OpenBSD box providing home services. It’s quite simple to install and run OpenBSD on this machine. And you can even update the BIOS from OpenBSD.
Err codemadness.org 70 i 3934 Err codemadness.org 70 i 3935
Err codemadness.org 70 i 3936 Err codemadness.org 70 i 3937
NetBSD code study
Err codemadness.org 70 i 3938 Err codemadness.org 70 i 3939
Err codemadness.org 70 i 3940

Err codemadness.org 70 i 3941 Err codemadness.org 70 i 3942

News Roundup

Err codemadness.org 70 i 3943 Err codemadness.org 70 i 3944

Booting FreeBSD off the HPE MicroServer Gen8 ODD SATA port

Err codemadness.org 70 i 3945 Err codemadness.org 70 i 3946

Err codemadness.org 70 i 3947
My small homelab post generated a ton of questions and comments, most of them specific to running FreeBSD on the HP MicroServer. I’ll try and answer these over the coming week.
Err codemadness.org 70 i 3948 Josh Paxton emailed to ask how I got FreeBSD booting on it, given the unconventional booting limitations of the hardware. I thought I wrote about it a few years ago, but maybe it’s on my proverbial draft heap. If you’re impatient, the script is in my lunchbox.
Err codemadness.org 70 i 3949 Err codemadness.org 70 i 3950
Err codemadness.org 70 i 3951

Err codemadness.org 70 i 3952 Err codemadness.org 70 i 3953

3 ways to multiboot

Err codemadness.org 70 i 3954 Err codemadness.org 70 i 3955

Err codemadness.org 70 i 3956
multiboot installation of a BSD system with other operating systems
Err codemadness.org 70 i 3957 (OSs) on UEFI hardware is not officially supported by any of the
Err codemadness.org 70 i 3958 popular
Err codemadness.org 70 i 3959 Err codemadness.org 70 i 3960
Err codemadness.org 70 i 3961

Err codemadness.org 70 i 3962 Err codemadness.org 70 i 3963

Beastie Bits

Err codemadness.org 70 i 3964 Err codemadness.org 70 i 3965

pfSense2.4.5-Release-p1 now available
BSDCan 2020 TomSmyth - OpenBSD And OpenBGPD As ISP Controlplane
OpenBSD DRM Update Err codemadness.org 70 i 3969 *** Err codemadness.org 70 i 3970 ###Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 3973 Err codemadness.org 70 i 3974

Feedback/Questions

Err codemadness.org 70 i 3975 Err codemadness.org 70 i 3976

James - Apple T2
Michael - Jordyns ZFS Question
Err codemadness.org 70 i 3979 Err codemadness.org 70 i 3980
- Note from JT
Rob - FreeBSD Freindly Registrar

Err codemadness.org 70 i 3985 Err codemadness.org 70 i 3986

Err codemadness.org 70 i 3987 Err codemadness.org 70 i 3988

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 3990 ***

]]> Err codemadness.org 70 i 3992

356: Dig in Deeper

Allan Jude — Thu, 25 Jun 2020 04:00:00 -0700

Err codemadness.org 70 i 4116 TrueNAS is Multi-OS, Encrypted ZFS on NetBSD, FreeBSD’s new Code of Conduct, Gaming on OpenBSD, dig a little deeper, Hammer2 and periodic snapshots, and more.

Err codemadness.org 70 i 4117 Err codemadness.org 70 i 4118

NOTES
Err codemadness.org 70 i 4119 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 4120 Err codemadness.org 70 i 4121

Headlines

Err codemadness.org 70 i 4122 Err codemadness.org 70 i 4123

TrueNAS is Multi-OS

Err codemadness.org 70 i 4124 Err codemadness.org 70 i 4125

Err codemadness.org 70 i 4126
There was a time in history where all that mattered was an Operating System (OS) and the hardware it ran on — the “pre-software era”, if you will. Your hardware dictated the OS you used.
Err codemadness.org 70 i 4127 Once software applications became prominent, your hardware’s OS determined the applications you could run. Application vendors were forced to juggle the burden of “portability” between OS platforms, choosing carefully the operating systems they’d develop their software to. Then, there were the great OS Wars of the 1990s, replete with the rampant competition, licensing battles, and nasty lawsuits, which more or less gave birth to the “open source OS” era.
Err codemadness.org 70 i 4128 The advent of the hypervisor simultaneously gave way to the “virtual era” which set us on a path of agnosticism toward the OS. Instead of choosing from the applications available for your chosen OS, you could simply install another OS on the same hardware for your chosen application. The OS became nothing but a necessary cog in the stack.
Err codemadness.org 70 i 4129 TrueNAS open storage enables this “post-OS era” with support for storage clients of all UNIX flavors, Linux, FreeBSD, Windows, MacOS, VMware, Citrix, and many others. Containerization has carried that mentality even further. An operating system, like the hardware that runs it, is now just thought of as part of the “infrastructure”.
Err codemadness.org 70 i 4130 Err codemadness.org 70 i 4131
Err codemadness.org 70 i 4132 Err codemadness.org 70 i 4133
Encrypted ZFS on NetBSD 9.0, for a FreeBSD guy
Err codemadness.org 70 i 4134 Err codemadness.org 70 i 4135
I had one of my other HP Microservers brought back from the office last week to help with this working-from-home world we’re in right now. I was going to wipe an old version of Debian Wheezy/Xen and install FreeBSD to mirror my other machines before thinking: why not NetBSD?
Err codemadness.org 70 i 4136 Err codemadness.org 70 i 4137
Err codemadness.org 70 i 4138

Err codemadness.org 70 i 4139 Err codemadness.org 70 i 4140

News Roundup

Err codemadness.org 70 i 4141 Err codemadness.org 70 i 4142

FreeBSD's New Code of Conduct

Err codemadness.org 70 i 4143 Err codemadness.org 70 i 4144

FreeBSD Announcement Email

Err codemadness.org 70 i 4147 Err codemadness.org 70 i 4148

Err codemadness.org 70 i 4149 Err codemadness.org 70 i 4150

Gaming on OpenBSD

Err codemadness.org 70 i 4151 Err codemadness.org 70 i 4152

Err codemadness.org 70 i 4153
While no one would expect this, there are huge efforts from a small team to bring more games into OpenBSD. In fact, now some commercial games works natively now, thanks to Mono or Java. There are no wine or linux emulation layer in OpenBSD.
Err codemadness.org 70 i 4154 Here is a small list of most well known games that run on OpenBSD:
Err codemadness.org 70 i 4155 Err codemadness.org 70 i 4156
Err codemadness.org 70 i 4157 Err codemadness.org 70 i 4158
'dig' a little deeper
Err codemadness.org 70 i 4159 Err codemadness.org 70 i 4160
I knew the existence of the dig command but didn't exactly know when and how to use it. Then, just recently I encountered an issue that allowed me to learn and make use of it.
Err codemadness.org 70 i 4161 Err codemadness.org 70 i 4162
Err codemadness.org 70 i 4163 Err codemadness.org 70 i 4164
HAMMER2 and periodic snapshots
Err codemadness.org 70 i 4165 Err codemadness.org 70 i 4166
The first version of HAMMER took automatic snapshots, set within the config for each filesystem. HAMMER2 now also takes automatic snapshots, via periodic(8) like most every repeating task on your DragonFly system.
Err codemadness.org 70 i 4167 Err codemadness.org 70 i 4168
Err codemadness.org 70 i 4169
git: Implement periodic hammer2 snapshots Err codemadness.org 70 i 4170 ***
Err codemadness.org 70 i 4171
Err codemadness.org 70 i 4172

Err codemadness.org 70 i 4173 Err codemadness.org 70 i 4174

Tarsnap

Err codemadness.org 70 i 4175 Err codemadness.org 70 i 4176

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 4179 Err codemadness.org 70 i 4180

Feedback/Questions

Err codemadness.org 70 i 4181 Err codemadness.org 70 i 4182

Cy - OpenSSL relicensing
Christian - lagg vlans and iocage
Brad - SMR Err codemadness.org 70 i 4186 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 4188 ***

]]> Err codemadness.org 70 i 4190

355: Man Page Origins

Allan Jude — Thu, 18 Jun 2020 04:00:00 -0700

Err codemadness.org 70 i 4322 Upgrading OpenBSD, Where do Unix man pages come from?, Help for NetBSD’s VAX port, FreeBSD on Dell Latitude 7390, PFS Tool changes in DragonflyBSD, and more.

Err codemadness.org 70 i 4323 Err codemadness.org 70 i 4324

NOTES
Err codemadness.org 70 i 4325 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 4326 Err codemadness.org 70 i 4327

Headlines

Err codemadness.org 70 i 4328 Err codemadness.org 70 i 4329

How to Upgrade OpenBSD and Build a Kernel

Err codemadness.org 70 i 4330 Err codemadness.org 70 i 4331

Err codemadness.org 70 i 4332
Let's see how to upgrade your OpenBSD system. Maybe you are doing this because the latest release just came out. If so, this is pretty simple: back up your data, boot from install media, and select "Upgrade" instead of "Install". But maybe the latest release has been out for a few months. Why would we go through the trouble of building and installing a new kernel or other core system components? Maybe some patches have been released to improve system security or stability. It is pretty easy to build and install a kernel on OpenBSD, easier and simpler in many ways than it is on Linux.
Err codemadness.org 70 i 4333

Err codemadness.org 70 i 4334 Err codemadness.org 70 i 4335

Err codemadness.org 70 i 4336 Err codemadness.org 70 i 4337

The History of man pages

Err codemadness.org 70 i 4338 Err codemadness.org 70 i 4339

Err codemadness.org 70 i 4340
Where do UNIX manpages come from? Who introduced the section-based layout of NAME, SYNOPSIS, and so on? And for manpage authors: where were those economical two- and three-letter instructions developed?
Err codemadness.org 70 i 4341 Err codemadness.org 70 i 4342
Err codemadness.org 70 i 4343

Err codemadness.org 70 i 4344 Err codemadness.org 70 i 4345

VAX port needs help

Err codemadness.org 70 i 4346 Err codemadness.org 70 i 4347

Err codemadness.org 70 i 4348
The VAX is the oldest machine architecture still supported by NetBSD.
Err codemadness.org 70 i 4349 Unfortunately there is another challenge, totally outside of NetBSD, but affecting the VAX port big time: the compiler support for VAX is ... let's say sub-optimal. It is also risking to be dropped completely by gcc upstream.
Err codemadness.org 70 i 4350 Now here is where people can help: there is a bounty campaign to finance a gcc hacker to fix the hardest and most immediate issue with gcc for VAX. Without this being resolved, gcc will drop support for VAX in a near future version.
Err codemadness.org 70 i 4351 Err codemadness.org 70 i 4352
Err codemadness.org 70 i 4353

Err codemadness.org 70 i 4354 Err codemadness.org 70 i 4355

My new FreeBSD Laptop: Dell Latitude 7390

Err codemadness.org 70 i 4356 Err codemadness.org 70 i 4357

Err codemadness.org 70 i 4358
As a FreeBSD developer, I make a point of using FreeBSD whenever I can — including on the desktop. I've been running FreeBSD on laptops since 2004; this hasn't always been easy, but over the years I've found that the situation has generally been improving. One of the things we still lack is adequate documentation, however — so I'm writing this to provide an example for users and also Google bait in case anyone runs into some of the problems I had to address.
Err codemadness.org 70 i 4359 Err codemadness.org 70 i 4360
Err codemadness.org 70 i 4361

Err codemadness.org 70 i 4362 Err codemadness.org 70 i 4363

PFS tool changes in DragonFly

Err codemadness.org 70 i 4364 Err codemadness.org 70 i 4365

Err codemadness.org 70 i 4366
HAMMER2 just became a little more DWIM: the pfs-list and pfs-delete directives will now look across all mounted filesystems, not just the current directory’s mount path. pfs-delete won’t delete any filesystem name that appears in more than one place, though
Err codemadness.org 70 i 4367 Err codemadness.org 70 i 4368
Err codemadness.org 70 i 4369
git: hammer2 - Enhance pfs-list and pfs-delete Err codemadness.org 70 i 4370 Enhance pfs-list to list PFSs available across all mounted hammer2 filesystems instead of just the current directory's mount. A specific mount may be specified via -s mountpt. Err codemadness.org 70 i 4371 Enhance pfs-delete to look for the PFS name across all mounted hammer2 filesystems instead of just the current directory's mount. Err codemadness.org 70 i 4372 As a safety, pfs-delete will refuse to delete PFS names which are duplicated across multiple mounts. A specific mount may be specified via -s mountpt.
Err codemadness.org 70 i 4373
Err codemadness.org 70 i 4374

Err codemadness.org 70 i 4375 Err codemadness.org 70 i 4376

Err codemadness.org 70 i 4377 Err codemadness.org 70 i 4378

Beastie Bits

Err codemadness.org 70 i 4379 Err codemadness.org 70 i 4380

BastilleBSD Templates
Tianocore update
Reminder: FreeBSD Office Hours on June 24, 2020 Err codemadness.org 70 i 4384 *** Err codemadness.org 70 i 4385 ###Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 4388 Err codemadness.org 70 i 4389

Feedback/Questions

Err codemadness.org 70 i 4390 Err codemadness.org 70 i 4391

Niclas - Regarding the Lenovo E595 user from Episode 340
Erik - What happened with the video
Igor - Boot Environments Err codemadness.org 70 i 4395 ***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 4397 ***

]]> Err codemadness.org 70 i 4399

354: ZFS safekeeps data

Allan Jude — Thu, 11 Jun 2020 04:00:00 -0700

Err codemadness.org 70 i 4529 FreeBSD 11.4-RC 2 available, OpenBSD 6.7 on a PineBook Pro 64, How OpenZFS Keeps Your Data Safe, Bringing FreeBSD to EC2, FreeBSD 2020 Community Survey, and more.

Err codemadness.org 70 i 4530 Err codemadness.org 70 i 4531

NOTES
Err codemadness.org 70 i 4532 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 4533 Err codemadness.org 70 i 4534

Headlines

Err codemadness.org 70 i 4535 Err codemadness.org 70 i 4536

FreeBSD 11.4-RC2 Now Available

Err codemadness.org 70 i 4537 Err codemadness.org 70 i 4538

Err codemadness.org 70 i 4539
The second RC build of the 11.4-RELEASE release cycle is now available.
Err codemadness.org 70 i 4540 Err codemadness.org 70 i 4541
Err codemadness.org 70 i 4542
11.4-RELEASE notes (still in progress at the time of recording) Err codemadness.org 70 i 4543 ***
Err codemadness.org 70 i 4544
Err codemadness.org 70 i 4545

Err codemadness.org 70 i 4546 Err codemadness.org 70 i 4547

Install OpenBSD 6.7-current on a PineBook Pro 64

Err codemadness.org 70 i 4548 Err codemadness.org 70 i 4549

Err codemadness.org 70 i 4550
This document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.
Err codemadness.org 70 i 4551 Err codemadness.org 70 i 4552
Err codemadness.org 70 i 4553

Err codemadness.org 70 i 4554 Err codemadness.org 70 i 4555

News Roundup

Err codemadness.org 70 i 4556 Err codemadness.org 70 i 4557

Understanding How OpenZFS Keeps Your Data Safe

Err codemadness.org 70 i 4558 Err codemadness.org 70 i 4559

Err codemadness.org 70 i 4560
Veteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few.
Err codemadness.org 70 i 4561 Err codemadness.org 70 i 4562
Err codemadness.org 70 i 4563

Err codemadness.org 70 i 4564 Err codemadness.org 70 i 4565

Bringing FreeBSD to ec2

Err codemadness.org 70 i 4566 Err codemadness.org 70 i 4567

Err codemadness.org 70 i 4568
Colin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX "tar" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.
Err codemadness.org 70 i 4569 Err codemadness.org 70 i 4570
Err codemadness.org 70 i 4571

Err codemadness.org 70 i 4572 Err codemadness.org 70 i 4573

FreeBSD 2020 Community Survey

Err codemadness.org 70 i 4574 Err codemadness.org 70 i 4575

Err codemadness.org 70 i 4576
The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts. This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.
Err codemadness.org 70 i 4577 The survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).
Err codemadness.org 70 i 4578 Err codemadness.org 70 i 4579
Err codemadness.org 70 i 4580

Err codemadness.org 70 i 4581 Err codemadness.org 70 i 4582

Beastie Bits

Err codemadness.org 70 i 4583 Err codemadness.org 70 i 4584

FreeBSD Project Proposals
TJ Hacking
Scotland Open Source podcast
Next FreeBSD Office Hours on June 24, 2020 Err codemadness.org 70 i 4589 ***

Err codemadness.org 70 i 4591 Err codemadness.org 70 i 4592

Feedback/Questions

Err codemadness.org 70 i 4593 Err codemadness.org 70 i 4594

Tom - Writing for LPIrstudio
Luke - rstudio
Matt - Vlans and Jails
Morgan - Can I get some commentary on this issue
Err codemadness.org 70 i 4599 Err codemadness.org 70 i 4600
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 4602 Err codemadness.org 70 i 4603

353: ZFS on Ironwolf

Allan Jude — Thu, 04 Jun 2020 08:00:00 -0700

Err codemadness.org 70 i 4730 Scheduling in NetBSD, ZFS vs. RAID on Ironwolf disks, OpenBSD on Microsoft Surface Go 2, FreeBSD for Linux sysadmins, FreeBSD on Lenovo T480, and more.

Err codemadness.org 70 i 4731 Err codemadness.org 70 i 4732

NOTES
Err codemadness.org 70 i 4733 This episode of BSDNow is brought to you by Tarsnap

Err codemadness.org 70 i 4734 Err codemadness.org 70 i 4735

Headlines

Err codemadness.org 70 i 4736 Err codemadness.org 70 i 4737

Scheduling in NetBSD – Part 1

Err codemadness.org 70 i 4738 Err codemadness.org 70 i 4739

Err codemadness.org 70 i 4740
In this blog, we will discuss about the 4.4BSD Thread scheduler one of the two schedulers in NetBSD and a few OS APIs that can be used to control the schedulers and get information while executing.
Err codemadness.org 70 i 4741

Err codemadness.org 70 i 4742 Err codemadness.org 70 i 4743

Err codemadness.org 70 i 4744 Err codemadness.org 70 i 4745

ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner

Err codemadness.org 70 i 4746 Err codemadness.org 70 i 4747

Err codemadness.org 70 i 4748
This has been a long while in the making—it's test results time. To truly understand the fundamentals of computer storage, it's important to explore the impact of various conventional RAID (Redundant Array of Inexpensive Disks) topologies on performance. It's also important to understand what ZFS is and how it works. But at some point, people (particularly computer enthusiasts on the Internet) want numbers.
Err codemadness.org 70 i 4749

Err codemadness.org 70 i 4750 Err codemadness.org 70 i 4751

If you want to hear more from Jim, he has a new bi-weekly podcast with Allan and Joe Ressington over at 2.5admins.com

Err codemadness.org 70 i 4754 Err codemadness.org 70 i 4755

Err codemadness.org 70 i 4756 Err codemadness.org 70 i 4757

News Roundup

Err codemadness.org 70 i 4758 Err codemadness.org 70 i 4759

OpenBSD on the Microsoft Surface Go 2

Err codemadness.org 70 i 4760 Err codemadness.org 70 i 4761

Err codemadness.org 70 i 4762
I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter.
Err codemadness.org 70 i 4763

Err codemadness.org 70 i 4764 Err codemadness.org 70 i 4765

Err codemadness.org 70 i 4766 Err codemadness.org 70 i 4767

FreeBSD UNIX for Linux sysadmins

Err codemadness.org 70 i 4768 Err codemadness.org 70 i 4769

Err codemadness.org 70 i 4770
If you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences.
Err codemadness.org 70 i 4771 While there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.
Err codemadness.org 70 i 4772 Following installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.
Err codemadness.org 70 i 4773

Err codemadness.org 70 i 4774 Err codemadness.org 70 i 4775

Err codemadness.org 70 i 4776 Err codemadness.org 70 i 4777

FreeBSD on the Lenovo Thinkpad T480

Err codemadness.org 70 i 4778 Err codemadness.org 70 i 4779

Err codemadness.org 70 i 4780
Recently I replaced my 2014 MacBook Air with a Lenovo Thinkpad T480, on which I've installed FreeBSD, currently 12.1-RELEASE. This page documents my set-up along with various configuration tweaks and fixes.
Err codemadness.org 70 i 4781

Err codemadness.org 70 i 4782 Err codemadness.org 70 i 4783

Err codemadness.org 70 i 4784 Err codemadness.org 70 i 4785

Tarsnap

Err codemadness.org 70 i 4786 Err codemadness.org 70 i 4787

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Err codemadness.org 70 i 4790 Err codemadness.org 70 i 4791

Err codemadness.org 70 i 4792 Err codemadness.org 70 i 4793

Feedback/Questions

Err codemadness.org 70 i 4794 Err codemadness.org 70 i 4795

Benjamin - ZFS Question
Brad - swap_pager_getswapspace errors
Brandon - gaming

Err codemadness.org 70 i 4800 Err codemadness.org 70 i 4801

Err codemadness.org 70 i 4802 Err codemadness.org 70 i 4803

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 4806 Err codemadness.org 70 i 4807

352: Introducing Randomness

Allan Jude — Thu, 28 May 2020 05:00:00 -0700

Err codemadness.org 70 i 4940 A brief introduction to randomness, logs grinding netatalk to a halt, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.

Err codemadness.org 70 i 4941 Err codemadness.org 70 i 4942

Headlines

Err codemadness.org 70 i 4943 Err codemadness.org 70 i 4944

Entropy

Err codemadness.org 70 i 4945 Err codemadness.org 70 i 4946

Err codemadness.org 70 i 4947
Err codemadness.org 70 i 4948
A brief introduction to randomness
Err codemadness.org 70 i 4949
Err codemadness.org 70 i 4950

Err codemadness.org 70 i 4951 Err codemadness.org 70 i 4952

Problem: Computers are very predictable. This is by design.

Err codemadness.org 70 i 4955 Err codemadness.org 70 i 4956

Err codemadness.org 70 i 4957
But what if we want them to act unpredictably? This is very useful if we want to secure our private communications with randomized keys, or not let people cheat at video games, or if we're doing statistical simulations or similar.
Err codemadness.org 70 i 4958

Err codemadness.org 70 i 4959 Err codemadness.org 70 i 4960

Err codemadness.org 70 i 4961 Err codemadness.org 70 i 4962

Logs grinding Netatalk on FreeBSD to a hault

Err codemadness.org 70 i 4963 Err codemadness.org 70 i 4964

Err codemadness.org 70 i 4965
Err codemadness.org 70 i 4966
I’ve heard it said the cobbler’s children walk barefoot. While posessing the qualities of a famed financial investment strategy, it speaks to how we generally put more effort into things for others than ourselves; at least in business.
Err codemadness.org 70 i 4967 The HP Microserver I share with Clara is a modest affair compared to what we run at work. It has six spinning rust drives and two SSDs which are ZFS-mirrored; not even in a RAID 10 equivalent. This is underlaid with GELI for encryption, and served to our Macs with Netatalk over gigabit Ethernet with jumbo frames.
Err codemadness.org 70 i 4968
Err codemadness.org 70 i 4969

Err codemadness.org 70 i 4970 Err codemadness.org 70 i 4971

Err codemadness.org 70 i 4972 Err codemadness.org 70 i 4973

News Roundup

Err codemadness.org 70 i 4974 Err codemadness.org 70 i 4975

NetBSD Core Team Changes

Err codemadness.org 70 i 4976 Err codemadness.org 70 i 4977

Err codemadness.org 70 i 4978
Matt Thomas (matt@) has served on the NetBSD core team for over ten years, and has made many contributions, including ELF functionality, being the long-time VAX maintainer, gcc contributor, the generic pmap, and also networking functionality, and platform bring-up over the years. Matt has stepped down from the NetBSD core team, and we thank him for his many, extensive contributions.
Err codemadness.org 70 i 4979 Robert Elz (kre@), a long time BSD contributor, has kindly accepted the offer to join the core team, and help us out with the benefit of his experience and advice over many years. Amongst other things, Robert has been maintaining our shell, liaising with the Austin Group, and bringing it up to date with modern functionality.
Err codemadness.org 70 i 4980 Err codemadness.org 70 i 4981
Err codemadness.org 70 i 4982

Err codemadness.org 70 i 4983 Err codemadness.org 70 i 4984

Using qemu guest agent on OpenBSD kvm/qemu guests

Err codemadness.org 70 i 4985 Err codemadness.org 70 i 4986

Err codemadness.org 70 i 4987
In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests.
Err codemadness.org 70 i 4988

Err codemadness.org 70 i 4989 Err codemadness.org 70 i 4990

Err codemadness.org 70 i 4991 Err codemadness.org 70 i 4992

WireGuard patchset for OpenBSD

Err codemadness.org 70 i 4993 Err codemadness.org 70 i 4994

Err codemadness.org 70 i 4995
A while ago I wanted to learn more about OpenBSD development. So I picked a project, in this case WireGuard, to develop a native client for. Over the last two years, with many different iterations, and working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started to become a serious project eventually reaching parity with other official implementations. Finally, we are here and I think it is time for any further development to happen inside the src tree.
Err codemadness.org 70 i 4996 Err codemadness.org 70 i 4997
Err codemadness.org 70 i 4998

Err codemadness.org 70 i 4999 Err codemadness.org 70 i 5000

FreeBSD 12.1 on a laptop

Err codemadness.org 70 i 5001 Err codemadness.org 70 i 5002

Err codemadness.org 70 i 5003
I’m using FreeBSD again on a laptop for some reasons so expect to read more about FreeBSD here. This tutorial explain how to get a graphical desktop using FreeBSD 12.1.
Err codemadness.org 70 i 5004 Err codemadness.org 70 i 5005
Err codemadness.org 70 i 5006

Err codemadness.org 70 i 5007 Err codemadness.org 70 i 5008

Beastie Bits

Err codemadness.org 70 i 5009 Err codemadness.org 70 i 5010

List of useful FreeBSD Commands
Master Your Network With Unix Command Line Tools
Original Unix containers aka FreeBSD jails
Flashback : 2003 Article : Bill Joy's greatest gift to man – the vi editor
FreeBSD Journal March/April 2020 Filesystems: ZFS Encryption, FUSE, and more, plus Network Bridges
HAMBug meeting will be online again in June, so those from all over the world are welcome to join, June 9th (2nd Tuesday of each month) at 18:30 Eastern

Err codemadness.org 70 i 5018 Err codemadness.org 70 i 5019

Err codemadness.org 70 i 5020 Err codemadness.org 70 i 5021

Feedback/Questions

Err codemadness.org 70 i 5022 Err codemadness.org 70 i 5023

+ Lyubomir - GELI and ZFS
Patrick - powerd and powerd++

Err codemadness.org 70 i 5027 Err codemadness.org 70 i 5028

Err codemadness.org 70 i 5029 Err codemadness.org 70 i 5030

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 5033 Err codemadness.org 70 i 5034

]]> Err codemadness.org 70 i 5035

351: Heaven: OpenBSD 6.7

Allan Jude — Thu, 21 May 2020 05:00:00 -0700

Err codemadness.org 70 i 5181 Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.

Err codemadness.org 70 i 5182 Err codemadness.org 70 i 5183

Headlines

Err codemadness.org 70 i 5184 Err codemadness.org 70 i 5185

Backup and Restore on NetBSD

Err codemadness.org 70 i 5186 Err codemadness.org 70 i 5187

Err codemadness.org 70 i 5188
Putting together the bits and pieces of a backup and restore concept, while not being rocket science, always seems to be a little bit ungrateful. Most Admin Handbooks handle this topic only within few pages. After replacing my old Mac Mini's OS by NetBSD, I tried to implement an automated backup, allowing me to handle it similarly to the time machine backups I've been using before. Suggestions on how to improve are always welcome.
Err codemadness.org 70 i 5189

Err codemadness.org 70 i 5190 Err codemadness.org 70 i 5191

Err codemadness.org 70 i 5192 Err codemadness.org 70 i 5193

BSD Release: OpenBSD 6.7

Err codemadness.org 70 i 5194 Err codemadness.org 70 i 5195

Err codemadness.org 70 i 5196
The OpenBSD project produces and operating system which places focus on portability, standardisation, code correctness, proactive security and integrated cryptography. The project's latest release is OpenBSD 6.7 which introduces several new improvements to the cron scheduling daemon, improvements to the web server daemon, and the top command now offers scrollable output. These and many more changes can be found in the project's release announcement: "This is a partial list of new features and systems included in OpenBSD 6.7. For a comprehensive list, see the changelog leading to 6.7. General improvements and bugfixes: Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk with bioctl(8) from 7 to 15. This can be used to create more partitions than previously. Rewrote the cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the 'options' field in crontab(5) to 'flags'. Added crontab(5) -s flag to the command field, indicating that only a single instance of the job should run concurrently. Added cron(8) support for random time values using the ~ operator. Allowed cwm(1) configuration of window size based on percentage of the master window during horizontal and vertical tiling actions."
Err codemadness.org 70 i 5197

Err codemadness.org 70 i 5198 Err codemadness.org 70 i 5199

Release Announcement
Release Notes

Err codemadness.org 70 i 5203 Err codemadness.org 70 i 5204

Err codemadness.org 70 i 5205 Err codemadness.org 70 i 5206

News Roundup

Err codemadness.org 70 i 5207 Err codemadness.org 70 i 5208

Building a WireGuard Jail with the FreeBSD's Standard Tools

Err codemadness.org 70 i 5209 Err codemadness.org 70 i 5210

Err codemadness.org 70 i 5211
Recently, I had an opportunity to build a WireGuard jail on a FreeBSD 12.1 host.
Err codemadness.org 70 i 5212 As it was really quick and easy to setup and it has been working completely fine for a month, I’d like to share my experience with anyone interested in this topic.
Err codemadness.org 70 i 5213

Err codemadness.org 70 i 5214 Err codemadness.org 70 i 5215

Err codemadness.org 70 i 5216 Err codemadness.org 70 i 5217

The Unix divide over who gets to chown things, and (disk space) quotas

Err codemadness.org 70 i 5218 Err codemadness.org 70 i 5219

Err codemadness.org 70 i 5220
One of the famous big splits between the BSD Unix world and the System V world is whether ordinary users can use chown (the command and the system call) to give away their own files. In System V derived Unixes you were generally allowed to; in BSD derived Unixes you weren't. Until I looked it up now to make sure, I thought that BSD changed this behavior from V7 and that V7 had an unrestricted chown. However, this turns out to be wrong; in V7 Unix, chown(2) was restricted to root only.
Err codemadness.org 70 i 5221

Err codemadness.org 70 i 5222 Err codemadness.org 70 i 5223

Err codemadness.org 70 i 5224 Err codemadness.org 70 i 5225

You Can Influence the TrueNAS CORE Roadmap!

Err codemadness.org 70 i 5226 Err codemadness.org 70 i 5227

Err codemadness.org 70 i 5228
As many of you know, we’ve historically had three ticket types available in our tracker: Bugs, Features, and Improvements, which are all fairly self-explanatory. After some discussion internally, we’ve decided to implement a new type of ticket, a “Suggestion”. These will be replacing Feature and Improvement requests for the TrueNAS Community, simplifying things down to two options: Bugs and Suggestions. This change also introduces a slightly different workflow than before.
Err codemadness.org 70 i 5229 Err codemadness.org 70 i 5230
Err codemadness.org 70 i 5231

Err codemadness.org 70 i 5232 Err codemadness.org 70 i 5233

Beastie Bits

Err codemadness.org 70 i 5234 Err codemadness.org 70 i 5235

FreeNAS Spare Parts Build: Testing ZFS With Imbalanced VDEVs and Mismatched Drives
TLSv1.3 server code enabled in LibreSSL in -current
Interview with Deb Goodkin Err codemadness.org 70 i 5239 ***

Err codemadness.org 70 i 5241 Err codemadness.org 70 i 5242

Feedback/Questions

Err codemadness.org 70 i 5243 Err codemadness.org 70 i 5244

Bostjan - WireGaurd
Chad - ZFS Pool Design
Pedreo - Scale FreeBSD Jails
Err codemadness.org 70 i 5248 Err codemadness.org 70 i 5249
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 5252 Err codemadness.org 70 i 5253

]]> Err codemadness.org 70 i 5254

350: Speedy Bridges

Allan Jude — Thu, 14 May 2020 05:00:00 -0700

Err codemadness.org 70 i 5381 5x if_bridge Performance Improvement, How Unix Won, Understanding VLAN Configuration on FreeBSD, Using bhyve PCI passthrough on OmniOS, TrueNAS 11.3-U2 Available, and more.

Err codemadness.org 70 i 5382 Err codemadness.org 70 i 5383

Headlines

Err codemadness.org 70 i 5384 Err codemadness.org 70 i 5385

5x if_bridge Performance Improvement

Err codemadness.org 70 i 5386 Err codemadness.org 70 i 5387

Err codemadness.org 70 i 5388
With FreeBSD Foundation grant, Kristof Provost harnesses new parallel techniques to uncork performance bottleneck
Err codemadness.org 70 i 5389 Err codemadness.org 70 i 5390
Err codemadness.org 70 i 5391
Kristof also streamed some of his work, providing an interesting insight into how such development work happens
Err codemadness.org 70 i 5392
> https://www.twitch.tv/provostk/videos Err codemadness.org 70 i 5393 ***
Err codemadness.org 70 i 5394
Err codemadness.org 70 i 5395

Err codemadness.org 70 i 5396 Err codemadness.org 70 i 5397

How Unix Won

Err codemadness.org 70 i 5398 Err codemadness.org 70 i 5399

+> Unix has won in every conceivable way. And in true mythic style, it contains the seeds of its own eclipse. This is my subjective historical narrative of how that happened.

Err codemadness.org 70 i 5400 Err codemadness.org 70 i 5401

Err codemadness.org 70 i 5402
I’m using the name “Unix” to include the entire family of operating systems descended from it, or that have been heavily influenced by it. That includes Linux, SunOS, Solaris, BSD, Mac OS X, and many, many others.
Err codemadness.org 70 i 5403 Both major mobile OSs, Android and iOS, have Unix roots. Their billions of users dwarf those using clunky things like laptops and desktops, but even there, Windows is only the non-Unix viable OS. Almost everything running server-side in giant datacenters is Linux.
Err codemadness.org 70 i 5404 How did Unix win?
Err codemadness.org 70 i 5405 Err codemadness.org 70 i 5406
Err codemadness.org 70 i 5407

Err codemadness.org 70 i 5408 Err codemadness.org 70 i 5409

News Roundup

Err codemadness.org 70 i 5410 Err codemadness.org 70 i 5411

Check logs of central syslog-ng log host on FreeBSD

Err codemadness.org 70 i 5412 Err codemadness.org 70 i 5413

Err codemadness.org 70 i 5414
This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!
Err codemadness.org 70 i 5415 Err codemadness.org 70 i 5416
Err codemadness.org 70 i 5417

Err codemadness.org 70 i 5418 Err codemadness.org 70 i 5419

Understanding VLAN Configuration on FreeBSD

Err codemadness.org 70 i 5420 Err codemadness.org 70 i 5421

Err codemadness.org 70 i 5422
Until recently, I’ve never had a chance to use VLANs on FreeBSD hosts, though I sometimes configure them on ethernet switches.
Err codemadness.org 70 i 5423 But when I was playing with vnet jails, I suddenly got interested in VLAN configuration on FreeBSD and experimented with it for some time.
Err codemadness.org 70 i 5424 I wrote this short article to summarize my current understanding of how to configure VLANs on FreeBSD.
Err codemadness.org 70 i 5425 Err codemadness.org 70 i 5426
Err codemadness.org 70 i 5427

Err codemadness.org 70 i 5428 Err codemadness.org 70 i 5429

Using bhyve PCI passthrough on OmniOS

Err codemadness.org 70 i 5430 Err codemadness.org 70 i 5431

Err codemadness.org 70 i 5432
Some hardware is not supported in illumos yet, but luckily there is bhyve which supports pci passthrough to any guest operating system. To continue with my OmniOS desktop on "modern" hardware I would love wifi support, so why not using a bhyve guest as router zone which provide the required drivers?
Err codemadness.org 70 i 5433 Err codemadness.org 70 i 5434
Err codemadness.org 70 i 5435

Err codemadness.org 70 i 5436 Err codemadness.org 70 i 5437

TrueNAS 11.3-U2 is Generally Available

Err codemadness.org 70 i 5438 Err codemadness.org 70 i 5439

Err codemadness.org 70 i 5440
TrueNAS 11.3-U2.1 is generally available as of 4/22/2020. This update is based on FreeNAS 11.3-U2 which has had over 50k deployments and received excellent community and third party reviews. The Release Notes are available on the iXsystems.com website.
Err codemadness.org 70 i 5441 Err codemadness.org 70 i 5442
Err codemadness.org 70 i 5443

Err codemadness.org 70 i 5444 Err codemadness.org 70 i 5445

Beastie Bits

Err codemadness.org 70 i 5446 Err codemadness.org 70 i 5447

HardenedBSD April 2020 Status Report
Err codemadness.org 70 i 5448 NYC Bug’s Mailing List - Listing of open Dev Jobs

Err codemadness.org 70 i 5449 Err codemadness.org 70 i 5450

Err codemadness.org 70 i 5451 Err codemadness.org 70 i 5452

Feedback/Questions

Err codemadness.org 70 i 5453 Err codemadness.org 70 i 5454

Greg - Lenovo
Matt - BSD Packaging
Morgan - Performance
Err codemadness.org 70 i 5458 Err codemadness.org 70 i 5459
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Err codemadness.org 70 i 5461 Err codemadness.org 70 i 5462

]]> Err codemadness.org 70 i 5464

349: Entropy Overhaul

Allan Jude — Thu, 07 May 2020 05:00:00 -0700

Err codemadness.org 70 i 5603 Encrypted Crash Dumps in FreeBSD, Time on Unix, Improve ZVOL sync write performance with a taskq, central log host with syslog-ng, NetBSD Entropy overhaul, Setting Up NetBSD Kernel Dev Environment, and more.

Err codemadness.org 70 i 5604 Err codemadness.org 70 i 5605

Headlines

Err codemadness.org 70 i 5606 Err codemadness.org 70 i 5607

EKCD - Encrypted Crash Dumps in FreeBSD

Err codemadness.org 70 i 5608 Err codemadness.org 70 i 5609

Err codemadness.org 70 i 5610
Some time ago, I was describing how to configure networking crash dumps. In that post, I mentioned that there is also the possibility to encrypt crash dumps. Today we will look into this functionality. Initially, it was implemented during Google Summer of Code 2013 by my friend Konrad Witaszczyk, who made it available in FreeBSD 12. If you can understand Polish, you can also look into his presentation on BSD-PL on which he gave a comprehensive review of all kernel crash dumps features.
Err codemadness.org 70 i 5611 Err codemadness.org 70 i 5612
The main issue with crash dumps is that they may include sensitive information available in memory during a crash. They will contain all the data from the kernel and the userland, like passwords, private keys, etc. While dumping them, they are written to unencrypted storage, so if somebody took out the hard drive, they could access sensitive data. If you are sending a crash dump through the network, it may be captured by third parties. Locally the data are written directly to a dump device, skipping the GEOM subsystem. The purpose of that is to allow a kernel to write a crash dump even in case a panic occurs in the GEOM subsystem. It means that a crash dump cannot be automatically encrypted with GELI.
Err codemadness.org 70 i 5613

Err codemadness.org 70 i 5614 Err codemadness.org 70 i 5615

Err codemadness.org 70 i 5616 Err codemadness.org 70 i 5617

Time on Unix

Err codemadness.org 70 i 5618 Err codemadness.org 70 i 5619

Err codemadness.org 70 i 5620
Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keeping track of it is important for many activities we do.
Err codemadness.org 70 i 5621 Err codemadness.org 70 i 5622
Over millennia we’ve developed different ways to calculate it. Most prominently, we’ve relied on the position the sun appears to be at in the sky, what is called apparent solar time.
Err codemadness.org 70 i 5623 Err codemadness.org 70 i 5624
We’ve decided to split it as seasons pass, counting one full cycle of the 4 seasons as a year, a full rotation around the sun. We’ve also divided the passing of light to the lack thereof as days, a rotation of the earth on itself. Moving on to more precise clock divisions such as seconds, minutes, and hours, units that meant different things at different points in history. Ultimately, as travel got faster, the different ways of counting time that evolved in multiple places had to converge. People had to agree on what it all meant.
Err codemadness.org 70 i 5625

Err codemadness.org 70 i 5626 Err codemadness.org 70 i 5627

See the article for more

Err codemadness.org 70 i 5628 Err codemadness.org 70 i 5629

Err codemadness.org 70 i 5630 Err codemadness.org 70 i 5631

News Roundup

Err codemadness.org 70 i 5632 Err codemadness.org 70 i 5633

Improve ZVOL sync write performance by using a taskq

Err codemadness.org 70 i 5634 Err codemadness.org 70 i 5635

Err codemadness.org 70 i 5636 Err codemadness.org 70 i 5637

A central log host with syslog-ng on FreeBSD - Part 1

Err codemadness.org 70 i 5638 Err codemadness.org 70 i 5639

Err codemadness.org 70 i 5640
syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.
Err codemadness.org 70 i 5641

Err codemadness.org 70 i 5642 Err codemadness.org 70 i 5643

Err codemadness.org 70 i 5644 Err codemadness.org 70 i 5645

HEADS UP: NetBSD Entropy Overhaul

Err codemadness.org 70 i 5646 Err codemadness.org 70 i 5647

Err codemadness.org 70 i 5648
This week I committed an overhaul of the kernel entropy system. Please let me know if you observe any snags! For the technical background, see the thread on tech-kern a few months ago: https://mail-index.NetBSD.org/tech-kern/2019/12/21/msg025876.html.
Err codemadness.org 70 i 5649

Err codemadness.org 70 i 5650 Err codemadness.org 70 i 5651

Err codemadness.org 70 i 5652 Err codemadness.org 70 i 5653

Setting Up NetBSD Kernel Dev Environment

Err codemadness.org 70 i 5654 Err codemadness.org 70 i 5655

Err codemadness.org 70 i 5656
I used T_PAGEFLT’s blog post as a reference for setting my NetBSD kernel development environment since his website is down I’m putting down the steps here so it would be helpful for starters.
Err codemadness.org 70 i 5657

Err codemadness.org 70 i 5658 Err codemadness.org 70 i 5659

Err codemadness.org 70 i 5660 Err codemadness.org 70 i 5661

Beastie Bits

Err codemadness.org 70 i 5662 Err codemadness.org 70 i 5663

You can now use ccache to speed up dsynth even more.
Improving libossaudio, and the future of OSS in NetBSD
DragonFlyBSD DHCPCD Import dhcpcd-9.0.2 with the following changes
Reminder: watch this space for upcoming FreeBSD Office Hours, next is May 13th at 2pm Eastern, 18:00 UTC

Err codemadness.org 70 i 5669 Err codemadness.org 70 i 5670

Err codemadness.org 70 i 5671 Err codemadness.org 70 i 5672

Feedback/Questions

Err codemadness.org 70 i 5673 Err codemadness.org 70 i 5674

Ghislain - ZFS Question
Jake - Paypal Donations
Oswin - Hammer tutorial

Err codemadness.org 70 i 5679 Err codemadness.org 70 i 5680

Err codemadness.org 70 i 5681 Err codemadness.org 70 i 5682

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 5685 Err codemadness.org 70 i 5686

Err codemadness.org 70 i 5687 Err codemadness.org 70 i 5688 Err codemadness.org 70 i 5689 Err codemadness.org 70 i 5690 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 5691 ]]> Err codemadness.org 70 i 5692

348: BSD Community Collections

Allan Jude — Thu, 30 Apr 2020 05:00:00 -0700

Err codemadness.org 70 i 5858 FuryBSD 2020Q2 Images Available, Technical reasons to choose FreeBSD over GNU/Linux, Ars technica reviews GhostBSD, “TLS Mastery” sponsorships open, BSD community show their various collections, a tale of OpenBSD secure memory allocator internals, learn to stop worrying and love SSDs, and more.

Err codemadness.org 70 i 5859 Err codemadness.org 70 i 5860

Headlines

Err codemadness.org 70 i 5861 Err codemadness.org 70 i 5862

FuryBSD 2020Q2 Images Available for XFCE and KDE

Err codemadness.org 70 i 5863 Err codemadness.org 70 i 5864

Err codemadness.org 70 i 5865
The Q2 2020 images are not a visible leap forward but a functional leap forward. Most effort was spent creating a better out of box experience for automatic Ethernet configuration, working WiFi, webcam, and improved hypervisor support.
Err codemadness.org 70 i 5866

Err codemadness.org 70 i 5867 Err codemadness.org 70 i 5868

Err codemadness.org 70 i 5869 Err codemadness.org 70 i 5870

Technical reasons to choose FreeBSD over GNU/Linux

Err codemadness.org 70 i 5871 Err codemadness.org 70 i 5872

Err codemadness.org 70 i 5873
Since I wrote my article "Why you should migrate everything from Linux to BSD" I have been wanting to write something about the technical reasons to choose FreeBSD over GNU/Linux and while I cannot possibly cover every single reason, I can write about some of the things that I consider worth noting.
Err codemadness.org 70 i 5874

Err codemadness.org 70 i 5875 Err codemadness.org 70 i 5876

Err codemadness.org 70 i 5877 Err codemadness.org 70 i 5878

News Roundup

Err codemadness.org 70 i 5879 Err codemadness.org 70 i 5880

+ Not actually Linux distro review deux: GhostBSD

Err codemadness.org 70 i 5881 Err codemadness.org 70 i 5882

Err codemadness.org 70 i 5883
When I began work on the FreeBSD 12.1-RELEASE review last week, it didn't take long to figure out that the desktop portion wasn't going very smoothly.
Err codemadness.org 70 i 5884 Err codemadness.org 70 i 5885
I think it's important for BSD-curious users to know of easier, gentler alternatives, so I did a little looking around and settled on GhostBSD for a follow-up review.
Err codemadness.org 70 i 5886 Err codemadness.org 70 i 5887
GhostBSD is based on TrueOS, which itself derives from FreeBSD Stable. It was originally a Canadian distro, but—like most successful distributions—it has transcended its country of origin and can now be considered worldwide. Significant GhostBSD development takes place now in Canada, Italy, Germany, and the United States.
Err codemadness.org 70 i 5888

Err codemadness.org 70 i 5889 Err codemadness.org 70 i 5890

Err codemadness.org 70 i 5891 Err codemadness.org 70 i 5892

“TLS Mastery” sponsorships open

Err codemadness.org 70 i 5893 Err codemadness.org 70 i 5894

Err codemadness.org 70 i 5895
My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.
Err codemadness.org 70 i 5896 Err codemadness.org 70 i 5897
This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.
Err codemadness.org 70 i 5898

Err codemadness.org 70 i 5899 Err codemadness.org 70 i 5900

Err codemadness.org 70 i 5901 Err codemadness.org 70 i 5902

JT (our producer) shared his Open Source Retail Box Collection on twitter this past weekend and there was a nice response from a few in the BSD Community showing their collections:

Err codemadness.org 70 i 5903 Err codemadness.org 70 i 5904

JT's post: https://twitter.com/q5sys/status/1251194823589138432
Err codemadness.org 70 i 5906 Err codemadness.org 70 i 5907
- High Resolution Image to see the bottom shelf better: https://photos.smugmug.com/photos/i-9QTs2RR/0/f1742096/O/i-9QTs2RR.jpg
- Closeup of the BSD Section: https://twitter.com/q5sys/status/1251294290782928897
Others jumped in with their collections:
Err codemadness.org 70 i 5912 Err codemadness.org 70 i 5913
- Deb Goodkin's collection: https://twitter.com/dgoodkin/status/1251294016139743232 & https://twitter.com/dgoodkin/status/1251298125672660992
- FreeBSD Frau's FreeBSD Collection: https://twitter.com/freebsdfrau/status/1251290430475350018
- Jason Tubnor's OpenBSD Collection: https://twitter.com/Tubsta/status/1251265902214918144

Err codemadness.org 70 i 5919 Err codemadness.org 70 i 5920

Do you have a nice collection, take a picture and send it in!

Err codemadness.org 70 i 5921 Err codemadness.org 70 i 5922

Err codemadness.org 70 i 5923 Err codemadness.org 70 i 5924

Tale of OpenBSD secure memory allocator internals - malloc(3)

Err codemadness.org 70 i 5925 Err codemadness.org 70 i 5926

Err codemadness.org 70 i 5927
Hi there,
Err codemadness.org 70 i 5928 Err codemadness.org 70 i 5929
It's been a very long time I haven't written anything after my last OpenBSD blogs, that is,
Err codemadness.org 70 i 5930 Err codemadness.org 70 i 5931
OpenBSD Kernel Internals — Creation of process from user-space to kernel space.
Err codemadness.org 70 i 5932 Err codemadness.org 70 i 5933
OpenBSD: Introduction to execpromises in the pledge(2)
Err codemadness.org 70 i 5934 Err codemadness.org 70 i 5935
pledge(2): OpenBSD's defensive approach to OS Security
Err codemadness.org 70 i 5936 Err codemadness.org 70 i 5937
So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator
Err codemadness.org 70 i 5938

Err codemadness.org 70 i 5939 Err codemadness.org 70 i 5940

Err codemadness.org 70 i 5941 Err codemadness.org 70 i 5942

How I learned to stop worrying and love SSDs

Err codemadness.org 70 i 5943 Err codemadness.org 70 i 5944

Err codemadness.org 70 i 5945
my home FreeNAS runs two pools for data. One RAIDZ2 with four spinning disk drives and one mirror with two SSDs. Toying with InfluxDB and Grafana in the last couple of days I found that I seem to have a constant write load of 1 Megabyte (!) per second on the SSDs. What the ...?
Err codemadness.org 70 i 5946 Err codemadness.org 70 i 5947
So I run three VMs on the SSDs in total. One with Windows 10, two with Ubuntu running Confluence, A wiki essentially, with files for attachments and MySQL as the backend database. Clearly the writes had to stop when the wikis were not used at all, just sitting idle, right?
Err codemadness.org 70 i 5948 Err codemadness.org 70 i 5949
Well even with a full query log and quite some experience in the operation of web applications I could not figure out what Confluence is doing (productively, no doubt) but trust me, it writes a couple of hundred kbytes to the database each second just sitting idle.
Err codemadness.org 70 i 5950

Err codemadness.org 70 i 5951 Err codemadness.org 70 i 5952

Err codemadness.org 70 i 5953 Err codemadness.org 70 i 5954

My infrastructure as of 2019

Err codemadness.org 70 i 5955 Err codemadness.org 70 i 5956

Err codemadness.org 70 i 5957
I've wanted to write about my infrastructure for a while, but I kept thinking, "I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle never ends, so I decided to write about its state at the end of 2019. Maybe I'll write an update on it in a couple of moons; who knows?
Err codemadness.org 70 i 5958

Err codemadness.org 70 i 5959 Err codemadness.org 70 i 5960

Err codemadness.org 70 i 5961 Err codemadness.org 70 i 5962

For something different than our usual Beastie Bits… we bring you…

Err codemadness.org 70 i 5963 Err codemadness.org 70 i 5964

We're all quarantined so lets install BSD on things! Install BSD on something this week, write it up and let us know about it, and maybe we'll feature you!

Err codemadness.org 70 i 5965 Err codemadness.org 70 i 5966

Installation of NetBSD on a Mac Mini
OpenBSD on the HP Envy 13
Install NetBSD on a Vintage Computer
BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC
Allan started a series of FreeBSD Office Hours

Err codemadness.org 70 i 5973 Err codemadness.org 70 i 5974

Err codemadness.org 70 i 5975 Err codemadness.org 70 i 5976

BSDNow is going Independent

Err codemadness.org 70 i 5977 Err codemadness.org 70 i 5978

After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. Err codemadness.org 70 i 5980 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.

Err codemadness.org 70 i 5982 Err codemadness.org 70 i 5983

Feedback/Questions

Err codemadness.org 70 i 5984 Err codemadness.org 70 i 5985

Todd - LinusTechTips Claims about ZFS

Err codemadness.org 70 i 5988 Err codemadness.org 70 i 5989

Err codemadness.org 70 i 5990 Err codemadness.org 70 i 5991

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 5994 Err codemadness.org 70 i 5995

Err codemadness.org 70 i 5996 Err codemadness.org 70 i 5997 Err codemadness.org 70 i 5998 Err codemadness.org 70 i 5999 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 6000 ]]> Err codemadness.org 70 i 6001

347: New Directions

Allan Jude — Thu, 23 Apr 2020 05:00:00 -0700

Err codemadness.org 70 i 6207 Rethinking OpenBSD security, FreeBSD 2020 Q1 status report, the notion of progress and user interfaces, Comments about Thomas E. Dickey on NetBSD curses, making Unix a little more Plan9-like, Not-actually Linux distro review: FreeBSD, and more.

Err codemadness.org 70 i 6208 Err codemadness.org 70 i 6209

Headlines

Err codemadness.org 70 i 6210 Err codemadness.org 70 i 6211

Rethinking OpenBSD Security

Err codemadness.org 70 i 6212 Err codemadness.org 70 i 6213

Err codemadness.org 70 i 6214
OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.
Err codemadness.org 70 i 6215 I picked a few errata, not all of them, that were interesting and happened to suit my narrative.
Err codemadness.org 70 i 6216

Err codemadness.org 70 i 6217 Err codemadness.org 70 i 6218

Err codemadness.org 70 i 6219 Err codemadness.org 70 i 6220

FreeBSD 2020 Q1 Quarterly report

Err codemadness.org 70 i 6221 Err codemadness.org 70 i 6222

Err codemadness.org 70 i 6223
Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.
Err codemadness.org 70 i 6224

Err codemadness.org 70 i 6225 Err codemadness.org 70 i 6226

Err codemadness.org 70 i 6227 Err codemadness.org 70 i 6228

News Roundup

Err codemadness.org 70 i 6229 Err codemadness.org 70 i 6230

The Notion of Progress and User Interfaces

Err codemadness.org 70 i 6231 Err codemadness.org 70 i 6232

Err codemadness.org 70 i 6233
One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.
Err codemadness.org 70 i 6234 Err codemadness.org 70 i 6235
How should we think about progress? Both in general and regarding technology?
Err codemadness.org 70 i 6236

Err codemadness.org 70 i 6237 Err codemadness.org 70 i 6238

Err codemadness.org 70 i 6239 Err codemadness.org 70 i 6240

Thomas E. Dickey on NetBSD curses

Err codemadness.org 70 i 6241 Err codemadness.org 70 i 6242

Err codemadness.org 70 i 6243
I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.
Err codemadness.org 70 i 6244

Err codemadness.org 70 i 6245 Err codemadness.org 70 i 6246

Err codemadness.org 70 i 6247 Err codemadness.org 70 i 6248

Making Unix a little more Plan9-like

Err codemadness.org 70 i 6249 Err codemadness.org 70 i 6250

Err codemadness.org 70 i 6251
I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.
Err codemadness.org 70 i 6252 Err codemadness.org 70 i 6253
A Warning
Err codemadness.org 70 i 6254 Err codemadness.org 70 i 6255
The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.
Err codemadness.org 70 i 6256

Err codemadness.org 70 i 6257 Err codemadness.org 70 i 6258

Err codemadness.org 70 i 6259 Err codemadness.org 70 i 6260

Not-actually Linux distro review: FreeBSD 12.1-RELEASE

Err codemadness.org 70 i 6261 Err codemadness.org 70 i 6262

Err codemadness.org 70 i 6263
This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.
Err codemadness.org 70 i 6264 Err codemadness.org 70 i 6265
The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.
Err codemadness.org 70 i 6266 Err codemadness.org 70 i 6267
Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.
Err codemadness.org 70 i 6268 Err codemadness.org 70 i 6269
FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.
Err codemadness.org 70 i 6270

Err codemadness.org 70 i 6271 Err codemadness.org 70 i 6272

Err codemadness.org 70 i 6273 Err codemadness.org 70 i 6274

Beastie Bits

Err codemadness.org 70 i 6275 Err codemadness.org 70 i 6276

Wifi renewal restarted
HAMMER2 and a quick start for DragonFly
Engineering NetBSD 9.0
Antivirus Protection using OPNsense Plugins
BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC

Err codemadness.org 70 i 6283 Err codemadness.org 70 i 6284

Err codemadness.org 70 i 6285 Err codemadness.org 70 i 6286

BSDNow is going Independent

Err codemadness.org 70 i 6287 Err codemadness.org 70 i 6288

After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different. Err codemadness.org 70 i 6290 What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.

Err codemadness.org 70 i 6292 Err codemadness.org 70 i 6293

Err codemadness.org 70 i 6294 Err codemadness.org 70 i 6295

Feedback/Questions

Err codemadness.org 70 i 6296 Err codemadness.org 70 i 6297

Jordyn - ZFS Pool Problem
Err codemadness.org 70 i 6299 Err codemadness.org 70 i 6300
- debug - https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 6305 Err codemadness.org 70 i 6306

Err codemadness.org 70 i 6307 Err codemadness.org 70 i 6308 Err codemadness.org 70 i 6309 Err codemadness.org 70 i 6310 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 6311 ]]> Err codemadness.org 70 i 6312

346: Core File Tales

Allan Jude — Thu, 16 Apr 2020 05:00:00 -0700

Err codemadness.org 70 i 6478 Tales from a core file, Lenovo X260 BIOS Update with OpenBSD, the problem of Unix iowait and multi-CPU machines, Hugo workflow using FreeBSD Jails, Caddy, Restic; extending NetBSD-7 branch support, a tale of two hypervisor bugs, and more.

Err codemadness.org 70 i 6479 Err codemadness.org 70 i 6480

Headlines

Err codemadness.org 70 i 6481 Err codemadness.org 70 i 6482

Tales From a Core File - Lessons from the Unix stdio ABI: 40 Years Later

Err codemadness.org 70 i 6483 Err codemadness.org 70 i 6484

Err codemadness.org 70 i 6485
On the side, I’ve been wrapping up some improvements to the classic Unix stdio libraries in illumos. stdio contains the classic functions like fopen(), printf(), and the security nightmare gets(). While working on support for fmemopen() and friends I got to reacquaint myself with some of the joys of the stdio ABI and its history from 7th Edition Unix. With that in mind, let’s dive into this, history, and some mistakes not to repeat. While this is written from the perspective of the C programming language, aspects of it apply to many other languages.
Err codemadness.org 70 i 6486

Err codemadness.org 70 i 6487 Err codemadness.org 70 i 6488

Err codemadness.org 70 i 6489 Err codemadness.org 70 i 6490

Update Lenovo X260 BIOS with OpenBSD

Err codemadness.org 70 i 6491 Err codemadness.org 70 i 6492

Err codemadness.org 70 i 6493
My X260 only runs OpenBSD and has no CD driver. But I still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image.
Err codemadness.org 70 i 6494 Err codemadness.org 70 i 6495
First off all, you need to download the “BIOS Update (Bootable CD)” from the Lenovo Support Website.
Err codemadness.org 70 i 6496

Err codemadness.org 70 i 6497 Err codemadness.org 70 i 6498

Err codemadness.org 70 i 6499 Err codemadness.org 70 i 6500

News Roundup

Err codemadness.org 70 i 6501 Err codemadness.org 70 i 6502

The problem of Unix iowait and multi-CPU machines

Err codemadness.org 70 i 6503 Err codemadness.org 70 i 6504

Err codemadness.org 70 i 6505
Various Unixes have had a 'iowait' statistic for a long time now (although I can't find a source for where it originated; it's not in 4.x BSD, so it may have come through System V and sar). The traditional and standard definition of iowait is that it's the amount of time the system was idle but had at least one process waiting on disk IO. Rather than count this time as 'idle' (as you would if you had a three-way division of CPU time between user, system, and idle), some Unixes evolved to count this as a new category, 'iowait'.
Err codemadness.org 70 i 6506

Err codemadness.org 70 i 6507 Err codemadness.org 70 i 6508

Err codemadness.org 70 i 6509 Err codemadness.org 70 i 6510

My Latest Self Hosted Hugo Workflow using FreeBSD Jails, Caddy, Restic and More

Err codemadness.org 70 i 6511 Err codemadness.org 70 i 6512

Err codemadness.org 70 i 6513
After hosting with Netlify for a few years, I decided to head back to self hosting. Theres a few reasons for that but the main reasoning was that I had more control over how things worked.
Err codemadness.org 70 i 6514 Err codemadness.org 70 i 6515
In this post, i’ll show you my workflow for deploying my Hugo generated site (www.jaredwolff.com). Instead of using what most people would go for, i’ll be doing all of this using a FreeBSD Jails based server. Plus i’ll show you some tricks i’ve learned over the years on bulk image resizing and more.
Err codemadness.org 70 i 6516 Err codemadness.org 70 i 6517
Let’s get to it.
Err codemadness.org 70 i 6518

Err codemadness.org 70 i 6519 Err codemadness.org 70 i 6520

Err codemadness.org 70 i 6521 Err codemadness.org 70 i 6522

Extending support for the NetBSD-7 branch

Err codemadness.org 70 i 6523 Err codemadness.org 70 i 6524

Err codemadness.org 70 i 6525
Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.
Err codemadness.org 70 i 6526 Err codemadness.org 70 i 6527
We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.
Err codemadness.org 70 i 6528 Err codemadness.org 70 i 6529
Security fixes will still be made to the NetBSD-7 branch.
Err codemadness.org 70 i 6530 Err codemadness.org 70 i 6531
We hope you're all safe. Stay home.
Err codemadness.org 70 i 6532

Err codemadness.org 70 i 6533 Err codemadness.org 70 i 6534

Err codemadness.org 70 i 6535 Err codemadness.org 70 i 6536

Tale of two hypervisor bugs - Escaping from FreeBSD bhyve

Err codemadness.org 70 i 6537 Err codemadness.org 70 i 6538

Err codemadness.org 70 i 6539
VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT
Err codemadness.org 70 i 6540

Err codemadness.org 70 i 6541 Err codemadness.org 70 i 6542

Err codemadness.org 70 i 6543 Err codemadness.org 70 i 6544

Beastie Bits

Err codemadness.org 70 i 6545 Err codemadness.org 70 i 6546

GhostBSD 20.02 Overview
FuryBSD 12.1 Overview Err codemadness.org 70 i 6549 > Joe Maloney got in touch to say that the issues in the video and other ones found have since been fixed. Now that's community feedback in action, and an example of a developer who does his best to help the community. A great guy indeed.
OS108-9.0 amd64 MATE released
FreeBSD hacking: carp panics & test
Inaugural FreeBSD Office Hours

Err codemadness.org 70 i 6554 Err codemadness.org 70 i 6555

Err codemadness.org 70 i 6556 Err codemadness.org 70 i 6557

Feedback/Questions

Err codemadness.org 70 i 6558 Err codemadness.org 70 i 6559

Shody - systemd question
Ben - GELI and GPT
Stig - DIY NAS

Err codemadness.org 70 i 6564 Err codemadness.org 70 i 6565

Err codemadness.org 70 i 6566 Err codemadness.org 70 i 6567

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 6570 Err codemadness.org 70 i 6571

Err codemadness.org 70 i 6572 Err codemadness.org 70 i 6573 Err codemadness.org 70 i 6574 Err codemadness.org 70 i 6575 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 6576 ]]> Err codemadness.org 70 i 6577

345: Switchers to BSD

Allan Jude — Thu, 09 Apr 2020 05:00:00 -0700

Err codemadness.org 70 i 6757 NetBSD 8.2 is available, NextCloud on OpenBSD, X11 screen locking, NetBSD and RISC OS running parallel, community feedback about switching to BSD, and more.

Err codemadness.org 70 i 6758 Err codemadness.org 70 i 6759

Headlines

Err codemadness.org 70 i 6760 Err codemadness.org 70 i 6761

NetBSD 8.2 is available!

Err codemadness.org 70 i 6762 Err codemadness.org 70 i 6763

Err codemadness.org 70 i 6764
The third release in the NetBSD-8 is now available.
Err codemadness.org 70 i 6765 Err codemadness.org 70 i 6766
This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.
Err codemadness.org 70 i 6767

Err codemadness.org 70 i 6768 Err codemadness.org 70 i 6769

Some highlights include: Err codemadness.org 70 i 6771 Err codemadness.org 70 i 6772
- x86: fixed regression in booting old CPUs
- x86: Hyper-V Gen.2 VM framebuffer support
- httpd(8): fixed various security issues
- ixg(4): various fixes / improvements
- x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.
- Various kernel memory info leaks fixes
- Update expat to 2.2.8
- Fix ryzen USB issues and support xHCI version 3.10.
- Accept root device specification as NAME=label.
- Add multiboot 2 support to x86 bootloaders.
- Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.
- nouveau: limit the supported devices and fix firmware loading.
- radeon: fix loading of the TAHITI VCE firmware.
- named(8): stop using obsolete dnssec-lookaside.

Err codemadness.org 70 i 6789 Err codemadness.org 70 i 6790

Err codemadness.org 70 i 6791 Err codemadness.org 70 i 6792

NextCloud on OpenBSD

Err codemadness.org 70 i 6793 Err codemadness.org 70 i 6794

Err codemadness.org 70 i 6795
NextCloud and OpenBSD are complementary to one another. NextCloud is an awesome, secure and private alternative for proprietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.
Err codemadness.org 70 i 6796

Err codemadness.org 70 i 6797 Err codemadness.org 70 i 6798

Preface

Err codemadness.org 70 i 6801 Err codemadness.org 70 i 6802

Err codemadness.org 70 i 6803
Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).
Err codemadness.org 70 i 6804 Err codemadness.org 70 i 6805
A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.
Err codemadness.org 70 i 6806

Err codemadness.org 70 i 6807 Err codemadness.org 70 i 6808

Err codemadness.org 70 i 6809 Err codemadness.org 70 i 6810

News Roundup

Err codemadness.org 70 i 6811 Err codemadness.org 70 i 6812

X11 screen locking: a secure and modular approach

Err codemadness.org 70 i 6813 Err codemadness.org 70 i 6814

Err codemadness.org 70 i 6815
For years I’ve been using XScreenSaver as a default, but I recently learned about xsecurelock and re-evaluated my screen-saving requirements
Err codemadness.org 70 i 6816

Err codemadness.org 70 i 6817 Err codemadness.org 70 i 6818

Err codemadness.org 70 i 6819 Err codemadness.org 70 i 6820

NetBSD and RISC OS running parallel

Err codemadness.org 70 i 6821 Err codemadness.org 70 i 6822

Err codemadness.org 70 i 6823
I have been experimenting with running two systems at the same time on the RK3399 SoC.
Err codemadness.org 70 i 6824 It all begun when I figured out how to switch to the A72 cpu for RISC OS. When the switch was done, the A53 cpu just continued to execute code.
Err codemadness.org 70 i 6825 OK I thought why not give it something to do!
Err codemadness.org 70 i 6826 My first step was to run some small programs.
Err codemadness.org 70 i 6827 It worked!
Err codemadness.org 70 i 6828 Err codemadness.org 70 i 6829
Err codemadness.org 70 i 6830
Thanks to Tom Jones for the pointer to this article
Err codemadness.org 70 i 6831
Err codemadness.org 70 i 6832

Err codemadness.org 70 i 6833 Err codemadness.org 70 i 6834

Err codemadness.org 70 i 6835 Err codemadness.org 70 i 6836

Several weeks ago we covered a story about switching from Linux to BSD. Benedict and JT asked for community feedback as to their thoughts on the matter. Allan was out that week, so this will give him an opportunity to chime in with his thoughts as well.

Err codemadness.org 70 i 6837 Err codemadness.org 70 i 6838

Jamie - Dumping Linux for BSD
Matt - BSD Packaging
Brad - Linux vs BS
MJ - Linux vs BSD Feedback
Ben - Feedback for JT
Henrik - Why you should migrate everything to BSD

Err codemadness.org 70 i 6846 Err codemadness.org 70 i 6847

Err codemadness.org 70 i 6848 Err codemadness.org 70 i 6849

Beastie Bits

Err codemadness.org 70 i 6850 Err codemadness.org 70 i 6851

ssh-copy-id now included
OPNsense 20.1.3 released
A Collection of prebuilt BSD Cloud Images
Instant terminal sharing

Err codemadness.org 70 i 6857 Err codemadness.org 70 i 6858

Err codemadness.org 70 i 6859 Err codemadness.org 70 i 6860

Feedback/Questions

Err codemadness.org 70 i 6861 Err codemadness.org 70 i 6862

Ales - Manually verify signature files for pkg package
Shody - Yubikey
Mike - Site for hashes from old disks Err codemadness.org 70 i 6866 Err codemadness.org 70 i 6867
- Answer: https://docs.google.com/spreadsheets/d/19FmLs0jXxLkxAr0zwgdrXQd1qhbwvNHH6NvolvXKWTM/edit?usp=sharing

Err codemadness.org 70 i 6871 Err codemadness.org 70 i 6872

Err codemadness.org 70 i 6873 Err codemadness.org 70 i 6874

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 6877 Err codemadness.org 70 i 6878

Err codemadness.org 70 i 6879 Err codemadness.org 70 i 6880 Err codemadness.org 70 i 6881 Err codemadness.org 70 i 6882 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 6883 ]]> Err codemadness.org 70 i 6884

344: Grains of Salt

Allan Jude — Thu, 02 Apr 2020 05:00:00 -0700

Err codemadness.org 70 i 7074 Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.

Err codemadness.org 70 i 7075 Err codemadness.org 70 i 7076

Headlines

Err codemadness.org 70 i 7077 Err codemadness.org 70 i 7078

Text processing in the shell

Err codemadness.org 70 i 7079 Err codemadness.org 70 i 7080

Err codemadness.org 70 i 7081
This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!
Err codemadness.org 70 i 7082 Err codemadness.org 70 i 7083
One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.
Err codemadness.org 70 i 7084 Err codemadness.org 70 i 7085
When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.
Err codemadness.org 70 i 7086

Err codemadness.org 70 i 7087 Err codemadness.org 70 i 7088

Err codemadness.org 70 i 7089 Err codemadness.org 70 i 7090

Rebalancing data on ZFS mirrors

Err codemadness.org 70 i 7091 Err codemadness.org 70 i 7092

Err codemadness.org 70 i 7093
One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”
Err codemadness.org 70 i 7094 Err codemadness.org 70 i 7095
If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.
Err codemadness.org 70 i 7096 Err codemadness.org 70 i 7097
Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.
Err codemadness.org 70 i 7098

Err codemadness.org 70 i 7099 Err codemadness.org 70 i 7100

Err codemadness.org 70 i 7101 Err codemadness.org 70 i 7102

News Roundup

Err codemadness.org 70 i 7103 Err codemadness.org 70 i 7104

Using OpenBSD relayd to Add Security Headers

Err codemadness.org 70 i 7105 Err codemadness.org 70 i 7106

Err codemadness.org 70 i 7107
I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.
Err codemadness.org 70 i 7108

Err codemadness.org 70 i 7109 Err codemadness.org 70 i 7110

Err codemadness.org 70 i 7111 Err codemadness.org 70 i 7112

How we set up our ZFS filesystem hierarchy in our ZFS pools

Err codemadness.org 70 i 7113 Err codemadness.org 70 i 7114

Err codemadness.org 70 i 7115
Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.
Err codemadness.org 70 i 7116

Err codemadness.org 70 i 7117 Err codemadness.org 70 i 7118

Err codemadness.org 70 i 7119 Err codemadness.org 70 i 7120

Speeding up ZSH

Err codemadness.org 70 i 7121 Err codemadness.org 70 i 7122

https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh

Err codemadness.org 70 i 7123 Err codemadness.org 70 i 7124

Err codemadness.org 70 i 7125
I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.
Err codemadness.org 70 i 7126 Err codemadness.org 70 i 7127
In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.
Err codemadness.org 70 i 7128

Err codemadness.org 70 i 7129 Err codemadness.org 70 i 7130

Err codemadness.org 70 i 7131 Err codemadness.org 70 i 7132

How do Unix Pipes work

Err codemadness.org 70 i 7133 Err codemadness.org 70 i 7134

Err codemadness.org 70 i 7135
Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.
Err codemadness.org 70 i 7136

Err codemadness.org 70 i 7137 Err codemadness.org 70 i 7138

Err codemadness.org 70 i 7139 Err codemadness.org 70 i 7140

What we do to enable us to grow our ZFS pools over time

Err codemadness.org 70 i 7141 Err codemadness.org 70 i 7142

Err codemadness.org 70 i 7143
In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.
Err codemadness.org 70 i 7144 Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.
Err codemadness.org 70 i 7145

Err codemadness.org 70 i 7146 Err codemadness.org 70 i 7147

Err codemadness.org 70 i 7148 Err codemadness.org 70 i 7149

Linux maintains bugs: The real reason ifconfig on Linux is deprecated

Err codemadness.org 70 i 7150 Err codemadness.org 70 i 7151

Err codemadness.org 70 i 7152
In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).
Err codemadness.org 70 i 7153

Err codemadness.org 70 i 7154 Err codemadness.org 70 i 7155

In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.

Err codemadness.org 70 i 7156 Err codemadness.org 70 i 7157

Err codemadness.org 70 i 7158 Err codemadness.org 70 i 7159

Clear Your Terminal in Style

Err codemadness.org 70 i 7160 Err codemadness.org 70 i 7161

Err codemadness.org 70 i 7162
if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.
Err codemadness.org 70 i 7163 Err codemadness.org 70 i 7164
This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.
Err codemadness.org 70 i 7165

Err codemadness.org 70 i 7166 Err codemadness.org 70 i 7167

Err codemadness.org 70 i 7168 Err codemadness.org 70 i 7169

Feedback/Questions

Err codemadness.org 70 i 7170 Err codemadness.org 70 i 7171

Guy - AMD GPU Help
MLShroyer13 - VLANs and Jails
Master One - ZFS Suspend/resume

Err codemadness.org 70 i 7176 Err codemadness.org 70 i 7177

Err codemadness.org 70 i 7178 Err codemadness.org 70 i 7179

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 7182 Err codemadness.org 70 i 7183

Err codemadness.org 70 i 7184 Err codemadness.org 70 i 7185 Err codemadness.org 70 i 7186 Err codemadness.org 70 i 7187 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 7188 ]]> Err codemadness.org 70 i 7189

343: FreeBSD, Corona: Fight!

Allan Jude — Thu, 26 Mar 2020 05:00:00 -0700

Err codemadness.org 70 i 7360 Fighting the Coronavirus with FreeBSD, Wireguard VPN Howto in OPNsense, NomadBSD 1.3.1 available, fresh GhostBSD 20.02, New FuryBSD XFCE and KDE images, pf-badhost 0.3 released, and more.

Err codemadness.org 70 i 7361 Err codemadness.org 70 i 7362

Headlines

Err codemadness.org 70 i 7363 Err codemadness.org 70 i 7364

Fighting the Coronavirus with FreeBSD

Err codemadness.org 70 i 7365 Err codemadness.org 70 i 7366

Err codemadness.org 70 i 7367
Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.
Err codemadness.org 70 i 7368 Err codemadness.org 70 i 7369
UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.
Err codemadness.org 70 i 7370 Err codemadness.org 70 i 7371
Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.
Err codemadness.org 70 i 7372

Err codemadness.org 70 i 7373 Err codemadness.org 70 i 7374

Err codemadness.org 70 i 7375 Err codemadness.org 70 i 7376

How to configure the Wireguard VPN in OPNsense

Err codemadness.org 70 i 7377 Err codemadness.org 70 i 7378

Err codemadness.org 70 i 7379
WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.
Err codemadness.org 70 i 7380 Err codemadness.org 70 i 7381
WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.
Err codemadness.org 70 i 7382 Err codemadness.org 70 i 7383
The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.
Err codemadness.org 70 i 7384

Err codemadness.org 70 i 7385 Err codemadness.org 70 i 7386

Err codemadness.org 70 i 7387 Err codemadness.org 70 i 7388

News Roundup

Err codemadness.org 70 i 7389 Err codemadness.org 70 i 7390

NomadBSD 1.3.1

Err codemadness.org 70 i 7391 Err codemadness.org 70 i 7392

Err codemadness.org 70 i 7393
NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.
Err codemadness.org 70 i 7394

Err codemadness.org 70 i 7395 Err codemadness.org 70 i 7396

Err codemadness.org 70 i 7397 Err codemadness.org 70 i 7398

GhostBSD 20.02

Err codemadness.org 70 i 7399 Err codemadness.org 70 i 7400

Err codemadness.org 70 i 7401
Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.
Err codemadness.org 70 i 7402

Err codemadness.org 70 i 7403 Err codemadness.org 70 i 7404

Err codemadness.org 70 i 7405 Err codemadness.org 70 i 7406

New FuryBSD XFCE and KDE images

Err codemadness.org 70 i 7407 Err codemadness.org 70 i 7408

Err codemadness.org 70 i 7409
This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.
Err codemadness.org 70 i 7410

Err codemadness.org 70 i 7411 Err codemadness.org 70 i 7412

Err codemadness.org 70 i 7413 Err codemadness.org 70 i 7414

pf-badhost 0.3 Released

Err codemadness.org 70 i 7415 Err codemadness.org 70 i 7416

Err codemadness.org 70 i 7417
pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.
Err codemadness.org 70 i 7418

Err codemadness.org 70 i 7419 Err codemadness.org 70 i 7420

Err codemadness.org 70 i 7421 Err codemadness.org 70 i 7422

Beastie Bits

Err codemadness.org 70 i 7423 Err codemadness.org 70 i 7424

DragonFly i915 drm update
CShell is punk rock
The most surprising Unix programs

Err codemadness.org 70 i 7429 Err codemadness.org 70 i 7430

Err codemadness.org 70 i 7431 Err codemadness.org 70 i 7432

Feedback/Questions

Err codemadness.org 70 i 7433 Err codemadness.org 70 i 7434

Master One - Torn between OpenBSD and FreeBSD
Brad - Follow up to Linus ZFS story
Filipe Carvalho - Call for Portuguese BSD User Groups

Err codemadness.org 70 i 7439 Err codemadness.org 70 i 7440

Err codemadness.org 70 i 7441 Err codemadness.org 70 i 7442

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 7445 Err codemadness.org 70 i 7446

Err codemadness.org 70 i 7447 Err codemadness.org 70 i 7448 Err codemadness.org 70 i 7449 Err codemadness.org 70 i 7450 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 7451 ]]> Err codemadness.org 70 i 7452

342: Layout the DVA

Allan Jude — Thu, 19 Mar 2020 05:00:00 -0700

Err codemadness.org 70 i 7608 OpenBSD Full disk encryption with coreboot and tianocore, FreeBSD 12.0 EOL, ZFS DVA layout, OpenBSD’s Go situation, AD updates requires changes in TrueNAS and FreeNAS, full name of FreeBSD’s root account, and more.

Err codemadness.org 70 i 7609 Err codemadness.org 70 i 7610

Headlines

Err codemadness.org 70 i 7611 Err codemadness.org 70 i 7612

OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload

Err codemadness.org 70 i 7613 Err codemadness.org 70 i 7614

Err codemadness.org 70 i 7615
It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.
Err codemadness.org 70 i 7616 Err codemadness.org 70 i 7617
Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)
Err codemadness.org 70 i 7618 Err codemadness.org 70 i 7619
Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption
Err codemadness.org 70 i 7620 Err codemadness.org 70 i 7621
I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.
Err codemadness.org 70 i 7622

Err codemadness.org 70 i 7623 Err codemadness.org 70 i 7624

See article for rest of story

Err codemadness.org 70 i 7627 Err codemadness.org 70 i 7628

Err codemadness.org 70 i 7629 Err codemadness.org 70 i 7630

FreeBSD 12.0 EOL

Err codemadness.org 70 i 7631 Err codemadness.org 70 i 7632

Err codemadness.org 70 i 7633
Dear FreeBSD community,
Err codemadness.org 70 i 7634 Err codemadness.org 70 i 7635
As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.
Err codemadness.org 70 i 7636

Err codemadness.org 70 i 7637 Err codemadness.org 70 i 7638

12.1 Active release
12.2 Release Schedule

Err codemadness.org 70 i 7642 Err codemadness.org 70 i 7643

Err codemadness.org 70 i 7644 Err codemadness.org 70 i 7645

News Roundup

Err codemadness.org 70 i 7646 Err codemadness.org 70 i 7647

Some effects of the ZFS DVA format on data layout and growing ZFS pools

Err codemadness.org 70 i 7648 Err codemadness.org 70 i 7649

Err codemadness.org 70 i 7650
One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.
Err codemadness.org 70 i 7651 Err codemadness.org 70 i 7652
Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.
Err codemadness.org 70 i 7653

Err codemadness.org 70 i 7654 Err codemadness.org 70 i 7655

Err codemadness.org 70 i 7656 Err codemadness.org 70 i 7657

Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.

Err codemadness.org 70 i 7658 Err codemadness.org 70 i 7659

Critical Information for Current FreeNAS and TrueNAS Users

Err codemadness.org 70 i 7662 Err codemadness.org 70 i 7663

Err codemadness.org 70 i 7664
Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.
Err codemadness.org 70 i 7665 Err codemadness.org 70 i 7666
FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.
Err codemadness.org 70 i 7667

Err codemadness.org 70 i 7668 Err codemadness.org 70 i 7669

Err codemadness.org 70 i 7670 Err codemadness.org 70 i 7671

Full name of the FreeBSD Root Account

Err codemadness.org 70 i 7672 Err codemadness.org 70 i 7673

Err codemadness.org 70 i 7674
NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....
Err codemadness.org 70 i 7675

Err codemadness.org 70 i 7676 Err codemadness.org 70 i 7677

Err codemadness.org 70 i 7678 Err codemadness.org 70 i 7679

OpenBSD Go Situation

Err codemadness.org 70 i 7680 Err codemadness.org 70 i 7681

Err codemadness.org 70 i 7682
Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:
Err codemadness.org 70 i 7683 Err codemadness.org 70 i 7684
I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.
Err codemadness.org 70 i 7685 Err codemadness.org 70 i 7686
If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.
Err codemadness.org 70 i 7687

Err codemadness.org 70 i 7688 Err codemadness.org 70 i 7689

Err codemadness.org 70 i 7690 Err codemadness.org 70 i 7691

Beastie Bits

Err codemadness.org 70 i 7692 Err codemadness.org 70 i 7693

Test your TOR
OPNsense 20.1.1 released
pkg for FreeBSD 1.13

Err codemadness.org 70 i 7698 Err codemadness.org 70 i 7699

Err codemadness.org 70 i 7700 Err codemadness.org 70 i 7701

Feedback/Questions

Err codemadness.org 70 i 7702 Err codemadness.org 70 i 7703

Bostjan writes in about Wireguard
Charlie has a followup to wpa_supplicant as lower class citizen
Lars writes about LibreSSL as a positive example

Err codemadness.org 70 i 7708 Err codemadness.org 70 i 7709

Err codemadness.org 70 i 7710 Err codemadness.org 70 i 7711

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 7714 Err codemadness.org 70 i 7715

Err codemadness.org 70 i 7716 Err codemadness.org 70 i 7717 Err codemadness.org 70 i 7718 Err codemadness.org 70 i 7719 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 7720 ]]> Err codemadness.org 70 i 7721

341: U-NAS-ification

Allan Jude — Thu, 12 Mar 2020 05:00:00 -0700

Err codemadness.org 70 i 7894 FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.

Err codemadness.org 70 i 7895 Err codemadness.org 70 i 7896

Headlines

Err codemadness.org 70 i 7897 Err codemadness.org 70 i 7898

FreeBSD on Power

Err codemadness.org 70 i 7899 Err codemadness.org 70 i 7900

Err codemadness.org 70 i 7901
The power and promise of all open source software is freedom. Another way to express freedom is choice — choice of platforms, deployment models, stacks, configurations, etc.
Err codemadness.org 70 i 7902 Err codemadness.org 70 i 7903
The FreeBSD Foundation is dedicated to supporting and promoting the FreeBSD Project and community worldwide. But, what does this mean, exactly, you may wonder. The truth is it means many different things, but in all cases the Foundation acts to expand freedom and choice so that FreeBSD users have the power to serve their varied compute needs.
Err codemadness.org 70 i 7904 Err codemadness.org 70 i 7905
This blog tells the story of one specific way the Foundation helps a member of the community provide greater hardware choice for all FreeBSD users.
Err codemadness.org 70 i 7906

Err codemadness.org 70 i 7907 Err codemadness.org 70 i 7908

Err codemadness.org 70 i 7909 Err codemadness.org 70 i 7910

Dragonfly 5.8

Err codemadness.org 70 i 7911 Err codemadness.org 70 i 7912

Err codemadness.org 70 i 7913
DragonFly version 5.8 brings a new dsynth utility for building your own binary dports packages, plus significant support work to speed up that build - up to and including the entire collection. Additional progress has been made on GPU and signal support.
Err codemadness.org 70 i 7914 Err codemadness.org 70 i 7915
The details of all commits between the 5.6 and 5.8 branches are available in the associated commit messages for 5.8.0rc1 and 5.8.0. Also see /usr/src/UPDATING for specific file changes in PAM.
Err codemadness.org 70 i 7916

Err codemadness.org 70 i 7917 Err codemadness.org 70 i 7918

See article for rest of information

Err codemadness.org 70 i 7921 Err codemadness.org 70 i 7922

Err codemadness.org 70 i 7923 Err codemadness.org 70 i 7924

2nd HamBUG meeting recap

Err codemadness.org 70 i 7925 Err codemadness.org 70 i 7926

The second meeting of the Hamilton BSD Users Group took place last night
The next meeting is scheduled for the 2nd Tuesday of the month, April 14th 2020

Err codemadness.org 70 i 7930 Err codemadness.org 70 i 7931

Err codemadness.org 70 i 7932 Err codemadness.org 70 i 7933

News Roundup

Err codemadness.org 70 i 7934 Err codemadness.org 70 i 7935

FreeNAS/TrueNAS Brand Unification

Err codemadness.org 70 i 7936 Err codemadness.org 70 i 7937

Err codemadness.org 70 i 7938
FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications.
Err codemadness.org 70 i 7939 Err codemadness.org 70 i 7940
From the beginning at iXsystems, we’ve developed, tested, documented, and released both as separate products, even though the vast majority of code is shared. This was a deliberate technical decision in the beginning but over time became less of a necessity and more of “just how we’ve always done it”. Furthermore, to change it was going to require a serious overhaul to how we build and package both products, among other things, so we continued to kick the can down the road. As we made systematic improvements to development and QA efficiency over the past few years, the redundant release process became almost impossible to ignore as our next major efficiency roadblock to overcome. So, we’ve finally rolled up our sleeves.
Err codemadness.org 70 i 7941 Err codemadness.org 70 i 7942
With the recent 11.3 release, TrueNAS gained parity with FreeNAS on features like VMs and Plugins, further homogenizing the code. Today, we announce the next phase of evolution for FreeNAS and TrueNAS.
Err codemadness.org 70 i 7943

Err codemadness.org 70 i 7944 Err codemadness.org 70 i 7945

Err codemadness.org 70 i 7946 Err codemadness.org 70 i 7947

OpenBSD versus Prometheus (and Go).

Err codemadness.org 70 i 7948 Err codemadness.org 70 i 7949

Err codemadness.org 70 i 7950
We have a decent number of OpenBSD machines that do important things (and that have sometimes experienced problems like running out of disk space), and we have a Prometheus based metrics and monitoring system. The Prometheus host agent has enough support for OpenBSD to be able to report on critical metrics, including things like local disk space. Despite all of this, after some investigation I've determined that it's not really sensible to even try to deploy the host agent on our OpenBSD machines. This is due to a combination of factors that have at their root OpenBSD's lack of ABI stability
Err codemadness.org 70 i 7951

Err codemadness.org 70 i 7952 Err codemadness.org 70 i 7953

Err codemadness.org 70 i 7954 Err codemadness.org 70 i 7955

FreeBSD removed gcc from base

Err codemadness.org 70 i 7956 Err codemadness.org 70 i 7957

Err codemadness.org 70 i 7958
As described in Warner's email message[1] to the FreeBSD-arch mailing list we have reached GCC 4.2.1's retirement date. At this time all supported architectures either use in-tree Clang, or rely on external toolchain (i.e., a contemporary GCC version from ports).
Err codemadness.org 70 i 7959 Err codemadness.org 70 i 7960
GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later that year, in r171825. GCC has served us well, but version 4.2.1 is obsolete and not used by default on any architecture in FreeBSD. It does not support modern C and does not support arm64 or RISC-V.
Err codemadness.org 70 i 7961

Err codemadness.org 70 i 7962 Err codemadness.org 70 i 7963

Err codemadness.org 70 i 7964 Err codemadness.org 70 i 7965

Beastie Bits

Err codemadness.org 70 i 7966 Err codemadness.org 70 i 7967

New Archive location for Dragonfly 4.x
A dead simple git cheat sheet
Xorg 1.20.7 on HardenedBSD Comes with IE/RELRO+BIND_NOW/CFI/SafeStack Protections

Err codemadness.org 70 i 7972 Err codemadness.org 70 i 7973

Err codemadness.org 70 i 7974 Err codemadness.org 70 i 7975

Feedback/Questions

Err codemadness.org 70 i 7976 Err codemadness.org 70 i 7977

Niclas writes in Regarding the Lenovo E595 user (episode 340)
Lyubomir writes about GELI and ZFS
Peter writes in about scaling FreeBSD jails

Err codemadness.org 70 i 7982 Err codemadness.org 70 i 7983

Err codemadness.org 70 i 7984 Err codemadness.org 70 i 7985

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 7988 Err codemadness.org 70 i 7989

Err codemadness.org 70 i 7990 Err codemadness.org 70 i 7991 Err codemadness.org 70 i 7992 Err codemadness.org 70 i 7993 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 7994 ]]> Err codemadness.org 70 i 7995

340: Check My Sums

Allan Jude — Thu, 05 Mar 2020 05:00:00 -0800

Err codemadness.org 70 i 8165 Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.

Err codemadness.org 70 i 8166 Err codemadness.org 70 i 8167

Headlines

Err codemadness.org 70 i 8168 Err codemadness.org 70 i 8169

Checksumming in filesystems, and why ZFS is doing it right

Err codemadness.org 70 i 8170 Err codemadness.org 70 i 8171

Err codemadness.org 70 i 8172
One of the best aspects of ZFS is its reliability. This can be accomplished using a few features like copy-on-write approach and checksumming. Today we will look at how ZFS does checksumming and why it does it the proper way. Most of the file systems don’t provide any integrity checking and fail in several scenarios:
Err codemadness.org 70 i 8173

Err codemadness.org 70 i 8174 Err codemadness.org 70 i 8175

Data bit flips - when the data that we wanted to store are bit flipped by the hard drives, or cables, and the wrong data is stored on the hard drive.
Misdirected writes - when the CPU/cable/hard drive will bit flip a block to which the data should be written.
Misdirected read - when we miss reading the block when a bit flip occurred.
Phantom writes - when the write operation never made it to the disk. For example, a disk or kernel may have some bug that it will return success even if the hard drive never made the write. This problem can also occur when data is kept only in the hard drive cache.

Err codemadness.org 70 i 8181 Err codemadness.org 70 i 8182

Err codemadness.org 70 i 8183
Checksumming may help us detect errors in a few of those situations.
Err codemadness.org 70 i 8184

Err codemadness.org 70 i 8185 Err codemadness.org 70 i 8186

Err codemadness.org 70 i 8187 Err codemadness.org 70 i 8188

DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

Err codemadness.org 70 i 8189 Err codemadness.org 70 i 8190

Err codemadness.org 70 i 8191
It's been a while since last having any new magical optimizations to talk about by DragonFlyBSD lead developer Matthew Dillon, but on Wednesday he landed some significant temporary file-system "TMPFS" optimizations for better throughput including with swap.
Err codemadness.org 70 i 8192 Err codemadness.org 70 i 8193
Of several interesting commits merged tonight, the improved write clustering is a big one. In particular, "Reduces low-memory tmpfs paging I/O overheads by 4x and generally increases paging throughput to SSD-based swap by 2x-4x. Tmpfs is now able to issue a lot more 64KB I/Os when under memory pressure."
Err codemadness.org 70 i 8194

Err codemadness.org 70 i 8195 Err codemadness.org 70 i 8196

https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4eb0bb82efc8ef32c4357cf812891c08d38d8860

Err codemadness.org 70 i 8199 Err codemadness.org 70 i 8200

Err codemadness.org 70 i 8201
There's also a new tunable in the VM space as well as part of his commits on Wednesday night. This follows a lot of recent work on dsynth, improved page-out daemon pipelining, and other routine work.
Err codemadness.org 70 i 8202

Err codemadness.org 70 i 8203 Err codemadness.org 70 i 8204

https://gitweb.dragonflybsd.org/dragonfly.git/commit/bc47dbc18bf832e4badb41f2fd79159479a7d351

Err codemadness.org 70 i 8207 Err codemadness.org 70 i 8208

Err codemadness.org 70 i 8209
This work is building up towards the eventual DragonFlyBSD 5.8 while those wanting to try the latest improvements right away can find their daily snapshots.
Err codemadness.org 70 i 8210

Err codemadness.org 70 i 8211 Err codemadness.org 70 i 8212

Err codemadness.org 70 i 8213 Err codemadness.org 70 i 8214

News Roundup

Err codemadness.org 70 i 8215 Err codemadness.org 70 i 8216

Why ZFS is not good at growing and reshaping pools (or shrinking them)

Err codemadness.org 70 i 8217 Err codemadness.org 70 i 8218

Err codemadness.org 70 i 8219
recently read Mark McBride's Five Years of Btrfs (via), which has a significant discussion of why McBride chose Btrfs over ZFS that boils down to ZFS not being very good at evolving your pool structure. You might doubt this judgment from a Btrfs user, so let me say as both a fan of ZFS and a long term user of it that this is unfortunately quite true; ZFS is not a good choice if you want to modify your pool disk layout significantly over time. ZFS works best if the only change in your pools that you do is replacing drives with bigger drives. In our ZFS environment we go to quite some lengths to be able to expand pools incrementally over time, and while this works it both leaves us with unbalanced pools and means that we're basically forced to use mirroring instead of RAIDZ.
Err codemadness.org 70 i 8220 Err codemadness.org 70 i 8221
(An unbalanced pool is one where some vdevs and disks have much more data than others. This is less of an issue for us now that we're using SSDs instead of HDs.)
Err codemadness.org 70 i 8222

Err codemadness.org 70 i 8223 Err codemadness.org 70 i 8224

Err codemadness.org 70 i 8225 Err codemadness.org 70 i 8226

Using PKGSRC on Manjaro Linux aarch64 Pinebook-pro

Err codemadness.org 70 i 8227 Err codemadness.org 70 i 8228

Err codemadness.org 70 i 8229
I wanted to see how pkgsrc works on aarch64 Linux Manjaro since it is a very mature framework that is very portable and supported by many architectures – pkgsrc (package source) is a package management system for Unix-like operating systems. It was forked from the FreeBSD ports collection in 1997 as the primary package management system for NetBSD.
Err codemadness.org 70 i 8230 Err codemadness.org 70 i 8231
One might question why use pkgsrc on Arch based Manjaro, since the pacman package repository is very good on its own. I see alternative pkgsrc as a good automated build framework that offers a way to produce independent build environment /usr/pkg that does not interfere with the current Linux distribution in any way (all libraries are statically built)
Err codemadness.org 70 i 8232 Err codemadness.org 70 i 8233
I have used the latest Manjaro for Pinebookpro and standard recommended tools as mentioned here https://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc_on_linux/
Err codemadness.org 70 i 8234

Err codemadness.org 70 i 8235 Err codemadness.org 70 i 8236

Err codemadness.org 70 i 8237 Err codemadness.org 70 i 8238

A Central Log Host with syslog-ng on FreeBSD

Err codemadness.org 70 i 8239 Err codemadness.org 70 i 8240

Part 1

Err codemadness.org 70 i 8243 Err codemadness.org 70 i 8244

Err codemadness.org 70 i 8245
syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.
Err codemadness.org 70 i 8246

Err codemadness.org 70 i 8247 Err codemadness.org 70 i 8248

Part 2

Err codemadness.org 70 i 8251 Err codemadness.org 70 i 8252

Err codemadness.org 70 i 8253
This blog post continues where the blog post A central log host with syslog-ng on FreeBSD left off. Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not too difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host.
Err codemadness.org 70 i 8254

Err codemadness.org 70 i 8255 Err codemadness.org 70 i 8256

Err codemadness.org 70 i 8257 Err codemadness.org 70 i 8258

Beastie Bits

Err codemadness.org 70 i 8259 Err codemadness.org 70 i 8260

FreeBSD at Linux Conf 2020 session videos now online
Unlock your laptop with your phone
Managing a database of vulnerabilities for a package system: the pkgsrc study
Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
CharmBUG Meeting: March 24th 7pm in Severn, MD Err codemadness.org 70 i 8266 ***

Err codemadness.org 70 i 8268 Err codemadness.org 70 i 8269

Feedback/Questions

Err codemadness.org 70 i 8270 Err codemadness.org 70 i 8271

Andrew - ZFS feature Flags
Sam - TwinCat BSD
Dacian - Freebsd + amdgpu + Lenovo E595

Err codemadness.org 70 i 8276 Err codemadness.org 70 i 8277

Err codemadness.org 70 i 8278 Err codemadness.org 70 i 8279

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 8282 Err codemadness.org 70 i 8283

Err codemadness.org 70 i 8284 Err codemadness.org 70 i 8285 Err codemadness.org 70 i 8286 Err codemadness.org 70 i 8287 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 8288 ]]> Err codemadness.org 70 i 8289

339: BSD Fundraising

Allan Jude — Thu, 27 Feb 2020 05:00:00 -0800

Err codemadness.org 70 i 8479 Meet FuryBSD, NetBSD 9.0 has been released, OpenBSD Foundation 2019 campaign wrapup, a retrospective on OmniOS ZFS-based NFS fileservers, NetBSD Fundraising 2020 goal, OpenSSH 8.2 released, and more.## Headlines

Err codemadness.org 70 i 8480 Err codemadness.org 70 i 8481

Meet FuryBSD: A New Desktop BSD Distribution

Err codemadness.org 70 i 8482 Err codemadness.org 70 i 8483

Err codemadness.org 70 i 8484
At its heart, FuryBSD is a very simple beast. According to the site, “FuryBSD is a back to basics lightweight desktop distribution based on stock FreeBSD.” It is basically FreeBSD with a desktop environment pre-configured and several apps preinstalled. The goal is to quickly get a FreeBSD-based system running on your computer.
Err codemadness.org 70 i 8485 Err codemadness.org 70 i 8486
You might be thinking that this sounds a lot like a couple of other BSDs that are available, such as NomadBSD and GhostBSD. The major difference between those BSDs and FuryBSD is that FuryBSD is much closer to stock FreeBSD. For example, FuryBSD uses the FreeBSD installer, while others have created their own installers and utilities.
Err codemadness.org 70 i 8487 Err codemadness.org 70 i 8488
As it states on the site, “Although FuryBSD may resemble past graphical BSD projects like PC-BSD and TrueOS, FuryBSD is created by a different team and takes a different approach focusing on tight integration with FreeBSD. This keeps overhead low and maintains compatibility with upstream.” The lead dev also told me that “One key focus for FuryBSD is for it to be a small live media with a few assistive tools to test drivers for hardware.”
Err codemadness.org 70 i 8489 Err codemadness.org 70 i 8490
Currently, you can go to the FuryBSD homepage and download either an XFCE or KDE LiveCD. A GNOME version is in the works.
Err codemadness.org 70 i 8491

Err codemadness.org 70 i 8492 Err codemadness.org 70 i 8493

Err codemadness.org 70 i 8494 Err codemadness.org 70 i 8495

NetBSD 9.0

Err codemadness.org 70 i 8496 Err codemadness.org 70 i 8497

Err codemadness.org 70 i 8498
The NetBSD Project is pleased to announce NetBSD 9.0, the seventeenth major release of the NetBSD operating system.
Err codemadness.org 70 i 8499 Err codemadness.org 70 i 8500
This release brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes. Here are some highlights of this new release.
Err codemadness.org 70 i 8501

Err codemadness.org 70 i 8502 Err codemadness.org 70 i 8503

Err codemadness.org 70 i 8504 Err codemadness.org 70 i 8505

News Roundup

Err codemadness.org 70 i 8506 Err codemadness.org 70 i 8507

OpenBSD Foundation 2019 campaign wrapup

Err codemadness.org 70 i 8508 Err codemadness.org 70 i 8509

Err codemadness.org 70 i 8510
Our target for 2019 was CDN$300K. Our community's continued generosity combined with our corporate donors exceeded that nicely. In addition we received the largest single donation in our history, CDN$380K from Smartisan. The return of Google was another welcome event. Altogether 2019 was our most successful campaign to date, yielding CDN$692K in total.
Err codemadness.org 70 i 8511 Err codemadness.org 70 i 8512
We thank all our donors, Iridium (Smartisan), Platinum (Yandex, Google), Gold (Microsoft, Facebook) Silver (2Keys) and Bronze (genua, Thinkst Canary). But especially our community of smaller donors whose contributions are the bedrock of our support. Thank you all!
Err codemadness.org 70 i 8513

Err codemadness.org 70 i 8514 Err codemadness.org 70 i 8515

OpenBSD Foundation 2019 Fundraising Goal Exceeded

Err codemadness.org 70 i 8518 Err codemadness.org 70 i 8519

Err codemadness.org 70 i 8520 Err codemadness.org 70 i 8521

A retrospective on our OmniOS ZFS-based NFS fileservers

Err codemadness.org 70 i 8522 Err codemadness.org 70 i 8523

Err codemadness.org 70 i 8524
Our OmniOS fileservers have now been out of service for about six months, which makes it somewhat past time for a retrospective on them. Our OmniOS fileservers followed on our Solaris fileservers, which I wrote a two part retrospective on (part 1, part 2), and have now been replaced by our Linux fileservers. To be honest, I have been sitting on my hands about writing this retrospective because we have mixed feelings about our OmniOS fileservers.
Err codemadness.org 70 i 8525 Err codemadness.org 70 i 8526
I will put the summary up front. OmniOS worked reasonably well for us over its lifespan here and looking back I think it was almost certainly the right choice for us at the time we made that choice (which was 2013 and 2014). However it was not without issues that marred our experience with it in practice, although not enough to make me regret that we ran it (and ran it for as long as we did). Part of our issues are likely due to a design mistake in making our fileservers too big, although this design mistake was probably magnified when we were unable to use Intel 10G-T networking in OmniOS.
Err codemadness.org 70 i 8527 Err codemadness.org 70 i 8528
On the one hand, our OmniOS fileservers worked, almost always reliably. Like our Solaris fileservers before them, they ran quietly for years without needing much attention, delivering NFS fileservice to our Ubuntu servers; specifically, we ran them for about five years (2014 through 2019, although we started migrating away at the end of 2018). Over this time we had only minor hardware issues and not all that many disk failures, and we suffered no data loss (with ZFS checksums likely saving us several times, and certainly providing good reassurances). Our overall environment was easy to manage and was pretty much problem free in the face of things like failed disks. I'm pretty sure that our users saw a NFS environment that was solid, reliable, and performed well pretty much all of the time, which is the important thing. So OmniOS basically delivered the fileserver environment we wanted.
Err codemadness.org 70 i 8529

Err codemadness.org 70 i 8530 Err codemadness.org 70 i 8531

Err codemadness.org 70 i 8532 Err codemadness.org 70 i 8533

NetBSD Fundraising 2020 goal

Err codemadness.org 70 i 8534 Err codemadness.org 70 i 8535

Err codemadness.org 70 i 8536
Is it really more than 10 years since we last had an official fundraising drive?
Err codemadness.org 70 i 8537 Err codemadness.org 70 i 8538
Looking at old TNF financial reports I noticed that we have been doing quite well financially over the last years, with a steady stream of small and medium donations, and most of the time only moderate expenditures. The last fundraising drive back in 2009 was a giant success, and we have lived off it until now.
Err codemadness.org 70 i 8539

Err codemadness.org 70 i 8540 Err codemadness.org 70 i 8541

Err codemadness.org 70 i 8542 Err codemadness.org 70 i 8543

OpenSSH 8.2 released February 14, 2020

Err codemadness.org 70 i 8544 Err codemadness.org 70 i 8545

Err codemadness.org 70 i 8546
OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at https://www.openssh.com/.
Err codemadness.org 70 i 8547 Err codemadness.org 70 i 8548
OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
Err codemadness.org 70 i 8549 Err codemadness.org 70 i 8550
Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at:
Err codemadness.org 70 i 8551

Err codemadness.org 70 i 8552 Err codemadness.org 70 i 8553

https://www.openssh.com/donations.html

Err codemadness.org 70 i 8556 Err codemadness.org 70 i 8557

Err codemadness.org 70 i 8558 Err codemadness.org 70 i 8559

Beastie Bits

Err codemadness.org 70 i 8560 Err codemadness.org 70 i 8561

FreeNAS vs. Unraid: GRUDGE MATCH!
Unix Toolbox
Rigs of Rods - OpenBSD Physics Game
NYCBug - Dr Vixie
Hamilton BSD User group will meet again on March 10th](http://studybsd.com/)
BSD Stockholm - Meetup March 3rd 2020

Err codemadness.org 70 i 8569 Err codemadness.org 70 i 8570

Err codemadness.org 70 i 8571 Err codemadness.org 70 i 8572

Feedback/Questions

Err codemadness.org 70 i 8573 Err codemadness.org 70 i 8574

Shirkdog - Question
Master One - ZFS + Suspend/resume
Micah Roth - ZFS write caching

Err codemadness.org 70 i 8579 Err codemadness.org 70 i 8580

Err codemadness.org 70 i 8581 Err codemadness.org 70 i 8582

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 8585 Err codemadness.org 70 i 8586

Err codemadness.org 70 i 8587 Err codemadness.org 70 i 8588 Err codemadness.org 70 i 8589 Err codemadness.org 70 i 8590 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 8591 ]]> Err codemadness.org 70 i 8592

338: iocage in Jail

Allan Jude — Thu, 20 Feb 2020 05:00:00 -0800

Err codemadness.org 70 i 8795 Distrowatch reviews FuryBSD, LLDB on i386 for NetBSD, wpa_supplicant as lower-class citizen, KDE on FreeBSD updates, Travel Grant for BSDCan open, ZFS dataset for testing iocage within a jail, and more.

Err codemadness.org 70 i 8796 Err codemadness.org 70 i 8797

Headlines

Err codemadness.org 70 i 8798 Err codemadness.org 70 i 8799

Distrowatch Fury BSD Review

Err codemadness.org 70 i 8800 Err codemadness.org 70 i 8801

Err codemadness.org 70 i 8802
FuryBSD is the most recent addition to the DistroWatch database and provides a live desktop operating system based on FreeBSD. FuryBSD is not entirely different in its goals from NomadBSD, which we discussed recently. I wanted to take this FreeBSD-based project for a test drive and see how it compares to NomadBSD and other desktop-oriented projects in the FreeBSD family.
Err codemadness.org 70 i 8803 Err codemadness.org 70 i 8804
FuryBSD supplies hybrid ISO/USB images which can be used to run a live desktop. There are two desktop editions currently, both for 64-bit (x86_64) machines: Xfce and KDE Plasma. The Xfce edition is 1.4GB in size and is the flavour I downloaded. The KDE Plasma edition is about 3.0GB in size.
Err codemadness.org 70 i 8805 Err codemadness.org 70 i 8806
My fresh install of FuryBSD booted to a graphical login screen. From there I could sign into my account, which brings up the Xfce desktop. The installed version of Xfce is the same as the live version, with a few minor changes. Most of the desktop icons have been removed with just the file manager launchers remaining. The Getting Started and System Information icons have been removed. Otherwise the experience is virtually identical to the live media.
Err codemadness.org 70 i 8807 Err codemadness.org 70 i 8808
FuryBSD uses a theme that is mostly grey and white with creamy yellow folder icons. The application menu launchers tend to have neutral icons, neither particularly bright and detailed or minimal.
Err codemadness.org 70 i 8809

Err codemadness.org 70 i 8810 Err codemadness.org 70 i 8811

Err codemadness.org 70 i 8812 Err codemadness.org 70 i 8813

LLDB now works on i386

Err codemadness.org 70 i 8814 Err codemadness.org 70 i 8815

Err codemadness.org 70 i 8816
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 8817 Err codemadness.org 70 i 8818
In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.
Err codemadness.org 70 i 8819 Err codemadness.org 70 i 8820
The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.
Err codemadness.org 70 i 8821

Err codemadness.org 70 i 8822 Err codemadness.org 70 i 8823

Err codemadness.org 70 i 8824 Err codemadness.org 70 i 8825

News Roundup

Err codemadness.org 70 i 8826 Err codemadness.org 70 i 8827

wpa_supplicant is definitely a lower-class citizen, sorry

Err codemadness.org 70 i 8828 Err codemadness.org 70 i 8829

Err codemadness.org 70 i 8830
wpa_supplicant is definitely a lower-class citizen, sorry.
Err codemadness.org 70 i 8831 Err codemadness.org 70 i 8832
I increasingly wonder why this stuff matters; transit costs are so much lower than the period when eduroam was setup, and their reliance on 802.11x is super weird in a world where, for the most part
Err codemadness.org 70 i 8833 + entire cities have open wifi in their downtown core
Err codemadness.org 70 i 8834 + edu vs edu+transit split horizon problems have to be solved anyways
Err codemadness.org 70 i 8835 + many universities have parallel open wifi
Err codemadness.org 70 i 8836 + rate limiting / fare-share approaches for the open-net, on unmetered
Err codemadness.org 70 i 8837 + flat-rate solves the problem
Err codemadness.org 70 i 8838 + LTE hotspot off a phone isn't a rip off anymore
Err codemadness.org 70 i 8839 + other open networks exist
Err codemadness.org 70 i 8840 Err codemadness.org 70 i 8841
essentially no one else feels compelled to do use 802.11x for a so called "semi-open access network", so I think they've lost the plot on friction vs benefit.
Err codemadness.org 70 i 8842 Err codemadness.org 70 i 8843
(we've held hackathons at EDU campus that are locked down like that, and in every case we've said no way, gotten a wire with open net, and built our own wifi. we will not subject our developers to that extra complexity).
Err codemadness.org 70 i 8844

Err codemadness.org 70 i 8845 Err codemadness.org 70 i 8846

Err codemadness.org 70 i 8847 Err codemadness.org 70 i 8848

KDE FreeBSD Updates Feb 2020

Err codemadness.org 70 i 8849 Err codemadness.org 70 i 8850

Err codemadness.org 70 i 8851
Some bits and bobs from the KDE FreeBSD team in february 2020. We met at the FreeBSD devsummit before FOSDEM, along with other FreeBSD people. Plans were made, schemes were forged, and Groff the Goat was introduced to some new people.
Err codemadness.org 70 i 8852

Err codemadness.org 70 i 8853 Err codemadness.org 70 i 8854

The big ticket things: Err codemadness.org 70 i 8856 Err codemadness.org 70 i 8857
- Frameworks are at 5.66
- Plasma is at 5.17.5 (the beta 5.18 hasn’t been tried)
- KDE release service has landed 19.12.2 (same day it was released)
Developer-centric: Err codemadness.org 70 i 8863 Err codemadness.org 70 i 8864
- KDevelop is at 5.5.0
- KUserfeedback landed its 1.0.0 release
- CMake is 3.16.3
Applications: Err codemadness.org 70 i 8870 Err codemadness.org 70 i 8871
- Musescore is at 3.4.2
- Elisa now part of the KDE release service updates
Fuure work: Err codemadness.org 70 i 8876 Err codemadness.org 70 i 8877
- KIO-Fuse probably needs extra real-world testing on FreeBSD. I don’t have that kind of mounts (just NFS in /etc/fstab) so I’m not the target audience.
- KTextEditor is missing .editorconfig support. That can come in with the next frameworks update, when consumers update anyway. Chasing it in an intermediate release is a bit problematic because it does require some rebuilds of consumers.

Err codemadness.org 70 i 8882 Err codemadness.org 70 i 8883

Err codemadness.org 70 i 8884 Err codemadness.org 70 i 8885

Travel Grant Application for BSDCan is now open

Err codemadness.org 70 i 8886 Err codemadness.org 70 i 8887

Err codemadness.org 70 i 8888
Hi everyone,
Err codemadness.org 70 i 8889 Err codemadness.org 70 i 8890
The Travel Grant Application for BSDCan 2020 is now open. The Foundation can help you attend BSDCan through our travel grant program. Travel grants are available to FreeBSD developers and advocates who need assistance with travel expenses for attending conferences related to FreeBSD development. BSDCan 2020 applications are due April 9, 2020. Find out more and apply at: https://www.freebsdfoundation.org/what-we-do/grants/travel-grants/
Err codemadness.org 70 i 8891 Err codemadness.org 70 i 8892
Did you know the Foundation also provides grants for technical events not specifically focused on BSD? If you feel that your attendance at one of these events will benefit the FreeBSD Project and Community and you need assistance getting there, please fill out the general travel grant application. Your application must be received 7 weeks prior to the event. The general application can be found here: https://goo.gl/forms/QzsOMR8Jra0vqFYH2
Err codemadness.org 70 i 8893

Err codemadness.org 70 i 8894 Err codemadness.org 70 i 8895

Err codemadness.org 70 i 8896 Err codemadness.org 70 i 8897

Creating a ZFS dataset for testing iocage within a jail

Err codemadness.org 70 i 8898 Err codemadness.org 70 i 8899

Be warned, this failed. I’m stalled and I have not completed this.

Err codemadness.org 70 i 8902 Err codemadness.org 70 i 8903

Err codemadness.org 70 i 8904
I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version.
Err codemadness.org 70 i 8905

Err codemadness.org 70 i 8906 Err codemadness.org 70 i 8907

In this post: Err codemadness.org 70 i 8909 Err codemadness.org 70 i 8910
- FreeBSD 12.1
- py36-iocage-1.2_3
- py36-iocage-1.2_4

Err codemadness.org 70 i 8916 Err codemadness.org 70 i 8917

Err codemadness.org 70 i 8918
This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all first.
Err codemadness.org 70 i 8919

Err codemadness.org 70 i 8920 Err codemadness.org 70 i 8921

Err codemadness.org 70 i 8922 Err codemadness.org 70 i 8923

Beastie Bits

Err codemadness.org 70 i 8924 Err codemadness.org 70 i 8925

Reminder: the FreeBSD Journal is free! Check out these great articles
Serenity GUI desktop running on an OpenBSD kernel
The Open Source Parts of MacOS
FOSDEM videos available

Err codemadness.org 70 i 8931 Err codemadness.org 70 i 8932

Err codemadness.org 70 i 8933 Err codemadness.org 70 i 8934

Feedback/Questions

Err codemadness.org 70 i 8935 Err codemadness.org 70 i 8936

Michael - Install with ZFS
Mohammad - Server Freeze
Todd - ZFS Questions

Err codemadness.org 70 i 8941 Err codemadness.org 70 i 8942

Err codemadness.org 70 i 8943 Err codemadness.org 70 i 8944

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 8947 Err codemadness.org 70 i 8948

Err codemadness.org 70 i 8949 Err codemadness.org 70 i 8950 Err codemadness.org 70 i 8951 Err codemadness.org 70 i 8952 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 8953 ]]> Err codemadness.org 70 i 8954

337: Kubernetes on bhyve

Allan Jude — Thu, 13 Feb 2020 08:30:00 -0800

Err codemadness.org 70 i 9197 Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.

Err codemadness.org 70 i 9198 Err codemadness.org 70 i 9199

Headlines

Err codemadness.org 70 i 9200 Err codemadness.org 70 i 9201

The happinesses and stresses of full-time FOSS work

Err codemadness.org 70 i 9202 Err codemadness.org 70 i 9203

Err codemadness.org 70 i 9204
In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.
Err codemadness.org 70 i 9205 Err codemadness.org 70 i 9206
February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.
Err codemadness.org 70 i 9207 Err codemadness.org 70 i 9208
The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.
Err codemadness.org 70 i 9209 Err codemadness.org 70 i 9210
The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.
Err codemadness.org 70 i 9211

Err codemadness.org 70 i 9212 Err codemadness.org 70 i 9213

Err codemadness.org 70 i 9214 Err codemadness.org 70 i 9215

Building a FreeBSD File Server

Err codemadness.org 70 i 9216 Err codemadness.org 70 i 9217

Err codemadness.org 70 i 9218
Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.
Err codemadness.org 70 i 9219 Err codemadness.org 70 i 9220
Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!
Err codemadness.org 70 i 9221

Err codemadness.org 70 i 9222 Err codemadness.org 70 i 9223

Err codemadness.org 70 i 9224 Err codemadness.org 70 i 9225

Report from the first Hamilton BSD Users Group Meeting

Err codemadness.org 70 i 9226 Err codemadness.org 70 i 9227

Err codemadness.org 70 i 9228
February 11th was the first meeting of this new user group, founded by John Young and myself
Err codemadness.org 70 i 9229 Err codemadness.org 70 i 9230
11 people attended, and a lot of good discussions were had
Err codemadness.org 70 i 9231 Err codemadness.org 70 i 9232
One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.
Err codemadness.org 70 i 9233 Err codemadness.org 70 i 9234
Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.
Err codemadness.org 70 i 9235 Err codemadness.org 70 i 9236
The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.
Err codemadness.org 70 i 9237 Err codemadness.org 70 i 9238
We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.
Err codemadness.org 70 i 9239

Err codemadness.org 70 i 9240 Err codemadness.org 70 i 9241

Err codemadness.org 70 i 9242 Err codemadness.org 70 i 9243

News Roundup

Err codemadness.org 70 i 9244 Err codemadness.org 70 i 9245

Kubernetes on FreeBSD Bhyve

Err codemadness.org 70 i 9246 Err codemadness.org 70 i 9247

Err codemadness.org 70 i 9248
There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!
Err codemadness.org 70 i 9249

Err codemadness.org 70 i 9250 Err codemadness.org 70 i 9251

Err codemadness.org 70 i 9252 Err codemadness.org 70 i 9253

NetBSD 9 RC1 Available

Err codemadness.org 70 i 9254 Err codemadness.org 70 i 9255

Err codemadness.org 70 i 9256
We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).
Err codemadness.org 70 i 9257

Err codemadness.org 70 i 9258 Err codemadness.org 70 i 9259

Here are a few highlights of the new release:
Err codemadness.org 70 i 9261 Err codemadness.org 70 i 9262
- Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)
- Enhanced hardware support for Armv7-A
- Updated GPU drivers (e.g. support for Intel Kabylake)
- Enhanced virtualization support
- Support for hardware-accelerated virtualization (NVMM)
- Support for Performance Monitoring Counters
- Support for Kernel ASLR
- Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)
- Support for userland sanitizers
- Audit of the network stack
- Many improvements in NPF
- Updated ZFS
- Reworked error handling and NCQ support in the SATA subsystem
- Support a common framework for USB Ethernet drivers (usbnet)
You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/

Err codemadness.org 70 i 9280 Err codemadness.org 70 i 9281

Err codemadness.org 70 i 9282 Err codemadness.org 70 i 9283

OPNsense 20.1 Keen Kingfisher released

Err codemadness.org 70 i 9284 Err codemadness.org 70 i 9285

Err codemadness.org 70 i 9286
For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
Err codemadness.org 70 i 9287 Err codemadness.org 70 i 9288
20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.
Err codemadness.org 70 i 9289

Err codemadness.org 70 i 9290 Err codemadness.org 70 i 9291

Err codemadness.org 70 i 9292 Err codemadness.org 70 i 9293

Idealistic Future for HardenedBSD

Err codemadness.org 70 i 9294 Err codemadness.org 70 i 9295

Err codemadness.org 70 i 9296
Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!
Err codemadness.org 70 i 9297 Err codemadness.org 70 i 9298
HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.
Err codemadness.org 70 i 9299 Err codemadness.org 70 i 9300
Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.
Err codemadness.org 70 i 9301

Err codemadness.org 70 i 9302 Err codemadness.org 70 i 9303

Err codemadness.org 70 i 9304 Err codemadness.org 70 i 9305

Beastie Bits

Err codemadness.org 70 i 9306 Err codemadness.org 70 i 9307

Warner Losh's FOSDEM talk
Relational Pipes v0.15
A reminder for where to find NetBSD ARM images
New Safe Memory Reclamation feature in UMA
BSD Users Stockholm Meetup

Err codemadness.org 70 i 9314 Err codemadness.org 70 i 9315

Err codemadness.org 70 i 9316 Err codemadness.org 70 i 9317

Feedback/Questions

Err codemadness.org 70 i 9318 Err codemadness.org 70 i 9319

ZFS - Rosetta Stone Document?
Pat - Question
Sigflup - Wayland on the BSDs

Err codemadness.org 70 i 9324 Err codemadness.org 70 i 9325

Err codemadness.org 70 i 9326 Err codemadness.org 70 i 9327

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 9330 Err codemadness.org 70 i 9331

Err codemadness.org 70 i 9332 Err codemadness.org 70 i 9333 Err codemadness.org 70 i 9334 Err codemadness.org 70 i 9335 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 9336 ]]> Err codemadness.org 70 i 9337

336: Archived Knowledge

Allan Jude — Thu, 06 Feb 2020 05:00:00 -0800

Err codemadness.org 70 i 9543 Linux couldn’t duplicate OpenBSD, FreeBSD Q4 status report, OPNsense 19.7.9 released, archives retain and pass on knowledge, HardenedBSD Tor Onion Service v3 Nodes, and more.

Err codemadness.org 70 i 9544 Err codemadness.org 70 i 9545

Headlines

Err codemadness.org 70 i 9546 Err codemadness.org 70 i 9547

OpenBSD has to be a BSD Unix and you couldn't duplicate it with Linux

Err codemadness.org 70 i 9548 Err codemadness.org 70 i 9549

Err codemadness.org 70 i 9550
OpenBSD has a well deserved reputation for putting security and a clean system (for code, documentation, and so on) first, and everything else second. OpenBSD is of course based on BSD (it's right there in the name) and descends from FreeBSD NetBSD (you can read the history here). But one of the questions you could ask about it is whether it had to be that way, and in particular if you could build something like OpenBSD on top of Linux. I believe that the answer is no.
Err codemadness.org 70 i 9551 Err codemadness.org 70 i 9552
Linux and the *BSDs have a significantly different model of what they are. BSDs have a 'base system' that provides an integrated and fully operational core Unix, covering the kernel, C library and compiler, and the normal Unix user level programs, all maintained and distributed by the particular BSD. Linux is not a single unit this way, and instead all of the component parts are maintained separately and assembled in various ways by various Linux distributions. Both approaches have their advantages, but one big one for the BSD approach is that it enables global changes.
Err codemadness.org 70 i 9553 Err codemadness.org 70 i 9554
Making global changes is an important part of what makes OpenBSD's approach to improving security, code maintenance, and so on work. Because it directly maintains everything as a unit, OpenBSD is in a position to introduce new C library or kernel APIs (or change them) and then immediately update all sorts of things in user level programs to use the new API. This takes a certain amount of work, of course, but it's possible to do it at all. And because OpenBSD can do this sort of ambitious global change, it does.
Err codemadness.org 70 i 9555 Err codemadness.org 70 i 9556
This goes further than just the ability to make global changes, because in theory you can patch in global changes on top of a bunch of separate upstream projects. Because OpenBSD is in control of its entire base system, it's not forced to try to reconcile different development priorities or integrate clashing changes. OpenBSD can decide (and has) that only certain sorts of changes will be accepted into its system at all, no matter what people want. If there are features or entire programs that don't fit into what OpenBSD will accept, they just lose out.
Err codemadness.org 70 i 9557

Err codemadness.org 70 i 9558 Err codemadness.org 70 i 9559

Err codemadness.org 70 i 9560 Err codemadness.org 70 i 9561

FreeBSD Quarterly Status Report 2019Q4

Err codemadness.org 70 i 9562 Err codemadness.org 70 i 9563

Err codemadness.org 70 i 9564
Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.
Err codemadness.org 70 i 9565 Err codemadness.org 70 i 9566
If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.
Err codemadness.org 70 i 9567 Err codemadness.org 70 i 9568
Have a nice read!
Err codemadness.org 70 i 9569

Err codemadness.org 70 i 9570 Err codemadness.org 70 i 9571

Err codemadness.org 70 i 9572 Err codemadness.org 70 i 9573

News Roundup

Err codemadness.org 70 i 9574 Err codemadness.org 70 i 9575

OPNsense 19.7.9 released

Err codemadness.org 70 i 9576 Err codemadness.org 70 i 9577

Err codemadness.org 70 i 9578
As 20.1 nears we will be making adjustments to the scope of the release with an announcement following shortly.
Err codemadness.org 70 i 9579 Err codemadness.org 70 i 9580
For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and a number of prominent third-party software updates we are happy to see included.
Err codemadness.org 70 i 9581

Err codemadness.org 70 i 9582 Err codemadness.org 70 i 9583

Err codemadness.org 70 i 9584 Err codemadness.org 70 i 9585

Archives are important to retain and pass on knowledge

Err codemadness.org 70 i 9586 Err codemadness.org 70 i 9587

Err codemadness.org 70 i 9588
Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time.
Err codemadness.org 70 i 9589

Err codemadness.org 70 i 9590 Err codemadness.org 70 i 9591

Err codemadness.org 70 i 9592 Err codemadness.org 70 i 9593

HardenedBSD Tor Onion Service v3 Nodes

Err codemadness.org 70 i 9594 Err codemadness.org 70 i 9595

Err codemadness.org 70 i 9596
I've been working today on deploying Tor Onion Service v3 nodes across our build infrastructure. I'm happy to announce that the public portion of this is now completed. Below you will find various onion service hostnames and their match to our infrastructure.
Err codemadness.org 70 i 9597

Err codemadness.org 70 i 9598 Err codemadness.org 70 i 9599

hardenedbsd.org: lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion
ci-01.nyi.hardenedbsd.org: qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion
ci-03.md.hardenedbsd.org: eqvnohly4tjrkpwatdhgptftabpesofirnhz5kq7jzn4zd6ernpvnpqd.onion
ci-04.md.hardenedbsd.org: rfqabq2w65nhdkukeqwf27r7h5xfh53h3uns6n74feeyl7s5fbjxczqd.onion
git-01.md.hardenedbsd.org: dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion

Err codemadness.org 70 i 9606 Err codemadness.org 70 i 9607

Err codemadness.org 70 i 9608 Err codemadness.org 70 i 9609

Beastie Bits

Err codemadness.org 70 i 9610 Err codemadness.org 70 i 9611

The Missing Semester of Your CS Education (MIT Course)
An old Unix Ad
OpenBSD syscall call-from verification
OpenBSD/arm64 on Pinebook
Reminder: First Southern Ontario BSD user group meeting, February 11th (this coming Tuesday!) 18:30 at Boston Pizza on Upper James st, Hamilton.
NYCBUG: March meeting will feature Dr. Paul Vixie and his new talk “Operating Systems as Dumb Pipes”
8th Meetup of the Stockholm BUG: March 3 at 18:00
Polish BSD User Group meets on Feb 11, 2020 at 18:15

Err codemadness.org 70 i 9621 Err codemadness.org 70 i 9622

Err codemadness.org 70 i 9623 Err codemadness.org 70 i 9624

Feedback/Questions

Err codemadness.org 70 i 9625 Err codemadness.org 70 i 9626

Sean - ZFS and Creation Dates
Christopher - Help on ZFS Disaster Recovery
Mike - Encrypted ZFS Send

Err codemadness.org 70 i 9631 Err codemadness.org 70 i 9632

Err codemadness.org 70 i 9633 Err codemadness.org 70 i 9634

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 9637 Err codemadness.org 70 i 9638

Err codemadness.org 70 i 9639 Err codemadness.org 70 i 9640 Err codemadness.org 70 i 9641 Err codemadness.org 70 i 9642 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 9643 ]]> Err codemadness.org 70 i 9644

335: FreeBSD Down Under

Allan Jude — Thu, 30 Jan 2020 05:00:00 -0800

Err codemadness.org 70 i 9810 Hyperbola Developer interview, why you should migrate from Linux to BSD, FreeBSD is an amazing OS, improving the ptrace(2) API in LLVM 10, First FreeBSD conference in Australia, and a guide to containers on FreeNAS.

Err codemadness.org 70 i 9811 Err codemadness.org 70 i 9812

Headlines

Err codemadness.org 70 i 9813 Err codemadness.org 70 i 9814

FreeBSD is an amazing operating System

Err codemadness.org 70 i 9815 Err codemadness.org 70 i 9816

Err codemadness.org 70 i 9817
Update 2020-01-21: Since I wrote this article it got posted on Hacker News, Reddit and Lobster, and a few people have emailed me with comments. I have updated the article with comments where I have found it needed. As an important side note I would like to point out that I am not a FreeBSD developer, there may be things going on in the FreeBSD world that I know absolutely nothing about. I am also not glued to the FreeBSD developer mailing lists. I am not a FreeBSD "fanboy". I have been using GNU/Linux a ton more for the past two decades than FreeBSD, mainly due to hardware incompatibility (lacking or buggy drivers), and I love both Debian GNU/Linux and Arch Linux just as much as FreeBSD. However, I am concerned about the development of GNU/Linux as of late. Also this article is not about me trying to make anyone switch from something else to FreeBSD. It's about why I like FreeBSD and that I recommend you try it out if you're into messing with operating systems.
Err codemadness.org 70 i 9818 Err codemadness.org 70 i 9819
I think the year was late 1999 or mid 2000 when I one day was browsing computer books at my favorite bookshop and I discovered the book The Complete FreeBSD third edition from 1999 by Greg Lehey. With the book came 4 CD Roms with FreeBSD 3.3.
Err codemadness.org 70 i 9820 Err codemadness.org 70 i 9821
I had already familiarized myself with GNU/Linux in 1998, and I was in the process of migrating every server and desktop operating system away from Microsoft Windows, both at home and at my company, to GNU/Linux, initially Red Hat Linux and then later Debian GNU/Linux, which eventually became my favorite GNU/Linux distribution for many years.
Err codemadness.org 70 i 9822 Err codemadness.org 70 i 9823
When I first saw The Complete FreeBSD book by Greg Lehey I remember noticing the text on the front page that said, "The Free Version of Berkeley UNIX" and "Rock Solid Stability", and I was immediately intrigued! What was that all about? A free UNIX operating system! And rock solid stability? That sounded amazing.
Err codemadness.org 70 i 9824

Err codemadness.org 70 i 9825 Err codemadness.org 70 i 9826

Err codemadness.org 70 i 9827 Err codemadness.org 70 i 9828

Hyperbola Dev Interview

Err codemadness.org 70 i 9829 Err codemadness.org 70 i 9830

Err codemadness.org 70 i 9831
In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).
Err codemadness.org 70 i 9832 Err codemadness.org 70 i 9833
Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.
Err codemadness.org 70 i 9834 Err codemadness.org 70 i 9835
To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.
Err codemadness.org 70 i 9836

Err codemadness.org 70 i 9837 Err codemadness.org 70 i 9838

Err codemadness.org 70 i 9839 Err codemadness.org 70 i 9840

News Roundup

Err codemadness.org 70 i 9841 Err codemadness.org 70 i 9842

Improving the ptrace(2) API and preparing for LLVM-10.0

Err codemadness.org 70 i 9843 Err codemadness.org 70 i 9844

Err codemadness.org 70 i 9845
This month I have improved the NetBSD ptrace(2) API, removing one legacy interface with a few flaws and replacing it with two new calls with new features, and removing technical debt.
Err codemadness.org 70 i 9846 Err codemadness.org 70 i 9847
As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).
Err codemadness.org 70 i 9848

Err codemadness.org 70 i 9849 Err codemadness.org 70 i 9850

Err codemadness.org 70 i 9851 Err codemadness.org 70 i 9852

The first FreeBSD conference in Australia

Err codemadness.org 70 i 9853 Err codemadness.org 70 i 9854

Err codemadness.org 70 i 9855
FreeBSD has existed as an operating system, project, and foundation for more than twenty years, and its earlier incantations have exited for far longer. The old guard have been developing code, porting software, and writing documentation for longer than I’ve existed. I’ve been using it for more than a decade for personal projects, and professionally for half that time.
Err codemadness.org 70 i 9856 Err codemadness.org 70 i 9857
While there are many prominent Australian FreeBSD contributors, sysadmins, and users, we’ve always had to venture overseas for conferences. We’re always told Australians are among the most ardent travellers, but I always wondered if we could do a domestic event as well.
Err codemadness.org 70 i 9858 Err codemadness.org 70 i 9859
And on Tuesday, we did! Deb Goodkin and the FreeBSD Foundation graciously organised and chaired a dedicated FreeBSD miniconf at the long-running linux.conf.au event held each year in a different city in Australia and New Zealand.
Err codemadness.org 70 i 9860

Err codemadness.org 70 i 9861 Err codemadness.org 70 i 9862

Err codemadness.org 70 i 9863 Err codemadness.org 70 i 9864

A practical guide to containers on FreeNAS for a depraved psychopath

Err codemadness.org 70 i 9865 Err codemadness.org 70 i 9866

Err codemadness.org 70 i 9867
This is a simple write-up to setup Docker on FreeNAS 11 or FreeBSD 11.
Err codemadness.org 70 i 9868

Err codemadness.org 70 i 9869 Err codemadness.org 70 i 9870

But muh jails?

Err codemadness.org 70 i 9871 Err codemadness.org 70 i 9872

Err codemadness.org 70 i 9873
You know that jails are dope and you know that jails are dope, yet no one else knows it. So here we are stuck with docker. Two years ago I would be the last person to recommend using docker, but a whole lot of things has changes past years…
Err codemadness.org 70 i 9874

Err codemadness.org 70 i 9875 Err codemadness.org 70 i 9876

So jails are dead then?

Err codemadness.org 70 i 9877 Err codemadness.org 70 i 9878

Err codemadness.org 70 i 9879
No, jails are still dope, but jails lack tools to manage them. Yes, there are a few tools, but they meant for hard-core FreeBSD users who used to suffering. Docker allows you to run applications without deep knowledge of application you’re running. It will also allow you to run applications that are not ported to FreeBSD.
Err codemadness.org 70 i 9880

Err codemadness.org 70 i 9881 Err codemadness.org 70 i 9882

Err codemadness.org 70 i 9883 Err codemadness.org 70 i 9884

Why you should migrate everything from Linux to BSD

Err codemadness.org 70 i 9885 Err codemadness.org 70 i 9886

Err codemadness.org 70 i 9887
As an operating system GNU/Linux has become a real mess because of the fragmented nature of the project, the bloatware in the kernel, and because of the jerking around by commercial interests.
Err codemadness.org 70 i 9888

Err codemadness.org 70 i 9889 Err codemadness.org 70 i 9890

Response Should you migrate from Linux to BSD? It depends.

Err codemadness.org 70 i 9893 Err codemadness.org 70 i 9894

Beastie Bits

Err codemadness.org 70 i 9895 Err codemadness.org 70 i 9896

Using the OpenBSD ports tree with dedicated users
broot on FreeBSD
A Trip down Memory Lane
Running syslog-ng in BastilleBSD
NASA : Using Software Packages in pkgsrc

Err codemadness.org 70 i 9903 Err codemadness.org 70 i 9904

Err codemadness.org 70 i 9905 Err codemadness.org 70 i 9906

Feedback/Questions

Err codemadness.org 70 i 9907 Err codemadness.org 70 i 9908

All of our questions this week were pretty technical in nature so I'm going to save those for the next episode so Allan can weigh in on them, since if we cover them now we're basically going to be deferring to Allan anyway.

Err codemadness.org 70 i 9911 Err codemadness.org 70 i 9912

Err codemadness.org 70 i 9913 Err codemadness.org 70 i 9914

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 9917 Err codemadness.org 70 i 9918

Err codemadness.org 70 i 9919 Err codemadness.org 70 i 9920 Err codemadness.org 70 i 9921 Err codemadness.org 70 i 9922 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 9923 ]]> Err codemadness.org 70 i 9924

334: Distrowatch Running FreeBSD

Allan Jude — Thu, 23 Jan 2020 05:00:00 -0800

Err codemadness.org 70 i 10101 Upgrading FreeBSD from 11.3 to 12.1, Distrowatch switching to FreeBSD, Torvalds says don’t run ZFS, iked(8) removed automatic IPv6 blocking, working towards LLDB on i386, and memory-hard Argon2 hashing scheme in NetBSD.

Err codemadness.org 70 i 10102 Err codemadness.org 70 i 10103

Headlines

Err codemadness.org 70 i 10104 Err codemadness.org 70 i 10105

Upgrading FreeBSD from 11.3 to 12.1

Err codemadness.org 70 i 10106 Err codemadness.org 70 i 10107

Err codemadness.org 70 i 10108
Now here’s something more like what I was originally expecting the content on this blog to look like. I’m in the process of moving all of our FreeBSD servers (about 30 in total) from 11.3 to 12.1. We have our own local build of the OS, and until “packaged base” gets to a state where it’s reliably usable, we’re stuck doing upgrades the old-fashioned way. I created a set of notes for myself while cranking through these upgrades and I wanted to share them since they are not really work-specific and this process isn’t very well documented for people who haven’t been doing this sort of upgrade process for 25 years.
Err codemadness.org 70 i 10109 Err codemadness.org 70 i 10110
Our source and object trees are read-only exported from the build server over NFS, which causes things to be slow. /etc/make.conf and /etc/src.conf are symbolic links on all of our servers to the master copies in /usr/src so that make installworld can find the configuration parameters the system was built with.
Err codemadness.org 70 i 10111

Err codemadness.org 70 i 10112 Err codemadness.org 70 i 10113

Err codemadness.org 70 i 10114 Err codemadness.org 70 i 10115

Switching Distrowatch over to BSD

Err codemadness.org 70 i 10116 Err codemadness.org 70 i 10117

Err codemadness.org 70 i 10118
This may be a little off-topic for this board (forgive me if it is, please). However, I wanted to say that I'm one of the people who works on DistroWatch (distrowatch.com) and this past week we had to deal with a server facing hardware failure. We had a discussion about whether to continue running Debian or switch to something else.
Err codemadness.org 70 i 10119 Err codemadness.org 70 i 10120
The primary "something else" option turned out to be FreeBSD and it is what we eventually went with. It took a while to convert everything over from working with Debian GNU/Linux to FreeBSD 12 (some script incompatibilities, different paths, some changes to web server configuration, networking IPv6 troubles). But in the end we ended up with a good, FreeBSD-based experience.
Err codemadness.org 70 i 10121 Err codemadness.org 70 i 10122
Since the transition was successful, though certainly not seamless, I thought people might want to do a Q&A on the migration process. Especially for those thinking of making the same switch.
Err codemadness.org 70 i 10123

Err codemadness.org 70 i 10124 Err codemadness.org 70 i 10125

Err codemadness.org 70 i 10126 Err codemadness.org 70 i 10127

News Roundup

Err codemadness.org 70 i 10128 Err codemadness.org 70 i 10129

iked(8) automatic IPv6 blocking removed

Err codemadness.org 70 i 10130 Err codemadness.org 70 i 10131

Err codemadness.org 70 i 10132
iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration.
Err codemadness.org 70 i 10133 Err codemadness.org 70 i 10134
If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.
Err codemadness.org 70 i 10135

Err codemadness.org 70 i 10136 Err codemadness.org 70 i 10137

Err codemadness.org 70 i 10138 Err codemadness.org 70 i 10139

Linus says dont run ZFS

Err codemadness.org 70 i 10140 Err codemadness.org 70 i 10141

Err codemadness.org 70 i 10142
“Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.”
Err codemadness.org 70 i 10143 Err codemadness.org 70 i 10144
This is what Linus Torvalds said in a mailing list to once again express his disliking for ZFS filesystem specially over its licensing.
Err codemadness.org 70 i 10145 Err codemadness.org 70 i 10146
To avoid unnecessary confusion, this is more intended for Linux distributions, kernel developers and maintainers rather than individual Linux users.
Err codemadness.org 70 i 10147

Err codemadness.org 70 i 10148 Err codemadness.org 70 i 10149

Err codemadness.org 70 i 10150 Err codemadness.org 70 i 10151

GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD

Err codemadness.org 70 i 10152 Err codemadness.org 70 i 10153

Err codemadness.org 70 i 10154
We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.
Err codemadness.org 70 i 10155 Err codemadness.org 70 i 10156
The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.
Err codemadness.org 70 i 10157

Err codemadness.org 70 i 10158 Err codemadness.org 70 i 10159

Err codemadness.org 70 i 10160 Err codemadness.org 70 i 10161

Working towards LLDB on i386 NetBSD

Err codemadness.org 70 i 10162 Err codemadness.org 70 i 10163

Err codemadness.org 70 i 10164
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 10165 Err codemadness.org 70 i 10166
In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.
Err codemadness.org 70 i 10167 Err codemadness.org 70 i 10168
Throughout December I've continued working on our build bot maintenance, in particular enabling compiler-rt tests. I've revived and finished my old patch for extended register state (XState) in core dumps. I've started working on bringing proper i386 support to LLDB.
Err codemadness.org 70 i 10169

Err codemadness.org 70 i 10170 Err codemadness.org 70 i 10171

Err codemadness.org 70 i 10172 Err codemadness.org 70 i 10173

Beastie Bits

Err codemadness.org 70 i 10174 Err codemadness.org 70 i 10175

An open source Civilization V
BSD Groups in Italy
Why is Wednesday, November 17, 1858 the base time for OpenVMS?
Benchmarking shell pipelines and the Unix “tools” philosophy
LPI and BSD working together

Err codemadness.org 70 i 10182 Err codemadness.org 70 i 10183

Err codemadness.org 70 i 10184 Err codemadness.org 70 i 10185

Feedback/Questions

Err codemadness.org 70 i 10186 Err codemadness.org 70 i 10187

Pat - March Meeting
Madhukar - Overheating Laptop
Warren - R vs S

Err codemadness.org 70 i 10192 Err codemadness.org 70 i 10193

Err codemadness.org 70 i 10194 Err codemadness.org 70 i 10195

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 10198 Err codemadness.org 70 i 10199

Err codemadness.org 70 i 10200 Err codemadness.org 70 i 10201 Err codemadness.org 70 i 10202 Err codemadness.org 70 i 10203 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 10204 ]]> Err codemadness.org 70 i 10205

333: Unix Keyboard Joy

Allan Jude — Thu, 16 Jan 2020 05:00:00 -0800

Err codemadness.org 70 i 10385 Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more.

Err codemadness.org 70 i 10386 Err codemadness.org 70 i 10387

Headlines

Err codemadness.org 70 i 10388 Err codemadness.org 70 i 10389

Your Impact on FreeBSD in 2019

Err codemadness.org 70 i 10390 Err codemadness.org 70 i 10391

Err codemadness.org 70 i 10392
It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there.
Err codemadness.org 70 i 10393 Err codemadness.org 70 i 10394
In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams.
Err codemadness.org 70 i 10395 Err codemadness.org 70 i 10396
Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees.
Err codemadness.org 70 i 10397 Err codemadness.org 70 i 10398
Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund.
Err codemadness.org 70 i 10399

Err codemadness.org 70 i 10400 Err codemadness.org 70 i 10401

Err codemadness.org 70 i 10402 Err codemadness.org 70 i 10403

Wireguard on OpenBSD Router

Err codemadness.org 70 i 10404 Err codemadness.org 70 i 10405

Err codemadness.org 70 i 10406
wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base.
Err codemadness.org 70 i 10407 Err codemadness.org 70 i 10408
modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard.
Err codemadness.org 70 i 10409 Err codemadness.org 70 i 10410
my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg.
Err codemadness.org 70 i 10411 Err codemadness.org 70 i 10412
running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules.
Err codemadness.org 70 i 10413

Err codemadness.org 70 i 10414 Err codemadness.org 70 i 10415

Err codemadness.org 70 i 10416 Err codemadness.org 70 i 10417

News Roundup

Err codemadness.org 70 i 10418 Err codemadness.org 70 i 10419

Amazon now has FreeBSD/ARM 12

Err codemadness.org 70 i 10420 Err codemadness.org 70 i 10421

Err codemadness.org 70 i 10422
AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores.
Err codemadness.org 70 i 10423 Err codemadness.org 70 i 10424
Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster.
Err codemadness.org 70 i 10425 Err codemadness.org 70 i 10426
The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage.
Err codemadness.org 70 i 10427 Err codemadness.org 70 i 10428
Err codemadness.org 70 i 10429
General-purpose instances (M6g and M6gd)
Err codemadness.org 70 i 10430
Compute-optimized instances (C6g and C6gd)
Err codemadness.org 70 i 10431
Memory-optimized instances (R6g and R6gd)
Err codemadness.org 70 i 10432
Err codemadness.org 70 i 10433 Err codemadness.org 70 i 10434
You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking.
Err codemadness.org 70 i 10435 Err codemadness.org 70 i 10436
And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances.
Err codemadness.org 70 i 10437 Err codemadness.org 70 i 10438
AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service).
Err codemadness.org 70 i 10439

Err codemadness.org 70 i 10440 Err codemadness.org 70 i 10441

Coverage of AWS Announcement

Err codemadness.org 70 i 10444 Err codemadness.org 70 i 10445

Err codemadness.org 70 i 10446 Err codemadness.org 70 i 10447

Announcing the pkgsrc-2019Q4 release

Err codemadness.org 70 i 10448 Err codemadness.org 70 i 10449

Err codemadness.org 70 i 10450
The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at https://www.pkgsrc.org/
Err codemadness.org 70 i 10451 Err codemadness.org 70 i 10452
In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users.
Err codemadness.org 70 i 10453

Err codemadness.org 70 i 10454 Err codemadness.org 70 i 10455

Err codemadness.org 70 i 10456 Err codemadness.org 70 i 10457

The Joys of UNIX Keyboards

Err codemadness.org 70 i 10458 Err codemadness.org 70 i 10459

Err codemadness.org 70 i 10460
I fell in love with a dead keyboard layout.
Err codemadness.org 70 i 10461 Err codemadness.org 70 i 10462
A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre.
Err codemadness.org 70 i 10463 Err codemadness.org 70 i 10464
We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed.
Err codemadness.org 70 i 10465 Err codemadness.org 70 i 10466
I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me.
Err codemadness.org 70 i 10467

Err codemadness.org 70 i 10468 Err codemadness.org 70 i 10469

Err codemadness.org 70 i 10470 Err codemadness.org 70 i 10471

OpenBSD on Digital Ocean

Err codemadness.org 70 i 10472 Err codemadness.org 70 i 10473

Err codemadness.org 70 i 10474
Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.
Err codemadness.org 70 i 10475 Err codemadness.org 70 i 10476
They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader.
Err codemadness.org 70 i 10477 Err codemadness.org 70 i 10478
Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet.
Err codemadness.org 70 i 10479

Err codemadness.org 70 i 10480 Err codemadness.org 70 i 10481

Err codemadness.org 70 i 10482 Err codemadness.org 70 i 10483

Beastie Bits

Err codemadness.org 70 i 10484 Err codemadness.org 70 i 10485

FreeBSD defaults to LLVM on PPC
Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019
Bastille Poll about what people would like to see in 2020
Notes on the classic book : The Design of the UNIX Operating System
Multics History
First meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St

Err codemadness.org 70 i 10493 Err codemadness.org 70 i 10494

Err codemadness.org 70 i 10495 Err codemadness.org 70 i 10496

Feedback/Questions

Err codemadness.org 70 i 10497 Err codemadness.org 70 i 10498

Bill - 1.1 CDROM
Greg - More 50 Year anniversary information
Dave - Question time for Allan

Err codemadness.org 70 i 10503 Err codemadness.org 70 i 10504

Err codemadness.org 70 i 10505 Err codemadness.org 70 i 10506

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 10509 Err codemadness.org 70 i 10510

Err codemadness.org 70 i 10511 Err codemadness.org 70 i 10512 Err codemadness.org 70 i 10513 Err codemadness.org 70 i 10514 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 10515 ]]> Err codemadness.org 70 i 10516

332: The BSD Hyperbole

Allan Jude — Thu, 09 Jan 2020 05:00:00 -0800

Err codemadness.org 70 i 10736 Announcing HyperbolaBSD, IPFW In-Kernel NAT setup on FreeBSD, Wayland and WebRTC enabled for NetBSD 9/Linux, LLDB Threading support ready for mainline, OpenSSH U2F/FIDO support in base, Dragonfly drm/i915: Update, and more.

Err codemadness.org 70 i 10737 Err codemadness.org 70 i 10738

Headlines

Err codemadness.org 70 i 10739 Err codemadness.org 70 i 10740

HyperbolaBSD Announcement

Err codemadness.org 70 i 10741 Err codemadness.org 70 i 10742

Err codemadness.org 70 i 10743
Due to the Linux kernel rapidly proceeding down an unstable path, we are planning on implementing a completely new OS derived from several BSD implementations.
Err codemadness.org 70 i 10744 Err codemadness.org 70 i 10745
This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom.
Err codemadness.org 70 i 10746 Err codemadness.org 70 i 10747
This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.
Err codemadness.org 70 i 10748

Err codemadness.org 70 i 10749 Err codemadness.org 70 i 10750

Reasons for this include: Err codemadness.org 70 i 10752 Err codemadness.org 70 i 10753
- Linux kernel forcing adaption of DRM, including HDCP.
- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)
- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)
- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies)
- As such, we will continue to support the Milky Way branch until 2022 when our legacy Linux-libre kernel reaches End of Life.

Err codemadness.org 70 i 10761 Err codemadness.org 70 i 10762

Err codemadness.org 70 i 10763
Future versions of Hyperbola will be using HyperbolaBSD which will have the new kernel, userspace and not be ABI compatible with previous versions.
Err codemadness.org 70 i 10764 Err codemadness.org 70 i 10765
HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.
Err codemadness.org 70 i 10766

Err codemadness.org 70 i 10767 Err codemadness.org 70 i 10768

Forum Post

Err codemadness.org 70 i 10771 Err codemadness.org 70 i 10772

Err codemadness.org 70 i 10773 Err codemadness.org 70 i 10774

A simple IPFW In-Kernel NAT setup on FreeBSD

Err codemadness.org 70 i 10775 Err codemadness.org 70 i 10776

Err codemadness.org 70 i 10777
After graduating college, I am moving from Brooklyn, NY to Redmond, WA (guess where I got a job). I always wanted to re-do my OPNsense firewall (currently a HP T730) with stock FreeBSD and IPFW’s in-kernel NAT.
Err codemadness.org 70 i 10778 Err codemadness.org 70 i 10779
Why IPFW? Benchmarks have shown IPFW to be faster which is especially good for my Tor relay, and because I can! However, one downside of IPFW is less documentation vs PF, even less without natd (which we’re not using), and this took me time to figure this out.
Err codemadness.org 70 i 10780 Err codemadness.org 70 i 10781
But since my T730 is already packed, I am testing this on a old PC with two NICs, and my laptop [1] as a client with an USB-to-Ethernet adapter.
Err codemadness.org 70 i 10782

Err codemadness.org 70 i 10783 Err codemadness.org 70 i 10784

Err codemadness.org 70 i 10785 Err codemadness.org 70 i 10786

News Roundup

Err codemadness.org 70 i 10787 Err codemadness.org 70 i 10788

HEADS UP: Wayland and WebRTC enabled for NetBSD 9/Linux

Err codemadness.org 70 i 10789 Err codemadness.org 70 i 10790

Err codemadness.org 70 i 10791
This is just a heads up that the Wayland option is now turned on by
Err codemadness.org 70 i 10792

Err codemadness.org 70 i 10793 Err codemadness.org 70 i 10794

default for NetBSD 9 and Linux in cases where it peacefully coexists
Err codemadness.org 70 i 10795 with X11.

Err codemadness.org 70 i 10796 Err codemadness.org 70 i 10797

Right now, this effects the following packages: Err codemadness.org 70 i 10799 Err codemadness.org 70 i 10800
- graphics/MesaLib
- devel/SDL2
- www/webkit-gtk
- x11/gtk3

Err codemadness.org 70 i 10807 Err codemadness.org 70 i 10808

Err codemadness.org 70 i 10809
The WebRTC option has also been enabled by default on NetBSD 9 for two Firefox versions: www/firefox, www/firefox68
Err codemadness.org 70 i 10810 Err codemadness.org 70 i 10811
Please keep me informed of any fallout. Hopefully, there will be none.
Err codemadness.org 70 i 10812 Err codemadness.org 70 i 10813
If you want to try out Wayland-related things on NetBSD 9, wm/velox/MESSAGE may be interesting for you.
Err codemadness.org 70 i 10814

Err codemadness.org 70 i 10815 Err codemadness.org 70 i 10816

Err codemadness.org 70 i 10817 Err codemadness.org 70 i 10818

LLDB Threading support now ready for mainline

Err codemadness.org 70 i 10819 Err codemadness.org 70 i 10820

Err codemadness.org 70 i 10821
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 10822 Err codemadness.org 70 i 10823
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
Err codemadness.org 70 i 10824 Err codemadness.org 70 i 10825
So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
Err codemadness.org 70 i 10826

Err codemadness.org 70 i 10827 Err codemadness.org 70 i 10828

Err codemadness.org 70 i 10829 Err codemadness.org 70 i 10830

OpenSSH U2F/FIDO support in base

Err codemadness.org 70 i 10831 Err codemadness.org 70 i 10832

Err codemadness.org 70 i 10833
Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.
Err codemadness.org 70 i 10834 Err codemadness.org 70 i 10835
You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.
Err codemadness.org 70 i 10836 Err codemadness.org 70 i 10837
So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.
Err codemadness.org 70 i 10838

Err codemadness.org 70 i 10839 Err codemadness.org 70 i 10840

Err codemadness.org 70 i 10841 Err codemadness.org 70 i 10842

drm/i915: Update to Linux 4.8.17

Err codemadness.org 70 i 10843 Err codemadness.org 70 i 10844

drm/i915: Update to Linux 4.8.17 Err codemadness.org 70 i 10846 Err codemadness.org 70 i 10847
- Broxton, Valleyview and Cherryview support improvements
- Broadwell and Gen9/Skylake support improvements
- Broadwell brightness fixes from OpenBSD
- Atomic modesetting improvements
- Various bug fixes and performance enhancements

Err codemadness.org 70 i 10855 Err codemadness.org 70 i 10856

Err codemadness.org 70 i 10857 Err codemadness.org 70 i 10858

Beastie Bits

Err codemadness.org 70 i 10859 Err codemadness.org 70 i 10860

Visual Studio Code port for FreeBSD
OpenBSD syscall call-from verification
Peertube on OpenBSD
Fuzzing Filesystems on NetBSD via AFL+KCOV by Maciej Grochowski
Twitter Bot for Prop65
Interactive vim tutorial
First BSD user group meeting in Hamilton, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St Err codemadness.org 70 i 10868 ***

Err codemadness.org 70 i 10870 Err codemadness.org 70 i 10871

Feedback/Questions

Err codemadness.org 70 i 10872 Err codemadness.org 70 i 10873

Samir - cgit
Russell - R
Wolfgang - Question

Err codemadness.org 70 i 10878 Err codemadness.org 70 i 10879

Err codemadness.org 70 i 10880 Err codemadness.org 70 i 10881

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 10884 Err codemadness.org 70 i 10885

Err codemadness.org 70 i 10886 Err codemadness.org 70 i 10887 Err codemadness.org 70 i 10888 Err codemadness.org 70 i 10889 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 10890 ]]> Err codemadness.org 70 i 10891

331: Why Computers Suck

Allan Jude — Thu, 02 Jan 2020 05:00:00 -0800

Err codemadness.org 70 i 11131 How learning OpenBSD makes computers suck a little less, How Unix works, FreeBSD 12.1 Runs Well on Ryzen Threadripper 3970X, BSDCan CFP, HardenedBSD Infrastructure Goals, and more.

Err codemadness.org 70 i 11132 Err codemadness.org 70 i 11133

Headlines

Err codemadness.org 70 i 11134 Err codemadness.org 70 i 11135

Why computers suck and how learning from OpenBSD can make them marginally less horrible

Err codemadness.org 70 i 11136 Err codemadness.org 70 i 11137

Err codemadness.org 70 i 11138
How much better could things actually be if we abandoned the enterprise development model?
Err codemadness.org 70 i 11139 Err codemadness.org 70 i 11140
Next I will compare this enterprise development approach with non-enterprise development - projects such as OpenBSD, which do not hesitate to introduce ABI breaking changes to improve the codebase.
Err codemadness.org 70 i 11141 Err codemadness.org 70 i 11142
One of the most commonly referred to pillars of the project's philosophy has long been its emphasis on clean functional code. Any code which makes it into OpenBSD is subject to ongoing aggressive audits for deprecated, or otherwise unmaintained code in order to reduce cruft and attack surface. Additionally the project creator, Theo de Raadt, and his team of core developers engage in ongoing development for proactive mitigations for various attack classes many of which are directly adopted by various multi-platform userland applications as well as the operating systems themselves (Windows, Linux, and the other BSDs). Frequently it is the case that introducing new features (not just deprecating old ones) introduces new incompatibilities against previously functional binaries compiled for OpenBSD.
Err codemadness.org 70 i 11143 Err codemadness.org 70 i 11144
To prevent the sort of kernel memory bloat that has plagued so many other operating systems for years, the project enforces a hard ceiling on the number of lines of code that can ever be in ring 0 at a given time. Current estimates guess the number of bugs per line of code in the Linux kernel are around 1 bug per every 10,000 lines of code. Think of this in the context of the scope creep seen in the Linux kernel (which if I recall correctly is currently at around 100,000,000 lines of code), as well as the Windows NT kernel (500,000,000 lines of code) and you quickly begin to understand how adding more and more functionality into the most privileged components of the operating system without first removing old components begins to add up in terms of the drastic difference seen between these systems in the number of zero day exploits caught in the wild respectively.
Err codemadness.org 70 i 11145

Err codemadness.org 70 i 11146 Err codemadness.org 70 i 11147

Err codemadness.org 70 i 11148 Err codemadness.org 70 i 11149

How Unix Works: Become a Better Software Engineer

Err codemadness.org 70 i 11150 Err codemadness.org 70 i 11151

Err codemadness.org 70 i 11152
Unix is beautiful. Allow me to paint some happy little trees for you. I’m not going to explain a bunch of commands – that’s boring, and there’s a million tutorials on the web doing that already. I’m going to leave you with the ability to reason about the system.
Err codemadness.org 70 i 11153 Err codemadness.org 70 i 11154
Every fancy thing you want done is one google search away.
Err codemadness.org 70 i 11155 Err codemadness.org 70 i 11156
But understanding why the solution does what you want is not the same.
Err codemadness.org 70 i 11157 Err codemadness.org 70 i 11158
That’s what gives you real power, the power to not be afraid.
Err codemadness.org 70 i 11159 Err codemadness.org 70 i 11160
And since it rhymes, it must be true.
Err codemadness.org 70 i 11161

Err codemadness.org 70 i 11162 Err codemadness.org 70 i 11163

Err codemadness.org 70 i 11164 Err codemadness.org 70 i 11165

News Roundup

Err codemadness.org 70 i 11166 Err codemadness.org 70 i 11167

FreeBSD 12.1 Runs Refreshingly Well With AMD Ryzen Threadripper 3970X

Err codemadness.org 70 i 11168 Err codemadness.org 70 i 11169

Err codemadness.org 70 i 11170
For those of you interested in AMD's new Ryzen Threadripper 3960X/3970X processors with TRX40 motherboards for running FreeBSD, the experience in our initial testing has been surprisingly pleasant. In fact, it works out-of-the-box which one could argue is better than the current Linux support that needs the MCE workaround for booting. Here are some benchmarks of FreeBSD 12.1 on the Threadripper 3970X compared to Linux and Windows for this new HEDT platform.
Err codemadness.org 70 i 11171 Err codemadness.org 70 i 11172
It was refreshing to see FreeBSD 12.1 booting and running just fine with the Ryzen Threadripper 3970X 32-core/64-thread processor from the ASUS ROG ZENITH II EXTREME motherboard and all core functionality working including the PCIe 4.0 NVMe SSD storage, onboard networking, etc. The system was running with 4 x 16GB DDR4-3600 memory, 1TB Corsair Force MP600 NVMe SSD, and Radeon RX 580 graphics. It was refreshing to see FreeBSD 12.1 running well with this high-end AMD Threadripper system considering Linux even needed a boot workaround.
Err codemadness.org 70 i 11173 Err codemadness.org 70 i 11174
While the FreeBSD 12.1 experience was trouble-free with the ASUS TRX40 motherboard (ROG Zenith II Extreme) and AMD Ryzen Threadripper 3970X, DragonFlyBSD unfortunately was not. Both DragonFlyBSD 5.6.2 stable and the DragonFlyBSD daily development snapshot from last week were yielding a panic on boot. So with that, DragonFlyBSD wasn't tested for this Threadripper 3970X comparison but just FreeBSD 12.1.
Err codemadness.org 70 i 11175 Err codemadness.org 70 i 11176
FreeBSD 12.1 on the Threadripper 3970X was benchmarked both with its default LLVM Clang 8.0.1 compiler and again with GCC 9.2 from ports for ruling out compiler differences. The FreeBSD 12.1 performance was compared to last week's Windows 10 vs. Linux benchmarks with the same system.
Err codemadness.org 70 i 11177

Err codemadness.org 70 i 11178 Err codemadness.org 70 i 11179

Err codemadness.org 70 i 11180 Err codemadness.org 70 i 11181

BSDCan 2020 CFP

Err codemadness.org 70 i 11182 Err codemadness.org 70 i 11183

Err codemadness.org 70 i 11184
BSDCan 2020 will be held 5-6 (Fri-Sat) June, 2020 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 3-4 June (Wed-Thu).
Err codemadness.org 70 i 11185 Err codemadness.org 70 i 11186
NOTE the change of month in 2020 back to June Also: do not miss out on the Goat BOF on Tuesday 2 June.
Err codemadness.org 70 i 11187 Err codemadness.org 70 i 11188
We are now accepting proposals for talks. The talks should be designed with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.
Err codemadness.org 70 i 11189

Err codemadness.org 70 i 11190 Err codemadness.org 70 i 11191

See http://www.bsdcan.org/2020/

Err codemadness.org 70 i 11194 Err codemadness.org 70 i 11195

Err codemadness.org 70 i 11196
If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include:
Err codemadness.org 70 i 11197

Err codemadness.org 70 i 11198 Err codemadness.org 70 i 11199

How we manage a giant installation with respect to handling spam.
and/or sysadmin.
and/or networking.
Cool new stuff in BSD
Tell us about your project which runs on BSD
other topics (see next paragraph)

Err codemadness.org 70 i 11207 Err codemadness.org 70 i 11208

Err codemadness.org 70 i 11209
From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples.
Err codemadness.org 70 i 11210 Err codemadness.org 70 i 11211
Both users and developers are encouraged to share their experiences.
Err codemadness.org 70 i 11212

Err codemadness.org 70 i 11213 Err codemadness.org 70 i 11214

Err codemadness.org 70 i 11215 Err codemadness.org 70 i 11216

HardenedBSD Infrastructure Goals

Err codemadness.org 70 i 11217 Err codemadness.org 70 i 11218

Err codemadness.org 70 i 11219
2019 has been an extremely productive year with regards to HardenedBSD's infrastructure. Several opportunities aligned themselves in such a way as to open a door for a near-complete rebuild with a vast expansion.
Err codemadness.org 70 i 11220 Err codemadness.org 70 i 11221
The last few months especially have seen a major expansion of our infrastructure. We obtained a number of to-be-retired Dell R410 servers. The crash of our nightly build server provided the opportunity to deploy these R410 servers, doubling our build capacity.
Err codemadness.org 70 i 11222 Err codemadness.org 70 i 11223
My available time to spend on HardenedBSD has decreased compared to this time last year. As part of rebuilding our infrastructure, I wanted to enable the community to be able to contribute. I'm structuring the work such that help is just a pull request away. Those in the HardenedBSD community who want to contribute to the infrastructure work can simply open a pull request. I'll review the code, and deploy it after a successful review. Users/contributors don't need access to our servers in order to improve them.
Err codemadness.org 70 i 11224 Err codemadness.org 70 i 11225
My primary goal for the rest of 2019 and into 2020 is to become fully self-hosted, with the sole exception of email. I want to transition the source-of-truth git repos to our own infrastructure. We will still provide a read-only mirror on GitHub.
Err codemadness.org 70 i 11226 Err codemadness.org 70 i 11227
As I develop this infrastructure, I'm doing so with human rights in mind. HardenedBSD is in a very unique position. In 2020, I plan to provide production Tor Onion Services for the various bits of our infrastructure. HardenedBSD will provide access to its various internal services to its developers and contributors. The entire development lifecycle, going from dev to prod, will be able to happen over Tor.
Err codemadness.org 70 i 11228 Err codemadness.org 70 i 11229
Transparency will be key moving forward. Logs for the auto-sync script are now published directly to GitHub. Build logs will be, soon, too. Logs of all automated processes, and the code for those processes, will be tracked publicly via git. This will be especially crucial for development over Tor.
Err codemadness.org 70 i 11230 Err codemadness.org 70 i 11231
Integrating Tor into our infrastructure so deeply increases risk and maintenance burden. However, I believe that through added transparency, we will be able to mitigate risk. Periodic audits will need to be performed and published.
Err codemadness.org 70 i 11232 Err codemadness.org 70 i 11233
I hope to migrate HardenedBSD's site away from Drupal to a static site generator. We don't really need the dynamic capabilities Drupal gives us. The many security issues Drupal and PHP both bring also leave much to be desired.
Err codemadness.org 70 i 11234 Err codemadness.org 70 i 11235
So, that's about it. I spent the last few months of 2019 laying the foundation for a successful 2020. I'm excited to see how the project grows.
Err codemadness.org 70 i 11236

Err codemadness.org 70 i 11237 Err codemadness.org 70 i 11238

Err codemadness.org 70 i 11239 Err codemadness.org 70 i 11240

Beastie Bits

Err codemadness.org 70 i 11241 Err codemadness.org 70 i 11242

FuryBSD - KDE plasma flavor now available
DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud
LPI is looking for BSD Specialist learning material writers
ZFS sync/async + ZIL/SLOG, explained
BSD-Licensed Combinatorics library/utility
SSL client vs server certificates and bacula-fd
MaxxDesktop planning to come to FreeBSD Project Page

Err codemadness.org 70 i 11251 Err codemadness.org 70 i 11252

Err codemadness.org 70 i 11253 Err codemadness.org 70 i 11254

Feedback/Questions

Err codemadness.org 70 i 11255 Err codemadness.org 70 i 11256

Tom - ZFS Mirror with different speeds
Jeff - Knowledge is power
Johnny - Episode 324 response to Jacob
Pat - NYC*BUG meeting Jan Meeting Location

Err codemadness.org 70 i 11262 Err codemadness.org 70 i 11263

Err codemadness.org 70 i 11264 Err codemadness.org 70 i 11265

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 11268 Err codemadness.org 70 i 11269

Err codemadness.org 70 i 11270 Err codemadness.org 70 i 11271 Err codemadness.org 70 i 11272 Err codemadness.org 70 i 11273 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 11274 ]]> Err codemadness.org 70 i 11275

330: Happy Holidays, All(an)

Allan Jude — Thu, 26 Dec 2019 05:00:00 -0800

Err codemadness.org 70 i 11554 Authentication Vulnerabilities in OpenBSD, NetBSD 9.0 RC1 is available, Running FreeNAS on a DigitalOcean droplet, NomadBSD 1.3 is here, at e2k19 nobody can hear you scream, and more.

Err codemadness.org 70 i 11555 Err codemadness.org 70 i 11556

Headlines

Err codemadness.org 70 i 11557 Err codemadness.org 70 i 11558

Authentication vulnerabilities in OpenBSD

Err codemadness.org 70 i 11559 Err codemadness.org 70 i 11560

We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
From the manual page of login.conf:

Err codemadness.org 70 i 11564 Err codemadness.org 70 i 11565

Err codemadness.org 70 i 11566
OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The authentication styles currently provided are:
Err codemadness.org 70 i 11567 passwd Request a password and check it against the password in the master.passwd file. See login_passwd(8).
Err codemadness.org 70 i 11568 skey Send a challenge and request a response, checking it with S/Key (tm) authentication. See login_skey(8).
Err codemadness.org 70 i 11569 yubikey Authenticate using a Yubico YubiKey token. See login_yubikey(8).
Err codemadness.org 70 i 11570 For any given style, the program /usr/libexec/auth/login_style is used to
Err codemadness.org 70 i 11571 perform the authentication. The synopsis of this program is:
Err codemadness.org 70 i 11572 /usr/libexec/auth/login_style [-v name=value] [-s service] username class
Err codemadness.org 70 i 11573

Err codemadness.org 70 i 11574 Err codemadness.org 70 i 11575

This is the first piece of the puzzle: if an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.

Err codemadness.org 70 i 11578 Err codemadness.org 70 i 11579

Err codemadness.org 70 i 11580

 login_passwd [-s service] [-v wheel=yes|no] [-v lastchance=yes|no] user [class] The service argument specifies which protocol to use with the invoking program.  The allowed protocols are login, challenge, and response.  (The challenge protocol is silently ignored but will report success as passwd-style authentication is not challenge-response based).	Err	codemadness.org	70
i 11581

Err codemadness.org 70 i 11582

Err codemadness.org 70 i 11583 Err codemadness.org 70 i 11584

This is the second piece of the puzzle: if an attacker specifies the username "-schallenge" (or "-schallenge:passwd" to force a passwd-style authentication), then the authentication is automatically successful and therefore bypassed.
Case study: smtpd
Case study: ldapd
Case study: radiusd
Case study: sshd
Acknowledgments: We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published patches for these vulnerabilities less than 40 hours after our initial contact. We also thank MITRE's CVE Assignment Team.

Err codemadness.org 70 i 11592 Err codemadness.org 70 i 11593

Err codemadness.org 70 i 11594 Err codemadness.org 70 i 11595

First release candidate for NetBSD 9.0 available!

Err codemadness.org 70 i 11596 Err codemadness.org 70 i 11597

Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed!
This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.
We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).
Here are a few highlights of the new release:
Err codemadness.org 70 i 11602 Err codemadness.org 70 i 11603
Err codemadness.org 70 i 11604
Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady"
Err codemadness.org 70 i 11605 compliant machines (SBBR+SBSA)
Err codemadness.org 70 i 11606 Enhanced hardware support for Armv7-A
Err codemadness.org 70 i 11607 Updated GPU drivers (e.g. support for Intel Kabylake)
Err codemadness.org 70 i 11608 Enhanced virtualization support
Err codemadness.org 70 i 11609 Support for hardware-accelerated virtualization (NVMM)
Err codemadness.org 70 i 11610 Support for Performance Monitoring Counters
Err codemadness.org 70 i 11611 Support for Kernel ASLR
Err codemadness.org 70 i 11612 Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)
Err codemadness.org 70 i 11613 Support for userland sanitizers
Err codemadness.org 70 i 11614 Audit of the network stack
Err codemadness.org 70 i 11615 Many improvements in NPF
Err codemadness.org 70 i 11616 Updated ZFS
Err codemadness.org 70 i 11617 Reworked error handling and NCQ support in the SATA subsystem
Err codemadness.org 70 i 11618 Support a common framework for USB Ethernet drivers (usbnet)
Err codemadness.org 70 i 11619
More information on the RC can be found on the NetBSD 9 release page

Err codemadness.org 70 i 11622 Err codemadness.org 70 i 11623

Err codemadness.org 70 i 11624 Err codemadness.org 70 i 11625

News Roundup

Err codemadness.org 70 i 11626 Err codemadness.org 70 i 11627

Running FreeNAS on a Digitalocean droplet

Err codemadness.org 70 i 11628 Err codemadness.org 70 i 11629

ZFS is awesome. FreeBSD even more so. FreeNAS is the battle-tested, enterprise-ready-yet-home-user-friendly software defined storage solution which is cooler then deep space, based on FreeBSD and makes heavy use of ZFS. This is what I (and soooooo many others) use for just about any storage-related task. I can go on and on and on about what makes it great, but if you're here, reading this, you probably know all that already and we can skip ahead.
I've needed an offsite FreeNAS setup to replicate things to, to run some things, to do some stuff, basically, my privately-owned, tightly-controlled NAS appliance in the cloud, one I control from top to bottom and with support for whatever crazy thing I'm trying to do. Since I'm using DigitalOcean as my main VPS provider, it seemed logical to run FreeNAS there, however, you can't. While DO supports many many distos and pre-setup applications (e.g OpenVPN), FreeNAS isn't a supported feature, at least not in the traditional way :)
Before we begin, here's the gist of what we're going to do:

Err codemadness.org 70 i 11634 Err codemadness.org 70 i 11635

Err codemadness.org 70 i 11636
Base of a FreeBSD droplet, we'll re-image our boot block device with FreeNAS iso. We'll then install FreeNAS on the second block device. Once done we're going to do the ol' switcheroo: we're going to re-image our original boot block device using the now FreeNAS-installed second block device.
Err codemadness.org 70 i 11637

Err codemadness.org 70 i 11638 Err codemadness.org 70 i 11639

Part 1: re-image our boot block device to boot FreeNAS install media.
Part 2: Install FreeNAS on the second block-device
Part 3: Re-image the boot block device using the FreeNAS-installed block device

Err codemadness.org 70 i 11644 Err codemadness.org 70 i 11645

Err codemadness.org 70 i 11646 Err codemadness.org 70 i 11647

NomadBSD 1.3 is now available

Err codemadness.org 70 i 11648 Err codemadness.org 70 i 11649

From the release notes:

Err codemadness.org 70 i 11652 Err codemadness.org 70 i 11653

Err codemadness.org 70 i 11654
The base system has been changed to FreeBSD 12.1-RELEASE-p1
Err codemadness.org 70 i 11655 Due to a deadlock problem, FreeBSD's unionfs has been replaced by unionfs-fuse
Err codemadness.org 70 i 11656 The GPT layout has been changed to MBR. This prevents problems with Lenovo
Err codemadness.org 70 i 11657 systems that refuse to boot from GPT if "lenovofix" is not set, and systems that
Err codemadness.org 70 i 11658 hang on boot if "lenovofix" is set.
Err codemadness.org 70 i 11659 Support for ZFS installations has been added to the NomadBSD installer.
Err codemadness.org 70 i 11660 The rc-script for setting up the network interfaces has been fixed and improved.
Err codemadness.org 70 i 11661 Support for setting the country code for the wlan device has been added.
Err codemadness.org 70 i 11662 Auto configuration for running in VirtualBox has been added.
Err codemadness.org 70 i 11663 A check for the default display has been added to the graphics configuration scripts. This fixes problems where users with Optimus have their NVIDIA card disabled, and use the integrated graphics chip instead.
Err codemadness.org 70 i 11664 NVIDIA driver version 440 has been added.
Err codemadness.org 70 i 11665 nomadbsd-dmconfig, a Qt tool for selecting the display manager theme, setting the
Err codemadness.org 70 i 11666 default user and autologin has been added.
Err codemadness.org 70 i 11667 nomadbsd-adduser, a Qt tool for added preconfigured user accounts to the system has been added.
Err codemadness.org 70 i 11668 Martin Orszulik added Czech translations to the setup and installation wizard.
Err codemadness.org 70 i 11669 The NomadBSD logo, designed by Ian Grindley, has been changed.
Err codemadness.org 70 i 11670 Support for localized error messages has been added.
Err codemadness.org 70 i 11671 Support for localizing the password prompts has been added.
Err codemadness.org 70 i 11672 Some templates for starting other DEs have been added to ~/.xinitrc.
Err codemadness.org 70 i 11673 The interfaces of nomadbsd-setup-gui and nomadbsd-install-gui have been improved.
Err codemadness.org 70 i 11674 A script that helps users to configure a multihead systems has been added.
Err codemadness.org 70 i 11675 The Xorg driver for newer Intel GPUs has been changed from "intel" to "modesetting".
Err codemadness.org 70 i 11676 /proc has been added to /etc/fstab
Err codemadness.org 70 i 11677 A D-Bus session issue has been fixed which prevented thunar from accessing samba shares.
Err codemadness.org 70 i 11678 DSBBg which allows users to change and manage wallpapers has been added.
Err codemadness.org 70 i 11679 The latest version of update_obmenu now supports auto-updating the Openbox menu. Manually updating the Openbox menu after packet (de)installation is therefore no longer needed.
Err codemadness.org 70 i 11680 Err codemadness.org 70 i 11681
Support for multiple keyboard layouts has been added.
Err codemadness.org 70 i 11682 www/palemoon has been removed.
Err codemadness.org 70 i 11683 mail/thunderbird has been removed.
Err codemadness.org 70 i 11684 audio/audacity has been added.
Err codemadness.org 70 i 11685 deskutils/orage has been added.
Err codemadness.org 70 i 11686 the password manager fpm2 has been replaced by KeePassXC
Err codemadness.org 70 i 11687 mail/sylpheed has been replaced by mail/claws-mail
Err codemadness.org 70 i 11688 multimedia/simplescreenrecorder has been added.
Err codemadness.org 70 i 11689 DSBMC has been changed to DSBMC-Qt
Err codemadness.org 70 i 11690 Many small improvements and bug fixes.
Err codemadness.org 70 i 11691

Err codemadness.org 70 i 11692 Err codemadness.org 70 i 11693

Err codemadness.org 70 i 11694 Err codemadness.org 70 i 11695

At e2k19 nobody can hear you scream

Err codemadness.org 70 i 11696 Err codemadness.org 70 i 11697

After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.
I did not really have much of a plan what I wanted to work on but there were a few things I wanted to look into. One of them was rpki-client and the fact that it was so incredibly slow. Since Bob beck@ was around I started to ask him innocent X509 questions ... as if there are innocent X509 questions! Mainly about the abuse of the X509_STORE in rpki-client. Pretty soon it was clear that rpki-client did it all wrong and most of the X509 verification had to be rewritten. Instead of only storing the root certificates in the store and passing the intermediate certs as a chain to the verification function rpki-client threw everything into it. The X509_STORE is just not built for such an abuse and so it was no wonder that this was slow.
Lucky me I pulled benno@ with me into this dark hole of libcrypto code. He managed to build up an initial diff to pass the chains as a STACK_OF(X509) and together we managed to get it working. A big thanks goes to ingo@ who documented most of the functions we had to use. Have a look at STACK_OF(3) and sk_pop_free(3) to understand why benno@ and I slowly turned crazy.
Our next challenge was to only load the necessary certificate revocation list into the X509_STORE_CTX. While doing those changes it became obvious that some of the data structures needed better lookup functions. Looking up certificates was done using a linear lookup and so we replaced the internal certificate and CRL tables with RB trees for fast lookups. deraadt@ also joined the rpki-client commit fest and changed the output code to use rename(2) so that files are replaced in an atomic operation. Thanks to this rpki-client can now be safely run from cron (there is an example in the default crontab).
I did not plan to spend most of my week hacking on rpki-client but in the end I'm happy that I did and the result is fairly impressive. Working with libcrypto code and especially X509 was less than pleasant. Our screams of agony died away in the snowy rocky mountains and made Bob deep dive into UVM with a smile since he knew that benno@ and I had it worse.
In case you wonder thanks to all changes at e2k19 rpki-client improved from over 20min run time to validate all VRPS to roughly 1min to do the same job. A factor 20 improvement!
Thanks to Theo, Bob and Howie to make this possible. To all the cooks for the great food and to Xplornet for providing us with Internet at the hut.

Err codemadness.org 70 i 11706 Err codemadness.org 70 i 11707

Err codemadness.org 70 i 11708 Err codemadness.org 70 i 11709

Beastie Bits

Err codemadness.org 70 i 11710 Err codemadness.org 70 i 11711

FOSDEM 2020 BSD Devroom schedule
Easy Minecraft Server on FreeBSD Howto
stats(3) framework in the TCP stack
4017 days of uptime
sysget - A front-end for every package manager
PlayOnBSD’s Cross-BSD Shopping Guide

Err codemadness.org 70 i 11719 Err codemadness.org 70 i 11720

Err codemadness.org 70 i 11721 Err codemadness.org 70 i 11722

Feedback/Questions

Err codemadness.org 70 i 11723 Err codemadness.org 70 i 11724

Pat asks about the proper disk drive type for ZFS
Brad asks about a ZFS rosetta stone

Err codemadness.org 70 i 11728 Err codemadness.org 70 i 11729

Err codemadness.org 70 i 11730 Err codemadness.org 70 i 11731

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 11734 Err codemadness.org 70 i 11735

Err codemadness.org 70 i 11736 Err codemadness.org 70 i 11737 Err codemadness.org 70 i 11738 Err codemadness.org 70 i 11739 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 11740

Special Guest: Mariusz Zaborski.

]]> Err codemadness.org 70 i 11741

329: Lucas’ Arts

Allan Jude — Thu, 19 Dec 2019 05:00:00 -0800

Err codemadness.org 70 i 11959 In this episode, we interview Michael W. Lucas about his latest book projects, including the upcoming SNMP Mastery book.

Err codemadness.org 70 i 11960 Err codemadness.org 70 i 11961

Interview - Michael Lucas

Err codemadness.org 70 i 11962 Err codemadness.org 70 i 11963

Err codemadness.org 70 i 11964 Err codemadness.org 70 i 11965

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 11968 Err codemadness.org 70 i 11969

Err codemadness.org 70 i 11970 Err codemadness.org 70 i 11971 Err codemadness.org 70 i 11972 Err codemadness.org 70 i 11973 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 11974

Special Guest: Michael W Lucas.

]]> Err codemadness.org 70 i 11975

328: EPYC Netflix Stack

Allan Jude — Thu, 12 Dec 2019 04:00:00 -0800

Err codemadness.org 70 i 12067 LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.

Err codemadness.org 70 i 12068 Err codemadness.org 70 i 12069

Headlines

Err codemadness.org 70 i 12070 Err codemadness.org 70 i 12071

LLDB Threading support now ready for mainline

Err codemadness.org 70 i 12072 Err codemadness.org 70 i 12073

Err codemadness.org 70 i 12074
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 12075 Err codemadness.org 70 i 12076
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
Err codemadness.org 70 i 12077 Err codemadness.org 70 i 12078
So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
Err codemadness.org 70 i 12079

Err codemadness.org 70 i 12080 Err codemadness.org 70 i 12081

Err codemadness.org 70 i 12082 Err codemadness.org 70 i 12083

Multiple IPSec VPN tunnels with FreeBSD

Err codemadness.org 70 i 12084 Err codemadness.org 70 i 12085

Err codemadness.org 70 i 12086
The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html)
Err codemadness.org 70 i 12087

Err codemadness.org 70 i 12088 Err codemadness.org 70 i 12089

But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.

Err codemadness.org 70 i 12090 Err codemadness.org 70 i 12091

Err codemadness.org 70 i 12092
The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).
Err codemadness.org 70 i 12093 Err codemadness.org 70 i 12094
Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).
Err codemadness.org 70 i 12095 Err codemadness.org 70 i 12096
VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).
Err codemadness.org 70 i 12097

Err codemadness.org 70 i 12098 Err codemadness.org 70 i 12099

Err codemadness.org 70 i 12100 Err codemadness.org 70 i 12101

News Roundup

Err codemadness.org 70 i 12102 Err codemadness.org 70 i 12103

Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance

Err codemadness.org 70 i 12104 Err codemadness.org 70 i 12105

Err codemadness.org 70 i 12106
Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.
Err codemadness.org 70 i 12107 Err codemadness.org 70 i 12108
Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.
Err codemadness.org 70 i 12109 Err codemadness.org 70 i 12110
For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.
Err codemadness.org 70 i 12111

Err codemadness.org 70 i 12112 Err codemadness.org 70 i 12113

Err codemadness.org 70 i 12114 Err codemadness.org 70 i 12115

unwind(8); "happy eyeballs"

Err codemadness.org 70 i 12116 Err codemadness.org 70 i 12117

Err codemadness.org 70 i 12118
In case you are wondering why happy eyeballs: It's a variation on this:
Err codemadness.org 70 i 12119 https://en.wikipedia.org/wiki/Happy_Eyeballs
Err codemadness.org 70 i 12120 Err codemadness.org 70 i 12121
unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.
Err codemadness.org 70 i 12122 Err codemadness.org 70 i 12123
This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix.
Err codemadness.org 70 i 12124 Err codemadness.org 70 i 12125
One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):
Err codemadness.org 70 i 12126 17 files changed, 385 insertions(+), 1683 deletions(-)
Err codemadness.org 70 i 12127 Err codemadness.org 70 i 12128
Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.
Err codemadness.org 70 i 12129

Err codemadness.org 70 i 12130 Err codemadness.org 70 i 12131

Err codemadness.org 70 i 12132 Err codemadness.org 70 i 12133

Amazon now has FreeBSD ARM 12

Err codemadness.org 70 i 12134 Err codemadness.org 70 i 12135

Err codemadness.org 70 i 12136
Product Overview
Err codemadness.org 70 i 12137 Err codemadness.org 70 i 12138
FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.
Err codemadness.org 70 i 12139 Err codemadness.org 70 i 12140
FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.
Err codemadness.org 70 i 12141

Err codemadness.org 70 i 12142 Err codemadness.org 70 i 12143

Err codemadness.org 70 i 12144 Err codemadness.org 70 i 12145

OpenSSH U2F/FIDO support in base

Err codemadness.org 70 i 12146 Err codemadness.org 70 i 12147

Err codemadness.org 70 i 12148
I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.
Err codemadness.org 70 i 12149 Err codemadness.org 70 i 12150
Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.
Err codemadness.org 70 i 12151 Err codemadness.org 70 i 12152
You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.
Err codemadness.org 70 i 12153 Err codemadness.org 70 i 12154
So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything.
Err codemadness.org 70 i 12155 Err codemadness.org 70 i 12156
Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.
Err codemadness.org 70 i 12157 Err codemadness.org 70 i 12158
Please test this thoroughly - it's a big change that we want to have stable before the next release.
Err codemadness.org 70 i 12159

Err codemadness.org 70 i 12160 Err codemadness.org 70 i 12161

Err codemadness.org 70 i 12162 Err codemadness.org 70 i 12163

Beastie Bits

Err codemadness.org 70 i 12164 Err codemadness.org 70 i 12165

DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud
Really fast Markov chains in ~20 lines of sh, grep, cut and awk
FreeBSD Journal Sept/Oct 2019
Michael Dexter is raising money for Bhyve development
syscall call-from verification
FreeBSD Forums Howto Section

Err codemadness.org 70 i 12173 Err codemadness.org 70 i 12174

Err codemadness.org 70 i 12175 Err codemadness.org 70 i 12176

Feedback/Questions

Err codemadness.org 70 i 12177 Err codemadness.org 70 i 12178

Jeroen - Feedback
Savo - pfsense ports
Tin - I want to learn C

Err codemadness.org 70 i 12183 Err codemadness.org 70 i 12184

Err codemadness.org 70 i 12185 Err codemadness.org 70 i 12186

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 12189 Err codemadness.org 70 i 12190

Err codemadness.org 70 i 12191 Err codemadness.org 70 i 12192 Err codemadness.org 70 i 12193 Err codemadness.org 70 i 12194 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 12195 ]]> Err codemadness.org 70 i 12196

327: ZFS Rename Repo

Allan Jude — Thu, 05 Dec 2019 04:00:00 -0800

Err codemadness.org 70 i 12389 We read FreeBSD’s third quarterly status report, OpenBSD on Sparc64, ZoL repo move to OpenZFS, GEOM NOP, keeping NetBSD up-to-date, and more.

Err codemadness.org 70 i 12390 Err codemadness.org 70 i 12391

Headlines

Err codemadness.org 70 i 12392 Err codemadness.org 70 i 12393

FreeBSD third quarterly status report for 2019

Err codemadness.org 70 i 12394 Err codemadness.org 70 i 12395

Err codemadness.org 70 i 12396
This quarter the reports team has been more active than usual thanks to a better organization: calls for reports and reminders have been sent regularly, reports have been reviewed and merged quickly (I would like to thank debdrup@ in particular for his reviewing work).
Err codemadness.org 70 i 12397 Err codemadness.org 70 i 12398
Efficiency could still be improved with the help of our community. In particular, the quarterly team has found that many reports have arrived in the last days before the deadline or even after. I would like to invite the community to follow the guidelines below that can help us sending out the reports sooner.
Err codemadness.org 70 i 12399 Err codemadness.org 70 i 12400
Starting from next quarter, all quarterly status reports will be prepared the last month of the quarter itself, instead of the first month after the quarter's end. This means that deadlines for submitting reports will be the 1st of January, April, July and October.
Err codemadness.org 70 i 12401 Err codemadness.org 70 i 12402
Next quarter will then be a short one, covering the months of November and December only and the report will probably be out in mid January.
Err codemadness.org 70 i 12403

Err codemadness.org 70 i 12404 Err codemadness.org 70 i 12405

Err codemadness.org 70 i 12406 Err codemadness.org 70 i 12407

OpenBSD on Sparc64

Err codemadness.org 70 i 12408 Err codemadness.org 70 i 12409

Err codemadness.org 70 i 12410
OpenBSD, huh? Yes, I usually write about FreeBSD and that’s in fact what I tried installing on the machine first. But I ran into problems with it very early on (never even reached single user mode) and put it aside for later. Since I powered up the SunFire again last month, I needed an OS now and chose OpenBSD for the simple reason that I have it available.
Err codemadness.org 70 i 12411 Err codemadness.org 70 i 12412
First I wanted to call this article simply “OpenBSD on SPARC” – but that would have been misleading since OpenBSD used to support 32-bit SPARC processors, too. The platform was just put to rest after the 5.9 release.
Err codemadness.org 70 i 12413 Err codemadness.org 70 i 12414
Version 6.0 was the last release of OpenBSD that came on CD-ROM. When I bought it, I thought that I’d never use the SPARC CD. But here was the chance! While it is an obsolete release, it comes with the cryptographic signatures to verify the next release. So the plan is to start at 6.0 as I can trust the original CDs and then update to the latest release. This will also be an opportunity to recap on some of the things that changed over the various versions.
Err codemadness.org 70 i 12415

Err codemadness.org 70 i 12416 Err codemadness.org 70 i 12417

Err codemadness.org 70 i 12418 Err codemadness.org 70 i 12419

News Roundup

Err codemadness.org 70 i 12420 Err codemadness.org 70 i 12421

ZoL repo move to OpenZFS

Err codemadness.org 70 i 12422 Err codemadness.org 70 i 12423

Err codemadness.org 70 i 12424
Because it will contain the ZFS source code for both Linux and FreeBSD, we will rename the "ZFSonLinux" code repository to "OpenZFS". Specifically, the repo at http://github.com/ZFSonLinux/zfs will be moved to the OpenZFS organization, at http://github.com/OpenZFS/zfs.
Err codemadness.org 70 i 12425 Err codemadness.org 70 i 12426
The next major release of ZFS for Linux and FreeBSD will be "OpenZFS 2.0", and is expected to ship in 2020.
Err codemadness.org 70 i 12427

Err codemadness.org 70 i 12428 Err codemadness.org 70 i 12429

Err codemadness.org 70 i 12430 Err codemadness.org 70 i 12431

Mcclure111 Sun Thread

Err codemadness.org 70 i 12432 Err codemadness.org 70 i 12433

Err codemadness.org 70 i 12434
A long time ago— like 15 years ago— I worked at Sun Microsystems. The company was nearly dead at the time (it died a couple years later) because they didn't make anything that anyone wanted to buy anymore. So they had a lot of strange ideas about how they'd make their comeback.
Err codemadness.org 70 i 12435

Err codemadness.org 70 i 12436 Err codemadness.org 70 i 12437

Err codemadness.org 70 i 12438 Err codemadness.org 70 i 12439

GEOM NOP

Err codemadness.org 70 i 12440 Err codemadness.org 70 i 12441

Err codemadness.org 70 i 12442
Sometimes while testing file systems or applications you want to simulate some errors on the disk level. The first time I heard about this need was from Baptiste Daroussin during his presentation at AsiaBSDCon 2016. He mentioned how they had built a test lab with it. The same need was recently discussed during the PGCon 2019, to test a PostgreSQL instance. If you are FreeBSD user, I have great news for you: there is a GEOM provider which allows you to simulate a failing device.
Err codemadness.org 70 i 12443 Err codemadness.org 70 i 12444
GNOP allows us to configure transparent providers from existing ones. The first interesting option of it is that we can slice the device into smaller pieces, thanks to the ‘offset option’ and ‘stripsesize’. This allows us to observe how the data on the disk is changing. Let’s assume that we want to observe the changes in the GPT table when the GPT flags are added or removed (for example the bootme flags which are described here). We can use dd every time and analyze it using absolute values from the disks.
Err codemadness.org 70 i 12445

Err codemadness.org 70 i 12446 Err codemadness.org 70 i 12447

Err codemadness.org 70 i 12448 Err codemadness.org 70 i 12449

Keeping NetBSD up-to-date with pkg_comp 2.0

Err codemadness.org 70 i 12450 Err codemadness.org 70 i 12451

Err codemadness.org 70 i 12452
This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.
Err codemadness.org 70 i 12453 Err codemadness.org 70 i 12454
Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.
Err codemadness.org 70 i 12455 Err codemadness.org 70 i 12456
This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.
Err codemadness.org 70 i 12457

Err codemadness.org 70 i 12458 Err codemadness.org 70 i 12459

Err codemadness.org 70 i 12460 Err codemadness.org 70 i 12461

Beastie Bits

Err codemadness.org 70 i 12462 Err codemadness.org 70 i 12463

DragonFly - Radeon Improvements
NomadBSD review
Spongebob OpenBSD Security Comic
Forth : The Early Years
LCM+L PDP-7 booting and running UNIX Version 0

Err codemadness.org 70 i 12470 Err codemadness.org 70 i 12471

Err codemadness.org 70 i 12472 Err codemadness.org 70 i 12473

Feedback/Questions

Err codemadness.org 70 i 12474 Err codemadness.org 70 i 12475

Chris - Ctrl-T Err codemadness.org 70 i 12477 Err codemadness.org 70 i 12478
- Improved Ctrl+t that shows kernel backtrace
Brian - Migrating NexentaStore to FreeBSD/FreeNAS
Avery - How to get involved

Err codemadness.org 70 i 12484 Err codemadness.org 70 i 12485

Err codemadness.org 70 i 12486 Err codemadness.org 70 i 12487

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 12490 Err codemadness.org 70 i 12491

Err codemadness.org 70 i 12492 Err codemadness.org 70 i 12493 Err codemadness.org 70 i 12494 Err codemadness.org 70 i 12495 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 12496 ]]> Err codemadness.org 70 i 12497

326: Certified BSD

Allan Jude — Thu, 28 Nov 2019 04:00:00 -0800

Err codemadness.org 70 i 12661 LPI releases BSD Certification, openzfs trip report, Using FreeBSD with ports, LLDB threading support ready, Linux versus Open Source Unix, and more.

Err codemadness.org 70 i 12662 Err codemadness.org 70 i 12663

Headlines

Err codemadness.org 70 i 12664 Err codemadness.org 70 i 12665

Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group

Err codemadness.org 70 i 12666 Err codemadness.org 70 i 12667

Err codemadness.org 70 i 12668
Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.
Err codemadness.org 70 i 12669 Err codemadness.org 70 i 12670
G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”
Err codemadness.org 70 i 12671

Err codemadness.org 70 i 12672 Err codemadness.org 70 i 12673

Err codemadness.org 70 i 12674 Err codemadness.org 70 i 12675

OpenZFS Trip Report

Err codemadness.org 70 i 12676 Err codemadness.org 70 i 12677

Err codemadness.org 70 i 12678
The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.
Err codemadness.org 70 i 12679

Err codemadness.org 70 i 12680 Err codemadness.org 70 i 12681

Err codemadness.org 70 i 12682 Err codemadness.org 70 i 12683

News Roundup

Err codemadness.org 70 i 12684 Err codemadness.org 70 i 12685

Using FreeBSD with Ports (2/2): Tool-assisted updating

Err codemadness.org 70 i 12686 Err codemadness.org 70 i 12687

Part 1 here: https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/

Err codemadness.org 70 i 12690 Err codemadness.org 70 i 12691

Err codemadness.org 70 i 12692
In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.
Err codemadness.org 70 i 12693 Err codemadness.org 70 i 12694
In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.
Err codemadness.org 70 i 12695

Err codemadness.org 70 i 12696 Err codemadness.org 70 i 12697

Err codemadness.org 70 i 12698 Err codemadness.org 70 i 12699

LLDB Threading support now ready for mainline

Err codemadness.org 70 i 12700 Err codemadness.org 70 i 12701

Err codemadness.org 70 i 12702
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 12703 Err codemadness.org 70 i 12704
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.
Err codemadness.org 70 i 12705 Err codemadness.org 70 i 12706
So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.
Err codemadness.org 70 i 12707

Err codemadness.org 70 i 12708 Err codemadness.org 70 i 12709

Err codemadness.org 70 i 12710 Err codemadness.org 70 i 12711

Linux VS open source UNIX

Err codemadness.org 70 i 12712 Err codemadness.org 70 i 12713

Err codemadness.org 70 i 12714 Err codemadness.org 70 i 12715

Beastie Bits

Err codemadness.org 70 i 12716 Err codemadness.org 70 i 12717

Support for Realtek RTL8125 2.5Gb Ethernet controller
Computer Files Are Going Extinct
FreeBSD kernel hacking
Modern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong
MidnightBSD 1.2 Released

Err codemadness.org 70 i 12724 Err codemadness.org 70 i 12725

Err codemadness.org 70 i 12726 Err codemadness.org 70 i 12727

Feedback/Questions

Err codemadness.org 70 i 12728 Err codemadness.org 70 i 12729

Paulo - Zfs snapshots
Phillip - GCP
A Listener - Old episodes?

Err codemadness.org 70 i 12734 Err codemadness.org 70 i 12735

Err codemadness.org 70 i 12736 Err codemadness.org 70 i 12737

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 12740 Err codemadness.org 70 i 12741

Err codemadness.org 70 i 12742 Err codemadness.org 70 i 12743 Err codemadness.org 70 i 12744 Err codemadness.org 70 i 12745 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 12746 ]]> Err codemadness.org 70 i 12747

325: Cracking Rainbows

Allan Jude — Thu, 21 Nov 2019 04:00:00 -0800

Err codemadness.org 70 i 12905 FreeBSD 12.1 is here, A history of Unix before Berkeley, FreeBSD development setup, HardenedBSD 2019 Status Report, DNSSEC, compiling RainbowCrack on OpenBSD, and more.

Err codemadness.org 70 i 12906 Err codemadness.org 70 i 12907

Headlines

Err codemadness.org 70 i 12908 Err codemadness.org 70 i 12909

FreeBSD 12.1

Err codemadness.org 70 i 12910 Err codemadness.org 70 i 12911

Some of the highlights:
Err codemadness.org 70 i 12913 Err codemadness.org 70 i 12914
- BearSSL has been imported to the base system.
- The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1.
- OpenSSL has been updated to version 1.1.1d.
- Several userland utility updates.
For a complete list of new features and known problems, please see the online release notes and errata list, available at: https://www.FreeBSD.org/releases/12.1R/relnotes.html

Err codemadness.org 70 i 12922 Err codemadness.org 70 i 12923

Err codemadness.org 70 i 12924 Err codemadness.org 70 i 12925

A History of UNIX before Berkeley: UNIX Evolution: 1975-1984.

Err codemadness.org 70 i 12926 Err codemadness.org 70 i 12927

Err codemadness.org 70 i 12928
Nobody needs to be told that UNIX is popular today. In this article we will show you a little of where it was yesterday and over the past decade. And, without meaning in the least to minimise the incredible contributions of Ken Thompson and Dennis Ritchie, we will bring to light many of the others who worked on early versions, and try to show where some of the key ideas came from, and how they got into the UNIX of today.
Err codemadness.org 70 i 12929 Err codemadness.org 70 i 12930
Our title says we are talking about UNIX evolution. Evolution means different things to different people. We use the term loosely, to describe the change over time among the many different UNIX variants in use both inside and outside Bell Labs. Ideas, code, and useful programs seem to have made their way back and forth - like mutant genes - among all the many UNIXes living in the phone company over the decade in question.
Err codemadness.org 70 i 12931 Err codemadness.org 70 i 12932
Part One looks at some of the major components of the current UNIX system - the text formatting tools, the compilers and program development tools, and so on. Most of the work described in Part One took place at Research'', a part of Bell Laboratories (now AT&T Bell Laboratories, then as nowthe Labs''), and the ancestral home of UNIX. In planned (but not written) later parts, we would have looked at some of the myriad versions of UNIX - there are far more than one might suspect. This includes a look at Columbus and USG and at Berkeley Unix. You'll begin to get a glimpse inside the history of the major streams of development of the system during that time.
Err codemadness.org 70 i 12933

Err codemadness.org 70 i 12934 Err codemadness.org 70 i 12935

Err codemadness.org 70 i 12936 Err codemadness.org 70 i 12937

News Roundup

Err codemadness.org 70 i 12938 Err codemadness.org 70 i 12939

My FreeBSD Development Setup

Err codemadness.org 70 i 12940 Err codemadness.org 70 i 12941

Err codemadness.org 70 i 12942
I do my FreeBSD development using git, tmux, vim and cscope.
Err codemadness.org 70 i 12943 Err codemadness.org 70 i 12944
I keep a FreeBSD fork on my github, I have forked https://github.com/freebsd/freebsd to https://github.com/adventureloop/freebsd
Err codemadness.org 70 i 12945

Err codemadness.org 70 i 12946 Err codemadness.org 70 i 12947

Err codemadness.org 70 i 12948 Err codemadness.org 70 i 12949

OPNsense 19.7.6 released

Err codemadness.org 70 i 12950 Err codemadness.org 70 i 12951

Err codemadness.org 70 i 12952
As we are experiencing the Suricata community first hand in Amsterdam we thought to release this version a bit earlier than planned. Included is the latest Suricata 5.0.0 release in the development version. That means later this November we will releasing version 5 to the production version as we finish up tweaking the integration and maybe pick up 5.0.1 as it becomes available.
Err codemadness.org 70 i 12953 Err codemadness.org 70 i 12954
LDAP TLS connectivity is now integrated into the system trust store, which ensures that all required root and intermediate certificates will be seen by the connection setup when they have been added to the authorities section. The same is true for trusting self-signed certificates. On top of this, IPsec now supports public key authentication as contributed by Pascal Mathis.
Err codemadness.org 70 i 12955

Err codemadness.org 70 i 12956 Err codemadness.org 70 i 12957

Err codemadness.org 70 i 12958 Err codemadness.org 70 i 12959

HardenedBSD November 2019 Status Report.

Err codemadness.org 70 i 12960 Err codemadness.org 70 i 12961

Err codemadness.org 70 i 12962
We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work.
Err codemadness.org 70 i 12963

Err codemadness.org 70 i 12964 Err codemadness.org 70 i 12965

Err codemadness.org 70 i 12966 Err codemadness.org 70 i 12967

DNSSEC enabled in default unbound(8) configuration.

Err codemadness.org 70 i 12968 Err codemadness.org 70 i 12969

Err codemadness.org 70 i 12970
DNSSEC validation has been enabled in the default unbound.conf(5) in -current. The relevant commits were from Job Snijders (job@)
Err codemadness.org 70 i 12971

Err codemadness.org 70 i 12972 Err codemadness.org 70 i 12973

Err codemadness.org 70 i 12974 Err codemadness.org 70 i 12975

How to Install Shopware with NGINX and Let's Encrypt on FreeBSD 12

Err codemadness.org 70 i 12976 Err codemadness.org 70 i 12977

Err codemadness.org 70 i 12978
Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on FreeBSD 12 system by using NGINX as a web server.
Err codemadness.org 70 i 12979

Err codemadness.org 70 i 12980 Err codemadness.org 70 i 12981

Requirements

Err codemadness.org 70 i 12984 Err codemadness.org 70 i 12985

Err codemadness.org 70 i 12986
Make sure your system meets the following minimum requirements:
Err codemadness.org 70 i 12987 Err codemadness.org 70 i 12988
Err codemadness.org 70 i 12989
Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed.
Err codemadness.org 70 i 12990
PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.
Err codemadness.org 70 i 12991
MySQL 5.5.0 or higher.
Err codemadness.org 70 i 12992
Possibility to set up cron jobs.
Err codemadness.org 70 i 12993
Minimum 4 GB available hard disk space.
Err codemadness.org 70 i 12994
IonCube Loader version 5.0.0 or higher (optional).
Err codemadness.org 70 i 12995
Err codemadness.org 70 i 12996

Err codemadness.org 70 i 12997 Err codemadness.org 70 i 12998

Err codemadness.org 70 i 12999 Err codemadness.org 70 i 13000

How to Compile RainbowCrack on OpenBSD

Err codemadness.org 70 i 13001 Err codemadness.org 70 i 13002

Err codemadness.org 70 i 13003
Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.
Err codemadness.org 70 i 13004 Err codemadness.org 70 i 13005
The Project RainbowCrack web page now has just binaries for Windows XP and Linux, both 32-bit and 64-bit versions.
Err codemadness.org 70 i 13006 Err codemadness.org 70 i 13007
Earlier versions were available as source code. The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about Linux kernel headers.
Err codemadness.org 70 i 13008

Err codemadness.org 70 i 13009 Err codemadness.org 70 i 13010

You might also look at ophcrack, a more modern tool, although it seems to be focused on cracking Windows XP/Vista/7/8/10 password hashes

Err codemadness.org 70 i 13013 Err codemadness.org 70 i 13014

Err codemadness.org 70 i 13015 Err codemadness.org 70 i 13016

Feedback/Questions

Err codemadness.org 70 i 13017 Err codemadness.org 70 i 13018

Reese - Amature radio info
Chris - VPN
Malcolm - NAT

Err codemadness.org 70 i 13023 Err codemadness.org 70 i 13024

Err codemadness.org 70 i 13025 Err codemadness.org 70 i 13026

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 13029 Err codemadness.org 70 i 13030

Err codemadness.org 70 i 13031 Err codemadness.org 70 i 13032 Err codemadness.org 70 i 13033 Err codemadness.org 70 i 13034 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 13035 ]]> Err codemadness.org 70 i 13036

324: Emergency Space Mode

Allan Jude — Thu, 14 Nov 2019 04:00:00 -0800

Err codemadness.org 70 i 13263 Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.

Err codemadness.org 70 i 13264 Err codemadness.org 70 i 13265

Err codemadness.org 70 i 13266 Err codemadness.org 70 i 13267

Headlines

Err codemadness.org 70 i 13268 Err codemadness.org 70 i 13269

Migrating drives and the zpool from one host to another.

Err codemadness.org 70 i 13270 Err codemadness.org 70 i 13271

Err codemadness.org 70 i 13272
Today is the day.
Err codemadness.org 70 i 13273 Err codemadness.org 70 i 13274
Today I move a zpool from an R710 into an R720. The goal: all services on that zpool start running on the new host.
Err codemadness.org 70 i 13275 Err codemadness.org 70 i 13276
Fortunately, that zpool is dedicated to jails, more or less. I have done some planning about this, including moving a poudriere on the R710 into a jail.
Err codemadness.org 70 i 13277 Err codemadness.org 70 i 13278
Now it is almost noon on Saturday, I am sitting in the basement (just outside the server room), and I’m typing this up.
Err codemadness.org 70 i 13279

Err codemadness.org 70 i 13280 Err codemadness.org 70 i 13281

In this post:
Err codemadness.org 70 i 13283 Err codemadness.org 70 i 13284
- FreeBSD 12.0
- Dell R710 (r710-01)
- Dell R720 (r720-01)
- drive caddies from eBay and now I know the difference between SATA and SATAu
PLEASE READ THIS first: Migrating ZFS Storage Pools

Err codemadness.org 70 i 13292 Err codemadness.org 70 i 13293

Err codemadness.org 70 i 13294 Err codemadness.org 70 i 13295

OpenBSD in 2019

Err codemadness.org 70 i 13296 Err codemadness.org 70 i 13297

Err codemadness.org 70 i 13298
I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.
Err codemadness.org 70 i 13299 Err codemadness.org 70 i 13300
What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.
Err codemadness.org 70 i 13301 Err codemadness.org 70 i 13302
I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.
Err codemadness.org 70 i 13303 Err codemadness.org 70 i 13304
That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.
Err codemadness.org 70 i 13305 Err codemadness.org 70 i 13306
This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment works well. E.g. will gnuradio work? Lack of other-OS VM support may be a problem.
Err codemadness.org 70 i 13307

Err codemadness.org 70 i 13308 Err codemadness.org 70 i 13309

Verdict

Err codemadness.org 70 i 13312 Err codemadness.org 70 i 13313

Err codemadness.org 70 i 13314
Ouch, that’s a long list of bad stuff. Still, I like it. I’ll continue to run it, and will make sure my stuff continues working on OpenBSD.
Err codemadness.org 70 i 13315 Err codemadness.org 70 i 13316
And maybe in a year I’ll have a review of OpenBSD on a laptop.
Err codemadness.org 70 i 13317

Err codemadness.org 70 i 13318 Err codemadness.org 70 i 13319

Err codemadness.org 70 i 13320 Err codemadness.org 70 i 13321

News Roundup

Err codemadness.org 70 i 13322 Err codemadness.org 70 i 13323

New zlib, new dhcpcd

Err codemadness.org 70 i 13324 Err codemadness.org 70 i 13325

Err codemadness.org 70 i 13326
zlib and dhcpcd are both updated in DragonFly… but my quick perusal of the commits makes it sound like bugfix only; no usage changes needed.
Err codemadness.org 70 i 13327

Err codemadness.org 70 i 13328 Err codemadness.org 70 i 13329

DHCPCD Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719768.html
ZLIB Commit: http://lists.dragonflybsd.org/pipermail/commits/2019-October/719772.html

Err codemadness.org 70 i 13333 Err codemadness.org 70 i 13334

Err codemadness.org 70 i 13335 Err codemadness.org 70 i 13336

Batch renaming images, including image resolution, with awk

Err codemadness.org 70 i 13337 Err codemadness.org 70 i 13338

Err codemadness.org 70 i 13339
The most recent item on my list of “Geeky things I did that made me feel pretty awesome” is an hour’s adventure that culminated in this code:
Err codemadness.org 70 i 13340

Err codemadness.org 70 i 13341 Err codemadness.org 70 i 13342

$ file IMG* | awk 'BEGIN{a=0} {print substr($1, 1, length($1)-5),a++"_"substr($8,1, length($8)-1)}' | while read fn fr; do echo $(rename -v "s/$fn/img_$fr/g" *); done	Err	codemadness.org	70
i 13343 IMG_20170808_172653_425.jpg renamed as img_0_4032x3024.jpg	Err	codemadness.org	70
i 13344 IMG_20170808_173020_267.jpg renamed as img_1_3024x3506.jpg	Err	codemadness.org	70
i 13345 IMG_20170808_173130_616.jpg renamed as img_2_3024x3779.jpg	Err	codemadness.org	70
i 13346 IMG_20170808_173221_425.jpg renamed as img_3_3024x3780.jpg	Err	codemadness.org	70
i 13347 IMG_20170808_173417_059.jpg renamed as img_4_2956x2980.jpg	Err	codemadness.org	70
i 13348 IMG_20170808_173450_971.jpg renamed as img_5_3024x3024.jpg	Err	codemadness.org	70
i 13349 IMG_20170808_173536_034.jpg renamed as img_6_4032x3024.jpg	Err	codemadness.org	70
i 13350 IMG_20170808_173602_732.jpg renamed as img_7_1617x1617.jpg	Err	codemadness.org	70
i 13351 IMG_20170808_173645_339.jpg renamed as img_8_3024x3780.jpg	Err	codemadness.org	70
i 13352 IMG_20170909_170146_585.jpg renamed as img_9_3036x3036.jpg	Err	codemadness.org	70
i 13353 IMG_20170911_211522_543.jpg renamed as img_10_3036x3036.jpg	Err	codemadness.org	70
i 13354 IMG_20170913_071608_288.jpg renamed as img_11_2760x2760.jpg	Err	codemadness.org	70
i 13355 IMG_20170913_073205_522.jpg renamed as img_12_2738x2738.jpg	Err	codemadness.org	70
i 13356 // ... etc etc	Err	codemadness.org	70
i 13357

Err codemadness.org 70 i 13358 Err codemadness.org 70 i 13359

Err codemadness.org 70 i 13360
The last item on the aforementioned list is “TODO: come up with a shorter title for this list.”
Err codemadness.org 70 i 13361

Err codemadness.org 70 i 13362 Err codemadness.org 70 i 13363

Err codemadness.org 70 i 13364 Err codemadness.org 70 i 13365

I hate the X11 ICCCM selection system, and you should too - A Rant

Err codemadness.org 70 i 13366 Err codemadness.org 70 i 13367

Err codemadness.org 70 i 13368
d00d, that document is devilspawn. I've recently spent my nights in pain
Err codemadness.org 70 i 13369 implementing the selection mechanism. WHY OH WHY OH WHY? why me? why did I choose to do this? and what sick evil twisted mind wrote this damn spec? I don't know why I'm working with it, I just wanted to make a useful program.
Err codemadness.org 70 i 13370 Err codemadness.org 70 i 13371
I didn't know what I was getting myself in to. Nobody knows until they try it. And once you start, you're unable to stop. You can't stop, if you stop then you haven't completed it to spec. You can't fail on this, it's just a few pages of text, how can that be so hard? So what if they use Atoms for everything. So what if there's no explicit correlation between the target type of a SelectionNotify event and the type of the property it indicates?
Err codemadness.org 70 i 13372 Err codemadness.org 70 i 13373
So what if the distinction is ambiguous? So what if the document is littered with such atrocities? It's not the spec's fault, the spec is authoritative. It's obviously YOUR (the implementor's) fault for misunderstanding it. If you didn't misunderstand it, you wouldn't be here complaining about it would you?
Err codemadness.org 70 i 13374

Err codemadness.org 70 i 13375 Err codemadness.org 70 i 13376

Err codemadness.org 70 i 13377 Err codemadness.org 70 i 13378

HAMMER2 emergency space mode

Err codemadness.org 70 i 13379 Err codemadness.org 70 i 13380

Err codemadness.org 70 i 13381
As anyone who has been running HAMMER1 or HAMMER2 has noticed, snapshots and copy on write and infinite history can eat a lot of disk space, even if the actual file volume isn’t changing much. There’s now an ‘emergency mode‘ for HAMMER2, where disk operations can happen even if there isn’t space for the normal history activity. It’s dangerous, in that the normal protections against data loss if power is cut go away, and snapshots created while in this mode will be mangled. So definitely don’t leave it on!
Err codemadness.org 70 i 13382

Err codemadness.org 70 i 13383 Err codemadness.org 70 i 13384

Err codemadness.org 70 i 13385 Err codemadness.org 70 i 13386

Beastie Bits

Err codemadness.org 70 i 13387 Err codemadness.org 70 i 13388

The BastilleBSD community has started work on over 100 automation templates
PAM perturbed
OpenBSD T-Shirts now available
FastoCloud (Opensource Media Service) now available on FreeBSD
Unix: A History and a Memoir by Brian Kernighan now available
OpenBSD Moonlight game streaming client from a Windows + Nvidia PC Err codemadness.org 70 i 13395 ***

Err codemadness.org 70 i 13397 Err codemadness.org 70 i 13398

Feedback/Questions

Err codemadness.org 70 i 13399 Err codemadness.org 70 i 13400

Tim - Release Notes for Lumina 1.5 Err codemadness.org 70 i 13402 Err codemadness.org 70 i 13403
- Answer Here
Brad - vBSDcon Trip Report
Jacob - Using terminfo on FreeBSD

Err codemadness.org 70 i 13409 Err codemadness.org 70 i 13410

Err codemadness.org 70 i 13411 Err codemadness.org 70 i 13412

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 13415 Err codemadness.org 70 i 13416

Err codemadness.org 70 i 13417 Err codemadness.org 70 i 13418 Err codemadness.org 70 i 13419 Err codemadness.org 70 i 13420 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 13421 ]]> Err codemadness.org 70 i 13422

323: OSI Burrito Guy

Allan Jude — Thu, 07 Nov 2019 04:00:00 -0800

Err codemadness.org 70 i 13673 The earliest Unix code, how to replace fail2ban with blacklistd, OpenBSD crossed 400k commits, how to install Bolt CMS on FreeBSD, optimized hammer2, appeasing the OSI 7-layer burrito guys, and more.

Err codemadness.org 70 i 13674 Err codemadness.org 70 i 13675

Headlines

Err codemadness.org 70 i 13676 Err codemadness.org 70 i 13677

The Earliest Unix Code: An Anniversary Source Code Release

Err codemadness.org 70 i 13678 Err codemadness.org 70 i 13679

Err codemadness.org 70 i 13680
What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.
Err codemadness.org 70 i 13681 Err codemadness.org 70 i 13682
2019 marks the 50th anniversary of the start of Unix. In the summer of 1969, that same summer that saw humankind’s first steps on the surface of the Moon, computer scientists at the Bell Telephone Laboratories—most centrally Ken Thompson and Dennis Ritchie—began the construction of a new operating system, using a then-aging DEC PDP-7 computer at the labs.
Err codemadness.org 70 i 13683

Err codemadness.org 70 i 13684 Err codemadness.org 70 i 13685

Err codemadness.org 70 i 13686 Err codemadness.org 70 i 13687

This man sent the first online message 50 years ago

Err codemadness.org 70 i 13688 Err codemadness.org 70 i 13689

As many of you have heard in the past, the first online message ever sent between two computers was "lo", just over 50 years ago, on Oct. 29, 1969.

Err codemadness.org 70 i 13692 Err codemadness.org 70 i 13693

Err codemadness.org 70 i 13694
It was supposed to say "log," but the computer sending the message — based at UCLA — crashed before the letter "g" was typed. A computer at Stanford 560 kilometres away was supposed to fill in the remaining characters "in," as in "log in."
Err codemadness.org 70 i 13695

Err codemadness.org 70 i 13696 Err codemadness.org 70 i 13697

The CBC Radio show, “The Current” has a half-hour interview with the man who sent that message, Leonard Kleinrock, distinguished professor of computer science at UCLA

Err codemadness.org 70 i 13700 Err codemadness.org 70 i 13701

Err codemadness.org 70 i 13702
"The idea of the network was you could sit at one computer, log on through the network to a remote computer and use its services there,"
Err codemadness.org 70 i 13703 Err codemadness.org 70 i 13704
50 years later, the internet has become so ubiquitous that it has almost been rendered invisible. There's hardly an aspect in our daily lives that hasn't been touched and transformed by it.
Err codemadness.org 70 i 13705 Err codemadness.org 70 i 13706
Q: Take us back to that day 50 years ago. Did you have the sense that this was going to be something you'd be talking about a half a century later?
Err codemadness.org 70 i 13707 Err codemadness.org 70 i 13708
A: Well, yes and no. Four months before that message was sent, there was a press release that came out of UCLA in which it quotes me as describing what my vision for this network would become. Basically what it said is that this network would be always on, always available. Anybody with any device could get on at anytime from any location, and it would be invisible.
Err codemadness.org 70 i 13709 Err codemadness.org 70 i 13710
Well, what I missed ... was that this is going to become a social network. People talking to people. Not computers talking to computers, but [the] human element.
Err codemadness.org 70 i 13711 Err codemadness.org 70 i 13712
Q: Can you briefly explain what you were working on in that lab? Why were you trying to get computers to actually talk to one another?
Err codemadness.org 70 i 13713 Err codemadness.org 70 i 13714
A: As an MIT graduate student, years before, I recognized I was surrounded by computers and I realized there was no effective [or efficient] way for them to communicate. I did my dissertation, my research, on establishing a mathematical theory of how these networks would work. But there was no such network existing. AT&T said it won't work and, even if it does, we want nothing to do with it.
Err codemadness.org 70 i 13715 Err codemadness.org 70 i 13716
So I had to wait around for years until the Advanced Research Projects Agency within the Department of Defence decided they needed a network to connect together the computer scientists they were supervising and supporting.
Err codemadness.org 70 i 13717 Err codemadness.org 70 i 13718
Q: For all the promise of the internet, it has also developed some dark sides that I'm guessing pioneers like yourselves never anticipated.
Err codemadness.org 70 i 13719 Err codemadness.org 70 i 13720
A: We did not. I knew everybody on the internet at that time, and they were all well-behaved and they all believed in an open, shared free network. So we did not put in any security controls.
Err codemadness.org 70 i 13721 Err codemadness.org 70 i 13722
When the first spam email occurred, we began to see the dark side emerge as this network reached nefarious people sitting in basements with a high-speed connection, reaching out to millions of people instantaneously, at no cost in time or money, anonymously until all sorts of unpleasant events occurred, which we called the dark side.
Err codemadness.org 70 i 13723 Err codemadness.org 70 i 13724
But in those early days, I considered the network to be going through its teenage years. Hacking to spam, annoying kinds of effects. I thought that one day this network would mature and grow up. Well, in fact, it took a turn for the worse when nation states, organized crime and extremists came in and began to abuse the network in severe ways.
Err codemadness.org 70 i 13725 Err codemadness.org 70 i 13726
Q: Is there any part of you that regrets giving birth to this?
Err codemadness.org 70 i 13727 Err codemadness.org 70 i 13728
A: Absolutely not. The greater good is much more important.
Err codemadness.org 70 i 13729

Err codemadness.org 70 i 13730 Err codemadness.org 70 i 13731

Err codemadness.org 70 i 13732 Err codemadness.org 70 i 13733

News Roundup

Err codemadness.org 70 i 13734 Err codemadness.org 70 i 13735

How to use blacklistd(8) with NPF as a fail2ban replacement

Err codemadness.org 70 i 13736 Err codemadness.org 70 i 13737

Err codemadness.org 70 i 13738
blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
Err codemadness.org 70 i 13739 Err codemadness.org 70 i 13740
The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
Err codemadness.org 70 i 13741 Err codemadness.org 70 i 13742
Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
Err codemadness.org 70 i 13743 Err codemadness.org 70 i 13744
Unfortunately (dont' ask me why ??) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen.
Err codemadness.org 70 i 13745

Err codemadness.org 70 i 13746 Err codemadness.org 70 i 13747

FreeBSD’s handbook chapter on blacklistd

Err codemadness.org 70 i 13750 Err codemadness.org 70 i 13751

Err codemadness.org 70 i 13752 Err codemadness.org 70 i 13753

OpenBSD crossed 400,000 commits

Err codemadness.org 70 i 13754 Err codemadness.org 70 i 13755

Err codemadness.org 70 i 13756
Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all our repositories since starting at 1995/10/18 08:37:01 Canada/Mountain. That's a lot of commits by a lot of amazing people.
Err codemadness.org 70 i 13757 Err codemadness.org 70 i 13758
(*) by one measure. Since the repository is so large and old, there are a variety of quirks including ChangeLog missing entries and branches not convertible to other repo forms, so measuring is hard. If you think you've got a great way of measuring, don't be so sure of yourself -- you may have overcounted or undercounted.
Err codemadness.org 70 i 13759

Err codemadness.org 70 i 13760 Err codemadness.org 70 i 13761

Subject to the notes Theo made about under and over counting, FreeBSD should hit 1 million commits (base + ports + docs) some time in 2020
NetBSD + pkgsrc are approaching 600,000, but of course pkgsrc covers other operating systems too

Err codemadness.org 70 i 13765 Err codemadness.org 70 i 13766

Err codemadness.org 70 i 13767 Err codemadness.org 70 i 13768

How to Install Bolt CMS with Nginx and Let's Encrypt on FreeBSD 12

Err codemadness.org 70 i 13769 Err codemadness.org 70 i 13770

Err codemadness.org 70 i 13771
Bolt is a sophisticated, lightweight and simple CMS built with PHP. It is released under the open-source MIT-license and source code is hosted as a public repository on Github. A bolt is a tool for Content Management, which strives to be as simple and straightforward as possible. It is quick to set up, easy to configure, uses elegant templates. Bolt is created using modern open-source libraries and is best suited to build sites in HTML5 with modern markup. In this tutorial, we will go through the Bolt CMS installation on FreeBSD 12 system by using Nginx as a web server, MySQL as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.
Err codemadness.org 70 i 13772

Err codemadness.org 70 i 13773 Err codemadness.org 70 i 13774

Requirements
The system requirements for Bolt are modest, and it should run on any fairly modern web server: Err codemadness.org 70 i 13777 Err codemadness.org 70 i 13778
- PHP version 5.5.9 or higher with the following common PHP extensions: pdo, mysqlnd, pgsql, openssl, curl, gd, intl, json, mbstring, opcache, posix, xml, fileinfo, exif, zip.
- Access to SQLite (which comes bundled with PHP), or MySQL or PostgreSQL.
- Apache with mod_rewrite enabled (.htaccess files) or Nginx (virtual host configuration covered below).
- A minimum of 32MB of memory allocated to PHP.

Err codemadness.org 70 i 13785 Err codemadness.org 70 i 13786

Err codemadness.org 70 i 13787 Err codemadness.org 70 i 13788

hammer2 - Optimize hammer2 support threads and dispatch

Err codemadness.org 70 i 13789 Err codemadness.org 70 i 13790

Err codemadness.org 70 i 13791
Refactor the XOP groups in order to be able to queue strategy calls, whenever possible, to the same CPU as the issuer. This optimizes several cases and reduces unnecessary IPI traffic between cores. The next best thing to do would be to not queue certain XOPs to an H2 support thread at all, but I would like to keep the threads intact for later clustering work.

Err codemadness.org 70 i 13792 The best scaling case for this is when one has a large number of user threads doing I/O. One instance of a single-threaded program on an otherwise idle machine might see a slightly reduction in performance but at the same time we completely avoid unnecessarily spamming all cores in the system on the behalf of a single program, so overhead is also significantly lower.
Err codemadness.org 70 i 13793 Err codemadness.org 70 i 13794
This will tend to increase the number of H2 support threads since we need a certain degree of multiplication for domain separation.
Err codemadness.org 70 i 13795 Err codemadness.org 70 i 13796
This should significantly increase I/O performance for multi-threaded workloads.
Err codemadness.org 70 i 13797

Err codemadness.org 70 i 13798 Err codemadness.org 70 i 13799

Err codemadness.org 70 i 13800 Err codemadness.org 70 i 13801

You know, we might as well just run every network service over HTTPS/2 and build another six layers on top of that to appease the OSI 7-layer burrito guys

Err codemadness.org 70 i 13802 Err codemadness.org 70 i 13803

Err codemadness.org 70 i 13804
I've seen the writing on the wall, and while for now you can configure Firefox not to use DoH, I'm not confident enough to think it will remain that way. To that end, I've finally set up my own DoH server for use at Chez Boca. It only involved setting up my own CA to generate the appropriate certificates, install my CA certificate into Firefox, configure Apache to run over HTTP/2 (THANK YOU SO VERY XXXXXXX MUCH GOOGLE FOR SHOVING THIS HTTP/2 XXXXXXXX DOWN OUR THROATS!—no, I'm not bitter) and write a 150 line script that just queries my own local DNS, because, you know, it's more XXXXXXX secure or some XXXXXXXX reason like that.
Err codemadness.org 70 i 13805 Err codemadness.org 70 i 13806
Sigh.
Err codemadness.org 70 i 13807

Err codemadness.org 70 i 13808 Err codemadness.org 70 i 13809

Err codemadness.org 70 i 13810 Err codemadness.org 70 i 13811

Beastie Bits

Err codemadness.org 70 i 13812 Err codemadness.org 70 i 13813

An Oral History of Unix
NUMA Siloing in the FreeBSD Network Stack [pdf]
EuroBSDCon 2019 videos available
Barbie knows best
For the #OpenBSD #e2k19 attendees. I did a pre visit today.
Drawer Find
Slides - Removing ROP Gadgets from OpenBSD - AsiaBSDCon 2019

Err codemadness.org 70 i 13822 Err codemadness.org 70 i 13823

Err codemadness.org 70 i 13824 Err codemadness.org 70 i 13825

Feedback/Questions

Err codemadness.org 70 i 13826 Err codemadness.org 70 i 13827

Bostjan - Open source doesn't mean secure
Malcolm - Allan is Correct.
Michael - FreeNAS inside a Jail
Err codemadness.org 70 i 13831 Err codemadness.org 70 i 13832
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 13835 Err codemadness.org 70 i 13836

Err codemadness.org 70 i 13837 Err codemadness.org 70 i 13838 Err codemadness.org 70 i 13839 Err codemadness.org 70 i 13840 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 13841 ]]> Err codemadness.org 70 i 13842

322: Happy Birthday, Unix

Allan Jude — Thu, 31 Oct 2019 04:00:00 -0700

Err codemadness.org 70 i 14124 Unix is 50, Hunting down Ken's PDP-7, OpenBSD and OPNSense have new releases, Clarification on what GhostBSD is, sshuttle - VPN over SSH, and more.

Err codemadness.org 70 i 14125 Err codemadness.org 70 i 14126

Headlines

Err codemadness.org 70 i 14127 Err codemadness.org 70 i 14128

Unix is 50

Err codemadness.org 70 i 14129 Err codemadness.org 70 i 14130

Err codemadness.org 70 i 14131
In the summer of 1969 computer scientists Ken Thompson and Dennis Ritchie created the first implementation of Unix with the goal of designing an elegant and economical operating system for a little-used PDP-7 minicomputer at Bell Labs. That modest project, however, would have a far-reaching legacy. Unix made large-scale networking of diverse computing systems — and the Internet — practical. The Unix team went on to develop the C language, which brought an unprecedented combination of efficiency and expressiveness to programming. Both made computing more "portable". Today, Linux, the most popular descendent of Unix, powers the vast majority of servers, and elements of Unix and Linux are found in most mobile devices. Meanwhile C++ remains one of the most widely used programming languages today. Unix may be a half-century old but its influence is only growing.
Err codemadness.org 70 i 14132

Err codemadness.org 70 i 14133 Err codemadness.org 70 i 14134

Err codemadness.org 70 i 14135 Err codemadness.org 70 i 14136

Hunting down Ken's PDP-7: video footage found

Err codemadness.org 70 i 14137 Err codemadness.org 70 i 14138

Err codemadness.org 70 i 14139
In my prior blog post, I traced Ken's scrounged PDP-7 to SN 34. In this post I'll show that we have actual video footage of that PDP-7 due to an old film from Bell Labs. this gives us almost a minute of footage of the PDP-7 Ken later used to create Unix.
Err codemadness.org 70 i 14140

Err codemadness.org 70 i 14141 Err codemadness.org 70 i 14142

Err codemadness.org 70 i 14143 Err codemadness.org 70 i 14144

News Roundup

Err codemadness.org 70 i 14145 Err codemadness.org 70 i 14146

OpenBSD 6.6 Released

Err codemadness.org 70 i 14147 Err codemadness.org 70 i 14148

Announce: https://marc.info/?l=openbsd-tech&m=157132024225971&w=2
Upgrade Guide: https://openbsd.org/faq/upgrade66.html
Changelog: https://openbsd.org/plus66.html

Err codemadness.org 70 i 14153 Err codemadness.org 70 i 14154

Err codemadness.org 70 i 14155 Err codemadness.org 70 i 14156

OPNsense 19.7.5 released

Err codemadness.org 70 i 14157 Err codemadness.org 70 i 14158

Err codemadness.org 70 i 14159
Hello friends and followers, Lots of plugin and ports updates this time with a few minor improvements in all core areas. Behind the scenes we are starting to migrate the base system to version
Err codemadness.org 70 i 14160

Err codemadness.org 70 i 14161 Err codemadness.org 70 i 14162

12.1 which is supposed to hit the next 20.1 release. Stay tuned for more infos in the next month or so.

Err codemadness.org 70 i 14163 Err codemadness.org 70 i 14164

Here are the full patch notes:

Err codemadness.org 70 i 14165 Err codemadness.org 70 i 14166

system: show all swap partitions in system information widget
system: flatten services_get() in preparation for removal
system: pin Syslog-ng version to specific package name
system: fix LDAP/StartTLS with user import page
system: fix a PHP warning on authentication server page
system: replace most subprocess.call use
interfaces: fix devd handling of carp devices (contributed by stumbaumr)
firewall: improve firewall rules inline toggles
firewall: only allow TCP flags on TCP protocol
firewall: simplify help text for direction setting
firewall: make protocol log summary case insensitive
reporting: ignore malformed flow records
captive portal: fix type mismatch for timeout read
dhcp: add note for static lease limitation with lease registration (contributed by Northguy)
ipsec: add margintime and rekeyfuzz options
ipsec: clear $dpdline correctly if not set
ui: fix tokenizer reorder on multiple saves
plugins: os-acme-client 1.26[1]
plugins: os-bind will reload bind on record change (contributed by blablup)
plugins: os-etpro-telemetry minor subprocess.call replacement
plugins: os-freeradius 1.9.4[2]
plugins: os-frr 1.12[3]
plugins: os-haproxy 2.19[4]
plugins: os-mailtrail 1.2[5]
plugins: os-postfix 1.11[6]
plugins: os-rspamd 1.8[7]
plugins: os-sunnyvalley LibreSSL support (contributed by Sunny Valley Networks)
plugins: os-telegraf 1.7.6[8]
plugins: os-theme-cicada 1.21 (contributed by Team Rebellion)
plugins: os-theme-tukan 1.21 (contributed by Team Rebellion)
plugins: os-tinc minor subprocess.call replacement
plugins: os-tor 1.8 adds dormant mode disable option (contributed by Fabian Franz)
plugins: os-virtualbox 1.0 (contributed by andrewhotlab)

Err codemadness.org 70 i 14201 Err codemadness.org 70 i 14202

Err codemadness.org 70 i 14203 Err codemadness.org 70 i 14204

Dealing with the misunderstandings of what is GhostBSD

Err codemadness.org 70 i 14205 Err codemadness.org 70 i 14206

Err codemadness.org 70 i 14207
Since the release of 19.09, I have seen a lot of misunderstandings on what is GhostBSD and the future of GhostBSD. GhostBSD is based on TrueOS with FreeBSD 12 STABLE with our twist to it. We are still continuing to use TrueOS for OpenRC, and the new package's system for the base system that is built from ports. GhostBSD is becoming a slow-moving rolling release base on the latest TrueOS with FreeBSD 12 STABLE. When FreeBSD 13 STABLE gets released, GhostBSD will be upgraded to TrueOS with FreeBSD 13 STABLE.
Err codemadness.org 70 i 14208 Err codemadness.org 70 i 14209
Our official desktop is MATE, which means that the leading developer of GhostBSD does not officially support XFCE. Community releases are maintained by the community and for the community. GhostBSD project will provide help to build and to host the community release. If anyone wants to have a particular desktop supported, it is up to the community. Sure I will help where I can, answer questions and guide new community members that contribute to community release.
Err codemadness.org 70 i 14210 Err codemadness.org 70 i 14211
There is some effort going on for Plasma5 desktop. If anyone is interested in helping with XFCE and Plasma5 or in creating another community release, you are well come to contribute. Also, Contribution to the GhostBSD base system, to ports and new ports, and in house software are welcome. We are mostly active on Telegram https://t.me/ghostbsd, but you can also reach us on the forum.
Err codemadness.org 70 i 14212

Err codemadness.org 70 i 14213 Err codemadness.org 70 i 14214

Err codemadness.org 70 i 14215 Err codemadness.org 70 i 14216

SHUTTLE – VPN over SSH | VPN Alternative

Err codemadness.org 70 i 14217 Err codemadness.org 70 i 14218

Err codemadness.org 70 i 14219
Looking for a lightweight VPN client, but are not ready to spend a monthly recurring amount on a VPN? VPNs can be expensive depending upon the quality of service and amount of privacy you want. A good VPN plan can easily set you back by 10$ a month and even that doesn’t guarantee your privacy. There is no way to be sure whether the VPN is storing your confidential information and traffic logs or not. sshuttle is the answer to your problem it provides VPN over ssh and in this article we’re going to explore this cheap yet powerful alternative to the expensive VPNs. By using open source tools you can control your own privacy.
Err codemadness.org 70 i 14220

Err codemadness.org 70 i 14221 Err codemadness.org 70 i 14222

VPN over SSH – sshuttle

Err codemadness.org 70 i 14225 Err codemadness.org 70 i 14226

Err codemadness.org 70 i 14227
sshuttle is an awesome program that allows you to create a VPN connection from your local machine to any remote server that you have ssh access on. The tunnel established over the ssh connection can then be used to route all your traffic from client machine through the remote machine including all the dns traffic. In the bare bones sshuttle is just a proxy server which runs on the client machine and forwards all the traffic to a ssh tunnel. Since its open source it holds quite a lot of major advantages over traditional VPN.
Err codemadness.org 70 i 14228

Err codemadness.org 70 i 14229 Err codemadness.org 70 i 14230

Err codemadness.org 70 i 14231 Err codemadness.org 70 i 14232

OpenSSH 8.1 Released

Err codemadness.org 70 i 14233 Err codemadness.org 70 i 14234

Security
Err codemadness.org 70 i 14236 Err codemadness.org 70 i 14237
- ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.
- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).
This release includes a number of changes that may affect existing configurations:
Err codemadness.org 70 i 14242 Err codemadness.org 70 i 14243
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").
New Features
Err codemadness.org 70 i 14247 Err codemadness.org 70 i 14248
- ssh(1): Allow %n to be expanded in ProxyCommand strings
- ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519"
- ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
- ssh-keygen(1): print key comment when extracting public key from a private key.
- ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too.
- All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.

Err codemadness.org 70 i 14257 Err codemadness.org 70 i 14258

Err codemadness.org 70 i 14259 Err codemadness.org 70 i 14260

Beastie Bits

Err codemadness.org 70 i 14261 Err codemadness.org 70 i 14262

Say goodbye to the 32 CPU limit in NetBSD/aarch64
vBSDcon 2019 videos
Browse the web in the terminal - W3M
NetBSD 9 and GSoC
BSDCan 2019 Videos
NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders
FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open
FOSDEM 2020 - BSD Devroom Call for Participation
University of Cambridge looking for Research Assistants/Associates

Err codemadness.org 70 i 14273 Err codemadness.org 70 i 14274

Err codemadness.org 70 i 14275 Err codemadness.org 70 i 14276

Feedback/Questions

Err codemadness.org 70 i 14277 Err codemadness.org 70 i 14278

Trenton - Beeping Thinkpad
Alex - Per user ZFS Datasets Err codemadness.org 70 i 14281 Err codemadness.org 70 i 14282
- Allan’s old patch from 2015
Javier - FBSD 12.0 + ZFS + encryption

Err codemadness.org 70 i 14287 Err codemadness.org 70 i 14288

Err codemadness.org 70 i 14289 Err codemadness.org 70 i 14290

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 14293 Err codemadness.org 70 i 14294

Err codemadness.org 70 i 14295 Err codemadness.org 70 i 14296 Err codemadness.org 70 i 14297 Err codemadness.org 70 i 14298 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 14299 ]]> Err codemadness.org 70 i 14300

321: The Robot OS

Allan Jude — Wed, 23 Oct 2019 20:00:00 -0700

Err codemadness.org 70 i 14520 An interview with Trenton Schulz about his early days with FreeBSD, Robot OS, Qt, and more.

Err codemadness.org 70 i 14521 Err codemadness.org 70 i 14522

Interview - Trenton Schulz - freenas@norwegianrockcat.com

Err codemadness.org 70 i 14523 Err codemadness.org 70 i 14524

Robot OS on FreeBSD

Err codemadness.org 70 i 14525 Err codemadness.org 70 i 14526

BR: Welcome to the show. Can you tell us a little bit about yourself and how you got started with BSD?
AJ: You were working for Trolltech (creators of Qt). Was FreeBSD used there and how?
BR: Can you tell us more about the work you are doing with Robot OS on FreeBSD?
AJ: Was EuroBSDcon your first BSD conference? How did you like it?
BR: Do you have some tips or advice on how to get started with the BSDs?
AJ: Is there anything else you’d like to tell us before we let you go?

Err codemadness.org 70 i 14534 Err codemadness.org 70 i 14535

Err codemadness.org 70 i 14536 Err codemadness.org 70 i 14537

Beastie Bits

Err codemadness.org 70 i 14538 Err codemadness.org 70 i 14539

FreeBSD Miniconf at linux.conf.au 2020 Call for Sessions Now Open
Portland BSD Pizza Night: Oct 24th, 19:00 @ Rudy’s Gourmet Pizza
NYC*BUG Install Fest: Nov 6th 18:45 @ Suspenders
FOSDEM 2020 - BSD Devroom Call for Participation
University of Cambridge looking for Research Assistants/Associates

Err codemadness.org 70 i 14546 Err codemadness.org 70 i 14547

Err codemadness.org 70 i 14548 Err codemadness.org 70 i 14549

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 14552 Err codemadness.org 70 i 14553

Err codemadness.org 70 i 14554 Err codemadness.org 70 i 14555 Err codemadness.org 70 i 14556 Err codemadness.org 70 i 14557 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 14558

Special Guest: Trenton Shulz.

]]> Err codemadness.org 70 i 14559

320: Codebase: Neck Deep

Allan Jude — Wed, 16 Oct 2019 20:00:00 -0700

Err codemadness.org 70 i 14715 Headlines Err codemadness.org 70 i 14716 Err codemadness.org 70 i 14717

FreeBSD and custom firmware on the Google Pixelbook

Err codemadness.org 70 i 14718 Err codemadness.org 70 i 14719

FreeBSD and custom firmware on the Google Pixelbook

Err codemadness.org 70 i 14722 Err codemadness.org 70 i 14723

Err codemadness.org 70 i 14724
Back in 2015, I jumped on the ThinkPad bandwagon by getting an X240 to run FreeBSD on. Unlike most people in the ThinkPad crowd, I actually liked the clickpad and didn\u2019t use the trackpoint much. But this summer I\u2019ve decided that it was time for something newer. I wanted something..
Err codemadness.org 70 i 14725

Err codemadness.org 70 i 14726 Err codemadness.org 70 i 14727

lighter and thinner (ha, turns out this is actually important, I got tired of carrying a T H I C C laptop - Apple was right all along);
with a 3:2 display (why is Lenovo making these Serious Work\u2122 laptops 16:9 in the first place?? 16:9 is awful in below-13-inch sizes especially);
with a HiDPI display (and ideally with a good size for exact 2x scaling instead of fractional);
with USB-C ports;
without a dGPU, especially without an NVIDIA GPU;
assembled with screws and not glue (I don\u2019t necessarily need expansion and stuff in a laptop all that much, but being able to replace the battery without dealing with a glued chassis is good);
supported by FreeBSD of course (\u201csome development required\u201d is okay but I\u2019m not going to write big drivers);
how about something with open source firmware, that would be fun.

Err codemadness.org 70 i 14737 Err codemadness.org 70 i 14738

Err codemadness.org 70 i 14739
I was considering a ThinkPad X1 Carbon from an old generation - the one from the same year as the X230 is corebootable, so that\u2019s fun. But going back in processor generations just doesn\u2019t feel great. I want something more efficient, not less!
Err codemadness.org 70 i 14740 Err codemadness.org 70 i 14741
And then I discovered the Pixelbook. Other than the big huge large bezels around the screen, I liked everything about it. Thin aluminum design, a 3:2 HiDPI screen, rubber palm rests (why isn\u2019t every laptop ever doing that?!), the \u201cconvertibleness\u201d (flip the screen around to turn it into.. something rather big for a tablet, but it is useful actually), a Wacom touchscreen that supports a pen, mostly reasonable hardware (Intel Wi-Fi), and that famous coreboot support (Chromebooks\u2019 stock firmware is coreboot + depthcharge).
Err codemadness.org 70 i 14742 Err codemadness.org 70 i 14743
So here it is, my new laptop, a Google Pixelbook.
Err codemadness.org 70 i 14744

Err codemadness.org 70 i 14745 Err codemadness.org 70 i 14746

Conclusion

Err codemadness.org 70 i 14749 Err codemadness.org 70 i 14750

Err codemadness.org 70 i 14751
Pixelbook, FreeBSD, coreboot, EDK2 good.
Err codemadness.org 70 i 14752 Err codemadness.org 70 i 14753
Seriously, I have no big words to say, other than just recommending this laptop to FOSS enthusiasts :)
Err codemadness.org 70 i 14754

Err codemadness.org 70 i 14755 Err codemadness.org 70 i 14756

Err codemadness.org 70 i 14757 Err codemadness.org 70 i 14758

Porting NetBSD to the AMD x86-64: a case study in OS portability

Err codemadness.org 70 i 14759 Err codemadness.org 70 i 14760

Abstract

Err codemadness.org 70 i 14763 Err codemadness.org 70 i 14764

Err codemadness.org 70 i 14765
NetBSD is known as a very portable operating system, currently running on 44 different architectures (12 different types of CPU). This paper takes a look at what has been done to make it portable, and how this has decreased the amount of effort needed to port NetBSD to a new architecture. The new AMD x86-64 architecture, of which the specifications were published at the end of 2000, with hardware to follow in 2002, is used as an example.
Err codemadness.org 70 i 14766

Err codemadness.org 70 i 14767 Err codemadness.org 70 i 14768

Portability

Err codemadness.org 70 i 14771 Err codemadness.org 70 i 14772

Err codemadness.org 70 i 14773
Supporting multiple platforms was a primary goal of the NetBSD project from the start. As NetBSD was ported to more and more platforms, the NetBSD kernel code was adapted to become more portable along the way.
Err codemadness.org 70 i 14774

Err codemadness.org 70 i 14775 Err codemadness.org 70 i 14776

General

Err codemadness.org 70 i 14779 Err codemadness.org 70 i 14780

Err codemadness.org 70 i 14781
Generally, code is shared between ports as much as possible. In NetBSD, it should always be considered if the code can be assumed to be useful on other architectures, present or future. If so, it is machine-independent and put it in an appropriate place in the source tree. When writing code that is intended to be machine-independent, and it contains conditional preprocessor statements depending on the architecture, then the code is likely wrong, or an extra abstraction layer is needed to get rid of these statements.
Err codemadness.org 70 i 14782

Err codemadness.org 70 i 14783 Err codemadness.org 70 i 14784

Types

Err codemadness.org 70 i 14787 Err codemadness.org 70 i 14788

Err codemadness.org 70 i 14789
Assumptions about the size of any type are not made. Assumptions made about type sizes on 32-bit platforms were a large problem when 64-bit platforms came around. Most of the problems of this kind had to be dealt with when NetBSD was ported to the DEC Alpha in 1994. A variation on this problem had to be dealt with with the UltraSPARC (sparc64) port in 1998, which is 64-bit, but big endian (vs. the little-endianness of the Alpha). When interacting with datastructures of a fixed size, such as on-disk metadata for filesystems, or datastructures directly interpreted by device hardware, explicitly sized types are used, such as uint32_t, int8_t, etc.
Err codemadness.org 70 i 14790

Err codemadness.org 70 i 14791 Err codemadness.org 70 i 14792

Conclusions and future work

Err codemadness.org 70 i 14795 Err codemadness.org 70 i 14796

Err codemadness.org 70 i 14797
The port of NetBSD to AMD's x86-64 architecture was done in six weeks, which confirms NetBSD's reputation as being a very portable operating system. One week was spent setting up the cross-toolchain and reading the x86-64 specifications, three weeks were spent writing the kernel code, one week was spent writing the userspace code, and one week testing and debugging it all. No problems were observed in any of the machine-independent parts of the kernel during test runs; all (simulated) device drivers, file systems, etc, worked without modification.
Err codemadness.org 70 i 14798

Err codemadness.org 70 i 14799 Err codemadness.org 70 i 14800

Err codemadness.org 70 i 14801 Err codemadness.org 70 i 14802

News Roundup

Err codemadness.org 70 i 14803 Err codemadness.org 70 i 14804

ZFS performance really does degrade as you approach quota limits

Err codemadness.org 70 i 14805 Err codemadness.org 70 i 14806

Err codemadness.org 70 i 14807
Every so often (currently monthly), there is an "OpenZFS leadership meeting". What this really means is 'lead developers from the various ZFS implementations get together to talk about things'. Announcements and meeting notes from these meetings get sent out to various mailing lists, including the ZFS on Linux ones.
Err codemadness.org 70 i 14808

Err codemadness.org 70 i 14809 Err codemadness.org 70 i 14810

In the September meeting notes, I read a very interesting (to me) agenda item: Err codemadness.org 70 i 14812 Err codemadness.org 70 i 14813
- Relax quota semantics for improved performance (Allan Jude)
- Problem: As you approach quotas, ZFS performance degrades.
- Proposal: Can we have a property like quota-policy=strict or loose, where we can optionally allow ZFS to run over the quota as long as performance is not decreased.

Err codemadness.org 70 i 14819 Err codemadness.org 70 i 14820

Err codemadness.org 70 i 14821
This is very interesting to me because of two reasons. First, in the past we have definitely seen significant problems on our OmniOS machines, both when an entire pool hits a quota limit and when a single filesystem hits a refquota limit. It's nice to know that this wasn't just our imagination and that there is a real issue here. Even better, it might someday be improved (and perhaps in a way that we can use at least some of the time).
Err codemadness.org 70 i 14822 Err codemadness.org 70 i 14823
Second, any number of people here run very close to and sometimes at the quota limits of both filesystems and pools, fundamentally because people aren't willing to buy more space. We have in the past assumed that this was relatively harmless and would only make people run out of space. If this is a known issue that causes serious performance degradation, well, I don't know if there's anything we can do, but at least we're going to have to think about it and maybe push harder at people. The first step will have to be learning the details of what's going on at the ZFS level to cause the slowdown. (It's apparently similar to what happens when the pool is almost full, but I don't know the specifics of that either.)
Err codemadness.org 70 i 14824 Err codemadness.org 70 i 14825
With that said, we don't seem to have seen clear adverse effects on our Linux fileservers, and they've definitely run into quota limits (repeatedly). One possible reason for this is that having lots of RAM and SSDs makes the effects mostly go away. Another possible reason is that we haven't been looking closely enough to see that we're experiencing global slowdowns that correlate to filesystems hitting quota limits. We've had issues before with somewhat subtle slowdowns that we didn't understand (cf), so I can't discount that we're having it happen again.
Err codemadness.org 70 i 14826

Err codemadness.org 70 i 14827 Err codemadness.org 70 i 14828

Err codemadness.org 70 i 14829 Err codemadness.org 70 i 14830

Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.."

Err codemadness.org 70 i 14831 Err codemadness.org 70 i 14832

Err codemadness.org 70 i 14833
I'll preface this by saying - yes, I'm still neck deep in FreeBSD's wifi stack and 802.11ac support, but it turns out it's slow work to fix 15 year old locking related issues that worked fine on 11abg cards, kinda worked ok on 11n cards, and are terrible for these 11ac cards. I'll .. get there.
Err codemadness.org 70 i 14834 Err codemadness.org 70 i 14835
Anyhoo, I've finally been mucking around with AX.25 packet radio. I've been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn't have my amateur radio licence. But, now I do, and I've done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.
Err codemadness.org 70 i 14836 Err codemadness.org 70 i 14837
So yes, I was avoiding hacking on AX.25 stuff because there wasn't a BSD compatible AX.25 stack. I'm 40 now, leave me be.
Err codemadness.org 70 i 14838 Err codemadness.org 70 i 14839
But! A few weeks ago I found that someone was still running a packet BBS out of San Francisco. And amazingly, his local node ran on FreeBSD! It turns out Jeremy (KK6JJJ) ported both an old copy of KA9Q and N0ARY-BBS to run on FreeBSD! Cool!
Err codemadness.org 70 i 14840 Err codemadness.org 70 i 14841
I grabbed my 2m radio (which is already cabled up for digital modes), compiled up his KA9Q port, figured out how to get it to speak to Direwolf, and .. ok. Well, it worked. Kinda.
Err codemadness.org 70 i 14842

Err codemadness.org 70 i 14843 Err codemadness.org 70 i 14844

Err codemadness.org 70 i 14845 Err codemadness.org 70 i 14846

HAMMER2 and fsck for review

Err codemadness.org 70 i 14847 Err codemadness.org 70 i 14848

Err codemadness.org 70 i 14849
HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there\u2019s now a fsck command, useful if you want a report of data validity rather than any manual repair process.
Err codemadness.org 70 i 14850

Err codemadness.org 70 i 14851 Err codemadness.org 70 i 14852

Err codemadness.org 70 i 14853 Err codemadness.org 70 i 14854

[The return of startx(1) for non-root users with some caveats

Err codemadness.org 70 i 14855 Err codemadness.org 70 i 14856

Mark Kettenis (kettenis@) has recently committed changes which restore a certain amount of startx(1)/xinit(1) functionality for non-root users. The commit messages explain the situation:

Err codemadness.org 70 i 14857 Err codemadness.org 70 i 14858

CVSROOT:    /cvs	Err	codemadness.org	70
i 14859 Module name:    src	Err	codemadness.org	70
i 14860 Changes by:    kettenis@cvs.openbsd.org    2019/09/15 06:25:41	Err	codemadness.org	70
i 14861 	Err	codemadness.org	70
i 14862 Modified files:	Err	codemadness.org	70
i 14863     etc/etc.amd64  : fbtab 	Err	codemadness.org	70
i 14864     etc/etc.arm64  : fbtab 	Err	codemadness.org	70
i 14865     etc/etc.hppa   : fbtab 	Err	codemadness.org	70
i 14866     etc/etc.i386   : fbtab 	Err	codemadness.org	70
i 14867     etc/etc.loongson: fbtab 	Err	codemadness.org	70
i 14868     etc/etc.luna88k: fbtab 	Err	codemadness.org	70
i 14869     etc/etc.macppc : fbtab 	Err	codemadness.org	70
i 14870     etc/etc.octeon : fbtab 	Err	codemadness.org	70
i 14871     etc/etc.sgi    : fbtab 	Err	codemadness.org	70
i 14872     etc/etc.sparc64: fbtab 	Err	codemadness.org	70
i 14873 	Err	codemadness.org	70
i 14874 Log message:	Err	codemadness.org	70
i 14875 Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in some cases also the serial console) such that X can use it as its VT when running without root privileges.	Err	codemadness.org	70
i 14876 	Err	codemadness.org	70
i 14877 ok jsg@, matthieu@	Err	codemadness.org	70
i 14878 CVSROOT:    /cvs	Err	codemadness.org	70
i 14879 Module name:    xenocara	Err	codemadness.org	70
i 14880 Changes by:    kettenis@cvs.openbsd.org    2019/09/15 06:31:08	Err	codemadness.org	70
i 14881 	Err	codemadness.org	70
i 14882 Modified files:	Err	codemadness.org	70
i 14883     xserver/hw/xfree86/common: xf86AutoConfig.c 	Err	codemadness.org	70
i 14884 	Err	codemadness.org	70
i 14885 Log message:	Err	codemadness.org	70
i 14886 Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.	Err	codemadness.org	70
i 14887 	Err	codemadness.org	70
i 14888 This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4).  In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).	Err	codemadness.org	70
i 14889 	Err	codemadness.org	70
i 14890 ok jsg@, matthieu@	Err	codemadness.org	70
i 14891

Err codemadness.org 70 i 14892 Err codemadness.org 70 i 14893

Err codemadness.org 70 i 14894 Err codemadness.org 70 i 14895

Beastie Bits

Err codemadness.org 70 i 14896 Err codemadness.org 70 i 14897

ASCII table and history. Or, why does Ctrl+i insert a Tab in my terminal?
Sourcehut makes BSD software better
Chaosnet for Unx
The Vim-Inspired Editor with a Linguistic Twist
bhyvearm64: CPU and Memory Virtualization on Armv8.0-A
DefCon25 - Are all BSD created Equally - A Survey of BSD Kernel vulnerabilities

Err codemadness.org 70 i 14905 Err codemadness.org 70 i 14906

Err codemadness.org 70 i 14907 Err codemadness.org 70 i 14908

Feedback/Questions

Err codemadness.org 70 i 14909 Err codemadness.org 70 i 14910

Tim - GSoC project ideas for pf rule syntax translation
Brad - Steam on FreeBSD
Ruslan - FreeBSD Quarterly Status Report - Q2 2019

Err codemadness.org 70 i 14915 Err codemadness.org 70 i 14916

Err codemadness.org 70 i 14917 Err codemadness.org 70 i 14918

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 14921 Err codemadness.org 70 i 14922

Err codemadness.org 70 i 14923 Err codemadness.org 70 i 14924 Err codemadness.org 70 i 14925 Err codemadness.org 70 i 14926 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 14927 ]]> Err codemadness.org 70 i 14928

319: Lack Rack, Jack

Allan Jude — Wed, 09 Oct 2019 20:00:00 -0700

Err codemadness.org 70 i 15242 Causing ZFS corruption for fun, NetBSD Assembly Programming Tutorial, The IKEA Lack Rack for Servers, a new OmniOS Community Edition LTS has been published, List Block Devices on FreeBSD lsblk(8) Style, Project Trident 19.10 available, and more.

Err codemadness.org 70 i 15243 Err codemadness.org 70 i 15244

Headlines

Err codemadness.org 70 i 15245 Err codemadness.org 70 i 15246

Causing ZFS corruption for fun and profit

Err codemadness.org 70 i 15247 Err codemadness.org 70 i 15248

Err codemadness.org 70 i 15249
Datto backs up data, a lot of it. At the time of writing Datto has over 500 PB of data stored on ZFS. This count includes both backup appliances that are sent to customer sites, as well as cloud storage servers that are used for secondary and tertiary backup of those appliances. At this scale drive swaps are a daily occurrence, and data corruption is inevitable. How we handle this corruption when it happens determines whether we truly lose data, or successfully restore from secondary backup. In this post we'll be showing you how at Datto we intentionally cause corruption in our testing environments, to ensure we're building software that can properly handle these scenarios.
Err codemadness.org 70 i 15250

Err codemadness.org 70 i 15251 Err codemadness.org 70 i 15252

Causing Corruption

Err codemadness.org 70 i 15255 Err codemadness.org 70 i 15256

Err codemadness.org 70 i 15257
Since this is a mirror setup, a naive solution to cause corruption would be to randomly dd the same sectors of both /dev/sdb and /dev/sdc. This works, but is equally likely to just overwrite random unused space, or take down the zpool entirely. What we really want is to corrupt a specific snapshot, or even a specific file in that snapshot, to simulate a more realistic minor corruption event. Luckily we have a tool called zdb that lets us view some low level information about datasets.
Err codemadness.org 70 i 15258

Err codemadness.org 70 i 15259 Err codemadness.org 70 i 15260

Conclusion

Err codemadness.org 70 i 15263 Err codemadness.org 70 i 15264

Err codemadness.org 70 i 15265
At the 500 PB scale, it's not a matter of if data corruption will happen but when. Intentionally causing corruption is one of the strategies we use to ensure we're building software that can handle these rare (but inevitable) events.
Err codemadness.org 70 i 15266 Err codemadness.org 70 i 15267
To others out there using ZFS: I'm curious to hear how you've solved this problem. We did quite a bit of experimentation with zinject before going with this more brute force method. So I'd be especially interested if you've had luck simply simulating corruption with zinject.
Err codemadness.org 70 i 15268

Err codemadness.org 70 i 15269 Err codemadness.org 70 i 15270

Err codemadness.org 70 i 15271 Err codemadness.org 70 i 15272

NetBSD Assembly Programming Tutorial

Err codemadness.org 70 i 15273 Err codemadness.org 70 i 15274

Err codemadness.org 70 i 15275
A sparc64 version is also being prepared and will be added when done
Err codemadness.org 70 i 15276 Err codemadness.org 70 i 15277
This post describes how to write a simple hello world program in pure assembly on NetBSD/amd64. We will not use (nor link against) libc, nor use gcc to compile it. I will be using GNU as (gas), and therefore the AT&T syntax instead of Intel.
Err codemadness.org 70 i 15278

Err codemadness.org 70 i 15279 Err codemadness.org 70 i 15280

Why assembly?

Err codemadness.org 70 i 15283 Err codemadness.org 70 i 15284

Err codemadness.org 70 i 15285
Why not? Because it's fun to program in assembly directly. Contrary to a popular belief assembly programs aren't always faster than what optimizing compilers produce. Nevertheless it's good to be able to read assembly, especially when debugging C programs
Err codemadness.org 70 i 15286

Err codemadness.org 70 i 15287 Err codemadness.org 70 i 15288

Due to the nature of the guide, visit the site for the complete breakdown

Err codemadness.org 70 i 15291 Err codemadness.org 70 i 15292

Err codemadness.org 70 i 15293 Err codemadness.org 70 i 15294

News Roundup

Err codemadness.org 70 i 15295 Err codemadness.org 70 i 15296

The IKEA Lack Rack for Servers

Err codemadness.org 70 i 15297 Err codemadness.org 70 i 15298

The LackRack

Err codemadness.org 70 i 15301 Err codemadness.org 70 i 15302

Err codemadness.org 70 i 15303
First occurrence on eth0:2010 Winterlan, the LackRack is the ultimate, low-cost, high shininess solution for your modular datacenter-in-the-living-room. Featuring the LACK (side table) from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It's a little known fact that we have seen Google engineers tinker with Lack tables since way back in 2009.
Err codemadness.org 70 i 15304 Err codemadness.org 70 i 15305
The LackRack will certainly make its appearance again this summer at eth0:2010 Summer.
Err codemadness.org 70 i 15306

Err codemadness.org 70 i 15307 Err codemadness.org 70 i 15308

Summary

Err codemadness.org 70 i 15311 Err codemadness.org 70 i 15312

Err codemadness.org 70 i 15313
When temporarily not in use, multiple LackRacks can be stacked in a space-efficient way without disassembly, unlike competing 19" server racks.
Err codemadness.org 70 i 15314 Err codemadness.org 70 i 15315
The LackRack was first seen on eth0:2010 Winterlan in the no-shoe Lounge area. Its low-cost and perfect fit are great for mounting up to 8 U of 19" hardware, such as switches (see below), or perhaps other 19" gear. It's very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19" switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!
Err codemadness.org 70 i 15316

Err codemadness.org 70 i 15317 Err codemadness.org 70 i 15318

Howto

Err codemadness.org 70 i 15321 Err codemadness.org 70 i 15322

Err codemadness.org 70 i 15323
You can find a howto on buying a LackRack on this page. This includes the proof that a 19" switch can indeed be placed in the LackRack in its natural habitat!
Err codemadness.org 70 i 15324

Err codemadness.org 70 i 15325 Err codemadness.org 70 i 15326

Err codemadness.org 70 i 15327 Err codemadness.org 70 i 15328

OmniOS Community Edition r151030 LTS - Published at May 6, 2019

Err codemadness.org 70 i 15329 Err codemadness.org 70 i 15330

Err codemadness.org 70 i 15331
The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030.
Err codemadness.org 70 i 15332 Err codemadness.org 70 i 15333
OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details.
Err codemadness.org 70 i 15334 Err codemadness.org 70 i 15335
This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details.
Err codemadness.org 70 i 15336 Err codemadness.org 70 i 15337
If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28.
Err codemadness.org 70 i 15338

Err codemadness.org 70 i 15339 Err codemadness.org 70 i 15340

For full relase notes including upgrade instructions;
release notes
upgrade instructions

Err codemadness.org 70 i 15345 Err codemadness.org 70 i 15346

Err codemadness.org 70 i 15347 Err codemadness.org 70 i 15348

List Block Devices on FreeBSD lsblk(8) Style

Err codemadness.org 70 i 15349 Err codemadness.org 70 i 15350

Err codemadness.org 70 i 15351
When I have to work on Linux systems I usually miss many nice FreeBSD tools such as these for example to name the few: sockstat, gstat, top -b -o res, top -m io -o total, usbconfig, rcorder, beadm/bectl, idprio/rtprio,… but sometimes – which rarely happens – Linux has some very useful tool that is not available on FreeBSD. An example of such tool is lsblk(8) that does one thing and does it quite well – lists block devices and their contents. It has some problems like listing a disk that is entirely used under ZFS pool on which lsblk(8) displays two partitions instead of information about ZFS just being there – but we all know how much in some circles the CDDL licensed ZFS is unloved in that GPL world.
Err codemadness.org 70 i 15352

Err codemadness.org 70 i 15353 Err codemadness.org 70 i 15354

Example lsblk(8) output from Linux system:

Err codemadness.org 70 i 15355 Err codemadness.org 70 i 15356

$ lsblk	Err	codemadness.org	70
i 15357 NAME                         MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT	Err	codemadness.org	70
i 15358 sr0                           11:0    1  1024M  0 rom	Err	codemadness.org	70
i 15359 sda                            8:0    0 931.5G  0 disk	Err	codemadness.org	70
i 15360 |-sda1                         8:1    0   500M  0 part   /boot	Err	codemadness.org	70
i 15361 `-sda2                         8:2    0   931G  0 part	Err	codemadness.org	70
i 15362   |-vg_local-lv_root (dm-0)  253:0    0    50G  0 lvm    /	Err	codemadness.org	70
i 15363   |-vg_local-lv_swap (dm-1)  253:1    0  17.7G  0 lvm    [SWAP]	Err	codemadness.org	70
i 15364   `-vg_local-lv_home (dm-2)  253:2    0   1.8T  0 lvm    /home	Err	codemadness.org	70
i 15365 sdc                            8:32   0 232.9G  0 disk	Err	codemadness.org	70
i 15366 `-sdc1                         8:33   0 232.9G  0 part	Err	codemadness.org	70
i 15367   `-md1                        9:1    0 232.9G  0 raid10 /data	Err	codemadness.org	70
i 15368 sdd                            8:48   0 232.9G  0 disk	Err	codemadness.org	70
i 15369 `-sdd1                         8:49   0 232.9G  0 part	Err	codemadness.org	70
i 15370   `-md1                        9:1    0 232.9G  0 raid10 /data	Err	codemadness.org	70
i 15371

Err codemadness.org 70 i 15372 Err codemadness.org 70 i 15373

Err codemadness.org 70 i 15374
What FreeBSD offers in this department? The camcontrol(8) and geom(8) commands are available. You can also use gpart(8) command to list partitions. Below you will find output of these commands from my single disk laptop. Please note that because of WordPress limitations I need to change all > < characters to ] [ ones in the commands outputs.
Err codemadness.org 70 i 15375

Err codemadness.org 70 i 15376 Err codemadness.org 70 i 15377

See the article for the rest of the guide

Err codemadness.org 70 i 15380 Err codemadness.org 70 i 15381

Err codemadness.org 70 i 15382 Err codemadness.org 70 i 15383

Project Trident 19.10 Now Available

Err codemadness.org 70 i 15384 Err codemadness.org 70 i 15385

Err codemadness.org 70 i 15386
This is a general package update to the CURRENT release repository based upon TrueOS 19.10
Err codemadness.org 70 i 15387

Err codemadness.org 70 i 15388 Err codemadness.org 70 i 15389

PACKAGE CHANGES FROM 19.08 Err codemadness.org 70 i 15391 Err codemadness.org 70 i 15392
- New Packages: 601
- Deleted Packages: 165
- Updated Packages: 3341

Err codemadness.org 70 i 15398 Err codemadness.org 70 i 15399

Err codemadness.org 70 i 15400 Err codemadness.org 70 i 15401

Beastie Bits

Err codemadness.org 70 i 15402 Err codemadness.org 70 i 15403

NetBSD building tools
Sponsorships open for SNMP Mastery
pkgsrc-2019Q3 release announcement (2019-10-03)
pfetch - A simple system information tool written in POSIX sh
Taking NetBSD kernel bug roast to the next level: Kernel Fuzzers (quick A.D. 2019 overview)
Cracking Ken Thomson’s password

Err codemadness.org 70 i 15411 Err codemadness.org 70 i 15412

Err codemadness.org 70 i 15413 Err codemadness.org 70 i 15414

Feedback/Questions

Err codemadness.org 70 i 15415 Err codemadness.org 70 i 15416

Evilham - Couple Questions
Rob - APU2 alternatives and GPT partition types
Tom - FreeBSD journal article by A. Fengler

Err codemadness.org 70 i 15421 Err codemadness.org 70 i 15422

Err codemadness.org 70 i 15423 Err codemadness.org 70 i 15424

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 15427 Err codemadness.org 70 i 15428

Err codemadness.org 70 i 15429 Err codemadness.org 70 i 15430 Err codemadness.org 70 i 15431 Err codemadness.org 70 i 15432 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 15433 ]]> Err codemadness.org 70 i 15434

318: The TrueNAS Library

Allan Jude — Wed, 02 Oct 2019 20:00:00 -0700

Err codemadness.org 70 i 15773 DragonFlyBSD vs. FreeBSD vs. Linux benchmark on Ryzen 7, JFK Presidential Library chooses TrueNAS for digital archives, FreeBSD 12.1-beta is available, cool but obscure X11 tools, vBSDcon trip report, Project Trident 12-U7 is available, a couple new Unix artifacts, and more.

Err codemadness.org 70 i 15774 Err codemadness.org 70 i 15775

Headlines

Err codemadness.org 70 i 15776 Err codemadness.org 70 i 15777

DragonFlyBSD 5.6 vs. FreeBSD 12 vs. Linux - Ryzen 7 3700X

Err codemadness.org 70 i 15778 Err codemadness.org 70 i 15779

Err codemadness.org 70 i 15780
For those wondering how well FreeBSD and DragonFlyBSD are handling AMD's new Ryzen 3000 series desktop processors, here are some benchmarks on a Ryzen 7 3700X with MSI MEG X570 GODLIKE where both of these popular BSD operating systems were working out-of-the-box. For some fun mid-week benchmarking, here are those results of FreeBSD 12.0 and DragonFlyBSD 5.6.2 up against openSUSE Tumbleweed and Ubuntu 19.04.
Err codemadness.org 70 i 15781 Err codemadness.org 70 i 15782
Back in July I looked at FreeBSD 12 on the Ryzen 9 3900X but at that time at least DragonFlyBSD had troubles booting on that system. When trying out the Ryzen 7 3700X + MSI GODLIKE X570 motherboard on the latest BIOS, everything "just worked" without any compatibility issues for either of these BSDs.
Err codemadness.org 70 i 15783 Err codemadness.org 70 i 15784
We've been eager to see how well DragonFlyBSD is performing on these new AMD Zen 2 CPUs with DragonFlyBSD lead developer Matthew Dillon having publicly expressed being impressed by the new AMD Ryzen 3000 series CPUs.
Err codemadness.org 70 i 15785 Err codemadness.org 70 i 15786
For comparison to those BSDs, Ubuntu 19.04 and openSUSE Tumbleweed were tested on the same hardware in their out-of-the-box configurations. While Clear Linux is normally the fastest, on this system Clear's power management defaults had caused issues in being unable to detect the Samsung 970 EVO Plus NVMe SSD used for testing and so we left it out this round.
Err codemadness.org 70 i 15787 Err codemadness.org 70 i 15788
All of the hardware was the same throughout testing as were the BIOS settings and running the Ryzen 7 3700X at stock speeds. (Any differences in the reported hardware for the system table just come down to differences in what is exposed by each OS for reporting.) All of the BSD/Linux benchmarks on this eight core / sixteen thread processor were run via the Phoronix Test Suite. In the case of FreeBSD 12.0, we benchmarked both with its default LLVM Clang 6.0 compiler as well as with GCC 9.1 so that it would match the GCC compiler being the default on the other operating systems under test.
Err codemadness.org 70 i 15789

Err codemadness.org 70 i 15790 Err codemadness.org 70 i 15791

Err codemadness.org 70 i 15792 Err codemadness.org 70 i 15793

JFK Presidential Library Chooses iXsystems TrueNAS to Preserve Precious Digital Archives

Err codemadness.org 70 i 15794 Err codemadness.org 70 i 15795

Err codemadness.org 70 i 15796
iXsystems is honored to have the TrueNAS® M-Series unified storage selected to store, serve, and protect the entire digital archive for the John F. Kennedy Library Foundation. This is in support of the collection at the John F. Kennedy Presidential Library and Museum (JFK Library). Over the next several years, the Foundation hopes to grow the digital collection from hundreds of terabytes today to cover much more of the Archives at the Kennedy Library. Overall there is a total of 25 million documents, audio recordings, photos, and videos once the project is complete.
Err codemadness.org 70 i 15797 Err codemadness.org 70 i 15798
Having first deployed the TrueNAS M50-HA earlier in 2019, the JFK Library has now completed the migration of its existing digital collection and is now in the process of digitizing much of the rest of its vast collection.
Err codemadness.org 70 i 15799 Err codemadness.org 70 i 15800
Not only is the catalog of material vast, it is also diverse, with files being copied to the storage system from a variety of sources in numerous file types. To achieve this ambitious goal, the library required a high-end NAS system capable of sharing with a variety of systems throughout the digitization process. The digital archive will be served from the TrueNAS M50 and made available to both in-person and online visitors.
Err codemadness.org 70 i 15801 Err codemadness.org 70 i 15802
With precious material and information comes robust demands. The highly-available TrueNAS M-Series has multiple layers of protection to help keep data safe, including data scrubs, checksums, unlimited snapshots, replication, and more. TrueNAS is also inherently scalable with data shares only limited by the number of drives connected to the pool. Perfect for archival storage, the deployed TrueNAS M50 will grow with the library’s content, easily expanding its storage capacity over time as needed. Supporting a variety of protocols, multi-petabyte scalability in a single share, and anytime, uninterrupted capacity expansion, the TrueNAS M-Series ticked all the right boxes.
Err codemadness.org 70 i 15803

Err codemadness.org 70 i 15804 Err codemadness.org 70 i 15805

Youtube Video

Err codemadness.org 70 i 15808 Err codemadness.org 70 i 15809

Err codemadness.org 70 i 15810 Err codemadness.org 70 i 15811

News Roundup

Err codemadness.org 70 i 15812 Err codemadness.org 70 i 15813

FreeBSD 12.1-beta available

Err codemadness.org 70 i 15814 Err codemadness.org 70 i 15815

Err codemadness.org 70 i 15816
FreeBSD 12.0 is already approaching one year old while FreeBSD 12.1 is now on the way as the next installment with various bug/security fixes and other alterations to this BSD operating system.
Err codemadness.org 70 i 15817 Err codemadness.org 70 i 15818
FreeBSD 12.1 has many security/bug fixes throughout, no longer enables "-Werror" by default as a compiler flag (Update: This change is just for the GCC 4.2 compiler), has imported BearSSL into the FreeBSD base system as a lightweight TLS/SSL implementation, bzip2recover has been added, and a variety of mostly lower-level changes. More details can be found via the in-progress release notes.
Err codemadness.org 70 i 15819 Err codemadness.org 70 i 15820
For those with time to test this weekend, FreeBSD 12.1 Beta 1 is available for all prominent architectures.
Err codemadness.org 70 i 15821 Err codemadness.org 70 i 15822
The FreeBSD release team is planning for at least another beta or two and around three release candidates. If all goes well, FreeBSD 12.1 will be out in early November.
Err codemadness.org 70 i 15823

Err codemadness.org 70 i 15824 Err codemadness.org 70 i 15825

Announcement Link

Err codemadness.org 70 i 15828 Err codemadness.org 70 i 15829

Err codemadness.org 70 i 15830 Err codemadness.org 70 i 15831

Cool, but obscure X11 tools. More suggestions in the source link

Err codemadness.org 70 i 15832 Err codemadness.org 70 i 15833

ASClock
Free42
FSV2
GLXGears
GMixer
GVIM
Micropolis
Sunclock
Ted
TiEmu
X026
X48
XAbacus
XAntfarm
XArchiver
XASCII
XBiff
XBill
XBoard
XCalc
XCalendar
XCHM
XChomp
XClipboard
XClock
XClock/Cat Clock
XColorSel
XConsole
XDiary
XEarth
XEdit
Xev
XEyes
XFontSel
XGalaga
XInvaders 3D
XKill
XLennart
XLoad
XLock
XLogo
XMahjongg
XMan
XMessage
XmGrace
XMixer
XmMix
XMore
XMosaic
XMOTD
XMountains
XNeko
XOdometer
XOSView
Xplore
XPostIt
XRoach
XScreenSaver
XSnow
XSpread
XTerm
XTide
Xv
Xvkbd
XWPE
XZoom

Err codemadness.org 70 i 15901 Err codemadness.org 70 i 15902

Err codemadness.org 70 i 15903 Err codemadness.org 70 i 15904

vBSDCon 2019 trip report from iXSystems

Err codemadness.org 70 i 15905 Err codemadness.org 70 i 15906

Err codemadness.org 70 i 15907
The fourth biennial vBSDCon was held in Reston, VA on September 5th through 7th and attracted attendees and presenters from not only the Washington, DC area, but also Canada, Germany, Kenya, and beyond. While MeetBSD caters to Silicon Valley BSD enthusiasts on even years, vBSDcon caters to East Coast and DC area enthusiasts on odd years. Verisign was again the key sponsor of vBSDcon 2019 but this year made a conscious effort to entrust the organization of the event to a team of community members led by Dan Langille, who you probably know as the lead BSDCan organizer. The result of this shift was a low key but professional event that fostered great conversation and brainstorming at every turn.
Err codemadness.org 70 i 15908

Err codemadness.org 70 i 15909 Err codemadness.org 70 i 15910

Err codemadness.org 70 i 15911 Err codemadness.org 70 i 15912

Project Trident 12-U7 now available

Err codemadness.org 70 i 15913 Err codemadness.org 70 i 15914

Package Summary Err codemadness.org 70 i 15916 Err codemadness.org 70 i 15917
- New Packages: 130
- Deleted Packages: 72
- Updated Packages: 865
Stable ISO - https://pkg.project-trident.org/iso/stable/Trident-x64-TOS-12-U7-20190920.iso

Err codemadness.org 70 i 15924 Err codemadness.org 70 i 15925

Err codemadness.org 70 i 15926 Err codemadness.org 70 i 15927

A Couple new Unix Artifacts

Err codemadness.org 70 i 15928 Err codemadness.org 70 i 15929

Err codemadness.org 70 i 15930
I fear we're drifting a bit here and the S/N ratio is dropping a bit w.r.t the actual history of Unix. Please no more on the relative merits of version control systems or alternative text processing systems.
Err codemadness.org 70 i 15931 Err codemadness.org 70 i 15932
So I'll try to distract you by saying this. I'm sitting on two artifacts that have recently been given to me:
Err codemadness.org 70 i 15933

Err codemadness.org 70 i 15934 Err codemadness.org 70 i 15935

by two large organisations
of great significance to Unix history
who want me to keep "mum" about them
as they are going to make announcements about them soon*

Err codemadness.org 70 i 15941 Err codemadness.org 70 i 15942

Err codemadness.org 70 i 15943
and I am going slowly crazy as I wait for them to be offically released. Now you have a new topic to talk about :-)
Err codemadness.org 70 i 15944 Err codemadness.org 70 i 15945
Cheers, Warren
Err codemadness.org 70 i 15946

Err codemadness.org 70 i 15947 Err codemadness.org 70 i 15948

* for some definition of "soon"

Err codemadness.org 70 i 15949 Err codemadness.org 70 i 15950

Err codemadness.org 70 i 15951 Err codemadness.org 70 i 15952

Beastie Bits

Err codemadness.org 70 i 15953 Err codemadness.org 70 i 15954

NetBSD machines at Open Source Conference 2019 Hiroshima
Hyperbola a GNU/Linux OS is using OpenBSD's Xenocara
Talos is looking for a FreeBSD Engineer
GitHub - dylanaraps/pure-sh-bible: A collection of pure POSIX sh alternatives to external processes.
dsynth: you’re building it
Percy Ludgate, the missing link between Babbage’s machine and everything else

Err codemadness.org 70 i 15962 Err codemadness.org 70 i 15963

Err codemadness.org 70 i 15964 Err codemadness.org 70 i 15965

Feedback/Questions

Err codemadness.org 70 i 15966 Err codemadness.org 70 i 15967

Bruce - Down the expect rabbithole
Bruce - Expect (update)
David - Netgraph answer
Mason - Beeps?

Err codemadness.org 70 i 15973 Err codemadness.org 70 i 15974

Err codemadness.org 70 i 15975 Err codemadness.org 70 i 15976

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 15979 Err codemadness.org 70 i 15980

Err codemadness.org 70 i 15981 Err codemadness.org 70 i 15982 Err codemadness.org 70 i 15983 Err codemadness.org 70 i 15984 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 15985 ]]> Err codemadness.org 70 i 15986

317: Bots Building Jails

Allan Jude — Wed, 25 Sep 2019 23:00:00 -0700

Err codemadness.org 70 i 16266 Setting up buildbot in FreeBSD jails, Set up a mail server with OpenSMTPD, Dovecot and Rspamd, OpenBSD amateur packet radio with HamBSD, DragonFlyBSD's HAMMER2 gets fsck, return of startx for users.

Err codemadness.org 70 i 16267 Err codemadness.org 70 i 16268

Headlines

Err codemadness.org 70 i 16269 Err codemadness.org 70 i 16270

EuroBSDcon 2019 Recap

Err codemadness.org 70 i 16271 Err codemadness.org 70 i 16272

Err codemadness.org 70 i 16273
We’re back from EuroBSDcon in Lillehammer, Norway. It was a great conference with 212 people attending. 2 days of tutorials, parallel to the FreeBSD Devsummit, followed by two days of talks. Some speakers uploaded their slides to papers.freebsd.org already with more to come.
Err codemadness.org 70 i 16274 Err codemadness.org 70 i 16275
The social event was also interesting. We visited an open air museum with building preserved from different time periods. In the older section they had a collection of farm buildings, a church originally built in the 1200s and relocated to the museum, and a school house. In the more modern area, they had houses from 1915, and each decade from 1930 to 1990, plus a “house of the future” as imagined in 2001. Many had open doors to allow you to tour the inside, and some were even “inhabited”. The latter fact gave a much more interactive experience and we could learn additional things about the history of that particular house. The town at the end included a general store, a post office, and more. Then, we all had a nice dinner together in the museum’s restaurant.
Err codemadness.org 70 i 16276

Err codemadness.org 70 i 16277 Err codemadness.org 70 i 16278

The opening keynote by Patricia Aas was very good. Her talk on embedded ethics, from her perspective as someone trying to defend the sanctity of Norwegian elections, and a former developer for the Opera web browser, provided a great deal of insight into the issues. Her points about how the tech community has unleashed a very complex digital work upon people with barely any technical literacy were well taken. Her stories of trying to explain the problems with involving computers in the election process to journalists and politicians struck a chord with many of us, who have had to deal with legislation written by those who do not truly understand the issues with technology.

Err codemadness.org 70 i 16281 Err codemadness.org 70 i 16282

Err codemadness.org 70 i 16283 Err codemadness.org 70 i 16284

Setting up buildbot in FreeBSD jails

Err codemadness.org 70 i 16285 Err codemadness.org 70 i 16286

Err codemadness.org 70 i 16287
In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism "jails". We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.
Err codemadness.org 70 i 16288

Err codemadness.org 70 i 16289 Err codemadness.org 70 i 16290

Err codemadness.org 70 i 16291 Err codemadness.org 70 i 16292

Setting up a mail server with OpenSMTPD, Dovecot and Rspamd

Err codemadness.org 70 i 16293 Err codemadness.org 70 i 16294

Self-hosting and encouraging smaller providers is for the greater good

Err codemadness.org 70 i 16297 Err codemadness.org 70 i 16298

Err codemadness.org 70 i 16299
First of all, I was not clear enough about the political consequences of centralizing mail services at Big Mailer Corps.
Err codemadness.org 70 i 16300 Err codemadness.org 70 i 16301
It doesn’t make sense for Random Joe, sharing kitten pictures with his family and friends, to build a personal mail infrastructure when multiple Big Mailer Corps offer “for free” an amazing quality of service. They provide him with an e-mail address that is immediately available and which will generally work reliably. It really doesn’t make sense for Random Joe not to go there, and particularly if even techies go there without hesitation, proving it is a sound choice.
Err codemadness.org 70 i 16302 Err codemadness.org 70 i 16303
There is nothing wrong with Random Joes using a service that works.
Err codemadness.org 70 i 16304 Err codemadness.org 70 i 16305
What is terribly wrong though is the centralization of a communication protocol in the hands of a few commercial companies, EVERY SINGLE ONE OF THEM coming from the same country (currently led by a lunatic who abuses power and probably suffers from NPD), EVERY SINGLE ONE OF THEM having been in the news and/or in a court for random/assorted “unpleasant” behaviors (privacy abuses, eavesdropping, monopoly abuse, sexual or professional harassment, you just name it…), and EVERY SINGLE ONE OF THEM growing user bases that far exceeds the total population of multiple countries combined.
Err codemadness.org 70 i 16306

Err codemadness.org 70 i 16307 Err codemadness.org 70 i 16308

Err codemadness.org 70 i 16309 Err codemadness.org 70 i 16310

News Roundup

Err codemadness.org 70 i 16311 Err codemadness.org 70 i 16312

The HamBSD project aims to bring amateur packet radio to OpenBSD

Err codemadness.org 70 i 16313 Err codemadness.org 70 i 16314

Err codemadness.org 70 i 16315
The HamBSD project aims to bring amateur packet radio to OpenBSD, including support for TCP/IP over AX.25 and APRS tracking/digipeating in the base system.
Err codemadness.org 70 i 16316 Err codemadness.org 70 i 16317
HamBSD will not provide a full AX.25 stack but instead only implement support for UI frames. There will be a focus on simplicity, security and readable code.
Err codemadness.org 70 i 16318 Err codemadness.org 70 i 16319
The amateur radio community needs a reliable platform for packet radio for use in both leisure and emergency scenarios. It should be expected that the system is stable and resilient (but as yet it is neither).
Err codemadness.org 70 i 16320

Err codemadness.org 70 i 16321 Err codemadness.org 70 i 16322

Err codemadness.org 70 i 16323 Err codemadness.org 70 i 16324

DragonFlyBSD's HAMMER2 Gets Basic FSCK Support

Err codemadness.org 70 i 16325 Err codemadness.org 70 i 16326

Err codemadness.org 70 i 16327
HAMMER2 is Copy on Write, meaning changes are made to copies of existing data. This means operations are generally atomic and can survive a power outage, etc. (You should read up on it!) However, there’s now a fsck command, useful if you want a report of data validity rather than any manual repair process.
Err codemadness.org 70 i 16328

Err codemadness.org 70 i 16329 Err codemadness.org 70 i 16330

commit

Err codemadness.org 70 i 16333 Err codemadness.org 70 i 16334

Err codemadness.org 70 i 16335
Add initial fsck support for HAMMER2, although CoW fs doesn't require fsck as a concept. Currently no repairing (no write), just verifying.
Err codemadness.org 70 i 16336 Err codemadness.org 70 i 16337
Keep this as a separate command for now.
Err codemadness.org 70 i 16338 https://i.redd.it/vkdss0mtdpo31.jpg
Err codemadness.org 70 i 16339 Err codemadness.org 70 i 16340
Err codemadness.org 70 i 16341

Err codemadness.org 70 i 16342 Err codemadness.org 70 i 16343

The return of startx for users

Err codemadness.org 70 i 16344 Err codemadness.org 70 i 16345

Err codemadness.org 70 i 16346
Add modesetting driver as a fall-back when appropriate such that we can use it when running without root privileges which prevents us from scanning the PCI bus.
Err codemadness.org 70 i 16347 Err codemadness.org 70 i 16348
This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)).
Err codemadness.org 70 i 16349

Err codemadness.org 70 i 16350 Err codemadness.org 70 i 16351

Err codemadness.org 70 i 16352 Err codemadness.org 70 i 16353

Beastie Bits

Err codemadness.org 70 i 16354 Err codemadness.org 70 i 16355

Ori Bernstein will be giving the October talk at NYCBUG
BSD Pizza Night: 2019/09/26, 7–9PM, Portland, Oregon, USA
Nick Wolff : Home Lab Show & Tell
Installing the Lumina Desktop in DragonflyBSD
dhcpcd 8.0.6 added

Err codemadness.org 70 i 16362 Err codemadness.org 70 i 16363

Err codemadness.org 70 i 16364 Err codemadness.org 70 i 16365

Feedback/Questions

Err codemadness.org 70 i 16366 Err codemadness.org 70 i 16367

Bruce - FOSDEM videos
Lars - Super Cluster of BSD on Rock64Pr
Madhukar - Question

Err codemadness.org 70 i 16372 Err codemadness.org 70 i 16373

Err codemadness.org 70 i 16374 Err codemadness.org 70 i 16375

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 16378 Err codemadness.org 70 i 16379

Err codemadness.org 70 i 16380 Err codemadness.org 70 i 16381 Err codemadness.org 70 i 16382 Err codemadness.org 70 i 16383 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 16384 ]]> Err codemadness.org 70 i 16385

316: git commit FreeBSD

Allan Jude — Wed, 18 Sep 2019 20:00:00 -0700

Err codemadness.org 70 i 16703 NetBSD LLVM sanitizers and GDB regression test suite, Ada—The Language of Cost Savings, Homura - a Windows Games Launcher for FreeBSD, FreeBSD core team appoints a WG to explore transition to Git, OpenBSD 6.6 Beta tagged, Project Trident 12-U5 update now available, and more.

Err codemadness.org 70 i 16704 Err codemadness.org 70 i 16705

Headlines

Err codemadness.org 70 i 16706 Err codemadness.org 70 i 16707

LLVM santizers and GDB regression test suite.

Err codemadness.org 70 i 16708 Err codemadness.org 70 i 16709

Err codemadness.org 70 i 16710
As NetBSD-9 is branched, I have been asked to finish the LLVM sanitizer integration. This work is now accomplished and with MKLLVM=yes build option (by default off), the distribution will be populated with LLVM files for ASan, TSan, MSan, UBSan, libFuzzer, SafeStack and XRay.
Err codemadness.org 70 i 16711 Err codemadness.org 70 i 16712
I have also transplanted basesystem GDB patched to my GDB repository and managed to run the GDB regression test-suite.
Err codemadness.org 70 i 16713

Err codemadness.org 70 i 16714 Err codemadness.org 70 i 16715

NetBSD distribution changes

Err codemadness.org 70 i 16718 Err codemadness.org 70 i 16719

Err codemadness.org 70 i 16720
I have enhanced and imported my local MKSANITIZER code that makes whole distribution sanitization possible. Few real bugs were fixed and a number of patches were newly written to reflect the current NetBSD sources state. I have also merged another chunk of the fruits of the GSoC-2018 project with fuzzing the userland (by plusun@).
Err codemadness.org 70 i 16721

Err codemadness.org 70 i 16722 Err codemadness.org 70 i 16723

The following changes were committed to the sources: Err codemadness.org 70 i 16725 Err codemadness.org 70 i 16726
- ab7de18d0283 Cherry-pick upstream compiler-rt patches for LLVM sanitizers
- 966c62a34e30 Add LLVM sanitizers in the MKLLVM=yes build
- 8367b667adb9 telnetd: Stop defining the same variables concurrently in bss and data
- fe72740f64bf fsck: Stop defining the same variable concurrently in bss and data
- 40e89e890d66 Fix build of t_ubsan/t_ubsanxx under MKSANITIZER
- b71326fd7b67 Avoid symbol clashes in tests/usr.bin/id under MKSANITIZER
- c581f2e39fa5 Avoid symbol clashes in fs/nfs/nfsservice under MKSANITIZER
- 030a4686a3c6 Avoid symbol clashes in bin/df under MKSANITIZER
- fd9679f6e8b1 Avoid symbol clashes in usr.sbin/ypserv/ypserv under MKSANITIZER
- 5df2d7939ce3 Stop defining _rpcsvcdirty in bss and data
- 5fafbe8b8f64 Add missing extern declaration of ib_mach_emips in installboot
- d134584be69a Add SANITIZER_RENAME_CLASSES in bsd.prog.mk
- 2d00d9b08eae Adapt tests/kernel/t_subr_prf for MKSANITIZER
- ce54363fe452 Ship with sanitizer/lsan_interface.h for GCC 7
- 7bd5ee95e9a0 Ship with sanitizer/lsan_interface.h for LLVM 7
- d8671fba7a78 Set NODEBUG for LLVM sanitizers
- 242cd44890a2 Add PAXCTL_FLAG rules for MKSANITIZER
- 5e80ab99d9ce Avoid symbol clashes in test/rump/modautoload/t_modautoload with sanitizers
- e7ce7ecd9c2a sysctl: Add indirection of symbols to remove clash with sanitizers
- 231aea846aba traceroute: Add indirection of symbol to remove clash with sanitizers
- 8d85053f487c sockstat: Add indirection of symbols to remove clash with sanitizers
- 81b333ab151a netstat: Add indirection of symbols to remove clash with sanitizers
- a472baefefe8 Correct the memset(3)'s third argument in i386 biosdisk.c
- 7e4e92115bc3 Add ATF c and c++ tests for TSan, MSan, libFuzzer
- 921ddc9bc97c Set NOSANITIZER in i386 ramdisk image
- 64361771c78d Enhance MKSANITIZER support
- 3b5608f80a2b Define target_not_supported_body() in TSan, MSan and libFuzzer tests
- c27f4619d513 Avoids signedness bit shift in db_get_value()
- 680c5b3cc24f Fix LLVM sanitizer build by GCC (HAVE_LLVM=no)
- 4ecfbbba2f2a Rework the LLVM compiler_rt build rules
- 748813da5547 Correct the build rules of LLVM sanitizers
- 20e223156dee Enhance the support of LLVM sanitizers
- 0bb38eb2f20d Register syms.extra in LLVM sanitizer .syms files
- Almost all of the mentioned commits were backported to NetBSD-9 and will land 9.0.

Err codemadness.org 70 i 16763 Err codemadness.org 70 i 16764

Err codemadness.org 70 i 16765 Err codemadness.org 70 i 16766

Homura - a Windows Games Launcher for FreeBSD

Err codemadness.org 70 i 16767 Err codemadness.org 70 i 16768

Err codemadness.org 70 i 16769
Inspired by lutris (a Linux gaming platform), we would like to provide a game launcher to play windows games on FreeBSD.
Err codemadness.org 70 i 16770

Err codemadness.org 70 i 16771 Err codemadness.org 70 i 16772

Makes it easier to run games on FreeBSD, by providing the tweaks and dependencies for you
Dependencies Err codemadness.org 70 i 16775 Err codemadness.org 70 i 16776
- curl
- bash
- p7zip
- zenity
- webfonts
- alsa-utils (Optional)
- winetricks
- vulkan-tools
- mesa-demos
- i386-wine-devel on amd64 or wine-devel on i386

Err codemadness.org 70 i 16789 Err codemadness.org 70 i 16790

Err codemadness.org 70 i 16791 Err codemadness.org 70 i 16792

News Roundup

Err codemadness.org 70 i 16793 Err codemadness.org 70 i 16794

Ada—The Language of Cost Savings?

Err codemadness.org 70 i 16795 Err codemadness.org 70 i 16796

Err codemadness.org 70 i 16797
Many myths surround the Ada programming language, but it continues to be used and evolve at the same time. And while the increased adoption of Ada and SPARK, its provable subset, is slow, it’s noticeable. Ada already addresses more of the features found in found in heavily used embedded languages like C+ and C#. It also tackles problems addressed by upcoming languages like Rust.
Err codemadness.org 70 i 16798 Err codemadness.org 70 i 16799
Chris concludes, “Development technologies have a profound impact on one of the largest and most variable costs associated with embedded-system engineering—labor. At a time when on-time system deployment can not only impact customer satisfaction, but access to services revenue streams, engineering team efficiency is at a premium. Our research showed that programming language choices can have significant influence in this area, leading to shorter projects, better schedules and, ultimately, lower development costs. While a variety of factors can influence and dictate language choice, our research showed that Ada’s evolution has made it an increasingly compelling option for engineering organizations, providing both technically and financially sound solution.”
Err codemadness.org 70 i 16800 Err codemadness.org 70 i 16801
In general, Ada already makes embedded “programming in the large” much easier by handling issues that aren’t even addressed in other languages. Though these features are often provided by third-party software, it results in inconsistent practices among developers. Ada also supports the gamut of embedded platforms from systems like Arm’s Cortex-M through supercomputers. Learning Ada isn’t as hard as one might think and the benefits can be significant.
Err codemadness.org 70 i 16802

Err codemadness.org 70 i 16803 Err codemadness.org 70 i 16804

Err codemadness.org 70 i 16805 Err codemadness.org 70 i 16806

FreeBSD core team appoints a WG to explore transitioning from Subversion to Git.

Err codemadness.org 70 i 16807 Err codemadness.org 70 i 16808

The FreeBSD Core Team is the governing body of FreeBSD.

Err codemadness.org 70 i 16811 Err codemadness.org 70 i 16812

Err codemadness.org 70 i 16813
Core approved source commit bits for Doug Moore (dougm), Chuck Silvers (chs), Brandon Bergren (bdragon), and a vendor commit bit for Scott Phillips (scottph).
Err codemadness.org 70 i 16814 Err codemadness.org 70 i 16815
The annual developer survey closed on 2019-04-02. Of the 397 developers, 243 took the survey with an average completion time of 12 minutes. The public survey closed on 2019-05-13. It was taken by 3637 users and had a 79% completion rate. A presentation of the survey results took place at BSDCan 2019.
Err codemadness.org 70 i 16816 Err codemadness.org 70 i 16817
The core team voted to appoint a working group to explore transitioning our source code 'source of truth' from Subversion to Git. Core asked Ed Maste to chair the group as Ed has been researching this topic for some time. For example, Ed gave a MeetBSD 2018 talk on the topic.
Err codemadness.org 70 i 16818 Err codemadness.org 70 i 16819
There is a variety of viewpoints within core regarding where and how to host a Git repository, however core feels that Git is the prudent path forward.
Err codemadness.org 70 i 16820

Err codemadness.org 70 i 16821 Err codemadness.org 70 i 16822

Err codemadness.org 70 i 16823 Err codemadness.org 70 i 16824

OpenBSD 6.6 Beta tagged

Err codemadness.org 70 i 16825 Err codemadness.org 70 i 16826

CVSROOT:    /cvs	Err	codemadness.org	70
i 16827 Module name:    src	Err	codemadness.org	70
i 16828 Changes by:    deraadt@cvs.openbsd.org    2019/08/09 21:56:02	Err	codemadness.org	70
i 16829 	Err	codemadness.org	70
i 16830 Modified files:	Err	codemadness.org	70
i 16831     etc/root : root.mail	Err	codemadness.org	70
i 16832     share/mk : sys.mk	Err	codemadness.org	70
i 16833     sys/arch/macppc/stand/tbxidata: bsd.tbxi	Err	codemadness.org	70
i 16834     sys/conf : newvers.sh	Err	codemadness.org	70
i 16835     sys/sys : param.h	Err	codemadness.org	70
i 16836     usr.bin/signify: signify.1	Err	codemadness.org	70
i 16837 	Err	codemadness.org	70
i 16838 Log message:	Err	codemadness.org	70
i 16839 move to 6.6-beta	Err	codemadness.org	70
i 16840

Err codemadness.org 70 i 16841 Err codemadness.org 70 i 16842

Preliminary release notes

Err codemadness.org 70 i 16843 Err codemadness.org 70 i 16844

Improved hardware support, including:

Err codemadness.org 70 i 16845 Err codemadness.org 70 i 16846

clang(1) is now provided on powerpc.
IEEE 802.11 wireless stack improvements:
Generic network stack improvements:
Installer improvements:
Security improvements:
+ Routing daemons and other userland network improvements
+ The ntpd(8) daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.
+ bgdp(8) improvements
+ Assorted improvements:
+ The filesystem buffer cache now more aggressively uses memory outside the DMA region, to improve cache performance on amd64 machines.
The BER API previously internal to ldap(1), ldapd(8), ypldap(8), and snmpd(8) has been moved into libutil. See ber_read_elements(3).
Support for specifying boot device in vm.conf(5).
OpenSMTPD 6.6.0
LibreSSL 3.0.X
API and Documentation Enhancements
Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API.
Documented undescribed options and removed unfunctional options description in openssl(1) manual.
OpenSSH 8.0

Err codemadness.org 70 i 16866 Err codemadness.org 70 i 16867

Err codemadness.org 70 i 16868 Err codemadness.org 70 i 16869

Project Trident 12-U5 update now available

Err codemadness.org 70 i 16870 Err codemadness.org 70 i 16871

Err codemadness.org 70 i 16872
This is the fifth general package update to the STABLE release repository based upon TrueOS 12-Stable.
Err codemadness.org 70 i 16873

Err codemadness.org 70 i 16874 Err codemadness.org 70 i 16875

Package changes from Stable 12-U4
Package Summary
Err codemadness.org 70 i 16878 Err codemadness.org 70 i 16879
- New Packages: 20
- Deleted Packages: 24
- Updated Packages: 279
New Packages (20)
Err codemadness.org 70 i 16885 Err codemadness.org 70 i 16886
- artemis (biology/artemis) : 17.0.1.11
- catesc (games/catesc) : 0.6
- dmlc-core (devel/dmlc-core) : 0.3.105
- go-wtf (sysutils/go-wtf) : 0.20.0_1
- instead (games/instead) : 3.3.0_1
- lidarr (net-p2p/lidarr) : 0.6.2.883
- minerbold (games/minerbold) : 1.4
- onnx (math/onnx) : 1.5.0
- openzwave-devel (comms/openzwave-devel) : 1.6.897
- polkit-qt-1 (sysutils/polkit-qt) : 0.113.0_8
- py36-traitsui (graphics/py-traitsui) : 6.1.2
- rubygem-aws-sigv2 (devel/rubygem-aws-sigv2) : 1.0.1
- rubygem-default_value_for32 (devel/rubygem-default_value_for32) : 3.2.0
- rubygem-ffi110 (devel/rubygem-ffi110) : 1.10.0
- rubygem-zeitwerk (devel/rubygem-zeitwerk) : 2.1.9
- sems (net/sems) : 1.7.0.g20190822
- skypat (devel/skypat) : 3.1.1
- tvm (math/tvm) : 0.4.1440
- vavoom (games/vavoom) : 1.33_15
- vavoom-extras (games/vavoom-extras) : 1.30_4
Deleted Packages (24)
Err codemadness.org 70 i 16909 Err codemadness.org 70 i 16910
- geeqie (graphics/geeqie) : Unknown reason
- iriverter (multimedia/iriverter) : Unknown reason
- kde5 (x11/kde5) : Unknown reason
- kicad-doc (cad/kicad-doc) : Unknown reason
- os-nozfs-buildworld (os/buildworld) : Unknown reason
- os-nozfs-userland (os/userland) : Unknown reason
- os-nozfs-userland-base (os/userland-base) : Unknown reason
- os-nozfs-userland-base-bootstrap (os/userland-base-bootstrap) : Unknown reason
- os-nozfs-userland-bin (os/userland-bin) : Unknown reason
- os-nozfs-userland-boot (os/userland-boot) : Unknown reason
- os-nozfs-userland-conf (os/userland-conf) : Unknown reason
- os-nozfs-userland-debug (os/userland-debug) : Unknown reason
- os-nozfs-userland-devtools (os/userland-devtools) : Unknown reason
- os-nozfs-userland-docs (os/userland-docs) : Unknown reason
- os-nozfs-userland-lib (os/userland-lib) : Unknown reason
- os-nozfs-userland-lib32 (os/userland-lib32) : Unknown reason
- os-nozfs-userland-lib32-development (os/userland-lib32-development) : Unknown reason
- os-nozfs-userland-rescue (os/userland-rescue) : Unknown reason
- os-nozfs-userland-sbin (os/userland-sbin) : Unknown reason
- os-nozfs-userland-tests (os/userland-tests) : Unknown reason
- photoprint (print/photoprint) : Unknown reason
- plasma5-plasma (x11/plasma5-plasma) : Unknown reason
- polkit-qt5 (sysutils/polkit-qt) : Unknown reason
- secpanel (security/secpanel) : Unknown reason

Err codemadness.org 70 i 16937 Err codemadness.org 70 i 16938

Err codemadness.org 70 i 16939 Err codemadness.org 70 i 16940

Beastie Bits

Err codemadness.org 70 i 16941 Err codemadness.org 70 i 16942

DragonFlyBSD - msdosfs updates
Stand out as a speaker
Not a review of the 7th Gen X1 Carbon
FreeBSD Meets Linux At The Open Source Summit
QEMU VM Escape
Porting wine to amd64 on NetBSD, third evaluation report.
OpenBSD disabled DoH by default in Firefox

Err codemadness.org 70 i 16951 Err codemadness.org 70 i 16952

Err codemadness.org 70 i 16953 Err codemadness.org 70 i 16954

Feedback/Questions

Err codemadness.org 70 i 16955 Err codemadness.org 70 i 16956

Reinis - GELI with UEFI
Mason - Beeping

Err codemadness.org 70 i 16960 Err codemadness.org 70 i 16961

[CHVT feedback]
Err codemadness.org 70 i 16962 DJ - Feedback
Err codemadness.org 70 i 16963 Ben - chvt
Err codemadness.org 70 i 16964 Harri - Marc's chvt question

Err codemadness.org 70 i 16965 Err codemadness.org 70 i 16966

Err codemadness.org 70 i 16967 Err codemadness.org 70 i 16968

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 16971 Err codemadness.org 70 i 16972

Err codemadness.org 70 i 16973 Err codemadness.org 70 i 16974 Err codemadness.org 70 i 16975 Err codemadness.org 70 i 16976 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 16977 ]]> Err codemadness.org 70 i 16978

315: Recapping vBSDcon 2019

Allan Jude — Wed, 11 Sep 2019 22:45:00 -0700

Err codemadness.org 70 i 17355 vBSDcon 2019 recap, Unix at 50, OpenBSD on fan-less Tuxedo InfinityBook, humungus - an hg server, how to configure a network dump in FreeBSD, and more.

Err codemadness.org 70 i 17356 Err codemadness.org 70 i 17357

Headlines

Err codemadness.org 70 i 17358 Err codemadness.org 70 i 17359

vBSDcon Recap

Err codemadness.org 70 i 17360 Err codemadness.org 70 i 17361

Allan and Benedict attended vBSDcon 2019, which ended last week.

Err codemadness.org 70 i 17362 Err codemadness.org 70 i 17363

It was held again at the Hyatt Regency Reston and the main conference was organized by Dan Langille of BSDCan fame.The two day conference was preceded by a one day FreeBSD hackathon, where FreeBSD developers had the chance to work on patches and PRs. In the evening, a reception was held to welcome attendees and give them a chance to chat and get to know each other over food and drinks.

Err codemadness.org 70 i 17364 Err codemadness.org 70 i 17365

The first day of the conference was opened with a Keynote by Paul Vixie about DNS over HTTPS (DoH). He explained how we got to the current state and what challenges (technical and social) this entails.

Err codemadness.org 70 i 17366 Err codemadness.org 70 i 17367

If you missed this talk and are dying to see it, it will also be presented at EuroBSDCon next week

Err codemadness.org 70 i 17370 Err codemadness.org 70 i 17371

John Baldwin followed up by giving an overview of the work on “In-Kernel TLS Framing and Encryption for FreeBSD” abstract and the recent commit we covered in episode 313.

Err codemadness.org 70 i 17372 Err codemadness.org 70 i 17373

Meanwhile, Brian Callahan was giving a separate session in another room about “Learning to (Open)BSD through its porting system: an attendee-driven educational session” where people had the chance to learn about how to create ports for the BSDs.

Err codemadness.org 70 i 17374 Err codemadness.org 70 i 17375

David Fullard’s talk about “Transitioning from FreeNAS to FreeBSD” was his first talk at a BSD conference and described how he built his own home NAS setup trying to replicate FreeNAS’ functionality on FreeBSD, and why he transitioned from using an appliance to using vanilla FreeBSD.

Err codemadness.org 70 i 17376 Err codemadness.org 70 i 17377

Shawn Webb followed with his overview talk about the “State of the Hardened Union”.

Err codemadness.org 70 i 17378 Err codemadness.org 70 i 17379

Benedict’s talk about “Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL” was well received as people are interested in how we liberated ourselves from the clutches of Oracle without compromising functionality.

Err codemadness.org 70 i 17380 Err codemadness.org 70 i 17381

Entertaining and educational at the same time, Michael W. Lucas talk about “Twenty Years in Jail: FreeBSD Jails, Then and Now” closed the first day. Lucas also had a table in the hallway with his various tech and non-tech books for sale.

Err codemadness.org 70 i 17382 Err codemadness.org 70 i 17383

People formed small groups and went into town for dinner. Some returned later that night to some work in the hacker lounge or talk amongst fellow BSD enthusiasts.

Err codemadness.org 70 i 17384 Err codemadness.org 70 i 17385

Colin Percival was the keynote speaker for the second day and had an in-depth look at “23 years of software side channel attacks”.

Err codemadness.org 70 i 17386 Err codemadness.org 70 i 17387

Allan reprised his “ELI5: ZFS Caching” talk explaining how the ZFS adaptive replacement cache (ARC) work and how it can be tuned for various workloads.

Err codemadness.org 70 i 17388 Err codemadness.org 70 i 17389

“By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives” by Michael Dexter followed with his approach to benchmarking OpenZFS on various platforms.

Err codemadness.org 70 i 17390 Err codemadness.org 70 i 17391

Conor Beh was also a new speaker to vBSDcon. His talk was about “FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS”.

Err codemadness.org 70 i 17392 Err codemadness.org 70 i 17393

Two OpenBSD talks closed the talk session: Kurt Mosiejczuk with “Care and Feeding of OpenBSD Porters” and Aaron Poffenberger with “Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up”.

Err codemadness.org 70 i 17394 Err codemadness.org 70 i 17395

A dinner and reception was enjoyed by the attendees and gave more time to discuss the talks given and other things until late at night.

Err codemadness.org 70 i 17396 Err codemadness.org 70 i 17397

We want to thank the vBSDcon organizers and especially Dan Langille for running such a great conference. We are grateful to Verisign as the main sponsor and The FreeBSD Foundation for sponsoring the tote bags. Thanks to all the speakers and attendees!

Err codemadness.org 70 i 17398 Err codemadness.org 70 i 17399

humungus - an hg server

Err codemadness.org 70 i 17400 Err codemadness.org 70 i 17401

Features Err codemadness.org 70 i 17403 Err codemadness.org 70 i 17404
- View changes, files, changesets, etc. Some syntax highlighting.
- Read only.
- Serves multiple repositories.
- Allows cloning via the obvious URL. Supports go get.
- Serves files for downloads.
- Online documentation via mandoc.
- Terminal based admin interface.

Err codemadness.org 70 i 17414 Err codemadness.org 70 i 17415

Err codemadness.org 70 i 17416 Err codemadness.org 70 i 17417

News Roundup

Err codemadness.org 70 i 17418 Err codemadness.org 70 i 17419

OpenBSD on fan-less Tuxedo InfinityBook 14″ v2.

Err codemadness.org 70 i 17420 Err codemadness.org 70 i 17421

Err codemadness.org 70 i 17422
The InfinityBook 14” v2 is a fanless 14” notebook. It is an excellent choice for running OpenBSD - but order it with the supported wireless card (see below.).
Err codemadness.org 70 i 17423 Err codemadness.org 70 i 17424
I’ve set it up in a dual-boot configuration so that I can switch between Linux and OpenBSD - mainly to spot differences in the drivers. TUXEDO allows a variety of configurations through their webshop.
Err codemadness.org 70 i 17425 Err codemadness.org 70 i 17426
The dual boot setup with grub2 and EFI boot will be covered in a separate blogpost. My tests were done with OpenBSD-current - which is as of writing flagged as 6.6-beta.
Err codemadness.org 70 i 17427

Err codemadness.org 70 i 17428 Err codemadness.org 70 i 17429

See Article for breakdown of CPU, Wireless, Video, Webcam, Audio, ACPI, Battery, Touchpad, and MicroSD Card Reader

Err codemadness.org 70 i 17432 Err codemadness.org 70 i 17433

Err codemadness.org 70 i 17434 Err codemadness.org 70 i 17435

Unix at 50: How the OS that powered smartphones started from failure

Err codemadness.org 70 i 17436 Err codemadness.org 70 i 17437

Err codemadness.org 70 i 17438
Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT. Largely the brainchild of a few programmers at Bell Labs, the unlikely story of Unix begins with a meeting on the top floor of an otherwise unremarkable annex at the sprawling Bell Labs complex in Murray Hill, New Jersey.
Err codemadness.org 70 i 17439 Err codemadness.org 70 i 17440
It was a bright, cold Monday, the last day of March 1969, and the computer sciences department was hosting distinguished guests: Bill Baker, a Bell Labs vice president, and Ed David, the director of research. Baker was about to pull the plug on Multics (a condensed form of MULTiplexed Information and Computing Service), a software project that the computer sciences department had been working on for four years. Multics was two years overdue, way over budget, and functional only in the loosest possible understanding of the term.
Err codemadness.org 70 i 17441 Err codemadness.org 70 i 17442
Trying to put the best spin possible on what was clearly an abject failure, Baker gave a speech in which he claimed that Bell Labs had accomplished everything it was trying to accomplish in Multics and that they no longer needed to work on the project. As Berk Tague, a staffer present at the meeting, later told Princeton University, “Like Vietnam, he declared victory and got out of Multics.”
Err codemadness.org 70 i 17443 Err codemadness.org 70 i 17444
Within the department, this announcement was hardly unexpected. The programmers were acutely aware of the various issues with both the scope of the project and the computer they had been asked to build it for.
Err codemadness.org 70 i 17445 Err codemadness.org 70 i 17446
Still, it was something to work on, and as long as Bell Labs was working on Multics, they would also have a $7 million mainframe computer to play around with in their spare time. Dennis Ritchie, one of the programmers working on Multics, later said they all felt some stake in the success of the project, even though they knew the odds of that success were exceedingly remote.
Err codemadness.org 70 i 17447 Err codemadness.org 70 i 17448
Cancellation of Multics meant the end of the only project that the programmers in the Computer science department had to work on—and it also meant the loss of the only computer in the Computer science department. After the GE 645 mainframe was taken apart and hauled off, the computer science department’s resources were reduced to little more than office supplies and a few terminals.
Err codemadness.org 70 i 17449

Err codemadness.org 70 i 17450 Err codemadness.org 70 i 17451

Some of Allan’s favourite excerpts:

Err codemadness.org 70 i 17454 Err codemadness.org 70 i 17455

Err codemadness.org 70 i 17456
In the early '60s, Bill Ninke, a researcher in acoustics, had demonstrated a rudimentary graphical user interface with a DEC PDP-7 minicomputer. Acoustics still had that computer, but they weren’t using it and had stuck it somewhere out of the way up on the sixth floor.
Err codemadness.org 70 i 17457 Err codemadness.org 70 i 17458
And so Thompson, an indefatigable explorer of the labs’ nooks and crannies, finally found that PDP-7 shortly after Davis and Baker cancelled Multics.
Err codemadness.org 70 i 17459 Err codemadness.org 70 i 17460
With the rest of the team’s help, Thompson bundled up the various pieces of the PDP-7—a machine about the size of a refrigerator, not counting the terminal—moved it into a closet assigned to the acoustics department, and got it up and running. One way or another, they convinced acoustics to provide space for the computer and also to pay for the not infrequent repairs to it out of that department’s budget.
Err codemadness.org 70 i 17461 Err codemadness.org 70 i 17462
McIlroy’s programmers suddenly had a computer, kind of. So during the summer of 1969, Thompson, Ritchie, and Canaday hashed out the basics of a file manager that would run on the PDP-7. This was no simple task. Batch computing—running programs one after the other—rarely required that a computer be able to permanently store information, and many mainframes did not have any permanent storage device (whether a tape or a hard disk) attached to them. But the time-sharing environment that these programmers had fallen in love with required attached storage. And with multiple users connected to the same computer at the same time, the file manager had to be written well enough to keep one user’s files from being written over another user’s. When a file was read, the output from that file had to be sent to the user that was opening it.
Err codemadness.org 70 i 17463 Err codemadness.org 70 i 17464
It was a challenge that McIlroy’s team was willing to accept. They had seen the future of computing and wanted to explore it. They knew that Multics was a dead-end, but they had discovered the possibilities opened up by shared development, shared access, and real-time computing. Twenty years later, Ritchie characterized it for Princeton as such: “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form.”
Err codemadness.org 70 i 17465 Err codemadness.org 70 i 17466
Eventually when they had the file management system more or less fleshed out conceptually, it came time to actually write the code. The trio—all of whom had terrible handwriting—decided to use the Labs’ dictating service. One of them called up a lab extension and dictated the entire code base into a tape recorder. And thus, some unidentified clerical worker or workers soon had the unenviable task of trying to convert that into a typewritten document.
Err codemadness.org 70 i 17467 Err codemadness.org 70 i 17468
Of course, it was done imperfectly. Among various errors, “inode” came back as “eye node,” but the output was still viewed as a decided improvement over their assorted scribbles.
Err codemadness.org 70 i 17469 Err codemadness.org 70 i 17470
In August 1969, Thompson’s wife and son went on a three-week vacation to see her family out in Berkeley, and Thompson decided to spend that time writing an assembler, a file editor, and a kernel to manage the PDP-7 processor. This would turn the group’s file manager into a full-fledged operating system. He generously allocated himself one week for each task.
Err codemadness.org 70 i 17471 Err codemadness.org 70 i 17472
Thompson finished his tasks more or less on schedule. And by September, the computer science department at Bell Labs had an operating system running on a PDP-7—and it wasn’t Multics.
Err codemadness.org 70 i 17473 Err codemadness.org 70 i 17474
By the summer of 1970, the team had attached a tape drive to the PDP-7, and their blossoming OS also had a growing selection of tools for programmers (several of which persist down to this day). But despite the successes, Thompson, Canaday, and Ritchie were still being rebuffed by labs management in their efforts to get a brand-new computer.
Err codemadness.org 70 i 17475 Err codemadness.org 70 i 17476
It wasn’t until late 1971 that the computer science department got a truly modern computer. The Unix team had developed several tools designed to automatically format text files for printing over the past year or so. They had done so to simplify the production of documentation for their pet project, but their tools had escaped and were being used by several researchers elsewhere on the top floor. At the same time, the legal department was prepared to spend a fortune on a mainframe program called “AstroText.” Catching wind of this, the Unix crew realized that they could, with only a little effort, upgrade the tools they had written for their own use into something that the legal department could use to prepare patent applications.
Err codemadness.org 70 i 17477 Err codemadness.org 70 i 17478
The computer science department pitched lab management on the purchase of a DEC PDP-11 for document production purposes, and Max Mathews offered to pay for the machine out of the acoustics department budget. Finally, management gave in and purchased a computer for the Unix team to play with. Eventually, word leaked out about this operating system, and businesses and institutions with PDP-11s began contacting Bell Labs about their new operating system. The Labs made it available for free—requesting only the cost of postage and media from anyone who wanted a copy.
Err codemadness.org 70 i 17479 Err codemadness.org 70 i 17480
The rest has quite literally made tech history.
Err codemadness.org 70 i 17481

Err codemadness.org 70 i 17482 Err codemadness.org 70 i 17483

See the link for the rest of the article

Err codemadness.org 70 i 17486 Err codemadness.org 70 i 17487

Err codemadness.org 70 i 17488 Err codemadness.org 70 i 17489

How to configure a network dump in FreeBSD?

Err codemadness.org 70 i 17490 Err codemadness.org 70 i 17491

Err codemadness.org 70 i 17492
A network dump might be very useful for collecting kernel crash dumps from embedded machines and machines with a larger amount of RAM then available swap partition size. Besides net dumps we can also try to compress the core dump. However, often this may still not be enough swap to keep whole core dump. In such situation using network dump is a convenient and reliable way for collecting kernel dump.
Err codemadness.org 70 i 17493 Err codemadness.org 70 i 17494
So, first, let’s talk a little bit about history. The first implementation of the network dumps was implemented around 2000 for the FreeBSD 4.x as a kernel module. The code was implemented in 2010 with the intention of being part of FreeBSD 9.0. However, the code never landed in FreeBSD. Finally, in 2018 with the commit r333283 by Mark Johnston the netdump client code landed in the FreeBSD. Subsequently, many other commitments were then implemented to add support for the different drivers (for example r333289). The first official release of FreeBSD, which support netdump is FreeBSD 12.0.
Err codemadness.org 70 i 17495 Err codemadness.org 70 i 17496
Now, let’s get back to the main topic. How to configure the network dump? Two machines are needed. One machine is to collect core dump, let’s call it server. We will use the second one to send us the core dump - the client.
Err codemadness.org 70 i 17497

Err codemadness.org 70 i 17498 Err codemadness.org 70 i 17499

See the link for the rest of the article

Err codemadness.org 70 i 17502 Err codemadness.org 70 i 17503

Err codemadness.org 70 i 17504 Err codemadness.org 70 i 17505

Beastie Bits

Err codemadness.org 70 i 17506 Err codemadness.org 70 i 17507

Sudo Mastery 2nd edition is not out
Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
soso
GregKH - OpenBSD was right
Game of Trees

Err codemadness.org 70 i 17514 Err codemadness.org 70 i 17515

Err codemadness.org 70 i 17516 Err codemadness.org 70 i 17517

Feedback/Questions

Err codemadness.org 70 i 17518 Err codemadness.org 70 i 17519

BostJan - Another Question
Tom - PF
JohnnyK - Changing VT without keys

Err codemadness.org 70 i 17524 Err codemadness.org 70 i 17525

Err codemadness.org 70 i 17526 Err codemadness.org 70 i 17527

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 17530 Err codemadness.org 70 i 17531

Err codemadness.org 70 i 17532 Err codemadness.org 70 i 17533 Err codemadness.org 70 i 17534 Err codemadness.org 70 i 17535 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 17536 ]]> Err codemadness.org 70 i 17537

314: Swap that Space

Allan Jude — Wed, 04 Sep 2019 17:00:00 -0700

Err codemadness.org 70 i 17800 Unix virtual memory when you have no swap space, Dsynth details on Dragonfly, Instant Workstation on FreeBSD, new servers new tech, Experimenting with streaming setups on NetBSD, NetBSD’s progress towards Steam support thanks to GSoC, and more.

Err codemadness.org 70 i 17801 Err codemadness.org 70 i 17802

Headlines

Err codemadness.org 70 i 17803 Err codemadness.org 70 i 17804

What has to happen with Unix virtual memory when you have no swap space

Err codemadness.org 70 i 17805 Err codemadness.org 70 i 17806

Err codemadness.org 70 i 17807
Recently, Artem S. Tashkinov wrote on the Linux kernel mailing list about a Linux problem under memory pressure (via, and threaded here). The specific reproduction instructions involved having low RAM, turning off swap space, and then putting the system under load, and when that happened (emphasis mine):
Err codemadness.org 70 i 17808 Err codemadness.org 70 i 17809
Once you hit a situation when opening a new tab requires more RAM than is currently available, the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly (I'm not entirely sure why). [...]
Err codemadness.org 70 i 17810 Err codemadness.org 70 i 17811
I'm afraid I have bad news for the people snickering at Linux here; if you're running without swap space, you can probably get any Unix to behave this way under memory pressure. If you can't on your particular Unix, I'd actually say that your Unix is probably not letting you get full use out of your RAM.
Err codemadness.org 70 i 17812 Err codemadness.org 70 i 17813
To simplify a bit, we can divide pages of user memory up into anonymous pages and file-backed pages. File-backed pages are what they sound like; they come from some specific file on the filesystem that they can be written out to (if they're dirty) or read back in from. Anonymous pages are not backed by a file, so the only place they can be written out to and read back in from is swap space. Anonymous pages mostly come from dynamic memory allocations and from modifying the program's global variables and data; file backed pages come mostly from mapping files into memory with mmap() and also, crucially, from the code and read-only data of the program.
Err codemadness.org 70 i 17814

Err codemadness.org 70 i 17815 Err codemadness.org 70 i 17816

See link for the rest of the article

Err codemadness.org 70 i 17819 Err codemadness.org 70 i 17820

Err codemadness.org 70 i 17821 Err codemadness.org 70 i 17822

Dsynth details on Dragonfly

Err codemadness.org 70 i 17823 Err codemadness.org 70 i 17824

Err codemadness.org 70 i 17825
First, history: DragonFly has had binaries of dports available for download for quite some time. These were originally built using poudriere, and then using the synth tool put together by John Marino. Synth worked both to build all software in dports, and as a way to test DragonFly’s SMP capability under extreme load.
Err codemadness.org 70 i 17826 Err codemadness.org 70 i 17827
Matthew Dillon is working on a new version, called dsynth. It is available now but not yet part of the build. He’s been working quickly on it and there’s plenty more commits than what I have linked here. It’s already led to finding more high-load fixes.
Err codemadness.org 70 i 17828

Err codemadness.org 70 i 17829 Err codemadness.org 70 i 17830

dsynth

Err codemadness.org 70 i 17833 Err codemadness.org 70 i 17834

Err codemadness.org 70 i 17835
DSynth is basically synth written in C, from scratch. It is designed to give us a bulk builder in base and be friendly to porting and jails down the line (for now its uses chroot's).
Err codemadness.org 70 i 17836 Err codemadness.org 70 i 17837
The original synth was written by John R. Marino and its basic flow was used in writing this program, but as it was written in ada no code was directly copied.
Err codemadness.org 70 i 17838 Err codemadness.org 70 i 17839
Err codemadness.org 70 i 17840
The intent is to make dsynth compatible with synth's configuration files and directory structure.
Err codemadness.org 70 i 17841
This is a work in progress and not yet ready for prime-time. Pushing so we can get some more eyeballs. Most of the directives do not yet work (everything, and build works, and 'cleanup' can be used to clean up any dangling mounts).
Err codemadness.org 70 i 17842
Err codemadness.org 70 i 17843

Err codemadness.org 70 i 17844 Err codemadness.org 70 i 17845

dsynth code

Err codemadness.org 70 i 17848 Err codemadness.org 70 i 17849

Err codemadness.org 70 i 17850 Err codemadness.org 70 i 17851

News Roundup

Err codemadness.org 70 i 17852 Err codemadness.org 70 i 17853

Instant Workstation

Err codemadness.org 70 i 17854 Err codemadness.org 70 i 17855

Err codemadness.org 70 i 17856
Some considerable time ago I wrote up instructions on how to set up a FreeBSD machine with the latest KDE Plasma Desktop. Those instructions, while fairly short (set up X, install the KDE meta-port, .. and that’s it) are a bit fiddly.
Err codemadness.org 70 i 17857 Err codemadness.org 70 i 17858
So – prompted slightly by a Twitter exchange recently – I’ve started a mini-sub-project to script the installation of a desktop environment and the bits needed to support it. To give it at least a modicum of UI, dialog(1) is used to ask for an environment to install and a display manager.
Err codemadness.org 70 i 17859 Err codemadness.org 70 i 17860
The tricky bits – pointed out to me after I started – are hardware support, although a best-effort is better than having nothing, I think.
Err codemadness.org 70 i 17861 Err codemadness.org 70 i 17862
In any case, in a VBox host it’s now down to running a single script and picking Plasma and SDDM to get a usable system for me. Other combinations have not been tested, nor has system-hardware-setup. I’ll probably maintain it for a while and if I have time and energy it’ll be tried with nVidia (those work quite well on FreeBSD) and AMD (not so much, in my experience) graphics cards when I shuffle some machines around.
Err codemadness.org 70 i 17863

Err codemadness.org 70 i 17864 Err codemadness.org 70 i 17865

Here is the script in my GitHub repository with notes-for-myself.

Err codemadness.org 70 i 17868 Err codemadness.org 70 i 17869

Err codemadness.org 70 i 17870 Err codemadness.org 70 i 17871

New Servers, new Tech

Err codemadness.org 70 i 17872 Err codemadness.org 70 i 17873

Err codemadness.org 70 i 17874
Following up on an earlier post, the new servers for DragonFly are in place. The old 40-core machine used for bulk build, monster, is being retired. The power efficiency of the new machines is startling. Incidentally, this is where donations go – infrastructure.
Err codemadness.org 70 i 17875

Err codemadness.org 70 i 17876 Err codemadness.org 70 i 17877

New servers in the colo, monster is being retired

Err codemadness.org 70 i 17880 Err codemadness.org 70 i 17881

Err codemadness.org 70 i 17882
We have three new servers in the colo now that will be taking most/all bulk package building duties from monster and the two blades (muscles and pkgbox64) that previously did the work. Monster will be retired. The new servers are a dual-socket Xeon (sting) and two 3900X based systems (thor and loki) which all together burn only around half the wattage that monster burned (500W vs 1000W) and 3 times the performance. That's at least a 6:1 improvement in performance efficiency.
Err codemadness.org 70 i 17883 Err codemadness.org 70 i 17884
With SSD prices down significantly the new machines have all-SSDs. These new machines allow us to build dports binary packages for release, master, and staged at the same time and reduces the full-on bulk build times for getting all three done down from 2 weeks to 2 days. It will allow us to more promptly synchronize updates to ports with dports and get binary packages up sooner.
Err codemadness.org 70 i 17885 Err codemadness.org 70 i 17886
Monster, our venerable 48-core quad-socket opteron is being retired. This was a wonderful dev machine for working on DragonFly's SMP algorithms over the last 6+ years precisely because its inter-core and inter-socket latencies were quite high. If a SMP algorithm wasn't spot-on, you could feel it. Over the years DragonFly's performance on monster in doing things like bulk builds increased radically as the SMP algorithms got better and the cores became more and more localized. This kept monster relevant far longer than I thought it would be.
Err codemadness.org 70 i 17887 Err codemadness.org 70 i 17888
But we are at a point now where improvements in efficiency are just too good to ignore. Monster's quad-socket opteron (4 x 12 core 6168's) pulls 1000W under full load while a single Ryzen 3900X (12 core / 24 thread) in a server configuration pulls only 150W, and is slightly faster on the same workload to boot.
Err codemadness.org 70 i 17889 Err codemadness.org 70 i 17890
I would like to thank everyone's generous donations over the last few years! We burned a few thousand on the new machines (as well as the major SSD upgrades we did to the blades) and made very good use of the money, particularly this year as prices for all major components (RAM, SSDs, CPUs, Mobos, etc) have dropped significantly.
Err codemadness.org 70 i 17891

Err codemadness.org 70 i 17892 Err codemadness.org 70 i 17893

Err codemadness.org 70 i 17894 Err codemadness.org 70 i 17895

Experimenting with streaming setups on NetBSD

Err codemadness.org 70 i 17896 Err codemadness.org 70 i 17897

Err codemadness.org 70 i 17898
Ever since OBS was successfully ported to NetBSD, I’ve been trying it out, seeing what works and what doesn’t. I’ve only just gotten started, and there’ll definitely be a lot of tweaking going forward.
Err codemadness.org 70 i 17899 Err codemadness.org 70 i 17900
Capturing a specific application’s windows seems to work okay. Capturing an entire display works, too. I actually haven’t tried streaming to Twitch or YouTube yet, but in a previous experiment a few weeks ago, I was able to run a FFmpeg command line and that could stream to Twitch mostly OK.
Err codemadness.org 70 i 17901 Err codemadness.org 70 i 17902
My laptop combined with my external monitor allows me to have a dual-monitor setup wherein the smaller laptop screen can be my “broadcasting station” while the bigger screen is where all the action takes place. I can make OBS visible on all Xfce workspaces, but keep it tucked away on that display only. Altogether, the setup should let me use the big screen for the fun stuff but I can still monitor everything in the small screen.
Err codemadness.org 70 i 17903

Err codemadness.org 70 i 17904 Err codemadness.org 70 i 17905

Err codemadness.org 70 i 17906 Err codemadness.org 70 i 17907

NetBSD Made Progress Thanks To GSoC In Its March Towards Steam Support

Err codemadness.org 70 i 17908 Err codemadness.org 70 i 17909

Err codemadness.org 70 i 17910
Ultimately the goal is to get Valve's Steam client running on NetBSD using their Linux compatibility layer while the focus the past few months with Google Summer of Code 2019 were supporting the necessary DRM ioctls for allowing Linux software running on NetBSD to be able to tap accelerated graphics support.
Err codemadness.org 70 i 17911 Err codemadness.org 70 i 17912
Student developer Surya P spent the summer working on compat_netbsd32 DRM interfaces to allow Direct Rendering Manager using applications running under their Linux compatibility layer.
Err codemadness.org 70 i 17913 Err codemadness.org 70 i 17914
These interfaces have been tested and working as well as updating the "suse131" packages in NetBSD to make use of those interfaces. So the necessary interfaces are now in place for Linux software running on NetBSD to be able to use accelerated graphics though Steam itself isn't yet running on NetBSD with this layer.
Err codemadness.org 70 i 17915 Err codemadness.org 70 i 17916
Those curious about this DRM ioctl GSoC project can learn more from the NetBSD blog. NetBSD has also been seeing work this summer on Wayland support and better Wine support to ultimately make this BSD a better desktop operating system and potentially a comparable gaming platform to Linux.
Err codemadness.org 70 i 17917

Err codemadness.org 70 i 17918 Err codemadness.org 70 i 17919

Err codemadness.org 70 i 17920 Err codemadness.org 70 i 17921

Beastie Bits

Err codemadness.org 70 i 17922 Err codemadness.org 70 i 17923

FreeBSD in Wellington?
FreeBSD on GFE
Clarification
Distrotest.net now with BSDs
Lecture: Anykernels meet fuzzing NetBSD
Sun Microsystems business plan from 1982 [pdf]

Err codemadness.org 70 i 17931 Err codemadness.org 70 i 17932

Err codemadness.org 70 i 17933 Err codemadness.org 70 i 17934

Feedback/Questions

Err codemadness.org 70 i 17935 Err codemadness.org 70 i 17936

Alan - Questions
Rodriguez - Feedback and a question
Jeff - OpenZFS follow-up, FreeBSD Adventures

Err codemadness.org 70 i 17941 Err codemadness.org 70 i 17942

Err codemadness.org 70 i 17943 Err codemadness.org 70 i 17944

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 17947 Err codemadness.org 70 i 17948

Err codemadness.org 70 i 17949 Err codemadness.org 70 i 17950 Err codemadness.org 70 i 17951 Err codemadness.org 70 i 17952 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 17953 ]]> Err codemadness.org 70 i 17954

313: In-Kernel TLS

Allan Jude — Wed, 28 Aug 2019 21:30:00 -0700

Err codemadness.org 70 i 18186 OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.

Err codemadness.org 70 i 18187 Err codemadness.org 70 i 18188

Headlines

Err codemadness.org 70 i 18189 Err codemadness.org 70 i 18190

OpenBSD on the Thinkpad X1 Carbon 7th Gen

Err codemadness.org 70 i 18191 Err codemadness.org 70 i 18192

Err codemadness.org 70 i 18193
Another year, another ThinkPad X1 Carbon, this time with a Dolby Atmos sound system and a smaller battery.
Err codemadness.org 70 i 18194 The seventh generation X1 Carbon isn't much different than the fifth and sixth generations. I opted for the non-vPro Core i5-8265U, 16Gb of RAM, a 512Gb NVMe SSD, and a matte non-touch WQHD display at ~300 nits. A brighter 500-nit 4k display is available, though early reports indicated it severely impacts battery life.
Err codemadness.org 70 i 18195 Gone are the microSD card slot on the back and 1mm of overall thickness (from 15.95mm to 14.95mm), but also 6Whr of battery (down to 51Whr) and a little bit of travel in the keyboard and TrackPoint buttons. I still very much like the feel of both of them, so kudos to Lenovo for not going too far down the Apple route of sacrificing performance and usability just for a thinner profile.
Err codemadness.org 70 i 18196 On my fifth generation X1 Carbon, I used a vinyl plotter to cut out stickers to cover the webcam, "X1 Carbon" branding from the bottom of the display, the power button LED, and the "ThinkPad" branding from the lower part of the keyboard deck.
Err codemadness.org 70 i 18197

Err codemadness.org 70 i 18198 Err codemadness.org 70 i 18199

See link for the rest of the article

Err codemadness.org 70 i 18202 Err codemadness.org 70 i 18203

Err codemadness.org 70 i 18204 Err codemadness.org 70 i 18205

How To Install FreeBSD On A MacBook 1,1 or 2,1

Err codemadness.org 70 i 18206 Err codemadness.org 70 i 18207

FreeBSD Setup For MacBook 1,1 and 2,1

Err codemadness.org 70 i 18210 Err codemadness.org 70 i 18211

Err codemadness.org 70 i 18212
FreeBSD with some additional setup can be installed on a MacBook 1,1 or 2,1. This article covers how to do so with FreeBSD 10-12.
Err codemadness.org 70 i 18213

Err codemadness.org 70 i 18214 Err codemadness.org 70 i 18215

Installing

Err codemadness.org 70 i 18218 Err codemadness.org 70 i 18219

Err codemadness.org 70 i 18220
FreeBSD can be installed as the only OS on your MacBook if desired. What you should have is:
Err codemadness.org 70 i 18221

Err codemadness.org 70 i 18222 Err codemadness.org 70 i 18223

A Mac OS X 10.4.6-10.7.5 installer. Unofficial versions modified for these MacBooks such as 10.8 also work.
A blank CD or DVD to burn the FreeBSD image to. Discs simply work best with these older MacBooks.
An ISO file of FreeBSD for x86. The AMD64 ISO does not boot due to the 32 bit EFI of these MacBooks.
Burn the ISO file to the blank CD or DVD. Once done, make sure it's in your MacBook and then power off the MacBook. Turn it on, and hold down the c key until the FreeBSD disc boots.
Err codemadness.org 70 i 18228 Err codemadness.org 70 i 18229
- See link for the rest of the guide

Err codemadness.org 70 i 18233 Err codemadness.org 70 i 18234

Err codemadness.org 70 i 18235 Err codemadness.org 70 i 18236

News Roundup

Err codemadness.org 70 i 18237 Err codemadness.org 70 i 18238

Patch for review: Kernel portion of in-kernel TLS (KTLS)

Err codemadness.org 70 i 18239 Err codemadness.org 70 i 18240

Err codemadness.org 70 i 18241
One of the projects I have been working on for the past several months in conjunction with several other folks is upstreaming work from Netflix to handle some aspects of Transport Layer Security (TLS) in the kernel. In particular, this lets a web server use sendfile() to send static content on HTTPS connections. There is a lot more detail in the review itself, so I will spare pasting a big wall of text here. However, I have posted the patch to add the kernel-side of KTLS for review at the URL below. KTLS also requires other patches to OpenSSL and nginx, but this review is only for the kernel bits. Patches and reviews for the other bits will follow later.
Err codemadness.org 70 i 18242

Err codemadness.org 70 i 18243 Err codemadness.org 70 i 18244

https://reviews.freebsd.org/D21277

Err codemadness.org 70 i 18247 Err codemadness.org 70 i 18248

Err codemadness.org 70 i 18249 Err codemadness.org 70 i 18250

DragonFly Boot Enviroments

Err codemadness.org 70 i 18251 Err codemadness.org 70 i 18252

Err codemadness.org 70 i 18253
This is a tool inspired by the beadm utility for FreeBSD/Illumos systems that creates and manages ZFS boot environments. This utility in contrast is written from the ground up in C, this should provide better performance, integration, and extensibility than the POSIX sh and awk script it was inspired by. During the time this project has been worked on, beadm has been superseded by bectl on FreeBSD. After hammering out some of the outstanding internal logic issues, I might look at providing a similar interface to the command as bectl.
Err codemadness.org 70 i 18254

Err codemadness.org 70 i 18255 Err codemadness.org 70 i 18256

See link for the rest of the details

Err codemadness.org 70 i 18259 Err codemadness.org 70 i 18260

Err codemadness.org 70 i 18261 Err codemadness.org 70 i 18262

Project Trident Updates

Err codemadness.org 70 i 18263 Err codemadness.org 70 i 18264

19.08 Available

Err codemadness.org 70 i 18267 Err codemadness.org 70 i 18268

Err codemadness.org 70 i 18269
This is a general package update to the CURRENT release repository based upon TrueOS 19.08.
Err codemadness.org 70 i 18270 Legacy boot ISO functional again
Err codemadness.org 70 i 18271 This update includes the FreeBSD fixes for the “vesa” graphics driver for legacy-boot systems. The system can once again be installed on legacy-boot systems.
Err codemadness.org 70 i 18272

Err codemadness.org 70 i 18273 Err codemadness.org 70 i 18274

PACKAGE CHANGES FROM 19.07-U1
Err codemadness.org 70 i 18276 Err codemadness.org 70 i 18277
- New Packages: 154
- Deleted Packages: 394
- Updated Packages: 4926
12-U3 Available

Err codemadness.org 70 i 18284 Err codemadness.org 70 i 18285

Err codemadness.org 70 i 18286
This is the third general package update to the STABLE release repository based upon TrueOS 12-Stable.
Err codemadness.org 70 i 18287

Err codemadness.org 70 i 18288 Err codemadness.org 70 i 18289

PACKAGE CHANGES FROM STABLE 12-U2 Err codemadness.org 70 i 18291 Err codemadness.org 70 i 18292
- New Packages: 105
- Deleted Packages: 386
- Updated Packages: 1046

Err codemadness.org 70 i 18298 Err codemadness.org 70 i 18299

Err codemadness.org 70 i 18300 Err codemadness.org 70 i 18301

vBSDcon

Err codemadness.org 70 i 18302 Err codemadness.org 70 i 18303

vBSDcon 2019 will return to the Hyatt Regency in Reston, VA on September 5-7 2019. Err codemadness.org 70 i 18305 ***

Err codemadness.org 70 i 18307 Err codemadness.org 70 i 18308

Beastie Bits

Err codemadness.org 70 i 18309 Err codemadness.org 70 i 18310

The next NYCBUG meeting will be Sept 4 @ 18:45

Err codemadness.org 70 i 18313 Err codemadness.org 70 i 18314

Err codemadness.org 70 i 18315 Err codemadness.org 70 i 18316

Feedback/Questions

Err codemadness.org 70 i 18317 Err codemadness.org 70 i 18318

Tom - Questions
Michael - dfbeadm
Bostjan - Questions

Err codemadness.org 70 i 18323 Err codemadness.org 70 i 18324

Err codemadness.org 70 i 18325 Err codemadness.org 70 i 18326

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 18329 Err codemadness.org 70 i 18330

Err codemadness.org 70 i 18331 Err codemadness.org 70 i 18332 Err codemadness.org 70 i 18333 Err codemadness.org 70 i 18334 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 18335 ]]> Err codemadness.org 70 i 18336

312: Why Package Managers

Allan Jude — Wed, 21 Aug 2019 20:00:00 -0700

Err codemadness.org 70 i 18559 The UNIX Philosophy in 2019, why use package managers, touchpad interrupted, Porting wine to amd64 on NetBSD second evaluation report, Enhancing Syzkaller Support for NetBSD, all about the Pinebook Pro, killing a process and all of its descendants, fast software the best software, and more.

Err codemadness.org 70 i 18560 Err codemadness.org 70 i 18561

Headlines

Err codemadness.org 70 i 18562 Err codemadness.org 70 i 18563

The UNIX Philosophy in 2019

Err codemadness.org 70 i 18564 Err codemadness.org 70 i 18565

Err codemadness.org 70 i 18566
Today, Linux and open source rules the world, and the UNIX philosophy is widely considered compulsory. Organizations are striving to build small, focused applications that work collaboratively in a cloud and microservices environment. We rely on the network, as well as HTTP (text) APIs for storing and referencing data. Moreover, nearly all configuration is stored and communicated using text (e.g. YAML, JSON or XML). And while the UNIX philosophy has changed dramatically over the past 5 decades, it hasn’t strayed too far from Ken Thompson’s original definition in 1973:
Err codemadness.org 70 i 18567

Err codemadness.org 70 i 18568 Err codemadness.org 70 i 18569

We write programs that do one thing and do it well
We write programs to work together
And we write programs that handle text streams, because that is a universal interface

Err codemadness.org 70 i 18574 Err codemadness.org 70 i 18575

Err codemadness.org 70 i 18576 Err codemadness.org 70 i 18577

Why Use Package Managers?

Err codemadness.org 70 i 18578 Err codemadness.org 70 i 18579

Err codemadness.org 70 i 18580
Valuable research is often hindered or outright prevented by the inability to install software. This need not be the case.
Err codemadness.org 70 i 18581 Err codemadness.org 70 i 18582
Since I began supporting research computing in 1999, I’ve frequently seen researchers struggle for days or weeks trying to install a single open source application. In most cases, they ultimately failed.
Err codemadness.org 70 i 18583 Err codemadness.org 70 i 18584
In many cases, they could have easily installed the software in seconds with one simple command, using a package manager such as Debian packages, FreeBSD ports, MacPorts, or Pkgsrc, just to name a few.
Err codemadness.org 70 i 18585 Err codemadness.org 70 i 18586
Developer websites often contain poorly written instructions for doing “caveman installs”; manually downloading, unpacking, patching, and building the software. The same laborious process must often be followed for other software packages on which it depends, which can sometimes number in the dozens. Many researchers are simply unaware that there are easier ways to install the software they need. Caveman installs are a colossal waste of man-hours. If 1000 people around the globe spend an average of 20 hours each trying to install the same program that could have been installed with a package manager (this is not uncommon), then 20,000 man-hours have been lost that could have gone toward science. How many important discoveries are delayed by this?
Err codemadness.org 70 i 18587 Err codemadness.org 70 i 18588
The elite research institutions have ample funding and dozens of IT staff dedicated to research computing. They can churn out publications even if their operation is inefficient. Most institutions, however, have few or no IT staff dedicated to research, and cannot afford to squander precious man-hours on temporary, one-off software installs. The wise approach for those of us in that situation is to collaborate on making software deployment easier for everyone. If we do so, then even the smallest research groups can leverage that work to be more productive and make more frequent contributions to science.
Err codemadness.org 70 i 18589 Err codemadness.org 70 i 18590
Fortunately, the vast majority of open source software installs can be made trivial for anyone to do for themselves. Modern package managers perform all the same steps as a caveman install, but automatically. Package managers also install dependencies for us automatically.
Err codemadness.org 70 i 18591

Err codemadness.org 70 i 18592 Err codemadness.org 70 i 18593

Err codemadness.org 70 i 18594 Err codemadness.org 70 i 18595

News Roundup

Err codemadness.org 70 i 18596 Err codemadness.org 70 i 18597

Touchpad, Interrupted

Err codemadness.org 70 i 18598 Err codemadness.org 70 i 18599

Err codemadness.org 70 i 18600
For two years I've been driving myself crazy trying to figure out the source of a driver problem on OpenBSD: interrupts never arrived for certain touchpad devices. A couple weeks ago, I put out a public plea asking for help in case any non-OpenBSD developers recognized the problem, but while debugging an unrelated issue over the weekend, I finally solved it.
Err codemadness.org 70 i 18601 Err codemadness.org 70 i 18602
It's been a long journey and it's a technical tale, but here it is.
Err codemadness.org 70 i 18603

Err codemadness.org 70 i 18604 Err codemadness.org 70 i 18605

Err codemadness.org 70 i 18606 Err codemadness.org 70 i 18607

Porting wine to amd64 on NetBSD, second evaluation report

Err codemadness.org 70 i 18608 Err codemadness.org 70 i 18609

Summary

Err codemadness.org 70 i 18612 Err codemadness.org 70 i 18613

Err codemadness.org 70 i 18614
Presently, Wine on amd64 is in test phase. It seems to work fine with caveats like LD_LIBRARY_PATH which has to be set as 32-bit Xorg libs don't have ${PREFIX}/emul/netbsd32/lib in its rpath section. The latter is due to us extracting 32-bit libs from tarballs in lieu of building 32-bit Xorg on amd64. As previously stated, pkgsrc doesn't search for pkgconfig files in ${PREFIX}/emul/netbsd32/lib which might have inadvertent effects that I am unaware of as of now. I shall be working on these issues during the final coding period. I would like to thank @leot, @maya and @christos for saving me from shooting myself in the foot many a time. I, admittedly, have had times when multiple approaches, which all seemed right at that time, perplexed me. I believe those are times when having a mentor counts, and I have been lucky enough to have really good ones. Once again, thanks to Google for this wonderful opportunity.
Err codemadness.org 70 i 18615

Err codemadness.org 70 i 18616 Err codemadness.org 70 i 18617

Err codemadness.org 70 i 18618 Err codemadness.org 70 i 18619

Enhancing Syzkaller Support for NetBSD, Part 2

Err codemadness.org 70 i 18620 Err codemadness.org 70 i 18621

Err codemadness.org 70 i 18622
As a part of Google Summer of Code’19, I am working on improving the support for Syzkaller kernel fuzzer. Syzkaller is an unsupervised coverage-guided kernel fuzzer, that supports a variety of operating systems including NetBSD. This report details the work done during the second coding period.
Err codemadness.org 70 i 18623 Err codemadness.org 70 i 18624
You can also take a look at the first report to learn more about the initial support that we added. : https://blog.netbsd.org/tnf/entry/enhancing_syzkaller_support_for_netbsd
Err codemadness.org 70 i 18625

Err codemadness.org 70 i 18626 Err codemadness.org 70 i 18627

Err codemadness.org 70 i 18628 Err codemadness.org 70 i 18629

July Update: All about the Pinebook Pro

Err codemadness.org 70 i 18630 Err codemadness.org 70 i 18631

Err codemadness.org 70 i 18632
"So I said I won’t be talking about the BSDs, but I feel like I should at the very least give you a general overview of the RK3399 *BSD functionality. I’ll make it quick. I’ve spoken to *BSD devs whom worked on the RockPro64 and from what I’ve gathered (despite the different *BSDs having varying degree of support for the RK3399 SOC) many of the core features are already supported, which bodes well for *BSD on the Pro. That said, some of the things you’d require on a functional laptop – such as the LCD (using eDP) for instance – will not work on the Pinebook Pro using *BSD as of today. So clearly a degree of work is yet needed for a BSD to run on the device. However, keep in mind that *BSD developers will be receiving their units soon and by the time you receive yours some basic functionality may be available."
Err codemadness.org 70 i 18633

Err codemadness.org 70 i 18634 Err codemadness.org 70 i 18635

Err codemadness.org 70 i 18636 Err codemadness.org 70 i 18637

Killing a process and all of its descendants

Err codemadness.org 70 i 18638 Err codemadness.org 70 i 18639

Err codemadness.org 70 i 18640
Killing processes in a Unix-like system can be trickier than expected. Last week I was debugging an odd issue related to job stopping on Semaphore. More specifically, an issue related to the killing of a running process in a job. Here are the highlights of what I learned:
Err codemadness.org 70 i 18641 Err codemadness.org 70 i 18642
Unix-like operating systems have sophisticated process relationships. Parent-child, process groups, sessions, and session leaders. However, the details are not uniform across operating systems like Linux and macOS. POSIX compliant operating systems support sending signals to process groups with a negative PID number.
Err codemadness.org 70 i 18643 Err codemadness.org 70 i 18644
Sending signals to all processes in a session is not trivial with syscalls.
Err codemadness.org 70 i 18645 Err codemadness.org 70 i 18646
Child processes started with exec inherit their parent signal configuration. If the parent process is ignoring the SIGHUP signal, for example, this configuration is propagated to the children.
Err codemadness.org 70 i 18647 Err codemadness.org 70 i 18648
The answer to the “What happens with orphaned process groups” question is not trivial.
Err codemadness.org 70 i 18649

Err codemadness.org 70 i 18650 Err codemadness.org 70 i 18651

Err codemadness.org 70 i 18652 Err codemadness.org 70 i 18653

Fast Software, the Best Software

Err codemadness.org 70 i 18654 Err codemadness.org 70 i 18655

Err codemadness.org 70 i 18656
I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness.
Err codemadness.org 70 i 18657 Err codemadness.org 70 i 18658
Software that’s speedy usually means it’s focused. Like a good tool, it often means that it’s simple, but that’s not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.
Err codemadness.org 70 i 18659 Err codemadness.org 70 i 18660
But why is slow bad? Fast software is not always good software, but slow software is rarely able to rise to greatness. Fast software gives the user a chance to “meld” with its toolset. That is, not break flow. When the nerds upon Nerd Hill fight to the death over Vi and Emacs, it’s partly because they have such a strong affinity for the flow of the application and its meldiness. They have invested. The Tool Is Good, so they feel. Not breaking flow is an axiom of great tools.
Err codemadness.org 70 i 18661 Err codemadness.org 70 i 18662
A typewriter is an excellent tool because, even though it’s slow in a relative sense, every aspect of the machine itself operates as quickly as the user can move. It is focused. There are no delays when making a new line or slamming a key into the paper. Yes, you have to put a new sheet of paper into the machine at the end of a page, but that action becomes part of the flow of using the machine, and the accumulation of paper a visual indication of work completed. It is not wasted work. There are no fundamental mechanical delays in using the machine. The best software inches ever closer to the physical directness of something like a typewriter. (The machine may break down, of course, ribbons need to be changed — but this is maintenance and separate from the use of the tool. I’d be delighted to “maintain” Photoshop if it would lighten it up.)
Err codemadness.org 70 i 18663

Err codemadness.org 70 i 18664 Err codemadness.org 70 i 18665

Err codemadness.org 70 i 18666 Err codemadness.org 70 i 18667

Beastie Bits

Err codemadness.org 70 i 18668 Err codemadness.org 70 i 18669

Err codemadness.org 70 i 18673 Err codemadness.org 70 i 18674

Err codemadness.org 70 i 18675 Err codemadness.org 70 i 18676

Feedback/Questions

Err codemadness.org 70 i 18677 Err codemadness.org 70 i 18678

Paulo - FreeNAS Question
Marc - Changing VT without function keys?
Caleb - Patch, update, and upgrade management

Err codemadness.org 70 i 18683 Err codemadness.org 70 i 18684

Err codemadness.org 70 i 18685 Err codemadness.org 70 i 18686

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 18689 Err codemadness.org 70 i 18690

Err codemadness.org 70 i 18691 Err codemadness.org 70 i 18692 Err codemadness.org 70 i 18693 Err codemadness.org 70 i 18694 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 18695 ]]> Err codemadness.org 70 i 18696

311: Conference Gear Breakdown

Allan Jude — Thu, 15 Aug 2019 06:00:00 -0700

Err codemadness.org 70 i 18934 NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.

Err codemadness.org 70 i 18935 Err codemadness.org 70 i 18936

Headlines

Err codemadness.org 70 i 18937 Err codemadness.org 70 i 18938

NetBSD 9.0 release process has started

Err codemadness.org 70 i 18939 Err codemadness.org 70 i 18940

Err codemadness.org 70 i 18941
If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:
Err codemadness.org 70 i 18942 Err codemadness.org 70 i 18943
Err codemadness.org 70 i 18944
New AArch64 architecture support: Err codemadness.org 70 i 18945 Err codemadness.org 70 i 18946
Err codemadness.org 70 i 18947
Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)
Err codemadness.org 70 i 18948
Support for running 32-bit binaries
Err codemadness.org 70 i 18949
UEFI and ACPI support
Err codemadness.org 70 i 18950
Support for SBSA/SBBR (server-class) hardware.
Err codemadness.org 70 i 18951
Err codemadness.org 70 i 18952
The FDT-ization of many ARM boards: Err codemadness.org 70 i 18953 Err codemadness.org 70 i 18954
Err codemadness.org 70 i 18955
the 32-bit GENERIC kernel lists 129 different DTS configurations
Err codemadness.org 70 i 18956
the 64-bit GENERIC64 kernel lists 74 different DTS configurations
Err codemadness.org 70 i 18957
All supported by a single kernel, without requiring per-board configuration.
Err codemadness.org 70 i 18958
Err codemadness.org 70 i 18959
Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.
Err codemadness.org 70 i 18960
ZFS has been updated to a modern version and seen many bugfixes.
Err codemadness.org 70 i 18961
New hardware-accelerated virtualization via NVMM.
Err codemadness.org 70 i 18962
NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.
Err codemadness.org 70 i 18963
NVMe performance improvements
Err codemadness.org 70 i 18964
Optional kernel ASLR support, and partial kernel ASLR for the default configuration.
Err codemadness.org 70 i 18965
Kernel sanitizers: Err codemadness.org 70 i 18966 Err codemadness.org 70 i 18967
Err codemadness.org 70 i 18968
KLEAK, detecting memory leaks
Err codemadness.org 70 i 18969
KASAN, detecting memory overruns
Err codemadness.org 70 i 18970
KUBSAN, detecting undefined behaviour
Err codemadness.org 70 i 18971
These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.
Err codemadness.org 70 i 18972
Err codemadness.org 70 i 18973
The removal of outdated networking components such as ISDN and all of its drivers
Err codemadness.org 70 i 18974
The installer is now capable of performing GPT UEFI installations.
Err codemadness.org 70 i 18975
Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.
Err codemadness.org 70 i 18976
Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.
Err codemadness.org 70 i 18977
Err codemadness.org 70 i 18978 Err codemadness.org 70 i 18979
We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.
Err codemadness.org 70 i 18980 Err codemadness.org 70 i 18981
Err codemadness.org 70 i 18982
Binaries are available at https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/
Err codemadness.org 70 i 18983
Err codemadness.org 70 i 18984

Err codemadness.org 70 i 18985 Err codemadness.org 70 i 18986

Err codemadness.org 70 i 18987 Err codemadness.org 70 i 18988

xargs wtf

Err codemadness.org 70 i 18989 Err codemadness.org 70 i 18990

Err codemadness.org 70 i 18991
xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.
Err codemadness.org 70 i 18992 I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.
Err codemadness.org 70 i 18993 xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.
Err codemadness.org 70 i 18994 It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:
Err codemadness.org 70 i 18995 This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.
Err codemadness.org 70 i 18996

Err codemadness.org 70 i 18997 Err codemadness.org 70 i 18998

Err codemadness.org 70 i 18999 Err codemadness.org 70 i 19000

News Roundup

Err codemadness.org 70 i 19001 Err codemadness.org 70 i 19002

PkgSrc: A Tale of Two Spellcheckers

Err codemadness.org 70 i 19003 Err codemadness.org 70 i 19004

Err codemadness.org 70 i 19005
This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.
Err codemadness.org 70 i 19006 The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.
Err codemadness.org 70 i 19007

Err codemadness.org 70 i 19008 Err codemadness.org 70 i 19009

Err codemadness.org 70 i 19010 Err codemadness.org 70 i 19011

Adapting TriforceAFL for NetBSD, Part 2

Err codemadness.org 70 i 19012 Err codemadness.org 70 i 19013

Err codemadness.org 70 i 19014
I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.
Err codemadness.org 70 i 19015 For work done during the first coding period, check out this post.
Err codemadness.org 70 i 19016

Err codemadness.org 70 i 19017 Err codemadness.org 70 i 19018

Summary Err codemadness.org 70 i 19020 > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation. Err codemadness.org 70 i 19021 > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!

Err codemadness.org 70 i 19023 Err codemadness.org 70 i 19024

Err codemadness.org 70 i 19025 Err codemadness.org 70 i 19026

Exploiting a no-name freebsd kernel vulnerability

Err codemadness.org 70 i 19027 Err codemadness.org 70 i 19028

A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions. Err codemadness.org 70 i 19030 > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.

Err codemadness.org 70 i 19032 Err codemadness.org 70 i 19033

Err codemadness.org 70 i 19034 Err codemadness.org 70 i 19035

[Allan and Benedicts Conference Gear Breakdown]

Err codemadness.org 70 i 19036 Err codemadness.org 70 i 19037

Benedict’s Gear:
Err codemadness.org 70 i 19040 Err codemadness.org 70 i 19041
Err codemadness.org 70 i 19042
GlocalMe G3 Mobile Travel HotSpot and Powerbank
Err codemadness.org 70 i 19043 Mogics Power Bagel
Err codemadness.org 70 i 19044 Charby Sense Power Cable
Err codemadness.org 70 i 19045
Allan’s Gear:
Err codemadness.org 70 i 19047 Err codemadness.org 70 i 19048
Err codemadness.org 70 i 19049
Huawei E5770s-320 4G LTE 150 Mbps Mobile WiFi Pro
Err codemadness.org 70 i 19050 AOW Global Data SIM Card for On-Demand 4G LTE Mobile Data in Over 90 Countries
Err codemadness.org 70 i 19051 All my devices charge from USB-C, so that is great
Err codemadness.org 70 i 19052 More USB thumb drives than strictly necessary
Err codemadness.org 70 i 19053 My Lenovo X270 laptop running FreeBSD 13-current
Err codemadness.org 70 i 19054 My 2016 Macbook Pro (a prize from the raffle at vBSDCon 2017) that I use for email and video conferencing to preserve battery on my FreeBSD machine for work
Err codemadness.org 70 i 19055

Err codemadness.org 70 i 19057 Err codemadness.org 70 i 19058

Err codemadness.org 70 i 19059 Err codemadness.org 70 i 19060

Beastie Bits

Err codemadness.org 70 i 19061 Err codemadness.org 70 i 19062

Replacing the Unix tradition (Warning may be rage inducing)
Installing OpenBSD over remote serial on the AtomicPI
Zen 2 and DragonFly
Improve Docking on FreeBSD
Register for vBSDCon 2019, Sept 5-7 in Reston VA. Early bird ends August 15th.
Register for EuroBSDCon 2019, Sept 19-22 in Lillehammer, Norway

Err codemadness.org 70 i 19070 Err codemadness.org 70 i 19071

Err codemadness.org 70 i 19072 Err codemadness.org 70 i 19073

Feedback/Questions

Err codemadness.org 70 i 19074 Err codemadness.org 70 i 19075

JT - Congrats

Err codemadness.org 70 i 19078 Err codemadness.org 70 i 19079

Err codemadness.org 70 i 19080 Err codemadness.org 70 i 19081

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 19084 Err codemadness.org 70 i 19085

Err codemadness.org 70 i 19086 Err codemadness.org 70 i 19087 Err codemadness.org 70 i 19088 Err codemadness.org 70 i 19089 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 19090 ]]> Err codemadness.org 70 i 19091

310: My New Free NAS

Allan Jude — Wed, 07 Aug 2019 20:00:00 -0700

Err codemadness.org 70 i 19377 OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more.

Err codemadness.org 70 i 19378 Err codemadness.org 70 i 19379

Headlines

Err codemadness.org 70 i 19380 Err codemadness.org 70 i 19381

OPNsense 19.7.1

Err codemadness.org 70 i 19382 Err codemadness.org 70 i 19383

Err codemadness.org 70 i 19384
We do not wish to keep you from enjoying your summer time, but this
Err codemadness.org 70 i 19385 is a recommended security update enriched with reliability fixes for the
Err codemadness.org 70 i 19386 new 19.7 series. Of special note are performance improvements as well
Err codemadness.org 70 i 19387 as a fix for a longstanding NAT before IPsec limitation.
Err codemadness.org 70 i 19388 Err codemadness.org 70 i 19389
Full patch notes:
Err codemadness.org 70 i 19390

Err codemadness.org 70 i 19391 Err codemadness.org 70 i 19392

system: do not create automatic copies of existing gateways
system: do not translate empty tunables descriptions
system: remove unwanted form action tags
system: do not include Syslog-ng in rc.freebsd handler
system: fix manual system log stop/start/restart
system: scoped IPv6 "%" could confuse mwexecf(), use plain mwexec() instead
system: allow curl-based downloads to use both trusted and local authorities
system: fix group privilege print and correctly redirect after edit
system: use cached address list in referrer check
system: fix Syslog-ng search stats
firewall: HTML-escape dynamic entries to display aliases
firewall: display correct IP version in automatic rules
firewall: fix a warning while reading empty outbound rules configuration
firewall: skip illegal log lines in live log
interfaces: performance improvements for configurations with hundreds of interfaces
reporting: performance improvements for Python 3 NetFlow aggregator rewrite
dhcp: move advanced router advertisement options to correct config section
ipsec: replace global array access with function to ensure side-effect free boot
ipsec: change DPD action on start to "dpdaction = restart"
ipsec: remove already default "dpdaction = none" if not set
ipsec: use interface IP address in local ID when doing NAT before IPsec
web proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen
plugins: os-acme-client 1.24[1]
plugins: os-bind 1.6[2]
plugins: os-dnscrypt-proxy 1.5[3]
plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]
plugins: os-google-cloud-sdk 1.0[5]
ports: curl 7.65.3[6]
ports: monit 5.26.0[7]
ports: openssh 8.0p1[8]
ports: php 7.2.20[9]
ports: python 3.7.4[10]
ports: sqlite 3.29.0[11]
ports: squid 4.8[12]

Err codemadness.org 70 i 19428 Err codemadness.org 70 i 19429

Err codemadness.org 70 i 19430
Stay safe and hydrated, Your OPNsense team
Err codemadness.org 70 i 19431

Err codemadness.org 70 i 19432 Err codemadness.org 70 i 19433

Err codemadness.org 70 i 19434 Err codemadness.org 70 i 19435

ZFS on Linux still has annoying issues with ARC size

Err codemadness.org 70 i 19436 Err codemadness.org 70 i 19437

One of the frustrating things about operating ZFS on Linux is that the ARC size is critical but ZFS's auto-tuning of it is opaque and apparently prone to malfunctions, where your ARC will mysteriously shrink drastically and then stick there.

Err codemadness.org 70 i 19438 Err codemadness.org 70 i 19439

Err codemadness.org 70 i 19440
Linux's regular filesystem disk cache is very predictable; if you do disk IO, the cache will relentlessly grow to use all of your free memory. This sometimes disconcerts people when free reports that there's very little memory actually free, but at least you're getting value from your RAM. This is so reliable and regular that we generally don't think about 'is my system going to use all of my RAM as a disk cache', because the answer is always 'yes'. (The general filesystem cache is also called the page cache.)
Err codemadness.org 70 i 19441 Err codemadness.org 70 i 19442
This is unfortunately not the case with the ZFS ARC in ZFS on Linux (and it wasn't necessarily the case even on Solaris). ZFS has both a current size and a 'target size' for the ARC (called 'c' in ZFS statistics). When your system boots this target size starts out as the maximum allowed size for the ARC, but various events afterward can cause it to be reduced (which obviously limits the size of your ARC, since that's its purpose). In practice, this reduction in the target size is both pretty sticky and rather mysterious (as ZFS on Linux doesn't currently expose enough statistics to tell why your ARC target size shrunk in any particular case).
Err codemadness.org 70 i 19443 Err codemadness.org 70 i 19444
The net effect is that the ZFS ARC is not infrequently quite shy and hesitant about using memory, in stark contrast to Linux's normal filesystem cache. The default maximum ARC size starts out as only half of your RAM (unlike the regular filesystem cache, which will use all of it), and then it shrinks from there, sometimes very significantly, and once shrunk it only recovers slowly (if at all).
Err codemadness.org 70 i 19445

Err codemadness.org 70 i 19446 Err codemadness.org 70 i 19447

Err codemadness.org 70 i 19448 Err codemadness.org 70 i 19449

News Roundup

Err codemadness.org 70 i 19450 Err codemadness.org 70 i 19451

Hammer2 is now default

Err codemadness.org 70 i 19452 Err codemadness.org 70 i 19453

commit a49112761c919d42d405ec10252eb0553662c824	Err	codemadness.org	70
i 19454 Author: Matthew Dillon 	Err	codemadness.org	70
i 19455 Date:   Mon Jun 10 17:53:46 2019 -0700	Err	codemadness.org	70
i 19456 	Err	codemadness.org	70
i 19457     installer - Default to HAMMER2	Err	codemadness.org	70
i 19458 	Err	codemadness.org	70
i 19459     * Change the installer default from HAMMER1 to HAMMER2.	Err	codemadness.org	70
i 19460 	Err	codemadness.org	70
i 19461     * Adjust the nrelease build to print the location of the image files	Err	codemadness.org	70
i 19462       when it finishes.	Err	codemadness.org	70
i 19463 	Err	codemadness.org	70
i 19464 Summary of changes:	Err	codemadness.org	70
i 19465  nrelease/Makefile                          |  2 +-	Err	codemadness.org	70
i 19466  usr.sbin/installer/dfuibe_installer/flow.c | 20 ++++++++++----------	Err	codemadness.org	70
i 19467  2 files changed, 11 insertions(+), 11 deletions(-)	Err	codemadness.org	70
i 19468 	Err	codemadness.org	70
i 19469 http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a49112761c919d42d405ec10252eb0553662c824	Err	codemadness.org	70
i 19470

Err codemadness.org 70 i 19471 Err codemadness.org 70 i 19472

Err codemadness.org 70 i 19473 Err codemadness.org 70 i 19474

NetBSD audio – an application perspective

Err codemadness.org 70 i 19475 Err codemadness.org 70 i 19476

Err codemadness.org 70 i 19477
NetBSD audio – an application perspective ... or, "doing it natively, because we can"
Err codemadness.org 70 i 19478

Err codemadness.org 70 i 19479 Err codemadness.org 70 i 19480

audio options for NetBSD in pkgsrc
Err codemadness.org 70 i 19482 Err codemadness.org 70 i 19483
- Use NetBSD native audio (sun audio/audioio.h)
- Or OSS emulation layer: Basically a wrapper around sun audio in the kernel. Incomplete and old version, but works for simple stuff
Many many abstraction layers available:
Err codemadness.org 70 i 19488 Err codemadness.org 70 i 19489
- OpenAL-Soft
- alsa-lib (config file required)
- libao, GStreamer (plugins!)
- PortAudio, SDL
- PulseAudio, JACK
- ... lots more!? some obsolete stuff (esd, nas?)
Advantages of using NetBSD audio directly
Err codemadness.org 70 i 19498 Err codemadness.org 70 i 19499
- Low latency, low CPU usage: Abstraction layers differ in latency (SDL2 vs ALSA/OpenAL)
- Query device information: Is /dev/audio1 a USB microphone or another sound card?
- Avoid bugs from excessive layering
- Nice API, well documented: [nia note: I had no idea how to write audio code. I read a man page and now I do.]
- Your code might work on illumos too
[nia note: SDL2 seems very sensitive to the blk_ms sysctl being high or low, with other implementations there seems to be a less noticable difference. I don't know why.]

Err codemadness.org 70 i 19508 Err codemadness.org 70 i 19509

Err codemadness.org 70 i 19510 Err codemadness.org 70 i 19511

New FreeNAS Mini

Err codemadness.org 70 i 19512 Err codemadness.org 70 i 19513

Err codemadness.org 70 i 19514
Two new FreeNAS Mini systems join the very popular FreeNAS Mini and Mini XL:
Err codemadness.org 70 i 19515 Err codemadness.org 70 i 19516
FreeNAS Mini XL+: This powerful 10 Bay platform (8x 3.5” and 1x 2.5” hot-swap, 1x 2.5” internal) includes the latest, compact server technology and provides dual 10GbE ports, 8 CPU cores and 32 GB RAM for high performance workgroups. The Mini XL+ scales beyond 100TB and is ideal for very demanding applications, including hosting virtual machines and multimedia editing. Starting at $1499, the Mini XL+ configured with cache SSD and 80 TB capacity is $4299, and consumes about 100 Watts.
Err codemadness.org 70 i 19517 Err codemadness.org 70 i 19518
FreeNAS Mini E: This cost-effective 4 Bay platform provides the resources required for SOHO use with quad GbE ports and 8 GB of RAM. The Mini E is ideal for file sharing, streaming and transcoding video at 1080p. Starting at $749, the Mini E configured with 8 TB capacity is $999, and consumes about 36 Watts.
Err codemadness.org 70 i 19519

Err codemadness.org 70 i 19520 Err codemadness.org 70 i 19521

Err codemadness.org 70 i 19522 Err codemadness.org 70 i 19523

Beastie Bits

Err codemadness.org 70 i 19524 Err codemadness.org 70 i 19525

Welcome to NetBSD 9.99.1!
Berkeley smorgasbord — part II
dtracing postgres
Project Trident 19.07-U1 now available
Need a Secure Operating System? Take a Look at OpenBSD

Err codemadness.org 70 i 19532 Err codemadness.org 70 i 19533

Err codemadness.org 70 i 19534 Err codemadness.org 70 i 19535

Feedback/Questions

Err codemadness.org 70 i 19536 Err codemadness.org 70 i 19537

Jeff - OpenZFS Port Testing Feedback
Malcolm - Best Practices for Custom Ports
Michael - Little Correction

Err codemadness.org 70 i 19542 Err codemadness.org 70 i 19543

Err codemadness.org 70 i 19544 Err codemadness.org 70 i 19545

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 19548 Err codemadness.org 70 i 19549

Err codemadness.org 70 i 19550 Err codemadness.org 70 i 19551 Err codemadness.org 70 i 19552 Err codemadness.org 70 i 19553 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 19554 ]]> Err codemadness.org 70 i 19555

Episode 309: Get Your Telnet Fix

Allan Jude — Wed, 31 Jul 2019 20:45:00 -0700

Err codemadness.org 70 i 19806 DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.

Err codemadness.org 70 i 19807 Err codemadness.org 70 i 19808

Headlines

Err codemadness.org 70 i 19809 Err codemadness.org 70 i 19810

DragonFlyBSD Project Update - colo upgrade, future trends

Err codemadness.org 70 i 19811 Err codemadness.org 70 i 19812

Err codemadness.org 70 i 19813
For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.
Err codemadness.org 70 i 19814 Err codemadness.org 70 i 19815
The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.
Err codemadness.org 70 i 19816 Err codemadness.org 70 i 19817
Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.
Err codemadness.org 70 i 19818 Err codemadness.org 70 i 19819
Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get.
Err codemadness.org 70 i 19820 Err codemadness.org 70 i 19821
The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.
Err codemadness.org 70 i 19822 Err codemadness.org 70 i 19823
Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.
Err codemadness.org 70 i 19824

Err codemadness.org 70 i 19825 Err codemadness.org 70 i 19826

Err codemadness.org 70 i 19827 Err codemadness.org 70 i 19828

Resuming ZFS send

Err codemadness.org 70 i 19829 Err codemadness.org 70 i 19830

Err codemadness.org 70 i 19831
One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?
Err codemadness.org 70 i 19832 Err codemadness.org 70 i 19833
For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.
Err codemadness.org 70 i 19834 Err codemadness.org 70 i 19835
In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.
Err codemadness.org 70 i 19836

Err codemadness.org 70 i 19837 Err codemadness.org 70 i 19838

Err codemadness.org 70 i 19839 Err codemadness.org 70 i 19840

News Roundup

Err codemadness.org 70 i 19841 Err codemadness.org 70 i 19842

Realtime bandwidth terminal graph visualization

Err codemadness.org 70 i 19843 Err codemadness.org 70 i 19844

Err codemadness.org 70 i 19845
If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.
Err codemadness.org 70 i 19846 Err codemadness.org 70 i 19847
The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.
Err codemadness.org 70 i 19848

Err codemadness.org 70 i 19849 Err codemadness.org 70 i 19850

Err codemadness.org 70 i 19851 Err codemadness.org 70 i 19852

fixing telnet fixes

Err codemadness.org 70 i 19853 Err codemadness.org 70 i 19854

Err codemadness.org 70 i 19855
There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.
Err codemadness.org 70 i 19856 Err codemadness.org 70 i 19857
Err codemadness.org 70 i 19858
The first line is indented with spaces while the others use tabs.
Err codemadness.org 70 i 19859
The correct type for string length is size_t not unsigned int.
Err codemadness.org 70 i 19860
sizeof(char) is always one. There’s no need to multiply by it.
Err codemadness.org 70 i 19861
If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)
Err codemadness.org 70 i 19862
Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.
Err codemadness.org 70 i 19863
Return value of malloc is not checked for NULL.
Err codemadness.org 70 i 19864
No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?
Err codemadness.org 70 i 19865
The whole operation could be simplified by using asprintf.
Err codemadness.org 70 i 19866
Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.
Err codemadness.org 70 i 19867
Err codemadness.org 70 i 19868

Err codemadness.org 70 i 19869 Err codemadness.org 70 i 19870

Err codemadness.org 70 i 19871 Err codemadness.org 70 i 19872

A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln

Err codemadness.org 70 i 19873 Err codemadness.org 70 i 19874

Err codemadness.org 70 i 19875
Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I got an interesting but unexpected responsive record:
Err codemadness.org 70 i 19876

Err codemadness.org 70 i 19877 Err codemadness.org 70 i 19878

Freedom of Information Act: FBI: OpenBSD
GitHub Repo

Err codemadness.org 70 i 19882 Err codemadness.org 70 i 19883

Err codemadness.org 70 i 19884 Err codemadness.org 70 i 19885

Beastie Bits

Err codemadness.org 70 i 19886 Err codemadness.org 70 i 19887

“Sudo Mastery, 2nd Edition” open for tech review
FreeBSD Journal: FreeBSD for Makers
OpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya
FreeBSD 12.0: WINE Gaming
Introduction to the Structure and Interpretation of TNF (The NetBSD Foundation)
vBSDcon speakers announced

Err codemadness.org 70 i 19895 Err codemadness.org 70 i 19896

Err codemadness.org 70 i 19897 Err codemadness.org 70 i 19898

Feedback/Questions

Err codemadness.org 70 i 19899 Err codemadness.org 70 i 19900

Pat - NYCBug Aug 7th
Tyler - SSH keys vs password
Lars - Tor-Talk

Err codemadness.org 70 i 19905 Err codemadness.org 70 i 19906

Err codemadness.org 70 i 19907 Err codemadness.org 70 i 19908

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 19911 Err codemadness.org 70 i 19912

Err codemadness.org 70 i 19913 Err codemadness.org 70 i 19914 Err codemadness.org 70 i 19915 Err codemadness.org 70 i 19916 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 19917 ]]> Err codemadness.org 70 i 19918

308: Mumbling with OpenBSD

Allan Jude — Wed, 24 Jul 2019 20:00:00 -0700

Err codemadness.org 70 i 20105 Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.

Err codemadness.org 70 i 20106 Err codemadness.org 70 i 20107

Headlines

Err codemadness.org 70 i 20108 Err codemadness.org 70 i 20109

Replacing a (silently) failing disk in a ZFS pool

Err codemadness.org 70 i 20110 Err codemadness.org 70 i 20111

Err codemadness.org 70 i 20112
Maybe I can’t read, but I have the feeling that official documentations explain every single corner case for a given tool, except the one you will actually need. My today’s struggle: replacing a disk within a FreeBSD ZFS pool.
Err codemadness.org 70 i 20113 What? there’s a shitton of docs on this topic! Are you stupid?
Err codemadness.org 70 i 20114 I don’t know, maybe. Yet none covered the process in a simple, straight and complete manner.
Err codemadness.org 70 i 20115

Err codemadness.org 70 i 20116 Err codemadness.org 70 i 20117

Err codemadness.org 70 i 20118 Err codemadness.org 70 i 20119

OPNsense 19.7 RC1 released

Err codemadness.org 70 i 20120 Err codemadness.org 70 i 20121

Err codemadness.org 70 i 20122
Hi there,
Err codemadness.org 70 i 20123 For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
Err codemadness.org 70 i 20124 We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.
Err codemadness.org 70 i 20125 Download links, an installation guide[1] and the checksums for the images can be found below as well.
Err codemadness.org 70 i 20126

Err codemadness.org 70 i 20127 Err codemadness.org 70 i 20128

Err codemadness.org 70 i 20129 Err codemadness.org 70 i 20130

News Roundup

Err codemadness.org 70 i 20131 Err codemadness.org 70 i 20132

Implementation of DRM ioctl Support for NetBSD kernel

Err codemadness.org 70 i 20133 Err codemadness.org 70 i 20134

What is DRM ioctl ?

Err codemadness.org 70 i 20137 Err codemadness.org 70 i 20138

Err codemadness.org 70 i 20139
Ioctls are input/output control system calls and DRM stands for direct rendering manager The DRM layer provides several services to graphics drivers, many of them driven by the application interfaces it provides through libdrm, the library that wraps most of the DRM ioctls. These include vblank event handling, memory management, output management, framebuffer management, command submission & fencing, suspend/resume support, and DMA services.
Err codemadness.org 70 i 20140

Err codemadness.org 70 i 20141 Err codemadness.org 70 i 20142

Native DRM ioctl calls

Err codemadness.org 70 i 20145 Err codemadness.org 70 i 20146

Err codemadness.org 70 i 20147
NetBSD was able to make native DRM ioctl calls with hardware rendering once xorg and proper mesa packages where installed. We used the glxinfo and glxgears applications to test this out.
Err codemadness.org 70 i 20148

Err codemadness.org 70 i 20149 Err codemadness.org 70 i 20150

Err codemadness.org 70 i 20151 Err codemadness.org 70 i 20152

High quality / low latency VOIP server with umurmur/Mumble on OpenBSD

Err codemadness.org 70 i 20153 Err codemadness.org 70 i 20154

Err codemadness.org 70 i 20155
Discord users keep telling about their so called discord server, which is not dedicated to them at all. And Discord has a very bad quality and a lot of voice distorsion.
Err codemadness.org 70 i 20156 Why not run your very own mumble server with high voice quality and low latency and privacy respect? This is very easy to setup on OpenBSD!
Err codemadness.org 70 i 20157 Mumble is an open source voip client, it has a client named Mumble (available on various operating system) and at least Android, the server part is murmur but there is a lightweight server named umurmur. People authentication is done through certificate generated locally and automatically accepted on a server, and the certificate get associated with a nickname. Nobody can pick the same nickname as another person if it’s not the same certificate.
Err codemadness.org 70 i 20158

Err codemadness.org 70 i 20159 Err codemadness.org 70 i 20160

Err codemadness.org 70 i 20161 Err codemadness.org 70 i 20162

TMWL June’19 — JS Fetch API, scheduling in Spring, thoughts on Unix

Err codemadness.org 70 i 20163 Err codemadness.org 70 i 20164

Unix — going back to the roots

Err codemadness.org 70 i 20167 Err codemadness.org 70 i 20168

Err codemadness.org 70 i 20169
From time to time, I like to review my knowledge in a certain area, even when I feel like I know a lot about it already. I go back to the basics and read tutorials, manuals, books or watch interesting videos.
Err codemadness.org 70 i 20170 I’ve been using macOS for a couple of years now, previously being a linux user for some (relatively short) time. Both these operating systems have a common ancestor — Unix. While I’m definitely not an expert, I feel quite comfortable using linux & macOS — I understand the concepts behind the system architecture, know a lot of command line tools & navigate through the shell without a hassle. So-called unix philosophy is also close to my heart. I always feel like there’s more I could squeeze out of it.
Err codemadness.org 70 i 20171 Recently, I found that book titled “Unix for dummies, 5th edition” which was published back in… 2004. Feels literally like AGES in the computer-related world. However, it was a great shot — the book starts with the basics, providing some brief history of Unix and how it came to life. It talks a lot about the structure of the system and where certain pieces fit (eg. “standard” set of tools), and how to understand permissions and work with files & directories. There’s even a whole chapter about shell-based text editors like Vi and Emacs! Despite the fact that I am familiar with most of these, I could still find some interesting pieces & tools that I either knew existed (but never had a chance to use), or even haven’t ever heard of. And almost all of these are still valid in the modern “incarnations” of Unix’s descendants: Linux and macOS.
Err codemadness.org 70 i 20172 The book also talks about networking, surfing the web & working with email. It’s cute to see pictures of those old browsers rendering “ancient” Internet websites, but hey — this is how it looked like no more than fifteen years ago!
Err codemadness.org 70 i 20173 I can really recommend this book to anyone working on modern macOS or Linux — you will certainly find some interesting pieces. Especially if you like to go back to the roots from time to time as I do!
Err codemadness.org 70 i 20174

Err codemadness.org 70 i 20175 Err codemadness.org 70 i 20176

Err codemadness.org 70 i 20177 Err codemadness.org 70 i 20178

ThePDP-7 Where Unix Began

Err codemadness.org 70 i 20179 Err codemadness.org 70 i 20180

Err codemadness.org 70 i 20181
In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.
Err codemadness.org 70 i 20182 V0 Unix could run on only one of the PDP-7s. Of the 99 PDP-7s produced, only two had disks. Serial number 14 had an RA01 listed, presumably a disk, though of a different type. In addition to the PDP-7 being obsolete in 1970, no other PDP-7 could run Unix, limiting its appeal outside of Bell Labs. By porting Unix to the PDP-11 in 1970, the group ensured Unix would live on into the future. The PDP-9 and PDP-15 were both upgrades of the PDP-7, so to be fair, PDP-7 Unix did have a natural upgrade path (the PDP-11 out sold the 18 bit systems though ~600,000 to ~1000). Ken Thompson reports in a private email that there were 2 PDP-9s and 1 PDP-15 at Bell Labs that could run a version of the PDP-7 Unix, though those machines were viewed as born obsolete.
Err codemadness.org 70 i 20183

Err codemadness.org 70 i 20184 Err codemadness.org 70 i 20185

Err codemadness.org 70 i 20186 Err codemadness.org 70 i 20187

LLDB: watchpoints, XSTATE in ptrace() and core dumps

Err codemadness.org 70 i 20188 Err codemadness.org 70 i 20189

Err codemadness.org 70 i 20190
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 20191 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.
Err codemadness.org 70 i 20192 In June, I have finally finished the remaining ptrace() work for xstate and got it merged both on NetBSD and LLDB end (meaning it's going to make it into NetBSD 9). I have also worked on debug register support in LLDB, effectively fixing watchpoint support. Once again I had to fight some upstream regressions.
Err codemadness.org 70 i 20193

Err codemadness.org 70 i 20194 Err codemadness.org 70 i 20195

Beastie Bits

Err codemadness.org 70 i 20196 Err codemadness.org 70 i 20197

Project Trident 19.07 Available
A list of names from "Cold Blood" -- Any familiar?
fern: a curses-based mastodon client modeled off usenet news readers & pine, with an emphasis on getting to 'timeline zero'
OpenBSD Community goes Platinum for 2019!
tcp keepalive and dports on DragonFly

Err codemadness.org 70 i 20204 Err codemadness.org 70 i 20205

Err codemadness.org 70 i 20206 Err codemadness.org 70 i 20207

Feedback/Questions

Err codemadness.org 70 i 20208 Err codemadness.org 70 i 20209

Patrick - OpenZFS/ZoL Module from Ports
Brad - Services not starting
Simon - Feedback

Err codemadness.org 70 i 20214 Err codemadness.org 70 i 20215

Err codemadness.org 70 i 20216 Err codemadness.org 70 i 20217

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 20220 Err codemadness.org 70 i 20221

Err codemadness.org 70 i 20222 Err codemadness.org 70 i 20223 Err codemadness.org 70 i 20224 Err codemadness.org 70 i 20225 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 20226 ]]> Err codemadness.org 70 i 20227

307: Twitching with OpenBSD

Allan Jude — Thu, 18 Jul 2019 07:00:00 -0700

Err codemadness.org 70 i 20450 FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.

Err codemadness.org 70 i 20451 Err codemadness.org 70 i 20452

Headlines

Err codemadness.org 70 i 20453 Err codemadness.org 70 i 20454

FreeBSD 11.3-RELEASE Announcement

Err codemadness.org 70 i 20455 Err codemadness.org 70 i 20456

Err codemadness.org 70 i 20457
The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.
Err codemadness.org 70 i 20458

Err codemadness.org 70 i 20459 Err codemadness.org 70 i 20460

Some of the highlights: Err codemadness.org 70 i 20462 Err codemadness.org 70 i 20463
- The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.
- The ELF Tool Chain has been updated to version r3614.
- OpenSSL has been updated to version 1.0.2s.
- The ZFS filesystem has been updated to implement parallel mounting.
- The loader(8) has been updated to extend geli(8) support to all architectures.
- The pkg(8) utility has been updated to version 1.10.5.
- The KDE desktop environment has been updated to version 5.15.3.
- The GNOME desktop environment has been updated to version 3.28.
- The kernel will now log the jail(8) ID when logging a process exit.
- Several feature additions and updates to userland applications.
- Several network driver firmware updates.
- Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.
- Warnings have been added for IPSec algorithms deprecated in RFC 8221.
- Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.
- And more...

Err codemadness.org 70 i 20481 Err codemadness.org 70 i 20482

Err codemadness.org 70 i 20483 Err codemadness.org 70 i 20484

OpenBSD Is Now My Workstation

Err codemadness.org 70 i 20485 Err codemadness.org 70 i 20486

Err codemadness.org 70 i 20487
Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).
Err codemadness.org 70 i 20488 Err codemadness.org 70 i 20489
I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.
Err codemadness.org 70 i 20490 Err codemadness.org 70 i 20491
Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.
Err codemadness.org 70 i 20492

Err codemadness.org 70 i 20493 Err codemadness.org 70 i 20494

A Bit About Me and OpenBSD

Err codemadness.org 70 i 20497 Err codemadness.org 70 i 20498

Err codemadness.org 70 i 20499
I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.
Err codemadness.org 70 i 20500 Err codemadness.org 70 i 20501
I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.
Err codemadness.org 70 i 20502

Err codemadness.org 70 i 20503 Err codemadness.org 70 i 20504

Err codemadness.org 70 i 20505 Err codemadness.org 70 i 20506

News Roundup

Err codemadness.org 70 i 20507 Err codemadness.org 70 i 20508

Write your own fuzzer for NetBSD kernel! [Part 1]

Err codemadness.org 70 i 20509 Err codemadness.org 70 i 20510

How Fuzzing works? The dummy Fuzzer.

Err codemadness.org 70 i 20513 Err codemadness.org 70 i 20514

Err codemadness.org 70 i 20515
The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.
Err codemadness.org 70 i 20516 Err codemadness.org 70 i 20517
The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.
Err codemadness.org 70 i 20518

Err codemadness.org 70 i 20519 Err codemadness.org 70 i 20520

Coverage and Fuzzing

Err codemadness.org 70 i 20523 Err codemadness.org 70 i 20524

Err codemadness.org 70 i 20525
What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.
Err codemadness.org 70 i 20526 Err codemadness.org 70 i 20527
However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.
Err codemadness.org 70 i 20528 Err codemadness.org 70 i 20529
Additional knowledge about program state can be exploited as a feedback loop for generating new input vectors. Knowledge about the program itself and the structure of input data can also be considered. As an example, if the input data is in the form of HTML, changing characters inside the body will probably cause less problems for the parser than experimenting with headers and HTML tags.
Err codemadness.org 70 i 20530 Err codemadness.org 70 i 20531
For open source programs, we can read the source code to know what input takes which execution path. Nonetheless, this might be very time consuming, and it would be much more helpful if this can be automated. As it turns out, this process can be improved by tracing coverage of the execution
Err codemadness.org 70 i 20532

Err codemadness.org 70 i 20533 Err codemadness.org 70 i 20534

Err codemadness.org 70 i 20535 Err codemadness.org 70 i 20536

vBSDcon - CFP - Call for Papers ends July 19th

Err codemadness.org 70 i 20537 Err codemadness.org 70 i 20538

Err codemadness.org 70 i 20539
You can submit your proposal at https://easychair.org/conferences/?conf=vbsdcon2019
Err codemadness.org 70 i 20540 Err codemadness.org 70 i 20541
The talks will have a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.
Err codemadness.org 70 i 20542 Err codemadness.org 70 i 20543
If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal.
Err codemadness.org 70 i 20544 Err codemadness.org 70 i 20545
Possible topics include: How we manage a giant installation with respect to handling spam, snd/or sysadmin, and/or networking, Cool new stuff in BSD, Tell us about your project which runs on BSD.
Err codemadness.org 70 i 20546 Err codemadness.org 70 i 20547
Both users and developers are encouraged to share their experiences.
Err codemadness.org 70 i 20548

Err codemadness.org 70 i 20549 Err codemadness.org 70 i 20550

Err codemadness.org 70 i 20551 Err codemadness.org 70 i 20552

Exploiting FreeBSD-SA-19:02.fd

Err codemadness.org 70 i 20553 Err codemadness.org 70 i 20554

Err codemadness.org 70 i 20555
In February 2019 the FreeBSD project issued an advisory about a possible vulnerability in the handling of file descriptors. UNIX-like systems such as FreeBSD allow to send file descriptors to other processes via UNIX-domain sockets. This can for example be used to pass file access privileges to the receiving process.
Err codemadness.org 70 i 20556 Err codemadness.org 70 i 20557
Inside the kernel, file descriptors are used to indirectly reference a C struct which stores the relevant information about the file object. This could for instance include a reference to a vnode which describes the file for the file system, the file type, or the access privileges.
Err codemadness.org 70 i 20558 Err codemadness.org 70 i 20559
What really happens if a UNIX-domain socket is used to send a file descriptor to another process is that for the receiving process, inside the kernel a reference to this struct is created. As the new file descriptor is a reference to the same file object, all information is inherited. For instance, this can allow to give another process write access to a file on the drive even if the process owner is normally not able to open the file writable.
Err codemadness.org 70 i 20560 Err codemadness.org 70 i 20561
The advisory describes that FreeBSD 12.0 introduced a bug in this mechanism. As the file descriptor information is sent via a socket, the sender and the receiver have to allocate buffers for the procedure. If the receiving buffer is not large enough, the FreeBSD kernel attempts to close the received file descriptors to prevent a leak of these to the sender. However, while the responsible function closes the file descriptor, it fails to release the reference from the file descriptor to the file object. This could cause the reference counter to wrap.
Err codemadness.org 70 i 20562 Err codemadness.org 70 i 20563
The advisory further states that the impact of this bug is possibly a local privilege escalation to gain root privileges or a jail escape. However, no proof-of-concept was provided by the advisory authors.
Err codemadness.org 70 i 20564

Err codemadness.org 70 i 20565 Err codemadness.org 70 i 20566

In the next section, the bug itself is analyzed to make a statement about the bug class and a guess about a possible exploitation primitive.
After that, the bug trigger is addressed.
It follows a discussion of three imaginable exploitation strategies - including a discussion of why two of these approaches failed.
In the section before last, the working exploit primitive is discussed. It introduces a (at least to the author’s knowledge) new exploitation technique for these kind of vulnerabilities in FreeBSD. The stabilization of the exploit is addressed, too.
The last section wraps everything up in a conclusion and points out further steps and challenges.

Err codemadness.org 70 i 20573 Err codemadness.org 70 i 20574

Err codemadness.org 70 i 20575
The privilege escalation is now a piece of cake thanks to a technique used by kingcope, who published a FreeBSD root exploit in 2005, which writes to the file /etc/libmap.conf. This configuration file can be used to hook the loading of dynamic libraries if a program is started. The exploit therefore creates a dynamic library, which copies /bin/sh to another file and sets the suid-bit for the copy. The hooked library is libutil, which is for instance called by su. Therefore, a call to su by the user will afterwards result in a suid copy of /bin/sh.
Err codemadness.org 70 i 20576

Err codemadness.org 70 i 20577 Err codemadness.org 70 i 20578

Err codemadness.org 70 i 20579 Err codemadness.org 70 i 20580

Streaming to Twitch using OpenBSD

Err codemadness.org 70 i 20581 Err codemadness.org 70 i 20582

Introduction

Err codemadness.org 70 i 20585 Err codemadness.org 70 i 20586

Err codemadness.org 70 i 20587
If you ever wanted to make a twitch stream from your OpenBSD system, this is now possible, thanks to OpenBSD developer thfr@ who made a wrapper named fauxstream using ffmpeg with relevant parameters.
Err codemadness.org 70 i 20588 Err codemadness.org 70 i 20589
The setup is quite easy, it only requires a few steps and searching on Twitch website two informations, hopefully, to ease the process, I found the links for you.
Err codemadness.org 70 i 20590 Err codemadness.org 70 i 20591
You will need to make an account on twitch, get your api key (a long string of characters) which should stay secret because it allow anyone having it to stream on your account.
Err codemadness.org 70 i 20592

Err codemadness.org 70 i 20593 Err codemadness.org 70 i 20594

These same techniques should work for Twitch, YouTube Live, Periscope, Facebook, etc, including the live streaming service ScaleEngine provides free to BSD user groups.
There is also an open source application called ‘OBS’ or Open Broadcaster Studio. It is in FreeBSD ports and should work on all of the other BSDs as well. It has a GUI and supports compositing and green screening. We use it heavily at ScaleEngine and it is also used at JupiterBroadcasting in place of WireCast, a $1000-per-copy commercial application.

Err codemadness.org 70 i 20598 Err codemadness.org 70 i 20599

Err codemadness.org 70 i 20600 Err codemadness.org 70 i 20601

Beastie Bits

Err codemadness.org 70 i 20602 Err codemadness.org 70 i 20603

Portland BSD Pizza Night - 2019-07-25 19:00 - Rudy's Gourmet Pizza
KnoxBUG - Michael W. Lucas : Twenty Years in Jail
Ohio Linuxfest - CFP - Closes August 17th
My college (NYU Tandon) is moving their CS department and I saw this on a shelf being moved
3 different ways of dumping hex contents of a file

Err codemadness.org 70 i 20610 Err codemadness.org 70 i 20611

Err codemadness.org 70 i 20612 Err codemadness.org 70 i 20613

Feedback/Questions

Err codemadness.org 70 i 20614 Err codemadness.org 70 i 20615

Sebastian - ZFS setup toward ESXi
Christopher - Questions
Ser - Bhyve and Microsoft SQL

Err codemadness.org 70 i 20620 Err codemadness.org 70 i 20621

Err codemadness.org 70 i 20622 Err codemadness.org 70 i 20623

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 20626 Err codemadness.org 70 i 20627

Err codemadness.org 70 i 20628 Err codemadness.org 70 i 20629 Err codemadness.org 70 i 20630 Err codemadness.org 70 i 20631 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 20632 ]]> Err codemadness.org 70 i 20633

306: Comparing Hammers

Allan Jude — Thu, 11 Jul 2019 07:00:00 -0700

Err codemadness.org 70 i 20888 Am5x86 based retro UNIX build log, setting up services in a FreeNAS Jail, first taste of DragonflyBSD, streaming Netflix on NetBSD, NetBSD on the last G4 Mac mini, Hammer vs Hammer2, and more.

Err codemadness.org 70 i 20889 Err codemadness.org 70 i 20890

Err codemadness.org 70 i 20891 Err codemadness.org 70 i 20892

Headlines

Err codemadness.org 70 i 20893 Err codemadness.org 70 i 20894

Polprog's Am5x86 based retro UNIX build log

Err codemadness.org 70 i 20895 Err codemadness.org 70 i 20896

Err codemadness.org 70 i 20897
I have recently acquired an Am5x86 computer, in a surprisingly good condition. This is an ongoing project, check this page often for updates!
Err codemadness.org 70 i 20898 Err codemadness.org 70 i 20899
I began by connecting a front panel. The panel came from a different chassis and is slightly too wide, so I had to attach it with a couple of zip-ties. However, that makes it stick out from the PC front at an angle, allowing easy access when the computer sits at the floor - and thats where it is most of the time. It's not that bad, to be honest, and its way easier to access than it would be, if mounted vertically
Err codemadness.org 70 i 20900 Err codemadness.org 70 i 20901
There is a mains switch on the front panel because the computer uses an older style power supply. Those power supplies instead of relying on a PSON signal, like modern ATX supplies, run a 4 wire cable to a mains switch. The cable carries live and neutral both ways, and the switch keys in or out the power. The system powers on as soon as the switch is enabled.
Err codemadness.org 70 i 20902 Err codemadness.org 70 i 20903
Originally there was no graphics card in it. Since a PC will not boot with out a GPU, I had to find one. The mainboard only has PCI and ISA slots, and all the GPUs I had were AGP. Fortunately, I bought a PCI GPU hoping it would solve my issue...
Err codemadness.org 70 i 20904 Err codemadness.org 70 i 20905
However the GPU turned out to be faulty. It took me some time to repair it. I had to repair a broken trace leading to one of the EEPROM pins, and replace a contact in the EEPROM's socket. Then I replaced all the electrolytic capacitors on it, and that fixed it for good.
Err codemadness.org 70 i 20906 Err codemadness.org 70 i 20907
Having used up only one of the three PCI slots, I populated the remaining pair with two ethernet cards. I still have a bunch of ISA slots available, but I have nothing to install there. Yet.
Err codemadness.org 70 i 20908

Err codemadness.org 70 i 20909 Err codemadness.org 70 i 20910

See the article for the rest of the writeup

Err codemadness.org 70 i 20913 Err codemadness.org 70 i 20914

Err codemadness.org 70 i 20915 Err codemadness.org 70 i 20916

Setting up services in a FreeNAS Jail

Err codemadness.org 70 i 20917 Err codemadness.org 70 i 20918

Err codemadness.org 70 i 20919
This piece demonstrates the setup of a server service in a FreeNAS jail and how to share files with a jail using Apache 2.4 as an example. Jails are powerful, self-contained FreeBSD environments with separate network settings, package management, and access to thousands of FreeBSD application packages. Popular packages such as Apache, NGINX, LigHTTPD, MySQL, and PHP can be found and installed with the pkg search and pkg install commands.
Err codemadness.org 70 i 20920 Err codemadness.org 70 i 20921
This example shows creating a jail, installing an Apache web server, and setting up a simple web page.
Err codemadness.org 70 i 20922 Err codemadness.org 70 i 20923
NOTE: Do not directly attach FreeNAS to an external network (WAN). Use port forwarding, proper firewalls and DDoS protections when using FreeNAS for external web sites. This example demonstrates expanding the functionality of FreeNAS in an isolated LAN environment.
Err codemadness.org 70 i 20924

Err codemadness.org 70 i 20925 Err codemadness.org 70 i 20926

Err codemadness.org 70 i 20927 Err codemadness.org 70 i 20928

News Roundup

Err codemadness.org 70 i 20929 Err codemadness.org 70 i 20930

First taste of DragonflyBSD

Err codemadness.org 70 i 20931 Err codemadness.org 70 i 20932

Err codemadness.org 70 i 20933
Last week, I needed to pick a BSD Operating System which supports NUMA to do some testing, so I decided to give Dragonfly BSD a shot. Dragonfly BSDonly can run on X86_64 architecture, which reminds me of Arch Linux, and after some tweaking, I feel Dragonfly BSD may be a “developer-friendly” Operating System, at least for me.
Err codemadness.org 70 i 20934 Err codemadness.org 70 i 20935
I mainly use Dragonfly BSD as a server, so I don’t care whether GUI is fancy or not. But I have high requirements of developer tools, i.e., compiler and debugger. The default compiler of Dragonfly BSD is gcc 8.3, and I can also install clang 8.0.0 from package. This means I can test state-of-the-art features of compilers, and it is really important for me. gdb‘s version is 7.6.1, a little lag behind, but still OK.
Err codemadness.org 70 i 20936 Err codemadness.org 70 i 20937
Furthermore, the upgradation of Dragonfly BSD is pretty simple and straightforward. I followed document to upgrade my Operating System to 5.6.0 this morning, just copied and pasted, no single error, booted successfully.
Err codemadness.org 70 i 20938

Err codemadness.org 70 i 20939 Err codemadness.org 70 i 20940

Err codemadness.org 70 i 20941 Err codemadness.org 70 i 20942

Streaming Netflix on NetBSD

Err codemadness.org 70 i 20943 Err codemadness.org 70 i 20944

Err codemadness.org 70 i 20945
Here's a step-by-step guide that allows streaming Netflix media on NetBSD using a intel-haxm accelerated QEMU vm.
Err codemadness.org 70 i 20946 Err codemadness.org 70 i 20947
Heads-up! Sound doesn't work, but everything else is fine. Please read the rest of this thread for a solution to this!!
Err codemadness.org 70 i 20948

Err codemadness.org 70 i 20949 Err codemadness.org 70 i 20950

Err codemadness.org 70 i 20951 Err codemadness.org 70 i 20952

“Sudo Mastery 2nd Edition” cover art reveal

Err codemadness.org 70 i 20953 Err codemadness.org 70 i 20954

Err codemadness.org 70 i 20955
I’m about halfway through the new edition of Sudo Mastery. Assuming nothing terrible happens, should have a complete first draft in four to six weeks. Enough stuff has changed in sudo that I need to carefully double-check every single feature. (I’m also horrified by the painfully obsolete versions of sudo shipped in the latest versions of CentOS and Debian, but people running those operating systems are already accustomed to their creaky obsolescence.)
Err codemadness.org 70 i 20956 Err codemadness.org 70 i 20957
But the reason for this blog post? I have Eddie Sharam’s glorious cover art. My Patronizers saw it last month, so now the rest of you get a turn.
Err codemadness.org 70 i 20958

Err codemadness.org 70 i 20959 Err codemadness.org 70 i 20960

Err codemadness.org 70 i 20961 Err codemadness.org 70 i 20962

NetBSD on the last G4 Mac mini

Err codemadness.org 70 i 20963 Err codemadness.org 70 i 20964

Err codemadness.org 70 i 20965
I'm a big fan of NetBSD. I've run it since 2000 on a Mac IIci (of course it's still running it) and I ran it for several years on a Power Mac 7300 with a G3 card which was the second incarnation of the Floodgap gopher server. Today I also still run it on a MIPS-based Cobalt RaQ 2 and an HP Jornada 690. I think NetBSD is a better match for smaller or underpowered systems than current-day Linux, and is fairly easy to harden and keep secure even though none of these systems are exposed to the outside world.
Err codemadness.org 70 i 20966 Err codemadness.org 70 i 20967
Recently I had a need to set up a bridge system that would be fast enough to connect two networks and I happened to have two of the "secret" last-of-the-line 1.5GHz G4 Mac minis sitting on the shelf doing nothing. Yes, they're probably outclassed by later Raspberry Pi models, but I don't have to buy anything and I like putting old hardware to good use.
Err codemadness.org 70 i 20968

Err codemadness.org 70 i 20969 Err codemadness.org 70 i 20970

Err codemadness.org 70 i 20971 Err codemadness.org 70 i 20972

Hammer vs Hammer2

Err codemadness.org 70 i 20973 Err codemadness.org 70 i 20974

Err codemadness.org 70 i 20975
With the newly released DragonFlyBSD 5.6 there are improvements to its original HAMMER2 file-system to the extent that it's now selected by its installer as the default file-system choice for new installations. Curious how the performance now compares between HAMMER and HAMMER2, here are some initial benchmarks on an NVMe solid-state drive using DragonFlyBSD 5.6.0.
Err codemadness.org 70 i 20976 Err codemadness.org 70 i 20977
With a 120GB Toshiba NVMe SSD on an Intel Core i7 8700K system, I ran some benchmarks of DragonFlyBSD 5.6.0 freshly installed with HAMMER2 and then again when returning to the original HAMMER file-system that remains available via its installer. No other changes were made to the setup during testing.
Err codemadness.org 70 i 20978 Err codemadness.org 70 i 20979
And then for the more synthetic workloads it was just a mix. But overall HAMMER2 was performing well during the initial testing and great to see it continuing to offer noticeable leads in real-world workloads compared to the aging HAMMER file-system. HAMMER2 also offers better clustering, online deduplication, snapshots, compression, encryption, and many other modern file-system features.
Err codemadness.org 70 i 20980

Err codemadness.org 70 i 20981 Err codemadness.org 70 i 20982

Err codemadness.org 70 i 20983 Err codemadness.org 70 i 20984

Beastie Bits

Err codemadness.org 70 i 20985 Err codemadness.org 70 i 20986

Unix CLI relational database
The TTY demystified
Ranger, a console file manager with VI keybindings
Some Unix Humor
OpenBSD -import vulkan-loader for Vulkan API support
FreeBSD ZFS without drives

Err codemadness.org 70 i 20994 Err codemadness.org 70 i 20995

Err codemadness.org 70 i 20996 Err codemadness.org 70 i 20997

Feedback/Questions

Err codemadness.org 70 i 20998 Err codemadness.org 70 i 20999

Moritz - ARM Builds
Dave - Videos
Chris - Raspberry Pi4

Err codemadness.org 70 i 21004 Err codemadness.org 70 i 21005

Err codemadness.org 70 i 21006 Err codemadness.org 70 i 21007

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 21010 Err codemadness.org 70 i 21011

Err codemadness.org 70 i 21012 Err codemadness.org 70 i 21013 Err codemadness.org 70 i 21014 Err codemadness.org 70 i 21015 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 21016 ]]> Err codemadness.org 70 i 21017

305: Changing face of Unix

Allan Jude — Wed, 03 Jul 2019 19:00:00 -0700

Err codemadness.org 70 i 21225 Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.

Err codemadness.org 70 i 21226 Err codemadness.org 70 i 21227

Headlines

Err codemadness.org 70 i 21228 Err codemadness.org 70 i 21229

Website protection with OPNsense

Err codemadness.org 70 i 21230 Err codemadness.org 70 i 21231

with nginx plugin OPNsense become a strong full featured Web Application Firewall (WAF)

Err codemadness.org 70 i 21234 Err codemadness.org 70 i 21235

Err codemadness.org 70 i 21236
The OPNsense security platform can help you to protect your network and your webservers with the nginx plugin addition.
Err codemadness.org 70 i 21237 In old days, install an open source firewall was a very trick task, but today it can be done with few clicks (or key strokes). In this article I'll not describe the detailed OPNsense installation process, but you can watch this video that was extracted from my OPNsense course available in Udemy. The video is in portuguese language, but with the translation CC Youtube feature you may be able to follow it without problems (if you don't are a portuguese speaker ofcourse) :-)
Err codemadness.org 70 i 21238 Err codemadness.org 70 i 21239
Err codemadness.org 70 i 21240
See the article for the rest of the writeup
Err codemadness.org 70 i 21241
Err codemadness.org 70 i 21242

Err codemadness.org 70 i 21243 Err codemadness.org 70 i 21244

Err codemadness.org 70 i 21245 Err codemadness.org 70 i 21246

FreeBSD Support Pull Request against the ZFS-on-Linux repo

Err codemadness.org 70 i 21247 Err codemadness.org 70 i 21248

This pull request integrates the sysutils/openzfs port’s sources into the upstream ZoL repo Err codemadness.org 70 i 21250 > Adding FreeBSD support to ZoL will make it easier to move changes back and forth between FreeBSD and Linux Err codemadness.org 70 i 21251 > Refactor tree to separate out Linux and FreeBSD specific code Err codemadness.org 70 i 21252 > import FreeBSD's SPL Err codemadness.org 70 i 21253 > add ifdefs in common code where it made more sense to do so than duplicate the code in separate files Err codemadness.org 70 i 21254 > Adapted ZFS Test Suite to run on FreeBSD and all tests that pass on ZoL passing on ZoF
The plan to officially rename the common repo from ZFSonLinux to OpenZFS was announced at the ZFS Leadership Meeting on June 25th
Video of Leadership Meeting
Meeting Agenda and Notes
This will allow improvements made on one OS to be made available more easily (and more quickly) to the other platforms
For example, mav@’s recent work:
Add wakeup_any(), cheaper version of wakeup_one() for taskqueue(9) Err codemadness.org 70 i 21261 > As result, on 72-core Xeon v4 machine sequential ZFS write to 12 ZVOLs with 16KB block size spend 34% less time in wakeup_any() and descendants then it was spending in wakeup_one(), and total write throughput increased by ~10% with the same as before CPU usage.

Err codemadness.org 70 i 21263 Err codemadness.org 70 i 21264

Err codemadness.org 70 i 21265 Err codemadness.org 70 i 21266

News Roundup

Err codemadness.org 70 i 21267 Err codemadness.org 70 i 21268

Episode 5 Notes - How much has UNIX changed?

Err codemadness.org 70 i 21269 Err codemadness.org 70 i 21270

Err codemadness.org 70 i 21271
UNIX-like systems have dominated computing for decades, and with the rise of the internet and mobile devices their reach has become even larger. True, most systems now use more modern OSs like Linux, but how much has the UNIX-like landscape changed since the early days?
Err codemadness.org 70 i 21272 So, my question was this: how close is a modern *NIX userland to some of the earliest UNIX releases? To do this I'm going to compare a few key points of a modern Linux system with the earliest UNIX documentation I can get my hands on. The doc I am going to be covering(https://www.tuhs.org/Archive/Distributions/Research/Dennis_v1/UNIX_ProgrammersManual_Nov71.pdf) is from November 1971, predating v1 of the system.
Err codemadness.org 70 i 21273 I think the best place to start this comparison is to look at one of the highest-profile parts of the OS, that being the file system. Under the hood modern EXT file systems are completely different from the early UNIX file systems. However, they are still presented in basically the same way, as a heirerarchicat structure of directories with device files. So paths still look identical, and navigating the file system still functions the same. Often used commands like ls, cp, mv, du, and df function the same. So are mount and umount. But, there are some key differences. For instance, cd didn't exist, yet instead chdir filled its place. Also, chmod is somewhat different. Instead of the usual 3-digit octal codes for permissions, this older version only uses 2 digits. Really, that difference is due to the underlying file system using a different permission set than modern systems. For the most part, all the file handling is actually pretty close to a Linux system from 2019.
Err codemadness.org 70 i 21274

Err codemadness.org 70 i 21275 Err codemadness.org 70 i 21276

See the article for the rest of the writeup

Err codemadness.org 70 i 21279 Err codemadness.org 70 i 21280

Err codemadness.org 70 i 21281 Err codemadness.org 70 i 21282

Porting Wine to amd64 on NetBSD

Err codemadness.org 70 i 21283 Err codemadness.org 70 i 21284

Err codemadness.org 70 i 21285
I have been working on porting Wine to amd64 on NetBSD as a GSoC 2019 project. Wine is a compatibility layer which allows running Microsoft Windows applications on POSIX-complaint operating systems. This report provides an overview of the progress of the project during the first coding period.
Err codemadness.org 70 i 21286 Initially, when I started working on getting Wine-4.4 to build and run on NetBSD i386 the primary issue that I faced was Wine displaying black windows instead of UI, and this applied to any graphical program I tried running with Wine.
Err codemadness.org 70 i 21287 I suspected it , as it is related to graphics, to be an issue with the graphics driver or Xorg. Subsequently, I tried building modular Xorg, and I tried running Wine on it only to realize that Xorg being modular didn't affect it in the least. After having tried a couple of configurations, I realized that trying to hazard out every other probability is going to take an awful lot of time that I didn't have. This motivated me to bisect the repo using git, and find the first version of Wine which failed on NetBSD.
Err codemadness.org 70 i 21288 Err codemadness.org 70 i 21289
Err codemadness.org 70 i 21290
See the article for the rest of the writeup
Err codemadness.org 70 i 21291
Err codemadness.org 70 i 21292

Err codemadness.org 70 i 21293 Err codemadness.org 70 i 21294

Err codemadness.org 70 i 21295 Err codemadness.org 70 i 21296

FreeBSD Enterprise 1 PB Storage

Err codemadness.org 70 i 21297 Err codemadness.org 70 i 21298

Err codemadness.org 70 i 21299
Today FreeBSD operating system turns 26 years old. 19 June is an International FreeBSD Day. This is why I got something special today :). How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.
Err codemadness.org 70 i 21300 Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity.
Err codemadness.org 70 i 21301 This project is different. How much storage space can you squeeze from a single 4U system? It turns out a lot! Definitely more then 1 PB (1024 TB) of raw storage space.
Err codemadness.org 70 i 21302

Err codemadness.org 70 i 21303 Err codemadness.org 70 i 21304

See the article for the rest of the writeup

Err codemadness.org 70 i 21307 Err codemadness.org 70 i 21308

Err codemadness.org 70 i 21309 Err codemadness.org 70 i 21310

The death watch for the X Window System (aka X11) has probably started

Err codemadness.org 70 i 21311 Err codemadness.org 70 i 21312

Err codemadness.org 70 i 21313
Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.
Err codemadness.org 70 i 21314 I have no idea how true this is about X.org X server maintenance, either now or in the future, but I definitely think it's a sign that developers have started saying this. If Gnome developers feel that X.org is going to be in hard maintenance mode almost immediately, they're probably pretty likely to also put the Gnome code that deals with X into hard maintenance mode. And public Gnome statements about this (and public action or lack of it) provide implicit support for KDE and any other desktop to move in this direction if they want to (and probably create some pressure to do so). I've known that Wayland was the future for some time, but I would still like it to not arrive any time soon.
Err codemadness.org 70 i 21315

Err codemadness.org 70 i 21316 Err codemadness.org 70 i 21317

Err codemadness.org 70 i 21318 Err codemadness.org 70 i 21319

Beastie Bits

Err codemadness.org 70 i 21320 Err codemadness.org 70 i 21321

Porting NetBSD to Risc-V -- Video
FreeBSD 11.3RC3 Available
Open Source Could Be a Casualty of the Trade War
Celebrate UNIX50 and SDF32
doas environmental security

Err codemadness.org 70 i 21328 Err codemadness.org 70 i 21329

Err codemadness.org 70 i 21330 Err codemadness.org 70 i 21331

Feedback/Questions

Err codemadness.org 70 i 21332 Err codemadness.org 70 i 21333

Matt - BSD or Older Hardware
MJRodriguez - Some Playstation news
Moritz - bhyve VT-x passthrough

Err codemadness.org 70 i 21338 Err codemadness.org 70 i 21339

Err codemadness.org 70 i 21340 Err codemadness.org 70 i 21341

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 21344 Err codemadness.org 70 i 21345

Err codemadness.org 70 i 21346 Err codemadness.org 70 i 21347 Err codemadness.org 70 i 21348 Err codemadness.org 70 i 21349 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 21350 ]]> Err codemadness.org 70 i 21351

304: Prospering with Vulkan

Allan Jude — Thu, 27 Jun 2019 00:45:00 -0700

Err codemadness.org 70 i 21583 DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more.

Err codemadness.org 70 i 21584 Err codemadness.org 70 i 21585

Headlines

Err codemadness.org 70 i 21586 Err codemadness.org 70 i 21587

DragonflyBSD 5.6 is out

Err codemadness.org 70 i 21588 Err codemadness.org 70 i 21589

Version 5.6.0 released 17 June 2019
Version 5.6.1 released 19 June 2019
Big-ticket items
Improved VM
Err codemadness.org 70 i 21594 Err codemadness.org 70 i 21595
- Informal test results showing the changes from 5.4 to 5.6 are available.
- Reduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).
- Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.
- Add a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.
- Change vm_hold() and vm_unhold() semantics to not require any spin-locks.
- Change vm_page_wakeup() to not require any spin-locks.
- Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.
- Refactor the handling of fictitious pages.
- Remove m->md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).
- Refactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.
- pmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.
- Simplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.
DRM
Err codemadness.org 70 i 21610 Err codemadness.org 70 i 21611
- Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.
- Improve UEFI framebuffer support.
- A major deadlock has been fixed in the radeon/ttm code.
- Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.
- Add DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.
- Fix excessive wired memory build-ups.
- Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.
- Fix idr_*() API bugs.
HAMMER2
Err codemadness.org 70 i 21622 Err codemadness.org 70 i 21623
- The filesystem sync code has been rewritten to significantly improve performance.
- Sequential write performance also improved.
- Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.
- Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.
- Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.
- Improve umount operation.
- Fix an allocator race that could lead to corruption.
- Numerous other bugs fixed.
- Improve verbosity of CHECK (CRC error) console messages.

Err codemadness.org 70 i 21635 Err codemadness.org 70 i 21636

Err codemadness.org 70 i 21637 Err codemadness.org 70 i 21638

OpenBSD Vulkan Support

Err codemadness.org 70 i 21639 Err codemadness.org 70 i 21640

Err codemadness.org 70 i 21641
Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.
Err codemadness.org 70 i 21642 This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.
Err codemadness.org 70 i 21643 This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source.
Err codemadness.org 70 i 21644 Err codemadness.org 70 i 21645
Err codemadness.org 70 i 21646
A note: The BSDs are no longer that far behind.
Err codemadness.org 70 i 21647
FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)
Err codemadness.org 70 i 21648
OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34 Err codemadness.org 70 i 21649 ***
Err codemadness.org 70 i 21650
Err codemadness.org 70 i 21651

Err codemadness.org 70 i 21652 Err codemadness.org 70 i 21653

News Roundup

Err codemadness.org 70 i 21654 Err codemadness.org 70 i 21655

Bad utmp implementations in glibc and freebsd

Err codemadness.org 70 i 21656 Err codemadness.org 70 i 21657

Err codemadness.org 70 i 21658
I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.
Err codemadness.org 70 i 21659 In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).
Err codemadness.org 70 i 21660 I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.
Err codemadness.org 70 i 21661 Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.
Err codemadness.org 70 i 21662 Err codemadness.org 70 i 21663
Err codemadness.org 70 i 21664
A good find
Err codemadness.org 70 i 21665
On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk. Err codemadness.org 70 i 21666 ***
Err codemadness.org 70 i 21667
Err codemadness.org 70 i 21668

Err codemadness.org 70 i 21669 Err codemadness.org 70 i 21670

OpenSSH gets an update to protect against Side Channel attacks

Err codemadness.org 70 i 21671 Err codemadness.org 70 i 21672

Err codemadness.org 70 i 21673
Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.
Err codemadness.org 70 i 21674 SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.
Err codemadness.org 70 i 21675 However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.
Err codemadness.org 70 i 21676 In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”
Err codemadness.org 70 i 21677

Err codemadness.org 70 i 21678 Err codemadness.org 70 i 21679

Err codemadness.org 70 i 21680 Err codemadness.org 70 i 21681

ZFS vs OpenZFS

Err codemadness.org 70 i 21682 Err codemadness.org 70 i 21683

Err codemadness.org 70 i 21684
You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue.
Err codemadness.org 70 i 21685 From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.
Err codemadness.org 70 i 21686 Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.
Err codemadness.org 70 i 21687 Err codemadness.org 70 i 21688
Err codemadness.org 70 i 21689
There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here Err codemadness.org 70 i 21690 ***
Err codemadness.org 70 i 21691
Err codemadness.org 70 i 21692

Err codemadness.org 70 i 21693 Err codemadness.org 70 i 21694

Beastie Bits

Err codemadness.org 70 i 21695 Err codemadness.org 70 i 21696

How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR
KnoxBug Meetup June 27th at 6pm
BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR
Difference between $x and ${x}
Beware of Software Engineering Media Sites
How Verizon and a BGP optimizer knocked large parts of the internet offline today
DragonflyBSD - MDS mitigation added a while ago
Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway

Err codemadness.org 70 i 21706 Err codemadness.org 70 i 21707

Err codemadness.org 70 i 21708 Err codemadness.org 70 i 21709

Feedback/Questions

Err codemadness.org 70 i 21710 Err codemadness.org 70 i 21711

Dave - CheriBSD
Neb - Hello from Norway
Lars - Ansible tutorial?

Err codemadness.org 70 i 21716 Err codemadness.org 70 i 21717

Err codemadness.org 70 i 21718 Err codemadness.org 70 i 21719

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 21721 ***

Err codemadness.org 70 i 21723 Err codemadness.org 70 i 21724 Err codemadness.org 70 i 21725 Err codemadness.org 70 i 21726 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 21727 ]]> Err codemadness.org 70 i 21728

303: OpenZFS in Ports

Allan Jude — Wed, 19 Jun 2019 19:30:00 -0700

Err codemadness.org 70 i 21952 OpenZFS-kmod port available, using blacklistd with NPF as fail2ban replacement, ZFS raidz expansion alpha preview 1, audio VU-meter increases CO2 footprint rant, XSAVE and compat32 kernel work for LLDB, where icons for modern X applications come from, and more.

Err codemadness.org 70 i 21953 Err codemadness.org 70 i 21954

Headlines

Err codemadness.org 70 i 21955 Err codemadness.org 70 i 21956

ZFSonFreeBSD ports renamed OpenZFS

Err codemadness.org 70 i 21957 Err codemadness.org 70 i 21958

The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod
The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)
With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf: Err codemadness.org 70 i 21962 > zfs_load=”YES”
or Err codemadness.org 70 i 21964 > openzfs_load=”YES”
To load traditional or the newer version of ZFS
The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.
We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)
For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.
For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.
Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.
Please test and provide feedback.

Err codemadness.org 70 i 21973 Err codemadness.org 70 i 21974

Err codemadness.org 70 i 21975 Err codemadness.org 70 i 21976

How to use blacklistd(8) with NPF as a fail2ban replacement

Err codemadness.org 70 i 21977 Err codemadness.org 70 i 21978

About blacklistd(8)

Err codemadness.org 70 i 21981 Err codemadness.org 70 i 21982

Err codemadness.org 70 i 21983
blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
Err codemadness.org 70 i 21984 The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
Err codemadness.org 70 i 21985 Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
Err codemadness.org 70 i 21986 Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen
Err codemadness.org 70 i 21987

Err codemadness.org 70 i 21988 Err codemadness.org 70 i 21989

Err codemadness.org 70 i 21990 Err codemadness.org 70 i 21991

News Roundup

Err codemadness.org 70 i 21992 Err codemadness.org 70 i 21993

[WIP] raidz expansion, alpha preview 1

Err codemadness.org 70 i 21994 Err codemadness.org 70 i 21995

Motivation and Context Err codemadness.org 70 i 21997 > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks). Err codemadness.org 70 i 21998 > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video

Err codemadness.org 70 i 22000 Err codemadness.org 70 i 22001

Err codemadness.org 70 i 22002 Err codemadness.org 70 i 22003

Rant: running audio VU-meter increases my CO2 footprint

Err codemadness.org 70 i 22004 Err codemadness.org 70 i 22005

Err codemadness.org 70 i 22006
A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.
Err codemadness.org 70 i 22007 I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.
Err codemadness.org 70 i 22008 After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.
Err codemadness.org 70 i 22009 Err codemadness.org 70 i 22010
Err codemadness.org 70 i 22011
See the article for the rest...
Err codemadness.org 70 i 22012
Err codemadness.org 70 i 22013

Err codemadness.org 70 i 22014 Err codemadness.org 70 i 22015

Err codemadness.org 70 i 22016 Err codemadness.org 70 i 22017

XSAVE and compat32 kernel work for LLDB

Err codemadness.org 70 i 22018 Err codemadness.org 70 i 22019

Err codemadness.org 70 i 22020
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
Err codemadness.org 70 i 22021 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.
Err codemadness.org 70 i 22022 In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.
Err codemadness.org 70 i 22023

Err codemadness.org 70 i 22024 Err codemadness.org 70 i 22025

Err codemadness.org 70 i 22026 Err codemadness.org 70 i 22027

Some things about where icons for modern X applications come from

Err codemadness.org 70 i 22028 Err codemadness.org 70 i 22029

Err codemadness.org 70 i 22030
If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.
Err codemadness.org 70 i 22031 Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).
Err codemadness.org 70 i 22032 How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.
Err codemadness.org 70 i 22033

Err codemadness.org 70 i 22034 Err codemadness.org 70 i 22035

Err codemadness.org 70 i 22036 Err codemadness.org 70 i 22037

Beastie Bits

Err codemadness.org 70 i 22038 Err codemadness.org 70 i 22039

Recent Security Innovations
Old Unix books + Solaris
Pro-Desktop - A Tiling Desktop Environment
The Tar Pipe
At least one vim trick you might not know

Err codemadness.org 70 i 22046 Err codemadness.org 70 i 22047

Err codemadness.org 70 i 22048 Err codemadness.org 70 i 22049

Feedback/Questions

Err codemadness.org 70 i 22050 Err codemadness.org 70 i 22051

Johnny - listener feedback
Brian - Questions
Mark - ZFS Question

Err codemadness.org 70 i 22056 Err codemadness.org 70 i 22057

Err codemadness.org 70 i 22058 Err codemadness.org 70 i 22059

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 22062 Err codemadness.org 70 i 22063

Err codemadness.org 70 i 22064 Err codemadness.org 70 i 22065 Err codemadness.org 70 i 22066 Err codemadness.org 70 i 22067 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 22068 ]]> Err codemadness.org 70 i 22069

302: Contention Reduction

Allan Jude — Wed, 12 Jun 2019 20:00:00 -0700

Err codemadness.org 70 i 22282 DragonFlyBSD's kernel optimizations pay off, differences between OpenBSD and Linux, NetBSD 2019 Google Summer of Code project list, Reducing that contention, fnaify 1.3 released, vmctl(8): CLI syntax changes, and things that Linux distributions should not do when packaging.

Err codemadness.org 70 i 22283 Err codemadness.org 70 i 22284

Headlines

Err codemadness.org 70 i 22285 Err codemadness.org 70 i 22286

DragonFlyBSD's Kernel Optimizations Are Paying Off

Err codemadness.org 70 i 22287 Err codemadness.org 70 i 22288

Err codemadness.org 70 i 22289
DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.
Err codemadness.org 70 i 22290 The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)
Err codemadness.org 70 i 22291 With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.
Err codemadness.org 70 i 22292 Err codemadness.org 70 i 22293
Err codemadness.org 70 i 22294

Err codemadness.org 70 i 22295 Err codemadness.org 70 i 22296

What are the differences between OpenBSD and Linux?

Err codemadness.org 70 i 22297 Err codemadness.org 70 i 22298

Err codemadness.org 70 i 22299
Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"
Err codemadness.org 70 i 22300 I've also been there at some point in the past and these are my conclusions.
Err codemadness.org 70 i 22301 They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.
Err codemadness.org 70 i 22302 This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.
Err codemadness.org 70 i 22303 Please bear with me.
Err codemadness.org 70 i 22304

Err codemadness.org 70 i 22305 Err codemadness.org 70 i 22306

A terminal is a terminal is a terminal
Practical differences
Security and system administration
Why philosophical differences matter
So what do I choose?
How to try OpenBSD Err codemadness.org 70 i 22313 ***

Err codemadness.org 70 i 22315 Err codemadness.org 70 i 22316

News Roundup

Err codemadness.org 70 i 22317 Err codemadness.org 70 i 22318

NetBSD 2019 Google Summer of Code

Err codemadness.org 70 i 22319 Err codemadness.org 70 i 22320

Err codemadness.org 70 i 22321
We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:
Err codemadness.org 70 i 22322

Err codemadness.org 70 i 22323 Err codemadness.org 70 i 22324

Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing
Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration
Siddharth Muralee - Enhancing Syzkaller support for NetBSD
Surya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel
Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD
Saurav Prakash - Porting NetBSD to HummingBoard Pulse
Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD

Err codemadness.org 70 i 22333 Err codemadness.org 70 i 22334

Err codemadness.org 70 i 22335
The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.
Err codemadness.org 70 i 22336 Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!
Err codemadness.org 70 i 22337

Err codemadness.org 70 i 22338 Err codemadness.org 70 i 22339

Err codemadness.org 70 i 22340 Err codemadness.org 70 i 22341

Reducing that contention

Err codemadness.org 70 i 22342 Err codemadness.org 70 i 22343

Err codemadness.org 70 i 22344
The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!
Err codemadness.org 70 i 22345

Err codemadness.org 70 i 22346 Err codemadness.org 70 i 22347

State of affairs

Err codemadness.org 70 i 22350 Err codemadness.org 70 i 22351

Err codemadness.org 70 i 22352
Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).
Err codemadness.org 70 i 22353 I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.
Err codemadness.org 70 i 22354

Err codemadness.org 70 i 22355 Err codemadness.org 70 i 22356

Next steps

Err codemadness.org 70 i 22359 Err codemadness.org 70 i 22360

Err codemadness.org 70 i 22361
In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical.
Err codemadness.org 70 i 22362

Err codemadness.org 70 i 22363 Err codemadness.org 70 i 22364

See the Article for the rest of the post

Err codemadness.org 70 i 22367 Err codemadness.org 70 i 22368

Err codemadness.org 70 i 22369 Err codemadness.org 70 i 22370

fnaify 1.3 released - more games are "fnaify & run" now

Err codemadness.org 70 i 22371 Err codemadness.org 70 i 22372

Err codemadness.org 70 i 22373
This release finally addresses some of the problems that prevent simple running of several games.
Err codemadness.org 70 i 22374 This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no.
Err codemadness.org 70 i 22375 Err codemadness.org 70 i 22376
Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.
Err codemadness.org 70 i 22377 This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam.
Err codemadness.org 70 i 22378

Err codemadness.org 70 i 22379 Err codemadness.org 70 i 22380

vmctl(8): command line syntax changed

Err codemadness.org 70 i 22381 Err codemadness.org 70 i 22382

Err codemadness.org 70 i 22383
The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax.
Err codemadness.org 70 i 22384 For example, the old syntax looked like this:
Err codemadness.org 70 i 22385

Err codemadness.org 70 i 22386 Err codemadness.org 70 i 22387

# vmctl create disk.qcow2 -s 50G

Err codemadness.org 70 i 22388 Err codemadness.org 70 i 22389

Err codemadness.org 70 i 22390
The new syntax specifies the command options before the argument:
Err codemadness.org 70 i 22391

Err codemadness.org 70 i 22392 Err codemadness.org 70 i 22393

# vmctl create -s 50G disk.qcow2

Err codemadness.org 70 i 22394 Err codemadness.org 70 i 22395

Err codemadness.org 70 i 22396 Err codemadness.org 70 i 22397

Something that Linux distributions should not do when packaging things

Err codemadness.org 70 i 22398 Err codemadness.org 70 i 22399

Err codemadness.org 70 i 22400
Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.
Err codemadness.org 70 i 22401 For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).
Err codemadness.org 70 i 22402 Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.
Err codemadness.org 70 i 22403 Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.
Err codemadness.org 70 i 22404 Err codemadness.org 70 i 22405
Err codemadness.org 70 i 22406

Err codemadness.org 70 i 22407 Err codemadness.org 70 i 22408

Beastie Bits

Err codemadness.org 70 i 22409 Err codemadness.org 70 i 22410

[talk] ZFS v UFS on APU2 msata SSD with FreeBSD
NetBSD 8.1 is out
lazyboi – the laziest possible way to send raw HTTP POST data
A Keyboard layout that changes by markov frequency
Open Source Game Clones
EuroBSDcon program & registration open Err codemadness.org 70 i 22417 ***

Err codemadness.org 70 i 22419 Err codemadness.org 70 i 22420

Feedback/Questions

Err codemadness.org 70 i 22421 Err codemadness.org 70 i 22422

John - A segment idea
Johnny - Audio only format please don't
Alex - Thanks and some Linux Snaps vs PBI feedback

Err codemadness.org 70 i 22427 Err codemadness.org 70 i 22428

Err codemadness.org 70 i 22429 Err codemadness.org 70 i 22430

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Err codemadness.org 70 i 22432 ***

Err codemadness.org 70 i 22434 Err codemadness.org 70 i 22435 Err codemadness.org 70 i 22436 Err codemadness.org 70 i 22437 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 22438 ]]> Err codemadness.org 70 i 22439

301: GPU Passthrough

Allan Jude — Wed, 05 Jun 2019 20:15:00 -0700

GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more. Err codemadness.org 70 i 22618

Headlines

Err codemadness.org 70 i 22619 Err codemadness.org 70 i 22620

GPU Passthrough Reported Working on Bhyve

Err codemadness.org 70 i 22621 Err codemadness.org 70 i 22622

Err codemadness.org 70 i 22623
Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve. Err codemadness.org 70 i 22624 For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards. Err codemadness.org 70 i 22625 However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11:
Err codemadness.org 70 i 22626

Err codemadness.org 70 i 22627 Err codemadness.org 70 i 22628

https://twitter.com/michael_yuji/status/1127136891365658625

Err codemadness.org 70 i 22631 Err codemadness.org 70 i 22632

Err codemadness.org 70 i 22633
All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start. Err codemadness.org 70 i 22634 As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers. Err codemadness.org 70 i 22635 The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process. Err codemadness.org 70 i 22636 It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings.
Err codemadness.org 70 i 22637 Err codemadness.org 70 i 22638
Err codemadness.org 70 i 22639

Err codemadness.org 70 i 22640 Err codemadness.org 70 i 22641

Confusion with used/free disk space in ZFS

Err codemadness.org 70 i 22642 Err codemadness.org 70 i 22643

Err codemadness.org 70 i 22644
I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS.
Err codemadness.org 70 i 22645 Err codemadness.org 70 i 22646
The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it!
Err codemadness.org 70 i 22647

Err codemadness.org 70 i 22648 Err codemadness.org 70 i 22649

Err codemadness.org 70 i 22650

News Roundup

Err codemadness.org 70 i 22651 Err codemadness.org 70 i 22652

OmniOS Community Edition

Err codemadness.org 70 i 22653 Err codemadness.org 70 i 22654

Err codemadness.org 70 i 22655
The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030. Err codemadness.org 70 i 22656 OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details. Err codemadness.org 70 i 22657 This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details. Err codemadness.org 70 i 22658 If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28. Err codemadness.org 70 i 22659 The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months.
Err codemadness.org 70 i 22660

Err codemadness.org 70 i 22661 Err codemadness.org 70 i 22662

Err codemadness.org 70 i 22663

pfSense 2.4.4 Release p3 is available

Err codemadness.org 70 i 22664 Err codemadness.org 70 i 22665

Err codemadness.org 70 i 22666
We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades! Err codemadness.org 70 i 22667 pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release. Err codemadness.org 70 i 22668 pfSense 2.4.4-RELEASE-p3 updates and installation images are available now! Err codemadness.org 70 i 22669 To see a complete list of changes and find more detail, see the Release Notes. Err codemadness.org 70 i 22670 We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.
Err codemadness.org 70 i 22671

Err codemadness.org 70 i 22672 Err codemadness.org 70 i 22673

Upgrade Notes

Err codemadness.org 70 i 22676 Err codemadness.org 70 i 22677

Err codemadness.org 70 i 22678
Due to the significant nature of the changes in 2.4.4 and later, Err codemadness.org 70 i 22679 warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2. Err codemadness.org 70 i 22680 Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade. Err codemadness.org 70 i 22681 Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade. Err codemadness.org 70 i 22682 The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.
Err codemadness.org 70 i 22683

Err codemadness.org 70 i 22684 Err codemadness.org 70 i 22685

Err codemadness.org 70 i 22686

NetBSD 8.1 RC1 is out

Err codemadness.org 70 i 22687 Err codemadness.org 70 i 22688

Err codemadness.org 70 i 22689
The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
Err codemadness.org 70 i 22690 Err codemadness.org 70 i 22691
Some highlights of the 8.1 release are:
Err codemadness.org 70 i 22692

Err codemadness.org 70 i 22693 Err codemadness.org 70 i 22694

x86: Mitigation for INTEL-SA-00233 (MDS)
Various local user kernel data leaks fixed.
x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading
Various network driver fixes and improvements.
Fixes for thread local storage (TLS) in position independent executables (PIE).
Fixes to reproducible builds.
Fixed a performance regression in tmpfs.
DRM/KMS improvements.
bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added.
Various sh(1) fixes.
mfii(4) SAS driver added.
hcpcd(8) updated to 7.2.2
httpd(8) updated.

Err codemadness.org 70 i 22721 Err codemadness.org 70 i 22722

Err codemadness.org 70 i 22723

FreeNAS as your Server OS

Err codemadness.org 70 i 22724 Err codemadness.org 70 i 22725

Err codemadness.org 70 i 22726
What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS? Err codemadness.org 70 i 22727 FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores. Err codemadness.org 70 i 22728 FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service. Err codemadness.org 70 i 22729 Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring.
Err codemadness.org 70 i 22730

Err codemadness.org 70 i 22731 Err codemadness.org 70 i 22732

Err codemadness.org 70 i 22733

Beastie Bits

Err codemadness.org 70 i 22734 Err codemadness.org 70 i 22735

Keep Crashing Daemons Running on FreeBSD
Look what I found today... my first set of BSD CDs...
NetBSD - Intel MDS
FreeBSD 11.3-BETA2 -- Please test!

Err codemadness.org 70 i 22744 Err codemadness.org 70 i 22745

Err codemadness.org 70 i 22746

Feedback/Questions

Err codemadness.org 70 i 22747 Err codemadness.org 70 i 22748

Anthony - Question
Guntbert - Podcast
Guillaume - Another suggestion for Ales from Serbia

Err codemadness.org 70 i 22755 Err codemadness.org 70 i 22756

Err codemadness.org 70 i 22757

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 22760 Err codemadness.org 70 i 22761

Err codemadness.org 70 i 22762 Err codemadness.org 70 i 22763 Err codemadness.org 70 i 22764 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 22765 Err codemadness.org 70 i 22766

300: The Big Three

Allan Jude — Thu, 30 May 2019 09:00:00 -0700

FreeBSD 11.3-beta 1 is out, BSDCan 2019 recap, OpenIndiana 2019.04 is out, Overview of ZFS Pools in FreeNAS, why open source firmware is important for security, a new Opnsense release, wireguard on OpenBSD, and more. Err codemadness.org 70 i 23107

Headlines

Err codemadness.org 70 i 23108 Err codemadness.org 70 i 23109

FreeBSD 11.3-b1 is out

Err codemadness.org 70 i 23110 Err codemadness.org 70 i 23111

BSDCan 2019 Recap

Err codemadness.org 70 i 23112 Err codemadness.org 70 i 23113

We’re back from BSDCan and it was a packed week as always.
It started with bhyvecon on Tuesday. Meanwhile, Benedict spent the whole day in productive meetings: annual FreeBSD Foundation board meeting and FreeBSD Journal editorial board meeting.
On Wednesday, tutorials for BSDCan started as well as the FreeBSD Developer Summit. In the mornings, there were presentations in the big auditorium, while working groups about networking, failsafe bootcode, development web services, swap space management, and testing/CI were held. Friday had a similar format with an update from the FreeBSD core team and the “have, need, want” session for FreeBSD 13. In the afternoon, there were working groups about translation tools, package base, GSoC/Outreachy, or general hacking. Benedict held his Icinga tutorial in the afternoon with about 15 people attending. Err codemadness.org 70 i 23119 Devsummit presentation slides can be found on the wiki page and video recordings done by ScaleEngine are available on FreeBSD’s youtube channel.
The conference program was a good mixture of sysadmin and tech talks across the major BSDs. Benedict saw the following talks: How ZFS snapshots really work by Matt Ahrens, 20 years in Jail by Michael W. Lucas, OpenZFS BOF session, the future of OpenZFS and FreeBSD, MQTT for system administrators by Jan-Piet Mens, and spent the rest of the time in between in the hallway track.
Photos from the event are available on Ollivier Robert’s talegraph Err codemadness.org 70 i 23124 and Diane Bruce’s website for day 1, day 2, conference day 1, and conference day 2.
Thanks to all the sponsors, supporters, organizers, speakers, and attendees for making this yet another great BSDCan. Next year’s BSDCan will be from June 2 - 6, 2020.

Err codemadness.org 70 i 23128 Err codemadness.org 70 i 23129

Err codemadness.org 70 i 23130

OpenIndiana 2019.04 is out

Err codemadness.org 70 i 23131 Err codemadness.org 70 i 23132

Err codemadness.org 70 i 23133
We have released a new OpenIndiana Hipster snapshot 2019.04. The noticeable changes:
Err codemadness.org 70 i 23134

Err codemadness.org 70 i 23135 Err codemadness.org 70 i 23136

Firefox was updated to 60.6.3 ESR
Virtualbox packages were added (including guest additions)
Mate was updated to 1.22
IPS has received updates from OmniOS CE and Oracle IPS repos, including automatic boot environment naming
Some OI-specific applications have been ported from Python 2.7/GTK 2 to Python 3.5/GTK 3
Quick Demo Video: https://www.youtube.com/watch?v=tQ0-fo3XNrg

Err codemadness.org 70 i 23149 Err codemadness.org 70 i 23150

Err codemadness.org 70 i 23151

News Roundup

Err codemadness.org 70 i 23152 Err codemadness.org 70 i 23153

Overview of ZFS Pools in FreeNAS

Err codemadness.org 70 i 23154 Err codemadness.org 70 i 23155

Err codemadness.org 70 i 23156
FreeNAS uses the OpenZFS (ZFS) file system, which handles both disk and volume management. ZFS offers RAID options mirror, stripe, and its own parity distribution called RAIDZ that functions like RAID5 on hardware RAID. The file system is extremely flexible and secure, with various drive combinations, checksums, snapshots, and replication all possible. For a deeper dive on ZFS technology, read the ZFS Primer section of the FreeNAS documentation.
Err codemadness.org 70 i 23157 Err codemadness.org 70 i 23158
SUGGEST LAYOUT attempts to balance usable capacity and redundancy by automatically choosing an ideal vdev layout for the number of available disks.
Err codemadness.org 70 i 23159

Err codemadness.org 70 i 23160 Err codemadness.org 70 i 23161

The following vdev layout options are available when creating a pool: Err codemadness.org 70 i 23163 Err codemadness.org 70 i 23164 Err codemadness.org 70 i 23165
- Stripe data is shared on two drives, similar to RAID0)
- Mirror copies data on two drives, similar to RAID1 but not limited to 2 disks)
- RAIDZ1 single parity similar to RAID5
- RAIDZ2 double parity similar to RAID6
- RAIDZ3 which uses triple parity and has no RAID equivalent
Err codemadness.org 70 i 23175

Err codemadness.org 70 i 23177 Err codemadness.org 70 i 23178

Err codemadness.org 70 i 23179

Why OpenSource Firmware is Important for Security

Err codemadness.org 70 i 23180 Err codemadness.org 70 i 23181

Roots of Trust

Err codemadness.org 70 i 23184 Err codemadness.org 70 i 23185

Err codemadness.org 70 i 23186
The goal of the root of trust should be to verify that the software installed in every component of the hardware is the software that was intended. This way you can know without a doubt and verify if hardware has been hacked. Since we have very little to no visibility into the code running in a lot of places in our hardware it is hard to do this. How do we really know that the firmware in a component is not vulnerable or that is doesn’t have any backdoors? Well we can’t. Not unless it was all open source. Err codemadness.org 70 i 23187 Every cloud and vendor seems to have their own way of doing a root of trust. Microsoft has Cerberus, Google has Titan, and Amazon has Nitro. These seem to assume an explicit amount of trust in the proprietary code (the code we cannot see). This leaves me with not a great feeling. Wouldn’t it be better to be able to use all open source code? Then we could verify without a doubt that the code you can read and build yourself is the same code running on hardware for all the various places we have firmware. We could then verify that a machine was in a correct state without a doubt of it being vulnerable or with a backdoor. Err codemadness.org 70 i 23188 It makes me wonder what the smaller cloud providers like DigitalOcean or Packet have for a root of trust. Often times we only hear of these projects from the big three or five.
Err codemadness.org 70 i 23189

Err codemadness.org 70 i 23190 Err codemadness.org 70 i 23191

Err codemadness.org 70 i 23192

OPNsense

Err codemadness.org 70 i 23193 Err codemadness.org 70 i 23194

Err codemadness.org 70 i 23195
This update addresses several privilege escalation issues in the access control implementation and new memory disclosure issues in Intel CPUs. We would like to thank Arnaud Cordier and Bill Marquette for the top-notch reports and coordination.
Err codemadness.org 70 i 23196

Err codemadness.org 70 i 23197 Err codemadness.org 70 i 23198

Here are the full patch notes:
system: address CVE-2019-11816 privilege escalation bugs[1] (reported by Arnaud Cordier)
system: /etc/hosts generation without interfacehasgateway()
system: show correct timestamp in config restore save message (contributed by nhirokinet)
system: list the commands for the pluginctl utility when n+ argument is given
system: introduce and use userIsAdmin() helper function instead of checking for 'page-all' privilege directly
system: use absolute path in widget ACLs (reported by Netgate)
system: RRD-related cleanups for less code exposure
interfaces: add EN DUID Generation using OPNsense PEN (contributed by Team Rebellion)
interfaces: replace legacygetallinterface_addresses() usage
firewall: fix port validation in aliases with leading / trailing spaces
firewall: fix outbound NAT translation display in overview page
firewall: prevent CARP outgoing packets from using the configured gateway
firewall: use CARP net.inet.carp.demotion to control current demotion in status page
firewall: stop live log poller on error result
dhcpd: change rule priority to 1 to avoid bogon clash
dnsmasq: only admins may edit custom options field
firmware: use insecure mode for base and kernel sets when package fingerprints are disabled
firmware: add optional device support for base and kernel sets
firmware: add Hostcentral mirror (HTTP, Melbourne, Australia)
ipsec: always reset rightallowany to default when writing configuration
lang: say "hola" to Spanish as the newest available GUI language
lang: updates for Chinese, Czech, Japanese, German, French, Russian and Portuguese
network time: only admins may edit custom options field
openvpn: call openvpnrefreshcrls() indirectly via plugin_configure() for less code exposure
openvpn: only admins may edit custom options field to prevent privilege escalation (reported by Bill Marquette)
openvpn: remove custom options field from wizard
unbound: only admins may edit custom options field
wizard: translate typehint as well
plugins: os-freeradius 1.9.3 fixes string interpolation in LDAP filters (contributed by theq86)
plugins: os-nginx 1.12[2]
plugins: os-theme-cicada 1.17 (contributed by Team Rebellion)
plugins: os-theme-tukan 1.17 (contributed by Team Rebellion)
src: timezone database information update[3]
src: install(1) broken with partially matching relative paths[4]
src: microarchitectural Data Sampling (MDS) mitigation[5]
ports: carootnss 3.44
ports: php 7.2.18[6]
ports: sqlite 3.28.0[7]
ports: strongswan custom XAuth generic patch removed

Err codemadness.org 70 i 23279 Err codemadness.org 70 i 23280

Err codemadness.org 70 i 23281

wiregaurd on OpenBSD

Err codemadness.org 70 i 23282 Err codemadness.org 70 i 23283

Err codemadness.org 70 i 23284
Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current. Err codemadness.org 70 i 23285 Jason A. Donenfeld (WireGuard author) has worked to support OpenBSD in WireGuard and as such his post on ports@ last year got me interested in WireGuard, since then others have toyed with WireGuard on OpenBSD before and as such I've used Ted's article as a reference. Note however that some of the options mentioned there are no longer valid. Also, I'll be using two OpenBSD peers here. Err codemadness.org 70 i 23286 The setup will be as follows: two OpenBSD peers, of which we'll dub wg1 the server and wg2 the client. The WireGuard service on wg1 is listening on 100.64.4.3:51820.
Err codemadness.org 70 i 23287

Err codemadness.org 70 i 23288 Err codemadness.org 70 i 23289

Conclusion

Err codemadness.org 70 i 23292 Err codemadness.org 70 i 23293

Err codemadness.org 70 i 23294
WireGuard (cl)aims to be easier to setup and faster than OpenVPN and while I haven't been able to verify the latter, the first is certainly true...once you've figured it out. Most documentation out there is for Linux so I had to figure out the wireguardgo service and the tun parameters. But all in all, sure, it's easier. Especially the client configuration on iOS which I didn't cover here because it's essentially pkgadd libqrencode ; cat client.conf | qrencode -t ansiutf8, scan the code with the WireGuard app and you're good to go. What is particularly neat is that WireGuard on iOS supports Always-on.
Err codemadness.org 70 i 23295

Err codemadness.org 70 i 23296 Err codemadness.org 70 i 23297

Err codemadness.org 70 i 23298

Beastie Bits

Err codemadness.org 70 i 23299 Err codemadness.org 70 i 23300

Serenity OS
vkernels vs pmap
Brian Kernighan interviews Ken Thompson
Improvements in forking, threading, and signal code
DragonFly 5.4.3
NetBSD on the Odroid C2

Err codemadness.org 70 i 23313 Err codemadness.org 70 i 23314

Err codemadness.org 70 i 23315

Feedback/Questions

Err codemadness.org 70 i 23316 Err codemadness.org 70 i 23317

Paulo - Laptops
A Listener - Thanks
Bostjan - Extend a pool and lower RAM footprint

Err codemadness.org 70 i 23324 Err codemadness.org 70 i 23325

Err codemadness.org 70 i 23326

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 23329 Err codemadness.org 70 i 23330

Err codemadness.org 70 i 23331 Err codemadness.org 70 i 23332 Err codemadness.org 70 i 23333 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 23334 Err codemadness.org 70 i 23335

299: The NAS Fleet

Allan Jude — Wed, 22 May 2019 11:00:00 -0700

Running AIX on QEMU on Linux on Windows, your NAS fleet with TrueCommand, Unleashed 1.3 is available, LLDB: CPU register inspection support extension, V7 Unix programs often not written as expected, and more. Err codemadness.org 70 i 23838

Headlines

Err codemadness.org 70 i 23839 Err codemadness.org 70 i 23840

Running AiX on QEMU on Linux on Windows

Err codemadness.org 70 i 23841 Err codemadness.org 70 i 23842

Err codemadness.org 70 i 23843
YES it’s real! Err codemadness.org 70 i 23844 I’m using the Linux subsystem on Windows, as it’s easier to build this Qemu tree from source. I’m using Debian, but these steps will work on other systems that use Debian as a base. Err codemadness.org 70 i 23845 first thing first, you need to get your system with the needed pre-requisites to compile Err codemadness.org 70 i 23846 Great with those in place, now clone Artyom Tarasenko’s source repository Err codemadness.org 70 i 23847 Since the frame buffer apparently isn’t quite working just yet, I configure for something more like a text mode build. Err codemadness.org 70 i 23848 Now for me, GCC 7 didn’t build the source cleanly. I had to make a change to the file config-host.mak and remove all references to -Werror. Also I removed the sound hooks, as we won’t need them. Err codemadness.org 70 i 23849 Now you can build Qemu. Err codemadness.org 70 i 23850 Okay, all being well you now have a Qemu. Now following the steps from Artyom Tarasenko’s blog post, we can get started on the install!
Err codemadness.org 70 i 23851

Err codemadness.org 70 i 23852 Err codemadness.org 70 i 23853

See article for rest of walkthrough.

Err codemadness.org 70 i 23856 Err codemadness.org 70 i 23857

Err codemadness.org 70 i 23858

Take Command of Your NAS Fleet with TrueCommand

Err codemadness.org 70 i 23859 Err codemadness.org 70 i 23860

Err codemadness.org 70 i 23861
Hundreds of thousands of FreeNAS and TrueNAS systems are deployed around the world, with many sites having dozens of systems. Managing multiple systems individually can be time-consuming. iXsystems has responded to the challenge by creating a “single pane of glass” application to simplify the scaling of data, drive management, and administration of iXsystems NAS platforms. We are proud to introduce TrueCommand. Err codemadness.org 70 i 23862 TrueCommand is a ZFS-aware management application that manages TrueNAS and FreeNAS systems. Err codemadness.org 70 i 23863 The public Beta of TrueCommand is available for download now. TrueCommand can be used with small iXsystems NAS fleets for free. Licenses can be purchased for large-scale deployments and enterprise support. Err codemadness.org 70 i 23864 TrueCommand expands on the ease of use and power of TrueNAS and FreeNAS systems with multi-system management and reporting.
Err codemadness.org 70 i 23865

Err codemadness.org 70 i 23866 Err codemadness.org 70 i 23867

Err codemadness.org 70 i 23868

News Roundup

Err codemadness.org 70 i 23869 Err codemadness.org 70 i 23870

Unleashed 1.3 Released

Err codemadness.org 70 i 23871 Err codemadness.org 70 i 23872

Err codemadness.org 70 i 23873
This is the fourth release of Unleashed - an operating system fork of illumos. For more information about Unleashed itself and the download links, see our website. Err codemadness.org 70 i 23874 As one might expect, this release removes a few things. Err codemadness.org 70 i 23875 The most notable being the removal of ksh93 along with all its libs. Err codemadness.org 70 i 23876 As far as libc interfaces are concerned, a number of non-standard functions were removed. In general, they have been replaced by the standards-compliant versions. (getgrentr, fgetgrentr, getgrgidr, getgrnamr, ttynamer, getloginr, shmdt, sigwait, gethostname, putmsg, putpmsg, and getaddrinfo) Err codemadness.org 70 i 23877 Additionally, wordexp and wordfree have been removed from libc. Even though they are technically required by POSIX, software doesn't seem to use them. Because of the fragile implementation (shelling out), we took the OpenBSD approach and just removed them. Err codemadness.org 70 i 23878 The default compilation environment now includes XOPENSOURCE=700 and EXTENSIONS. Additionally, all applications now use 64-bit file offsets, making use of LARGEFILESOURCE, LARGEFILE64SOURCE, and FILEOFFSET_BITS unnecessary. Err codemadness.org 70 i 23879 Last but not least, nightly.sh is no more. In short, to build one simply runs 'make'. (See README for detailed build instructions.)
Err codemadness.org 70 i 23880

Err codemadness.org 70 i 23881 Err codemadness.org 70 i 23882

Why Unleashed

Err codemadness.org 70 i 23885 Err codemadness.org 70 i 23886

Err codemadness.org 70 i 23887
Why did we decide to fork illumos? After all, there are already many illumos distributions available to choose from. We felt we could do better than any of them by taking a more aggressive stance toward compatibility and reducing cruft from code and community interactions alike.
Err codemadness.org 70 i 23888

Err codemadness.org 70 i 23889 Err codemadness.org 70 i 23890

Err codemadness.org 70 i 23891

LLDB: extending CPU register inspection support

Err codemadness.org 70 i 23892 Err codemadness.org 70 i 23893

Err codemadness.org 70 i 23894
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages. Err codemadness.org 70 i 23895 In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and updating NetBSD distribution to LLVM 8 (which is still stalled by unresolved regressions in inline assembly syntax). You can read more about that in my Mar 2019 report. Err codemadness.org 70 i 23896 In April, my main focus was on fixing and enhancing the support for reading and writing CPU registers. In this report, I'd like to shortly summarize what I have done, what I have learned in the process and what I still need to do.
Err codemadness.org 70 i 23897

Err codemadness.org 70 i 23898 Err codemadness.org 70 i 23899

Future plans

Err codemadness.org 70 i 23902 Err codemadness.org 70 i 23903

Err codemadness.org 70 i 23904
My work continues with the two milestones from last month, plus a third that's closely related: Err codemadness.org 70 i 23905 Add support for FPU registers support for NetBSD/i386 and NetBSD/amd64. Err codemadness.org 70 i 23906 Support XSAVE, XSAVEOPT, ... registers in core(5) files on NetBSD/amd64. Err codemadness.org 70 i 23907 Add support for Debug Registers support for NetBSD/i386 and NetBSD/amd64. Err codemadness.org 70 i 23908 The most important point right now is deciding on the format for passing the remaining registers, and implementing the missing ptrace interface kernel-side. The support for core files should follow using the same format then. Err codemadness.org 70 i 23909 Userland-side, I will work on adding matching ATF tests for ptrace features and implement LLDB side of support for the new ptrace interface and core file notes. Afterwards, I will start working on improving support for the same things on 32-bit (i386) executables.
Err codemadness.org 70 i 23910

Err codemadness.org 70 i 23911 Err codemadness.org 70 i 23912

Err codemadness.org 70 i 23913

V7 Unix programs are often not written the way you would expect

Err codemadness.org 70 i 23914 Err codemadness.org 70 i 23915

Err codemadness.org 70 i 23916
Yesterday I wrote that V7 ed read its terminal input in cooked mode a line at a time, which was an efficient, low-CPU design that was important on V7's small and low-power hardware. Then in comments, frankg pointed out that I was wrong about part of that, namely about how ed read its input.
Err codemadness.org 70 i 23917

Err codemadness.org 70 i 23918 Err codemadness.org 70 i 23919

Sidebar: An interesting undocumented ed feature

Err codemadness.org 70 i 23922 Err codemadness.org 70 i 23923

Err codemadness.org 70 i 23924
Reading this section of the source code for ed taught me that it has an interesting, undocumented, and entirely characteristic little behavior. Officially, ed commands that have you enter new text have that new text terminate by a . on a line by itself:
Err codemadness.org 70 i 23925 Err codemadness.org 70 i 23926
In other words, it turns a single line with '.' into an EOF. The consequence of this is that if you type a real EOF at the start of a line, you get the same result, thus saving you one character (you use Control-D instead of '.' plus newline). This is very V7 Unix behavior, including the lack of documentation.
Err codemadness.org 70 i 23927 Err codemadness.org 70 i 23928
This is also a natural behavior in one sense. A proper program has to react to EOF here in some way, and it might as well do so by ending the input mode. It's also natural to go on to try reading from the terminal again for subsequent commands; if this was a real and persistent EOF, for example because the pty closed, you'll just get EOF again and eventually quit. V7 ed is slightly unusual here in that it deliberately converts '.' by itself to EOF, instead of signaling this in a different way, but in a way that's also the simplest approach; if you have to have some signal for each case and you're going to treat them the same, you might as well have the same signal for both cases.
Err codemadness.org 70 i 23929 Err codemadness.org 70 i 23930
Modern versions of ed appear to faithfully reimplement this convenient behavior, although they don't appear to document it. I haven't checked OpenBSD, but both FreeBSD ed and GNU ed work like this in a quick test. I haven't checked their source code to see if they implement it the same way.
Err codemadness.org 70 i 23931 Err codemadness.org 70 i 23932
Err codemadness.org 70 i 23933

Err codemadness.org 70 i 23934 Err codemadness.org 70 i 23935

Beastie Bits

Err codemadness.org 70 i 23936 Err codemadness.org 70 i 23937

CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD
CFT: FreeBSD Package Base
Initial FUSE support in DragonFly
Two significant bugfixes for 5.4
Libretto 100ct: 166mhz Pentium, 16gb compactflash, 32mb ram running OpenBSD

Err codemadness.org 70 i 23948 Err codemadness.org 70 i 23949

Err codemadness.org 70 i 23950

Feedback/Questions

Err codemadness.org 70 i 23951 Err codemadness.org 70 i 23952

DJ - Feedback
Fabian - ZFS ARC
Caleb - Question
A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.

Err codemadness.org 70 i 23961 Err codemadness.org 70 i 23962

Err codemadness.org 70 i 23963

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 23966 Err codemadness.org 70 i 23967

Err codemadness.org 70 i 23968 Err codemadness.org 70 i 23969 Err codemadness.org 70 i 23970 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 23971 Err codemadness.org 70 i 23972

298: BSD On The Road

Allan Jude — Wed, 15 May 2019 20:00:00 -0700

36 year old UFS bug fixed, a BSD for the road, automatic upgrades with OpenBSD, DTrace ext2fs support in FreeBSD, Dedicated SSH tunnel user, upgrading VMM VMs to OpenBSD 6.5, and more. Err codemadness.org 70 i 24283

Headlines

Err codemadness.org 70 i 24284 Err codemadness.org 70 i 24285

36+ year old bug in FFS/UFS discovered and patched

Err codemadness.org 70 i 24286 Err codemadness.org 70 i 24287

Err codemadness.org 70 i 24288
This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk.
Err codemadness.org 70 i 24289 Err codemadness.org 70 i 24290
Err codemadness.org 70 i 24291
When the directory entry is written to disk, it is written as a full 32bit entry, and the unused bytes were not initialized, so could possibly contain sensitive data from the kernel stack Err codemadness.org 70 i 24292 It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundary. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created. Err codemadness.org 70 i 24293 This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed. Err codemadness.org 70 i 24294 It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now. Err codemadness.org 70 i 24295 This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running. Err codemadness.org 70 i 24296 Submitted by: David G. Lawrence dg@dglawrence.com
Err codemadness.org 70 i 24297 Err codemadness.org 70 i 24298
So a patched kernel will no longer leak this data, and running the fsck_ffs -z command will erase any leaked data that may exist on your system
Err codemadness.org 70 i 24299 Err codemadness.org 70 i 24300
OpenBSD commit with additional detail on mitigations Err codemadness.org 70 i 24301 The impact on OpenBSD is very limited: Err codemadness.org 70 i 24302 1 - such stack bytes can be found in raw-device reads, from group operator. If you can read the raw disks you can undertake other more powerful actions. Err codemadness.org 70 i 24303 2 - read(2) upon directory fd was disabled July 1997 because I didn't like how grep * would display garbage and mess up the tty, and applying vis(3) for just directory reads seemed silly. read(2) was changed to return 0 (EOF). Sep 2016 this was further changed to EISDIR, so you still cannot see the bad bytes. Err codemadness.org 70 i 24304 3 - In 2013 when guenther adapted the getdents(2) directory-reading system call to 64-bit ino_t, the userland data format changed to 8-byte-alignment, making it incompatible with the 4-byte-alignment UFS on-disk format. As a result of code refactoring the bad bytes were not copied to userland. Bad bytes will remain in old directories on old filesystems, but nothing makes those bytes user visible. Err codemadness.org 70 i 24305 There will be no errata or syspatch issued. I urge other systems which do expose the information to userland to issue errata quickly, since this is a 254 byte infoleak of the stack which is great for ROP-chain building to attack some other bug. Especially if the kernel has no layout/link-order randomization ...
Err codemadness.org 70 i 24306
Err codemadness.org 70 i 24307 Err codemadness.org 70 i 24308
Err codemadness.org 70 i 24309

Err codemadness.org 70 i 24310 Err codemadness.org 70 i 24311

NomadBSD, a BSD for the Road

Err codemadness.org 70 i 24312 Err codemadness.org 70 i 24313

Err codemadness.org 70 i 24314
As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD. Err codemadness.org 70 i 24315 NomadBSD is different than most available BSDs. NomadBSD is a live system based on FreeBSD. It comes with automatic hardware detection and an initial config tool. NomadBSD is designed to “be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSD’s hardware compatibility.” Err codemadness.org 70 i 24316 This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD. Err codemadness.org 70 i 24317 Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.
Err codemadness.org 70 i 24318

Err codemadness.org 70 i 24319 Err codemadness.org 70 i 24320

Version 1.2 Released

Err codemadness.org 70 i 24323 Err codemadness.org 70 i 24324

Err codemadness.org 70 i 24325
NomadBSD recently released version 1.2 on April 21, 2019. This means that NomadBSD is now based on FreeBSD 12.0-p3. TRIM is now enabled by default. One of the biggest changes is that the initial command-line setup was replaced with a Qt graphical interface. They also added a Qt5 tool to install NomadBSD to your hard drive. A number of fixes were included to improve graphics support. They also added support for creating 32-bit images.
Err codemadness.org 70 i 24326

Err codemadness.org 70 i 24327 Err codemadness.org 70 i 24328

Thoughts on NomadBSD

Err codemadness.org 70 i 24331 Err codemadness.org 70 i 24332

Err codemadness.org 70 i 24333
I first discovered NomadBSD back in January when they released 1.2-RC1. At the time, I had been unable to install Project Trident on my laptop and was very frustrated with BSDs. I downloaded NomadBSD and tried it out. I initially ran into issues reaching the desktop, but RC2 fixed that issue. However, I was unable to get on the internet, even though I had an Ethernet cable plugged in. Luckily, I found the wifi manager in the menu and was able to connect to my wifi. Err codemadness.org 70 i 24334 Overall, my experience with NomadBSD was pleasant. Once I figured out a few things, I was good to go. I hope that NomadBSD is the first of a new generation of BSDs that focus on mobility and ease of use. BSD has conquered the server world, it’s about time they figured out how to be more user-friendly.
Err codemadness.org 70 i 24335 Err codemadness.org 70 i 24336
Err codemadness.org 70 i 24337

Err codemadness.org 70 i 24338 Err codemadness.org 70 i 24339

News Roundup

Err codemadness.org 70 i 24340 Err codemadness.org 70 i 24341

[OpenBSD automatic

Err codemadness.org 70 i 24342 Err codemadness.org 70 i 24343

upgrade](https://www.tumfatig.net/20190426/openbsd-automatic-upgrade/)

Err codemadness.org 70 i 24344 Err codemadness.org 70 i 24345

Err codemadness.org 70 i 24346
OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8, it is now really easy to do automatic upgrades of your OpenBSD instances. Err codemadness.org 70 i 24347 I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.
Err codemadness.org 70 i 24348

Err codemadness.org 70 i 24349 Err codemadness.org 70 i 24350

Extra notes

Err codemadness.org 70 i 24353 Err codemadness.org 70 i 24354

Err codemadness.org 70 i 24355
There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually. Err codemadness.org 70 i 24356 This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection. Err codemadness.org 70 i 24357 I just read that florian@ has released the sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.
Err codemadness.org 70 i 24358

Err codemadness.org 70 i 24359 Err codemadness.org 70 i 24360

Err codemadness.org 70 i 24361

FreeBSD Dtrace ext2fs Support

Err codemadness.org 70 i 24362 Err codemadness.org 70 i 24363

Which logs were replaced by dtrace-probes:
Err codemadness.org 70 i 24365 Err codemadness.org 70 i 24366
- Misc printf's under DEBUG macro in the blocks allocation path.
- Different on-disk structures validation errors, now the filesystem will silently return EIO's.
- Misc checksum errors, same as above.
The only debug macro, which was leaved is EXT2FSPRINTEXTENTS.
It is impossible to replace it by dtrace-probes, because the additional logic is required to walk thru file extents.
The user still be able to see mount errors in the dmesg in case of:
Err codemadness.org 70 i 24378 Err codemadness.org 70 i 24379
- Filesystem features incompatibility.
- Superblock checksum error.
Err codemadness.org 70 i 24383 Err codemadness.org 70 i 24384

Err codemadness.org 70 i 24386 Err codemadness.org 70 i 24387

Err codemadness.org 70 i 24388 Err codemadness.org 70 i 24389

Create a dedicated user for ssh tunneling only

Err codemadness.org 70 i 24390 Err codemadness.org 70 i 24391

Err codemadness.org 70 i 24392
I use ssh tunneling A LOT, for everything. Yesterday, I removed the public access of my IMAP server, it’s now only available through ssh tunneling to access the daemon listening on localhost. I have plenty of daemons listening only on localhost that I can only reach through a ssh tunnel. If you don’t want to bother with ssh and redirect ports you need, you can also make a VPN (using ssh, openvpn, iked, tinc…) between your system and your server. I tend to avoid setting up VPN for the current use case as it requires more work and more maintenance than running ssh server and a ssh client. Err codemadness.org 70 i 24393 The last change, for my IMAP server, added an issue. I want my phone to access the IMAP server but I don’t want to connect to my main account from my phone for security reasons. So, I need a dedicated user that will only be allowed to forward ports. Err codemadness.org 70 i 24394 This is done very easily on OpenBSD. Err codemadness.org 70 i 24395 The steps are: 1. generate ssh keys for the new user 2. add an user with no password 3. allow public key for port forwarding Err codemadness.org 70 i 24396 Obviously, you must allow users (or only this one) to make port forwarding in your sshd_config.
Err codemadness.org 70 i 24397 Err codemadness.org 70 i 24398
Err codemadness.org 70 i 24399

Err codemadness.org 70 i 24400 Err codemadness.org 70 i 24401

That was easy. Some info on upgrading VMM VMs to 6.5

Err codemadness.org 70 i 24402 Err codemadness.org 70 i 24403

Err codemadness.org 70 i 24404
We're running dedicated vmm(4)/vmd(8) servers to host opinionated VMs. Err codemadness.org 70 i 24405 OpenBSD 6.5 is released! There are two ways you can upgrade your VM. Err codemadness.org 70 i 24406 Either do a manual upgrade or leverage autoinstall(8). You can take care of it via the console with vmctl(8).
Err codemadness.org 70 i 24407

Err codemadness.org 70 i 24408 Err codemadness.org 70 i 24409

Upgrade yourself

Err codemadness.org 70 i 24412 Err codemadness.org 70 i 24413

Err codemadness.org 70 i 24414
To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host. Err codemadness.org 70 i 24415 When this is done you can use vmctl(8) to manage your VM. The options you have are:
Err codemadness.org 70 i 24416

Err codemadness.org 70 i 24417 Err codemadness.org 70 i 24418

```$ vmctl start id [-c]```	Err	codemadness.org	70
i 24419

Err codemadness.org 70 i 24420 Err codemadness.org 70 i 24421

$ vmctl stop id [-fw]```

Err codemadness.org 70 i 24422 Err codemadness.org 70 i 24423

```-w Wait until the VM has been terminated.```	Err	codemadness.org	70
i 24424

Err codemadness.org 70 i 24425 Err codemadness.org 70 i 24426

-c Automatically connect to the VM console.```

Err codemadness.org 70 i 24427 Err codemadness.org 70 i 24428

See the Article for the rest of the guide

Err codemadness.org 70 i 24431 Err codemadness.org 70 i 24432

Err codemadness.org 70 i 24433

Beastie Bits

Err codemadness.org 70 i 24434 Err codemadness.org 70 i 24435

powerpc64 architecture support in FreeBSD ports
GhostBSD 19.04 overview
HardenedBSD will have two user selectable ASLR implementations
NYCBUG 2016 Talk Shell-Fu Uploaded
What is ZIL anyway?

Err codemadness.org 70 i 24446 Err codemadness.org 70 i 24447

Err codemadness.org 70 i 24448

Feedback/Questions

Err codemadness.org 70 i 24449 Err codemadness.org 70 i 24450

Quentin - Organize an Ada/BSD interview
DJ - Update
Patrick - Bhyve frontends
A small programming note: After BSDNow episode 300, the podcast will switch to audio-only, using a new higher quality recording and production system. The live stream will likely still include video.

Err codemadness.org 70 i 24459 Err codemadness.org 70 i 24460

Err codemadness.org 70 i 24461

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 24464 Err codemadness.org 70 i 24465

Err codemadness.org 70 i 24466 Err codemadness.org 70 i 24467 Err codemadness.org 70 i 24468 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 24469 Err codemadness.org 70 i 24470

297: Dragonfly In The Wild

Allan Jude — Wed, 08 May 2019 21:00:00 -0700

FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more. Err codemadness.org 70 i 24883

Headlines

Err codemadness.org 70 i 24884 Err codemadness.org 70 i 24885

FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference

Err codemadness.org 70 i 24886 Err codemadness.org 70 i 24887

Err codemadness.org 70 i 24888
With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS. Err codemadness.org 70 i 24889 Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices. Err codemadness.org 70 i 24890 FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out. Err codemadness.org 70 i 24891 Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape.
Err codemadness.org 70 i 24892

Err codemadness.org 70 i 24893 Err codemadness.org 70 i 24894

Err codemadness.org 70 i 24895

DragonFlyBSD 5.4.2 is out

Err codemadness.org 70 i 24896 Err codemadness.org 70 i 24897

Upgrading guide

Err codemadness.org 70 i 24898 Err codemadness.org 70 i 24899

Err codemadness.org 70 i 24900
Here's the tag commit, for what has changed from 5.4.1 to 5.4.2 Err codemadness.org 70 i 24901 The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely. I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon. This version includes Matt's fix for the HAMMER2 corruption bug he identified recently. Err codemadness.org 70 i 24902 If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work.
Err codemadness.org 70 i 24903

Err codemadness.org 70 i 24904 Err codemadness.org 70 i 24905

> cd /usr/src	Err	codemadness.org	70
i 24906 > git pull	Err	codemadness.org	70
i 24907 > make buildworld.	Err	codemadness.org	70
i 24908 > make buildkernel.	Err	codemadness.org	70
i 24909 > make installkernel.	Err	codemadness.org	70
i 24910 > make installworld	Err	codemadness.org	70
i 24911 > make upgrade	Err	codemadness.org	70
i 24912

Err codemadness.org 70 i 24913 Err codemadness.org 70 i 24914

Err codemadness.org 70 i 24915
After your next reboot, you can optionally update your rescue system:
Err codemadness.org 70 i 24916

Err codemadness.org 70 i 24917 Err codemadness.org 70 i 24918

> cd /usr/src	Err	codemadness.org	70
i 24919 > make initrd	Err	codemadness.org	70
i 24920

Err codemadness.org 70 i 24921 Err codemadness.org 70 i 24922

Err codemadness.org 70 i 24923
As always, make sure your packages are up to date:
Err codemadness.org 70 i 24924

Err codemadness.org 70 i 24925 Err codemadness.org 70 i 24926

> pkg update	Err	codemadness.org	70
i 24927 > pkg upgrade	Err	codemadness.org	70
i 24928

Err codemadness.org 70 i 24929 Err codemadness.org 70 i 24930

Err codemadness.org 70 i 24931

News Roundup

Err codemadness.org 70 i 24932 Err codemadness.org 70 i 24933

Containing web services with iocell

Err codemadness.org 70 i 24934 Err codemadness.org 70 i 24935

Err codemadness.org 70 i 24936
I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it. 😛 Err codemadness.org 70 i 24937 If you're interested in the history behind Jails, there is an excellent talk from Papers We Love on the subject: https://www.youtube.com/watch?v=hgN8pCMLI2U
Err codemadness.org 70 i 24938

Err codemadness.org 70 i 24939 Err codemadness.org 70 i 24940

Getting started

Err codemadness.org 70 i 24943 Err codemadness.org 70 i 24944

Err codemadness.org 70 i 24945
There are plenty of options when it comes to setting up the jail system. Ezjail and Iocage seem popular, or you could do things manually. Iocage was recently rewritten in python, but was originally a set of shell scripts. That version has since been forked under the name Iocell, and I think it's pretty neat, so this tutorial will be using Iocell.
Err codemadness.org 70 i 24946

Err codemadness.org 70 i 24947 Err codemadness.org 70 i 24948

To start, you'll need the following: Err codemadness.org 70 i 24950 Err codemadness.org 70 i 24951 Err codemadness.org 70 i 24952
- A FreeBSD install (we'll be using 11.0)
- The iocell package (available as a package, also in the ports tree)
- A ZFS pool for hosting the jails
Err codemadness.org 70 i 24958

Err codemadness.org 70 i 24960 Err codemadness.org 70 i 24961

Err codemadness.org 70 i 24962
Once you have installed iocell and configured your ZFS pool, you'll need to run a few commands before creating your first jail. First, tell iocell which ZFS pool to use by issuing iocell activate $POOLNAME. Iocell will create a few datasets.
Err codemadness.org 70 i 24963 Err codemadness.org 70 i 24964
As you can imagine, your jails are contained within the /iocell/jails dataset. The /iocell/releases dataset is used for storing the next command we need to run, iocell fetch. Iocell will ask you which release you'd like to pull down. Since we're running 11.0 on the host, pick 11.0-RELEASE. Iocell will download the necessary txz files and unpack them in /iocell/releases.
Err codemadness.org 70 i 24965

Err codemadness.org 70 i 24966 Err codemadness.org 70 i 24967

See Article for the rest of the walkthrough.

Err codemadness.org 70 i 24970 Err codemadness.org 70 i 24971

Err codemadness.org 70 i 24972

Oracle Solaris 11.4 SRU8

Err codemadness.org 70 i 24973 Err codemadness.org 70 i 24974

Err codemadness.org 70 i 24975
Today we are releasing the SRU 8 for Oracle Solaris 11.4. It is available via 'pkg update' from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.
Err codemadness.org 70 i 24976 Err codemadness.org 70 i 24977
Err codemadness.org 70 i 24978
This SRU introduces the following enhancements: Err codemadness.org 70 i 24979 Err codemadness.org 70 i 24980 Err codemadness.org 70 i 24981
Err codemadness.org 70 i 24982
Integration of 28060039 introduced an issue where any firmware update/query commands will log eereports and repeated execution of such commands led to faulty/degraded NIC. The issue has been addressed in this SRU.
Err codemadness.org 70 i 24983 Err codemadness.org 70 i 24984
UCB (libucb, librpcsoc, libdbm, libtermcap, and libcurses) libraries have been reinstated for Oracle Solaris 11.4
Err codemadness.org 70 i 24985 Err codemadness.org 70 i 24986
Re-introduction of the service fc-fabric.
Err codemadness.org 70 i 24987 Err codemadness.org 70 i 24988
ibus has been updated to 1.5.19
Err codemadness.org 70 i 24989
Err codemadness.org 70 i 24990
Err codemadness.org 70 i 24991

Err codemadness.org 70 i 24992 Err codemadness.org 70 i 24993

The following components have also been updated to address security issues: Err codemadness.org 70 i 24995 Err codemadness.org 70 i 24996 Err codemadness.org 70 i 24997
- NTP has been updated to 4.2.8p12
- Firefox has been updated to 60.6.0esr
- BIND has been updated to 9.11.6
- OpenSSL has been updated to 1.0.2r
- MySQL has been updated to 5.6.43 & 5.7.25
- libxml2 has been updated to 2.9.9
- libxslt has been updated to 1.1.33
- Wireshark has been updated to 2.6.7
- ncurses has been updated to 6.1.0.20190105
- Apache Web Server has been updated to 2.4.38
- perl 5.22
- pkg.depot
Err codemadness.org 70 i 25021

Err codemadness.org 70 i 25023 Err codemadness.org 70 i 25024

Err codemadness.org 70 i 25025

The Problem with SSH Agent Forwarding

Err codemadness.org 70 i 25026 Err codemadness.org 70 i 25027

Err codemadness.org 70 i 25028
After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding].” Err codemadness.org 70 i 25029 Here’s what man ssh_config has to say about ForwardAgent: "Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent."" Err codemadness.org 70 i 25030 Simply put: if your jump box is compromised and you use SSH agent forwarding to connect to another machine through it, then you risk also compromising the target machine! Err codemadness.org 70 i 25031 Instead, you should use either ProxyCommand or ProxyJump (added in OpenSSH 7.3). That way, ssh will forward the TCP connection to the target host via the jump box and the actual connection will be made on your workstation. If someone on the jump box tries to MITM your connection, then you will be warned by ssh.
Err codemadness.org 70 i 25032

Err codemadness.org 70 i 25033 Err codemadness.org 70 i 25034

Err codemadness.org 70 i 25035

[OpenBSD Upgrade Guide: 6.4 to 6.5

Err codemadness.org 70 i 25036 Err codemadness.org 70 i 25037

Err codemadness.org 70 i 25038
Start by performing the pre-upgrade steps. Next, boot from the install kernel, bsd.rd: use bootable install media, or place the 6.5 version of bsd.rd in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts. Apply the configuration changes and remove the old files. Finish up by upgrading the packages: pkg_add -u. Err codemadness.org 70 i 25039 Alternatively, you can use the manual upgrade process. Err codemadness.org 70 i 25040 You may wish to check the errata page or upgrade to the stable branch to get any post-release fixes.
Err codemadness.org 70 i 25041

Err codemadness.org 70 i 25042 Err codemadness.org 70 i 25043

Before rebooting into the install kernel
Configuration and syntax changes
Files to remove
Special packages
Upgrade without the install kernel

Err codemadness.org 70 i 25054 Err codemadness.org 70 i 25055

Err codemadness.org 70 i 25056

Beastie Bits

Err codemadness.org 70 i 25057 Err codemadness.org 70 i 25058

2019 FreeBSD Community Survey
Seagate runs Mach.2 demo on FreeBSD
FreeBSD: Resizing and Growing Disks
Loading 4.9 on an old Tandy 4025LX - 386, 16MB, 1GB HD. Good old external SCSI CD
OS108 MATE 20190422 released

Err codemadness.org 70 i 25069 Err codemadness.org 70 i 25070

Err codemadness.org 70 i 25071

Feedback/Questions

Err codemadness.org 70 i 25072 Err codemadness.org 70 i 25073

Casey - Oklahoma City & James
Michael - Question on SAS backplane (camcontrol?)
Ales - OpenBSD, FreeNAS, OpenZFS questions

Err codemadness.org 70 i 25080 Err codemadness.org 70 i 25081

Err codemadness.org 70 i 25082

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 25085 Err codemadness.org 70 i 25086

Err codemadness.org 70 i 25087 Err codemadness.org 70 i 25088 Err codemadness.org 70 i 25089 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 25090 Err codemadness.org 70 i 25091

296: It’s Alive: OpenBSD 6.5

Allan Jude — Fri, 03 May 2019 10:00:00 -0700

OpenBSD 6.5 has been released, mount ZFS datasets anywhere, help test upcoming NetBSD 9 branch, LibreSSL 2.9.1 is available, Bail Bond Denied Edition of FreeBSD Mastery: Jails, and one reason ed(1) was a good editor back in the days in this week’s episode. Err codemadness.org 70 i 25554

Headlines

Err codemadness.org 70 i 25555 Err codemadness.org 70 i 25556

OpenBSD 6.5 Released

Err codemadness.org 70 i 25557 Err codemadness.org 70 i 25558

Changelog
Mirrors
6.5 Includes Err codemadness.org 70 i 25564 Err codemadness.org 70 i 25565 Err codemadness.org 70 i 25566
- OpenSMTPD 6.5.0
- LibreSSL 2.9.1
- OpenSSH 8.0
- Mandoc 1.14.5
- Xenocara
- LLVM/Clang 7.0.1 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Err codemadness.org 70 i 25580
Many pre-built packages for each architecture: Err codemadness.org 70 i 25583 Err codemadness.org 70 i 25584 Err codemadness.org 70 i 25585
- aarch64: 9654
- amd64: 10602
- i386: 10535
Err codemadness.org 70 i 25591

Err codemadness.org 70 i 25593 Err codemadness.org 70 i 25594

Err codemadness.org 70 i 25595

Mount your ZFS datasets anywhere you want

Err codemadness.org 70 i 25596 Err codemadness.org 70 i 25597

Err codemadness.org 70 i 25598
ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility. Err codemadness.org 70 i 25599 When you create zpool maintank, the default mountpoint is /maintank. Err codemadness.org 70 i 25600 You might be happy with that, but you don’t have to be content. You can do magical things.
Err codemadness.org 70 i 25601

Err codemadness.org 70 i 25602 Err codemadness.org 70 i 25603

Some highlights are: Err codemadness.org 70 i 25605 Err codemadness.org 70 i 25606 Err codemadness.org 70 i 25607
- mount point can be inherited
- not all filesystems in a zpool need to be mounted
- each filesystem (directory) can have different ZFS characteristics
- In my case, let’s look at this new zpool I created earlier today and I will show you some very simple alternatives. This zpool use NVMe devices which should be faster than SSDs especially when used with multiple concurrent writes. This is my plan: run all the Bacula regression tests concurrently.
Err codemadness.org 70 i 25615

Err codemadness.org 70 i 25617 Err codemadness.org 70 i 25618

Err codemadness.org 70 i 25619

News Roundup

Err codemadness.org 70 i 25620 Err codemadness.org 70 i 25621

Branch for netbsd 9 upcoming, please help and test -current

Err codemadness.org 70 i 25622 Err codemadness.org 70 i 25623

Err codemadness.org 70 i 25624
Folks, Err codemadness.org 70 i 25625 once again we are quite late for branching the next NetBSD release (NetBSD 9). Err codemadness.org 70 i 25626 Initially planned to happen early in February 2019, we are now approaching May and it is unlikely that the branch will happen before that. Err codemadness.org 70 i 25627 On the positive side, lots of good things landed in -current in between, like new Mesa, new jemalloc, lots of ZFS improvements - and some of those would be hard to pull up to the branch later. Err codemadness.org 70 i 25628 On the bad side we saw lots of churn in -current recently, and there is quite some fallout where we not even have a good overview right now. And this is where you can help:
Err codemadness.org 70 i 25629 Err codemadness.org 70 i 25630
Err codemadness.org 70 i 25631
please test -current, on all the various machines you have
Err codemadness.org 70 i 25632 Err codemadness.org 70 i 25633
especially interesting would be test results from uncommon architectures Err codemadness.org 70 i 25634 or strange combinations (like the sparc userland on sparc64 kernel issue Err codemadness.org 70 i 25635 I ran in yesterday) Err codemadness.org 70 i 25636 Please test, report success, and file PRs for failures! Err codemadness.org 70 i 25637 We will likely announce the real branch date on quite short notice, the likely next candidates would be mid may or end of may. Err codemadness.org 70 i 25638 We may need to do extra steps after the branch (like switch some architectures back to old jemalloc on the branch). However, the less difference between -current and the branch, the easier will the release cycle go. Err codemadness.org 70 i 25639 Our goal is to have an unprecedented short release cycle this time. But.. Err codemadness.org 70 i 25640 we always say that upfront.
Err codemadness.org 70 i 25641
Err codemadness.org 70 i 25642 Err codemadness.org 70 i 25643
Err codemadness.org 70 i 25644

Err codemadness.org 70 i 25645 Err codemadness.org 70 i 25646

LibreSSL 2.9.1 Released

Err codemadness.org 70 i 25647 Err codemadness.org 70 i 25648

Err codemadness.org 70 i 25649
We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL Err codemadness.org 70 i 25650 directory of your local OpenBSD mirror soon. This is the first stable release Err codemadness.org 70 i 25651 from the 2.9 series, which is also included with OpenBSD 6.5
Err codemadness.org 70 i 25652 Err codemadness.org 70 i 25653
It includes the following changes and improvements from LibreSSL 2.8.x:
Err codemadness.org 70 i 25654

Err codemadness.org 70 i 25655 Err codemadness.org 70 i 25656

API and Documentation Enhancements
Err codemadness.org 70 i 25658 Err codemadness.org 70 i 25659
- CRYPTO_LOCK is now automatically initialized, with the legacy Err codemadness.org 70 i 25661 callbacks stubbed for compatibility.
- Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
- Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.
- Added more OPENSSLNO* macros for compatibility with OpenSSL.
- Partial port of the OpenSSL ECKEYMETHOD API for use by OpenSSH.
- Implemented further missing OpenSSL 1.1 API.
- Added support for XChaCha20 and XChaCha20-Poly1305.
- Added support for AES key wrap constructions via the EVP interface.
Compatibility Changes
Err codemadness.org 70 i 25678 Err codemadness.org 70 i 25679
- Added pbkdf2 key derivation support to openssl(1) enc.
- Changed the default digest type of openssl(1) enc to sha256.
- Changed the default digest type of openssl(1) dgst to sha256.
- Changed the default digest type of openssl(1) x509 -fingerprint to sha256.
- Changed the default digest type of openssl(1) crl -fingerprint to sha256.
Testing and Proactive Security
Err codemadness.org 70 i 25691 Err codemadness.org 70 i 25692
- Added extensive interoperability tests between LibreSSL and OpenSSL Err codemadness.org 70 i 25694 1.0 and 1.1.
- Added additional Wycheproof tests and related bug fixes.
Internal Improvements
Err codemadness.org 70 i 25699 Err codemadness.org 70 i 25700
- Simplified sigalgs option processing and handshake signing Err codemadness.org 70 i 25702 algorithm selection.
- Added the ability to use the RSA PSS algorithm for handshake signatures.
- Added bnrandinterval() and use it in code needing ranges of Err codemadness.org 70 i 25707 random bn values.
- Added functionality to derive early, handshake, and application Err codemadness.org 70 i 25710 secrets as per RFC8446.
- Added handshake state machine from RFC8446.
- Removed some ASN.1 related code from libcrypto that had not been Err codemadness.org 70 i 25715 used since around 2000.
- Unexported internal symbols and internalized more record layer structs.
- Removed SHA224 based handshake signatures from consideration for Err codemadness.org 70 i 25720 use in a TLS 1.2 handshake.
Portable Improvements
Err codemadness.org 70 i 25723 Err codemadness.org 70 i 25724
- Added support for assembly optimizations on 32-bit ARM ELF targets.
- Added support for assembly optimizations on Mingw-w64 targets.
- Improved Android compatibility
Bug Fixes
Err codemadness.org 70 i 25732 Err codemadness.org 70 i 25733
- Improved protection against timing side channels in ECDSA signature Err codemadness.org 70 i 25735 generation.
- Coordinate blinding was added to some elliptic curves. This is the Err codemadness.org 70 i 25738 last bit of the work by Brumley et al. to protect against the Portsmash Err codemadness.org 70 i 25739 vulnerability.
- Ensure transcript handshake is always freed with TLS 1.2.
Err codemadness.org 70 i 25742 Err codemadness.org 70 i 25743

Err codemadness.org 70 i 25745 Err codemadness.org 70 i 25746

Err codemadness.org 70 i 25747
The LibreSSL project continues improvement of the codebase to reflect modern, Err codemadness.org 70 i 25748 safe programming practices. We welcome feedback and improvements from the Err codemadness.org 70 i 25749 broader community. Thanks to all of the contributors who helped make this Err codemadness.org 70 i 25750 release possible.
Err codemadness.org 70 i 25751 Err codemadness.org 70 i 25752
Err codemadness.org 70 i 25753

Err codemadness.org 70 i 25754 Err codemadness.org 70 i 25755

FreeBSD Mastery: Jails – Bail Bond Denied Edition

Err codemadness.org 70 i 25756 Err codemadness.org 70 i 25757

Err codemadness.org 70 i 25758
I had a brilliant, hideous idea: to produce a charity edition of FreeBSD Mastery: Jails featuring the cover art I would use if I was imprisoned and did not have access to a real cover artist. (Never mind that I wouldn’t be permitted to release books while in jail: we creative sorts scoff at mere legal and cultural details.) Err codemadness.org 70 i 25759 I originally wanted to produce my own take on the book’s cover art. My first attempt failed spectacularly. Err codemadness.org 70 i 25760 I downgraded my expectations and tried again. And again. And again. Err codemadness.org 70 i 25761 I’m pleased to reveal the final cover for FreeBSD Mastery: Jails–Bail Bond Edition! Err codemadness.org 70 i 25762 This cover represents the very pinnacle of my artistic talents, and is the result of literally hours of effort. Err codemadness.org 70 i 25763 But, as this book is available only to the winner of charity fund-raisers, purchase of this tome represents moral supremacy. I recommend flaunting it to your family, coworkers, and all those of lesser character. Err codemadness.org 70 i 25764 Get your copy by winning the BSDCan 2019 charity auction… or any other other auction-type event I deem worthwhile. Err codemadness.org 70 i 25765 As far as my moral fiber goes: I have learned that art is hard, and that artists are not paid enough. Err codemadness.org 70 i 25766 And if I am ever imprisoned, I do hope that you’ll contribute to my bail fund. Otherwise, you’ll get more covers like this one.
Err codemadness.org 70 i 25767

Err codemadness.org 70 i 25768 Err codemadness.org 70 i 25769

Err codemadness.org 70 i 25770 Err codemadness.org 70 i 25771

One reason ed(1) was a good editor back in the days of V7 Unix

Err codemadness.org 70 i 25772 Err codemadness.org 70 i 25773

Err codemadness.org 70 i 25774
It is common to describe ed(1) as being line oriented, as opposed to screen oriented editors like vi. This is completely accurate but it is perhaps not a complete enough description for today, because ed is line oriented in a way that is now uncommon. After all, you could say that your shell is line oriented too, and very few people use shells that work and feel the same way ed does. Err codemadness.org 70 i 25775 The surface difference between most people's shells and ed is that most people's shells have some version of cursor based interactive editing. The deeper difference is that this requires the shell to run in character by character TTY input mode, also called raw mode. By contrast, ed runs in what Unix usually calls cooked mode, where it reads whole lines from the kernel and the kernel handles things like backspace. All of ed's commands are designed so that they work in this line focused way (including being terminated by the end of the line), and as a whole ed's interface makes this whole line input approach natural. In fact I think ed makes it so natural that it's hard to think of things as being any other way. Ed was designed for line at a time input, not just to not be screen oriented. Err codemadness.org 70 i 25776 This input mode difference is not very important today, but in the days of V7 and serial terminals it made a real difference. In cooked mode, V7 ran very little code when you entered each character; almost everything was deferred until it could be processed in bulk by the kernel, and then handed to ed all in a single line which ed could also process all at once. A version of ed that tried to work in raw mode would have been much more resource intensive, even if it still operated on single lines at a time.
Err codemadness.org 70 i 25777

Err codemadness.org 70 i 25778 Err codemadness.org 70 i 25779

Err codemadness.org 70 i 25780 Err codemadness.org 70 i 25781

Beastie Bits

Err codemadness.org 70 i 25782 Err codemadness.org 70 i 25783

CFT for FreeBSD ZoL
Simple DNS Adblock
AT&T Unix PC in 1985
OpenBSD-current drm at 4.19, includes new support for Intel GPUs like Coffee Lake
"What are the differences between Linux and OpenBSD?" - Twitter thread
Announcing the pkgsrc-2019Q1 release (2019-04-10)

Err codemadness.org 70 i 25796 Err codemadness.org 70 i 25797

Err codemadness.org 70 i 25798

Feedback/Questions

Err codemadness.org 70 i 25799 Err codemadness.org 70 i 25800

Brad - iocage
Frank - Video from Level1Tech and a question
Niall - Revision Control

Err codemadness.org 70 i 25807 Err codemadness.org 70 i 25808

Err codemadness.org 70 i 25809

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 25812 Err codemadness.org 70 i 25813

Err codemadness.org 70 i 25814 Err codemadness.org 70 i 25815 Err codemadness.org 70 i 25816 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 25817 Err codemadness.org 70 i 25818

295: Fun with funlinkat()

Allan Jude — Thu, 25 Apr 2019 13:00:00 -0700

Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more. Err codemadness.org 70 i 26385

Headlines

Err codemadness.org 70 i 26386 Err codemadness.org 70 i 26387

Introducing funlinkat

Err codemadness.org 70 i 26388 Err codemadness.org 70 i 26389

It turns out, every file you have ever deleted on a unix machine was probably susceptible to a race condition

Err codemadness.org 70 i 26392 Err codemadness.org 70 i 26393

Err codemadness.org 70 i 26394
One of the first syscalls which was created in Unix-like systems is unlink. In FreeBSD this syscall is number 10 (source) and in Linux, the number is dependent on the architecture but for most of them is also the tenth syscall (source). This indicated that this is one of the primary syscalls. The unlink syscall is very simple and we provide one single path to the file that we want to remove. Err codemadness.org 70 i 26395 The “removing file” process itself is very interesting so let’s spend a moment to understand the it. First, by removing the file we are removing a link from the directory to it. In Unix-like systems we can have many links to a single file (hard links). When we remove all links to the file, the file system will mark the blocks used by the file as free (a different file system will behave differently but let’s not jump into a second digression). This is why the process is called unlinking and not “removing file”. While we unlink the file two or three things will happen:
Err codemadness.org 70 i 26396 Err codemadness.org 70 i 26397
Err codemadness.org 70 i 26398
We will remove an entry in the directory with the filename.
Err codemadness.org 70 i 26399 Err codemadness.org 70 i 26400
We will decrease a file reference count (in inode).
Err codemadness.org 70 i 26401 Err codemadness.org 70 i 26402
If links go to zero - the file will be removed from the disk (again this doesn't mean that the blocks from the disk will be filled with zeros, though this may happen depending on the file system and configuration. However, in most cases this means that the file system will mark those blocks to as free and use them to write new data later Err codemadness.org 70 i 26403 This mostly means that “removing file” from a directory is an operation on the directory and not on the file (inode) itself. Err codemadness.org 70 i 26404 Another interesting subject is what happens if our system will perform only first or second step from the list. This depends on the file system and this is also something we will leave for another time. Err codemadness.org 70 i 26405 The problem with the unlink and even unlinkat function is that we don’t have any guarantee of which file we really are unlinking. Err codemadness.org 70 i 26406 Err codemadness.org 70 i 26407 Err codemadness.org 70 i 26408
Err codemadness.org 70 i 26409
When you delete a file using its name, you have no guarantee that someone has not already deleted the file, or renamed it, and created a new file with the name you are about to delete. Err codemadness.org 70 i 26410 We have some stats about the file that we want to unlink. We performed some tests. In the same time another process removed our file and recreated it. When we finally try to remove our file it is no longer the same file. It’s a classic race condition.
Err codemadness.org 70 i 26411 Err codemadness.org 70 i 26412
Many programs will perform checks before trying to remove a file, to make sure it is the correct file, that you have the correct permissions etc. However this exposes the ‘Time-of-Check / Time-of-Use’ class of bugs. I check if the file I am about to remove is the one I created yesterday, it is, so I call unlink() on it. However, between when I checked the date on the file, and when I call unlink, I, some program I am running, might have updated the file. Or a malicious user might have put some other file at that name, so I would be the one who deleted it. Err codemadness.org 70 i 26413 In Unix-like operating systems we can get a handle for our file called file - a descriptor. File descriptors guarantee us that all the operations that we will be performing on it are done on the same file (inode). Even if someone was to unlink a number of directories entries, the operating system will not free the structures behind the file descriptor, and we can detect the file that was removed by someone and recreated (or just unlinked). So, for example, we have an alternative functions fstat which allows us to get file status of the given descriptor Err codemadness.org 70 i 26414 We already know that the file may have many links on the disk which point to the single inode. What happens when we open the file? Simplifying: kernel creates a memory representation of the inode (the inode itself is stored on the disk) called vnode. This single representation is used by all processes to refer the inode to the disk. If in a process we open the same file (inode) using different names (for example through hard links) all those files will be linked to the single vnode. That means that the pathname is not stored in the kernel. Err codemadness.org 70 i 26415 This is basically the reason why we don’t have a funlink function so that instead of the path we are providing just the file descriptor to the file. If we performed the fdunlink syscall, the kernel wouldn’t know which directory entry you would like to remove. Another problem is more architectural: as we discussed earlier unlinking is really an operation on the directory not on the file (inode) itself, so using funlink(fd) may create some confusion because we are not removing the inode corresponding to the file descriptor, we are performing action on the directory which points to the file. Err codemadness.org 70 i 26416 After some discussion we decided that the only sensible option for FreeBSD would be to create a funlinkat() function. This syscall would only performs additional sanitary checks if we are removing a directory entry which corresponds to the inode stored which refers to the file descriptor. Err codemadness.org 70 i 26417 int funlinkat(int dfd, const char *path, int fd, int flags); Err codemadness.org 70 i 26418 The API above will check if the path opened relative to the dfd points to the same vnode. Thanks to that we removed a race condition because all those sanitary checks are performed in the kernel mode while the file system is locked and there is no possibility to change it. Err codemadness.org 70 i 26419 The fd parameter may be set to the FD_NONE value which will mean that the sanitary check should not be performed and funlinkat will behave just like unlinkat. Err codemadness.org 70 i 26420 As you can notice I often refer to the unlink syscall but at the end the APIs looks like unlinkat syscall. It is true that the unlink syscall is very old and kind of deprecated. That said I referred to unlink because it’s just simpler. These days unlink simply uses the same code as unlinkat.
Err codemadness.org 70 i 26421
Err codemadness.org 70 i 26422
Err codemadness.org 70 i 26423 Err codemadness.org 70 i 26424
Err codemadness.org 70 i 26425

Err codemadness.org 70 i 26426 Err codemadness.org 70 i 26427

Using an OpenBSD Router with AT&T U-Verse

Err codemadness.org 70 i 26428 Err codemadness.org 70 i 26429

Err codemadness.org 70 i 26430
I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over. Err codemadness.org 70 i 26431 Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.
Err codemadness.org 70 i 26432 Err codemadness.org 70 i 26433
Err codemadness.org 70 i 26434

Err codemadness.org 70 i 26435 Err codemadness.org 70 i 26436

News Roundup

Err codemadness.org 70 i 26437 Err codemadness.org 70 i 26438

How to use NetBSD on a Raspberry Pi

Err codemadness.org 70 i 26439 Err codemadness.org 70 i 26440

Err codemadness.org 70 i 26441
Do you have an old Raspberry Pi lying around gathering dust, maybe after a recent Pi upgrade? Are you curious about BSD Unix? If you answered "yes" to both of these questions, you'll be pleased to know that the first is the solution to the second, because you can run NetBSD, as far back as the very first release, on a Raspberry Pi. Err codemadness.org 70 i 26442 BSD is the Berkley Software Distribution of Unix. In fact, it's the only open source Unix with direct lineage back to the original source code written by Dennis Ritchie and Ken Thompson at Bell Labs. Other modern versions are either proprietary (such as AIX and Solaris) or clever re-implementations (such as Minix and GNU/Linux). If you're used to Linux, you'll feel mostly right at home with BSD, but there are plenty of new commands and conventions to discover. If you're still relatively new to open source, trying BSD is a good way to experience a traditional Unix. Err codemadness.org 70 i 26443 Admittedly, NetBSD isn't an operating system that's perfectly suited for the Pi. It's a minimal install compared to many Linux distributions designed specifically for the Pi, and not all components of recent Pi models are functional under NetBSD yet. However, it's arguably an ideal OS for the older Pi models, since it's lightweight and lovingly maintained. And if nothing else, it's a lot of fun for any die-hard Unix geek to experience another side of the POSIX world.
Err codemadness.org 70 i 26444 Err codemadness.org 70 i 26445
Err codemadness.org 70 i 26446

Err codemadness.org 70 i 26447 Err codemadness.org 70 i 26448

ZFS Encryption is still under development (as of March 2019)

Err codemadness.org 70 i 26449 Err codemadness.org 70 i 26450

Err codemadness.org 70 i 26451
One of the big upcoming features that a bunch of people are looking forward to in ZFS is natively encrypted filesystems. This is already in the main development tree of ZFS On Linux, will likely propagate to FreeBSD (since FreeBSD ZFS will be based on ZoL), and will make it to Illumos if the Illumos people want to pull it in. People are looking forward to native encryption so much, in fact, that some of them have started using it in ZFS On Linux already, using either the development tip or one of the 0.8.0 release candidate pre-releases (ZoL is up to 0.8.0-rc3 as of now). People either doing this or planning to do this show up on the ZoL mailing list every so often.
Err codemadness.org 70 i 26452 Err codemadness.org 70 i 26453
Err codemadness.org 70 i 26454
CFT for FreeBSD + ZoL
Err codemadness.org 70 i 26455
Err codemadness.org 70 i 26456 Err codemadness.org 70 i 26457
Err codemadness.org 70 i 26458

Err codemadness.org 70 i 26459 Err codemadness.org 70 i 26460

Tutorial On Rump Kernel Servers and Clients

Err codemadness.org 70 i 26461 Err codemadness.org 70 i 26462

Err codemadness.org 70 i 26463
The rump anykernel architecture allows to run highly componentized kernel code configurations in userspace processes. Coupled with the rump sysproxy facility it is possible to run loosely distributed client-server "mini-operating systems". Since there is minimum configuration and the bootstrap time is measured in milliseconds, these environments are very cheap to set up, use, and tear down on-demand. Err codemadness.org 70 i 26464 This document acts as a tutorial on how to configure and use unmodified NetBSD kernel drivers as userspace services with utilities available from the NetBSD base system. As part of this, it presents various use cases. One uses the kernel cryptographic disk driver (cgd) to encrypt a partition. Another one demonstrates how to operate an FFS server for editing the contents of a file system even though your user account does not have privileges to use the host's mount() system call. Additionally, using a userspace TCP/IP server with an unmodified web browser is detailed.
Err codemadness.org 70 i 26465 Err codemadness.org 70 i 26466
Err codemadness.org 70 i 26467

Err codemadness.org 70 i 26468 Err codemadness.org 70 i 26469

Installing Snort on OpenBSD 6.4

Err codemadness.org 70 i 26470 Err codemadness.org 70 i 26471

Err codemadness.org 70 i 26472
As you may recall from previous posts, I am running an OpenBSD server on an APU2 air-cooled 3 Intel NIC box as my router/firewall for my secure home network. Given that all of my Internet traffic flows through this box, I thought it would be a cool idea to run an Intrusion Detection System (IDS) on it. Snort is the big hog of the open source world so I took a peek in the packages directory on one of the mirrors and lo and behold we have the latest & greatest version of Snort available! Thanks devs!!! Err codemadness.org 70 i 26473 I did some quick Googling and didn’t find much “modern” howto help out there so, after some trial and error, I have it up and running. I thought I’d give back in a small way and share a quickie howto for other Googlers out there who are looking for guidance. Here’s hoping that my title is good enough “SEO” to get you here!
Err codemadness.org 70 i 26474 Err codemadness.org 70 i 26475
Err codemadness.org 70 i 26476

Err codemadness.org 70 i 26477 Err codemadness.org 70 i 26478

Beastie Bits

Err codemadness.org 70 i 26479 Err codemadness.org 70 i 26480

os108
AT&T Archives: The UNIX Operating System
httpd(8): Adapt to industry wide current best security practices
Quotes From A Book That Bashes Unix
OpenBSD QA wiki

Err codemadness.org 70 i 26491 Err codemadness.org 70 i 26492

Err codemadness.org 70 i 26493

Feedback/Questions

Err codemadness.org 70 i 26494 Err codemadness.org 70 i 26495

Malcolm - Laptop Experience : Dell XPS 13
DJ - Feedback
Alex - GhostBSD and Wifi : FIXED

Err codemadness.org 70 i 26502 Err codemadness.org 70 i 26503

Err codemadness.org 70 i 26504

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 26507 Err codemadness.org 70 i 26508

Err codemadness.org 70 i 26509 Err codemadness.org 70 i 26510 Err codemadness.org 70 i 26511 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 26512 Err codemadness.org 70 i 26513

294: The SSH Tarpit

Allan Jude — Thu, 18 Apr 2019 09:00:00 -0700

A PI-powered Plan 9 cluster, an SSH tarpit, rdist for when Ansible is too much, falling in love with OpenBSD again, how I created my first FreeBSD port, the Tilde Institute of OpenBSD education and more. Err codemadness.org 70 i 26804

Headlines

Err codemadness.org 70 i 26805 Err codemadness.org 70 i 26806

A Pi-Powered Plan 9 Cluster

Err codemadness.org 70 i 26807 Err codemadness.org 70 i 26808

Err codemadness.org 70 i 26809
Plan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research O/S — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further. Err codemadness.org 70 i 26810 In this post, we take a quick look at the Plan 9 O/S and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.
Err codemadness.org 70 i 26811 Err codemadness.org 70 i 26812
Err codemadness.org 70 i 26813

Err codemadness.org 70 i 26814 Err codemadness.org 70 i 26815

Endlessh: an SSH Tarpit

Err codemadness.org 70 i 26816 Err codemadness.org 70 i 26817

Err codemadness.org 70 i 26818
I’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resources that might otherwise be spent attacking another host. When done well, a tarpit imposes more cost on the attacker than the defender. Err codemadness.org 70 i 26819 The Internet is a very hostile place, and anyone who’s ever stood up an Internet-facing IPv4 host has witnessed the immediate and continuous attacks against their server. I’ve maintained such a server for nearly six years now, and more than 99% of my incoming traffic has ill intent. One part of my defenses has been tarpits in various forms.
Err codemadness.org 70 i 26820 Err codemadness.org 70 i 26821
Err codemadness.org 70 i 26822

Err codemadness.org 70 i 26823 Err codemadness.org 70 i 26824

News Roundup

Err codemadness.org 70 i 26825 Err codemadness.org 70 i 26826

rdist(1) – when Ansible is too much

Err codemadness.org 70 i 26827 Err codemadness.org 70 i 26828

Err codemadness.org 70 i 26829
The post written about rdist(1) on johan.huldtgren.com sparked Err codemadness.org 70 i 26830 us to write one as well. It's a great, underappreciated, tool. And we wanted to show how we wrapped doas(1) around it. Err codemadness.org 70 i 26831 There are two services in our infrastructure for which we were looking to keep the configuration in sync and to reload the process when the configuration had indeed changed. There is a pair of nsd(8)/unbound(8) hosts and a pair of hosts running relayd(8)/httpd(8) with carp(4) between them. Err codemadness.org 70 i 26832 We didn't have a requirement to go full configuration management with tools like Ansible or Salt Stack. And there wasn't any interest in building additional logic on top of rsync or repositories. > Enter rdist(1), rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing.
Err codemadness.org 70 i 26833 Err codemadness.org 70 i 26834
Err codemadness.org 70 i 26835

Err codemadness.org 70 i 26836 Err codemadness.org 70 i 26837

Falling in love with OpenBSD again

Err codemadness.org 70 i 26838 Err codemadness.org 70 i 26839

Err codemadness.org 70 i 26840
I was checking the other day and was appalled at how long it has been since I posted here. I had been working a job during 2018 that had me traveling 3,600 miles by air every week so that is at least a viable excuse. Err codemadness.org 70 i 26841 So what is my latest project? I wanted to get something better than the clunky old T500 “freedom laptop” that I could use as my daily driver. Some background here. My first paid gig as a programmer was on SunOS 4 (predecessor to Solaris) and Ultrix (on a DEC MicroVAX). I went from there to a Commodore Amiga (preemptive multitasking in 1985!). I went from there to OS/2 (I know, patron saint of lost causes) and then finally decided to “sell out” and move to Windows as the path of least resistance in the mid 90’s. Err codemadness.org 70 i 26842 My wife bought me an iPod literally just as they started working with computers other than Macs and I watched with fascination as Apple made the big gamble and moved away from PowerPC chips to Intel. That was the beginning of the Apple Fan Boi years for me. My gateway drug was a G4 MacMini and I managed somehow to get in on the pre-production, developer build of an Intel-based Mac. I was quite happy on the platform until about three years ago.
Err codemadness.org 70 i 26843 Err codemadness.org 70 i 26844
Err codemadness.org 70 i 26845

Err codemadness.org 70 i 26846 Err codemadness.org 70 i 26847

How I Created My First FreeBSD Port

Err codemadness.org 70 i 26848 Err codemadness.org 70 i 26849

Err codemadness.org 70 i 26850
I created my first FreeBSD port recently. I found that FreeBSD didn't have a port for GoCD, which is a continuous integration and continuous deployment (CI/CD) system. This was a great opportunity to learn how to build a FreeBSD port while also contributing back to the community
Err codemadness.org 70 i 26851 Err codemadness.org 70 i 26852
Err codemadness.org 70 i 26853

Err codemadness.org 70 i 26854 Err codemadness.org 70 i 26855

The Tilde Institute of OpenBSD Education

Err codemadness.org 70 i 26856 Err codemadness.org 70 i 26857

Err codemadness.org 70 i 26858
Welcome to tilde.institute! This is an OpenBSD machine whose purpose is to provide a space in the tildeverse for experimentation with and education of the OpenBSD operating system. A variety of editors, shells, and compilers are installed to allow for development in a native OpenBSD environment. OpenBSD's httpd(8) is configured with slowcgi(8) as the fastcgi provider and sqlite3 available. This allows users to experiment with web development using compiled CGI in C, aka the BCHS Stack. In addition to php7.0 and mysql (mariadb) by request, this provides an environment where the development of complex web apps is possible.
Err codemadness.org 70 i 26859 Err codemadness.org 70 i 26860
Err codemadness.org 70 i 26861

Err codemadness.org 70 i 26862 Err codemadness.org 70 i 26863

Beastie Bits

Err codemadness.org 70 i 26864 Err codemadness.org 70 i 26865

SoloBSD 19.03-STABLE
WireGuard for NetBSD
[NetBSD - Removing PF](https://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html Err codemadness.org 70 i 26871 )
What does the N in nmake stand for?
A Map of the Internet from May 1973
NSA-B-Gone : A sketchy hardware security device for your x220

Err codemadness.org 70 i 26879 Err codemadness.org 70 i 26880

Err codemadness.org 70 i 26881

Feedback/Questions

Err codemadness.org 70 i 26882 Err codemadness.org 70 i 26883

Jake - A single jail as a VPN client
Matt - Surprising BSD Features
cia - Routing and ZFS

Err codemadness.org 70 i 26890 Err codemadness.org 70 i 26891

Err codemadness.org 70 i 26892

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 26895 Err codemadness.org 70 i 26896

Err codemadness.org 70 i 26897 Err codemadness.org 70 i 26898 Err codemadness.org 70 i 26899 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 26900 Err codemadness.org 70 i 26901

293: Booking Jails

Allan Jude — Thu, 11 Apr 2019 09:00:00 -0700

Err codemadness.org 70 i 27156 This week we have a special episode with a Michael W. Lucas interview about his latest jail book that’s been released. We’re talking all things jails, writing, book sponsoring, the upcoming BSDCan 2019 conference, and more.

Err codemadness.org 70 i 27157 Err codemadness.org 70 i 27158

###Interview - Michael W. Lucas - mwl@mwl.io / @mwlauthor
Err codemadness.org 70 i 27159 FreeBSD Mastery: Jails

Err codemadness.org 70 i 27160 Err codemadness.org 70 i 27161

BR: Welcome back to the show and congratulations on your latest book. How many books did you have to write before you could start on FreeBSD Mastery: Jails?
AJ: How much research did you have to do about jails?
BR: The book talks about something called ‘incomplete’ jails. What do you mean by that?
AJ: There are a lot of jail management frameworks out there. Why did you chose to write about iocage in the book?
BR: How many jails do you run yourself?
AJ: Can you tell us a bit about how you handle book sponsorship these days?
BR: What other books (fiction and non-fiction) are you currently working on?
AJ: Which talks are you looking forward to attend at the upcoming BSDCan conference?
BR: How is the BSD user group going?
AJ: Anything else you’d like to mention before we release you from our interview jail cell?

Err codemadness.org 70 i 27173 Err codemadness.org 70 i 27174

Err codemadness.org 70 i 27175 Err codemadness.org 70 i 27176

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 27179 Err codemadness.org 70 i 27180

Err codemadness.org 70 i 27181 Err codemadness.org 70 i 27182 Err codemadness.org 70 i 27183 Err codemadness.org 70 i 27184 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 27185 ]]> Err codemadness.org 70 i 27186

292: AsiaBSDcon 2019 Recap

Allan Jude — Thu, 04 Apr 2019 08:00:00 -0700

Err codemadness.org 70 i 27359 FreeBSD Q4 2018 status report, the GhostBSD alternative, the coolest 90s laptop, OpenSSH 8.0 with quantum computing resistant keys exchange, project trident: 18.12-U8 is here, and more.

Err codemadness.org 70 i 27360 Err codemadness.org 70 i 27361

##Headlines
Err codemadness.org 70 i 27362 ###AsiaBSDcon 2019 recap

Err codemadness.org 70 i 27363 Err codemadness.org 70 i 27364

Both Allan and I attended AsiaBSDcon 2019 in Tokyo in mid march. After a couple of days of Tokyo sightseeing and tasting the local food, the conference started with tutorials.
Benedict gave his tutorial about “BSD-based Systems Monitoring with Icinga2 and OpenSSH”, while Allan ran the FreeBSD developer summit.
On the next day, Benedict attended the tutorial “writing (network) tests for FreeBSD” held by Kristof Provost. I learned a lot about Kyua, where tests live and how they are executed. I took some notes, which will likely become an article or chapter in the developers handbook about writing tests.
On the third day, Hiroki Sato officially opened the paper session and then people went into individual talks.
Benedict attended Err codemadness.org 70 i 27370
Err codemadness.org 70 i 27371
Adventure in DRMland - Or how to write a FreeBSD ARM64 DRM driver by Emmanuel
Err codemadness.org 70 i 27372 Vadot
Err codemadness.org 70 i 27373
Err codemadness.org 70 i 27374

Err codemadness.org 70 i 27376 Err codemadness.org 70 i 27377

Err codemadness.org 70 i 27378
powerpc64 architecture support in FreeBSD ports by Piotr Kubaj
Err codemadness.org 70 i 27379 Managing System Images with ZFS by Allan Jude
Err codemadness.org 70 i 27380 FreeBSD - Improving block I/O compatibility in bhyve by Sergiu Weisz
Err codemadness.org 70 i 27381 Security Fantasies and Realities for the BSDs by George V.
Err codemadness.org 70 i 27382 Neville-Neil
Err codemadness.org 70 i 27383 ZRouter: Remote update of firmware by Hiroki Mori
Err codemadness.org 70 i 27384 Improving security of the FreeBSD boot process by Marcin Wojtas
Err codemadness.org 70 i 27385

Err codemadness.org 70 i 27386 Err codemadness.org 70 i 27387

Allan attended Err codemadness.org 70 i 27389
Err codemadness.org 70 i 27390
Adventures in DRMland by Emmanuel Vadot
Err codemadness.org 70 i 27391 Intel HAXM by Kamil Rytarowski
Err codemadness.org 70 i 27392 BSD Solutions in Australian NGOs
Err codemadness.org 70 i 27393 Container Migration on FreeBSD by Yuhei Takagawa
Err codemadness.org 70 i 27394 Security Fantasies and Realities for the BSDs by George Neville-Neil
Err codemadness.org 70 i 27395
Err codemadness.org 70 i 27396

Err codemadness.org 70 i 27398 Err codemadness.org 70 i 27399

Err codemadness.org 70 i 27400
ZRouter: Remote update of firmware by Hiroki Mori
Err codemadness.org 70 i 27401 Improving security of the FreeBSD boot process by Marcin Wojtas
Err codemadness.org 70 i 27402

Err codemadness.org 70 i 27403 Err codemadness.org 70 i 27404

When not in talks, time was spent in the hallway track and conversations would often continue over dinner.
Stay tuned for announcements about where AsiaBSDcon 2020 will be, as the Tokyo Olympics will likely force some changes for next year. Overall, it was nice to see people at the conference again, listen to talks, and enjoy the hospitality of Japan.

Err codemadness.org 70 i 27408 Err codemadness.org 70 i 27409

###FreeBSD Quarterly Status Report - Fourth Quarter 2018

Err codemadness.org 70 i 27410 Err codemadness.org 70 i 27411

Err codemadness.org 70 i 27412
Since we are still on this island among many in this vast ocean of the Internet, we write this message in a bottle to inform you of the work we have finished and what lies ahead of us. These deeds that we have wrought with our minds and hands, they are for all to partake of - in the hopes that anyone of their free will, will join us in making improvements. In todays message the following by no means complete or ordered set of improvements and additions will be covered:
Err codemadness.org 70 i 27413 i386 PAE Pagetables for up to 24GB memory support, Continuous Integration efforts, driver updates to ENA and graphics, ARM enhancements such as RochChip, Marvell 8K, and Broadcom support as well as more DTS files, more Capsicum possibilities, as well as pfsync improvements, and many more things that you can read about for yourselves.
Err codemadness.org 70 i 27414 Additionally, we bring news from some islands further down stream, namely the nosh project, HardenedBSD, ClonOS, and the Polish BSD User-Group.
Err codemadness.org 70 i 27415 We would, selfishly, encourage those of you who give us the good word to please send in your submissions sooner than just before the deadline, and also encourage anyone willing to share the good word to please read the section on which submissions we’re also interested in having.
Err codemadness.org 70 i 27416

Err codemadness.org 70 i 27417 Err codemadness.org 70 i 27418

Err codemadness.org 70 i 27419 Err codemadness.org 70 i 27420

###GhostBSD: A Solid Linux-Like Open Source Alternative

Err codemadness.org 70 i 27421 Err codemadness.org 70 i 27422

Err codemadness.org 70 i 27423
The subject of this week’s Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open source operating system. If you thought that the Linux kernel was the only open source engine for a free OS, think again. BSD (Berkeley Software Distribution) shares many of the same features that make Linux OSes viable alternatives to proprietary computing platforms.
Err codemadness.org 70 i 27424 GhostBSD is a user-friendly Linux-like desktop operating system based on TrueOS. TrueOS is, in turn, based on FreeBSD’s development branch. TrueOS’ goal is to combine the stability and security of FreeBSD with a preinstalled GNOME, MATE, Xfce, LXDE or Openbox graphical user interface.
Err codemadness.org 70 i 27425 I stumbled on TrueOS while checking out new desktop environments and features in recent new releases of a few obscure Linux distros. Along the way, I discovered that today’s BSD computing family is not the closed source Unix platform the “BSD” name might suggest.
Err codemadness.org 70 i 27426 In last week’s Redcore Linux review, I mentioned that the Lumina desktop environment was under development for an upcoming Redcore Linux release. Lumina is being developed primarily for BSD OSes. That led me to circle back to a review I wrote two years ago on Lumina being developed for Linux.
Err codemadness.org 70 i 27427 GhostBSD is a pleasant discovery. It has nothing to do with being spooky, either. That goes for both the distro and the open source computing family it exposes.
Err codemadness.org 70 i 27428 Keep reading to find out what piqued my excitement about Linux-like GhostBSD.
Err codemadness.org 70 i 27429

Err codemadness.org 70 i 27430 Err codemadness.org 70 i 27431

Err codemadness.org 70 i 27432 Err codemadness.org 70 i 27433

##News Roundup
Err codemadness.org 70 i 27434 ###SPARCbook 3000ST - The coolest 90s laptop

Err codemadness.org 70 i 27435 Err codemadness.org 70 i 27436

Err codemadness.org 70 i 27437
A few weeks back I managed to pick up an incredibly rare laptop in immaculate condition for $50 on Kijiji: a Tadpole Technologies SPARCbook 3000ST from 1997 (it also came with two other working Pentium laptops from the 1990s).
Err codemadness.org 70 i 27438 Sun computers were an expensive desire for many computer geeks in the 1990s, and running UNIX on a SPARC-based laptop was, well, just as cool as it gets. SPARC was an open hardware platform that anyone could make, and Tadpole licensed the Solaris UNIX operating system from Sun for their SPARCbooks. Tadpole essentially made high-end UNIX/VAX workstations on costly, unusual platforms (PowerPC, DEC Alpha, SPARC) but only their SPARCbooks were popular in the high-end UNIX market of the 1990s.
Err codemadness.org 70 i 27439

Err codemadness.org 70 i 27440 Err codemadness.org 70 i 27441

Err codemadness.org 70 i 27442 Err codemadness.org 70 i 27443

###OpenSSH 8.0 Releasing With Quantum Computing Resistant Keys

Err codemadness.org 70 i 27444 Err codemadness.org 70 i 27445

Err codemadness.org 70 i 27446
OpenSSH 7.9 came out with a host of bug fixes last year with few new features, as is to be expected in minor releases. However, recently, Damien Miller has announced that OpenSSH 8.0 is nearly ready to be released. Currently, it’s undergoing testing to ensure compatibility across supported systems.
Err codemadness.org 70 i 27447

Err codemadness.org 70 i 27448 Err codemadness.org 70 i 27449

https://twitter.com/damienmiller/status/1111416334737244160

Err codemadness.org 70 i 27452 Err codemadness.org 70 i 27453

Err codemadness.org 70 i 27454
Better Security
Err codemadness.org 70 i 27455 Copying filenames with scp will be more secure in OpenSSH 8.0 due to the fact that copying filenames from a remote to local directory will prompt scp to check if the files sent from the server match your request. Otherwise, an attack server would theoretically be able to intercept the request by serving malicious files in place of the ones originally requested. Knowing this, you’re probably better off never using scp anyway. OpenSSH advises against it:
Err codemadness.org 70 i 27456 “The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.”
Err codemadness.org 70 i 27457

Err codemadness.org 70 i 27458 Err codemadness.org 70 i 27459

Interesting new features

Err codemadness.org 70 i 27462 Err codemadness.org 70 i 27463

Err codemadness.org 70 i 27464
ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for “yes”. This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you.
Err codemadness.org 70 i 27465

Err codemadness.org 70 i 27466 Err codemadness.org 70 i 27467

Err codemadness.org 70 i 27468 Err codemadness.org 70 i 27469

###Project Trident : 18.12-U8 Available

Err codemadness.org 70 i 27470 Err codemadness.org 70 i 27471

Err codemadness.org 70 i 27472
Thank you all for your patience! Project Trident has finally finished some significant infrastructure updates over the last 2 weeks, and we are pleased to announce that package update 8 for 18.12-RELEASE is now available.
Err codemadness.org 70 i 27473 To switch to the new update, you will need to open the “Configuration” tab in the update manager and switch to the new “Trident-release” package repository. You can also perform this transition via the command line by running: sudo sysup --change-train Trident-release
Err codemadness.org 70 i 27474

Err codemadness.org 70 i 27475 Err codemadness.org 70 i 27476

Err codemadness.org 70 i 27477 Err codemadness.org 70 i 27478

##Beastie Bits

Err codemadness.org 70 i 27479 Err codemadness.org 70 i 27480

BSD Router Project - Release 1.92
EuroBSDcon - New Proposals
Funny UNIX shirt (René Magritte art parody)
51NB’s Thinkpad X210
DragonFly: No more gcc50
“FreeBSD Mastery: Jails” ebook escaping!
FreeBSD talk at the Augsburger Linux Info Days (german)

Err codemadness.org 70 i 27489 Err codemadness.org 70 i 27490

Err codemadness.org 70 i 27491 Err codemadness.org 70 i 27492

##Feedback/Questions

Err codemadness.org 70 i 27493 Err codemadness.org 70 i 27494

DJ - FuguIta Feedback
Mike - Another Good Show
Alex - GhostBSD and wifi

Err codemadness.org 70 i 27499 Err codemadness.org 70 i 27500

Err codemadness.org 70 i 27501 Err codemadness.org 70 i 27502

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 27505 Err codemadness.org 70 i 27506

Err codemadness.org 70 i 27507 Err codemadness.org 70 i 27508 Err codemadness.org 70 i 27509 Err codemadness.org 70 i 27510 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 27511 ]]> Err codemadness.org 70 i 27512

291: Storage Changes Software

Allan Jude — Thu, 28 Mar 2019 07:00:00 -0700

Err codemadness.org 70 i 27797 Storage changing software, what makes Unix special, what you need may be “pipeline +Unix commands”, running a bakery on Emacs and PostgreSQL, the ultimate guide to memorable tech talks, light-weight contexts, and more.

Err codemadness.org 70 i 27798 Err codemadness.org 70 i 27799

##Headlines

Err codemadness.org 70 i 27800 Err codemadness.org 70 i 27801

###Tracking a storage issue led to software change

Err codemadness.org 70 i 27802 Err codemadness.org 70 i 27803

Err codemadness.org 70 i 27804
Early last year we completed a massive migration that moved our customers’ hosting data off of a legacy datacenter (that we called FR-SD2) onto several new datacenters (that we call FR-SD3, FR-SD5, and FR-SD6) with much more modern, up-to-date infrastructure.
Err codemadness.org 70 i 27805 This migration required several changes in both the software and hardware we use, including switching the operating system on our storage units to FreeBSD.
Err codemadness.org 70 i 27806 Currently, we use the NFS protocol to provide storage and export the filesystems on Simple Hosting, our web hosting service, and the FreeBSD kernel includes an NFS server for just this purpose.
Err codemadness.org 70 i 27807

Err codemadness.org 70 i 27808 Err codemadness.org 70 i 27809

Problem

Err codemadness.org 70 i 27812 Err codemadness.org 70 i 27813

Err codemadness.org 70 i 27814
While migrating virtual disks of Simple Hosting instances from FR-SD2, we noticed high CPU load spikes on the new storage units.
Err codemadness.org 70 i 27815

Err codemadness.org 70 i 27816 Err codemadness.org 70 i 27817

Err codemadness.org 70 i 27818 Err codemadness.org 70 i 27819

###What Makes Unix Special

Err codemadness.org 70 i 27820 Err codemadness.org 70 i 27821

Err codemadness.org 70 i 27822
Ever since Unix burst onto the scene within the early '70s, observers within the pc world have been fast to put in writing it off as a unusual working system designed by and for knowledgeable programmers. Regardless of their proclamations, Unix refuses to die. Means again in 1985, Stewart Cheifet puzzled if Unix would turn out to be the usual working system of the longer term on the PBS present “The Laptop Chronicles,” though MS-DOS was effectively in its heyday. In 2018, it is clear that Unix actually is the usual working system, not on desktop PCs, however on smartphones and tablets.
Err codemadness.org 70 i 27823

Err codemadness.org 70 i 27824 Err codemadness.org 70 i 27825

What Makes Unix Special?

Err codemadness.org 70 i 27828 Err codemadness.org 70 i 27829

Err codemadness.org 70 i 27830
It is also the usual system for net servers. The actual fact is, hundreds of thousands of individuals all over the world have interacted with Linux and Unix programs daily, most of whom have by no means written a line of code of their lives.
Err codemadness.org 70 i 27831 So what makes Unix so beloved by programmers and different techie sorts? Let’s check out a few of issues this working system has going for it. (For some background on Unix, try The Historical past of Unix: From Bell Labs to the iPhone.)
Err codemadness.org 70 i 27832

Err codemadness.org 70 i 27833 Err codemadness.org 70 i 27834

Err codemadness.org 70 i 27835 Err codemadness.org 70 i 27836

##News Roundup
Err codemadness.org 70 i 27837 ###What you need may be “pipeline +Unix commands” only

Err codemadness.org 70 i 27838 Err codemadness.org 70 i 27839

Err codemadness.org 70 i 27840
I came across Taco Bell Programming recently, and think this article is worthy to read for every software engineer. The post mentions a scenario which you may consider to use Hadoop to solve but actually xargs may be a simpler and better choice. This reminds me a similar experience: last year a client wanted me to process a data file which has 5 million records. After some investigations, no novel technologies, a concise awk script (less than 10 lines) worked like a charm! What surprised me more is that awk is just a single-thread program, no nifty concurrency involved.
Err codemadness.org 70 i 27841 The IT field never lacks “new” technologies: cloud computing, big data, high concurrency, etc. However, the thinkings behind these “fancy” words may date back to the era when Unix arose. Unix command line tools are invaluable treasure. In many cases, picking the right components and using pipeline to glue them can satisfy your requirement perfectly. So spending some time in reviewing Unixcommand line manual instead of chasing state-of-the-art techniques exhaustedly, you may gain more.
Err codemadness.org 70 i 27842 BTW, if your data set can be disposed by an awk script, it should not be called “big data”.
Err codemadness.org 70 i 27843

Err codemadness.org 70 i 27844 Err codemadness.org 70 i 27845

Taco Bell Programming

Err codemadness.org 70 i 27848 Err codemadness.org 70 i 27849

Err codemadness.org 70 i 27850 Err codemadness.org 70 i 27851

###Running a bakery on Emacs and PostgreSQL

Err codemadness.org 70 i 27852 Err codemadness.org 70 i 27853

Err codemadness.org 70 i 27854
Just over a year ago now, I finally opened the bakery I’d been dreaming of for years. It’s been a big change in my life, from spending all my time sat in front of a computer, to spending most of it making actual stuff. And stuff that makes people happy, at that. It’s been a huge change, but I can’t think of a single job change that’s ever made me as happy as this one.
Err codemadness.org 70 i 27855 One of the big changes that came with going pro was that suddenly I was having to work out how much stuff I needed to mix to fill the orders I needed. On the face of it, this is really simple, just work out how much dough you need, then work out what quantities to mix to make that much dough. Easy. You can do it with a pencil and paper. Or, in traditional bakers’ fashion, by scrawling with your finger on a floured work bench.
Err codemadness.org 70 i 27856 And that’s how I coped for a few weeks early on. But I kept making mistakes, which makes for an inconsistent product (bread is very forgiving, you have to work quite hard to make something that isn’t bread, but consistency matters). I needed to automate.
Err codemadness.org 70 i 27857

Err codemadness.org 70 i 27858 Err codemadness.org 70 i 27859

Err codemadness.org 70 i 27860 Err codemadness.org 70 i 27861

###The Ultimate Guide To Memorable Tech Talks

Err codemadness.org 70 i 27862 Err codemadness.org 70 i 27863

Err codemadness.org 70 i 27864
Imagine this. You’re a woman in a male-dominated field. English is not your first language. Even though you’re confident in your engineering work, the thought of public speaking and being recorded for the world to see absolutely terrifies you.
Err codemadness.org 70 i 27865 That was me, five years ago. Since then, I’ve moved into a successful career in Developer Advocacy and spoken at dozens of technical events in the U.S. and worldwide.
Err codemadness.org 70 i 27866 I think everyone has the ability to deliver stellar conference talks, which is why I took the time to write this post.
Err codemadness.org 70 i 27867

Err codemadness.org 70 i 27868 Err codemadness.org 70 i 27869

The Ultimate Guide
1: Introduction
2: Choosing a Topic
3: Writing a Conference Proposal (or CFP)
4: Tools of the Trade
5: Planning and Time Estimation
6: Writing a Talk
7: Practice and Delivery

Err codemadness.org 70 i 27879 Err codemadness.org 70 i 27880

Err codemadness.org 70 i 27881 Err codemadness.org 70 i 27882

###Light-weight Contexts: An OS Abstraction for Safety and Performance (2016)

Err codemadness.org 70 i 27883 Err codemadness.org 70 i 27884

Err codemadness.org 70 i 27885
Abstract: “We introduce a new OS abstraction—light-weight con-texts (lwCs)—that provides independent units of protection, privilege, and execution state within a process. A process may include several lwCs, each with possibly different views of memory, file descriptors, and access capabilities. lwCs can be used to efficiently implement roll-back (process can return to a prior recorded state),isolated address spaces (lwCs within the process may have different views of memory, e.g., isolating sensitive data from network-facing components or isolating different user sessions), and privilege separation (in-process reference monitors can arbitrate and control access).
Err codemadness.org 70 i 27886 lwCs can be implemented efficiently: the overhead of a lwC is proportional to the amount of memory exclusive to the lwC; switching lwCs is quicker than switching kernel threads within the same process. We describe the lwC abstraction and API, and an implementation of lwCs within the FreeBSD 11.0 kernel. Finally, we present an evaluation of common usage patterns, including fast roll-back, session isolation, sensitive data isolation, and in-process reference monitoring, using Apache, nginx, PHP,and OpenSSL.”
Err codemadness.org 70 i 27887

Err codemadness.org 70 i 27888 Err codemadness.org 70 i 27889

Err codemadness.org 70 i 27890 Err codemadness.org 70 i 27891

##Beastie Bits

Err codemadness.org 70 i 27892 Err codemadness.org 70 i 27893

May 7th - BSD Users Stockholm Meetup #6
sysutils/docker-freebsd: Searching for people to help
Cat Tax - Ever wonder what Midnight the cat was like?
Fixing Unix/Linux/POSIX Filenames
Metasploit on OpenBSD
Run Your @wn Email Server! with NetBSD
rdist(1)
Writing a Book with Unix
7 Unix Commands Every Data Scientist Should Know
Explaining Code using ASCII Art
FreeBSD Aberdeen Hackathon
FreeBSD Vienna Hackathon

Err codemadness.org 70 i 27907 Err codemadness.org 70 i 27908

Err codemadness.org 70 i 27909 Err codemadness.org 70 i 27910

##Feedback/Questions

Err codemadness.org 70 i 27911 Err codemadness.org 70 i 27912

Err codemadness.org 70 i 27914
Mike - FreeBSD Update and Erased EFI files
Err codemadness.org 70 i 27915
Err codemadness.org 70 i 27917
Charles - Volunteer work
Err codemadness.org 70 i 27918
Err codemadness.org 70 i 27920
Jake - Bhyve Front Ends
Err codemadness.org 70 i 27921
Err codemadness.org 70 i 27923
We’ve hit that point where we are running low on your questions, so if you have any questions rolling around in your head that you’ve not thought of to ask yet… send them in!
Err codemadness.org 70 i 27924

Err codemadness.org 70 i 27926 Err codemadness.org 70 i 27927

Err codemadness.org 70 i 27928 Err codemadness.org 70 i 27929

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 27932 Err codemadness.org 70 i 27933

Err codemadness.org 70 i 27934 Err codemadness.org 70 i 27935 Err codemadness.org 70 i 27936 Err codemadness.org 70 i 27937 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 27938 ]]> Err codemadness.org 70 i 27939

290: Timestamped Notes

Allan Jude — Thu, 21 Mar 2019 07:00:00 -0700

Err codemadness.org 70 i 28198 FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more.

Err codemadness.org 70 i 28199 Err codemadness.org 70 i 28200

##Headlines
Err codemadness.org 70 i 28201 ###ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64)

Err codemadness.org 70 i 28202 Err codemadness.org 70 i 28203

Err codemadness.org 70 i 28204
While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it.
Err codemadness.org 70 i 28205 While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision.
Err codemadness.org 70 i 28206

Err codemadness.org 70 i 28207 Err codemadness.org 70 i 28208

Err codemadness.org 70 i 28209 Err codemadness.org 70 i 28210

###Looking at NetBSD from an OpenBSD user perspective

Err codemadness.org 70 i 28211 Err codemadness.org 70 i 28212

Err codemadness.org 70 i 28213
I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective.
Err codemadness.org 70 i 28214

Err codemadness.org 70 i 28215 Err codemadness.org 70 i 28216

What I liked (pros)
Things I didn’t like (cons)
Conclusion

Err codemadness.org 70 i 28221 Err codemadness.org 70 i 28222

Err codemadness.org 70 i 28223
So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD.
Err codemadness.org 70 i 28224 That said, I’ll keep using my Puffy OS.
Err codemadness.org 70 i 28225

Err codemadness.org 70 i 28226 Err codemadness.org 70 i 28227

Err codemadness.org 70 i 28228 Err codemadness.org 70 i 28229

##News Roundup
Err codemadness.org 70 i 28230 ###Using Vim to take time-stamped notes

Err codemadness.org 70 i 28231 Err codemadness.org 70 i 28232

Err codemadness.org 70 i 28233
I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started.
Err codemadness.org 70 i 28234 My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time.
Err codemadness.org 70 i 28235 This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing.
Err codemadness.org 70 i 28236

Err codemadness.org 70 i 28237 Err codemadness.org 70 i 28238

John Baldwin’s notes on bhyve meetings

Err codemadness.org 70 i 28241 Err codemadness.org 70 i 28242

Err codemadness.org 70 i 28243 Err codemadness.org 70 i 28244

###OpenBSD 6.5-beta has been tagged

Err codemadness.org 70 i 28245 Err codemadness.org 70 i 28246

Err codemadness.org 70 i 28247
It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.
Err codemadness.org 70 i 28248

Err codemadness.org 70 i 28249 Err codemadness.org 70 i 28250

CVSROOT: /cvs
Err codemadness.org 70 i 28251 Module name: src
Err codemadness.org 70 i 28252 Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41
Err codemadness.org 70 i 28253
Err codemadness.org 70 i 28254 Modified files:
Err codemadness.org 70 i 28255 etc/root : root.mail
Err codemadness.org 70 i 28256 share/mk : sys.mk
Err codemadness.org 70 i 28257 sys/conf : newvers.sh
Err codemadness.org 70 i 28258 sys/sys : ktrace.h param.h
Err codemadness.org 70 i 28259 usr.bin/signify: signify.1
Err codemadness.org 70 i 28260 sys/arch/macppc/stand/tbxidata: bsd.tbxi
Err codemadness.org 70 i 28261
Err codemadness.org 70 i 28262 Log message:
Err codemadness.org 70 i 28263 crank to 6.5-beta
Err codemadness.org 70 i 28264

Err codemadness.org 70 i 28265 Err codemadness.org 70 i 28266

Err codemadness.org 70 i 28267 Err codemadness.org 70 i 28268

###The NetBSD Foundation participating in Google Summer of Code 2019

Err codemadness.org 70 i 28269 Err codemadness.org 70 i 28270

Err codemadness.org 70 i 28271
For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019!
Err codemadness.org 70 i 28272 If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage.
Err codemadness.org 70 i 28273 You can find a list of projects in Google Summer of Code project proposals in the wiki.
Err codemadness.org 70 i 28274 Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists!
Err codemadness.org 70 i 28275

Err codemadness.org 70 i 28276 Err codemadness.org 70 i 28277

Err codemadness.org 70 i 28278 Err codemadness.org 70 i 28279

###SecBSD: an UNIX-like OS for Hackers

Err codemadness.org 70 i 28280 Err codemadness.org 70 i 28281

Err codemadness.org 70 i 28282
SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.
Err codemadness.org 70 i 28283 A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.
Err codemadness.org 70 i 28284

Err codemadness.org 70 i 28285 Err codemadness.org 70 i 28286

Err codemadness.org 70 i 28287 Err codemadness.org 70 i 28288

##Beastie Bits

Err codemadness.org 70 i 28289 Err codemadness.org 70 i 28290

Why OpenBSD Rocks
Rich’s sh (POSIX shell) tricks
Drinking coffee with AWK
Civilisational HTTP Error Codes
MidnightBSD Roadmap
NetBSD on Nintendo64
From Vimperator to Tridactyl

Err codemadness.org 70 i 28299 Err codemadness.org 70 i 28300

Err codemadness.org 70 i 28301 Err codemadness.org 70 i 28302

##Feedback/Questions

Err codemadness.org 70 i 28303 Err codemadness.org 70 i 28304

Russell - BSD Now Question :: ZFS & FreeNAS
Alan - Tutorial, install ARM *BSD with no other BSD box pls
Johnny - New section to add to the show

Err codemadness.org 70 i 28309 Err codemadness.org 70 i 28310

Err codemadness.org 70 i 28311 Err codemadness.org 70 i 28312

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 28315 Err codemadness.org 70 i 28316

Err codemadness.org 70 i 28317 Err codemadness.org 70 i 28318 Err codemadness.org 70 i 28319 Err codemadness.org 70 i 28320 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 28321 ]]> Err codemadness.org 70 i 28322

289: Microkernel Failure

Allan Jude — Thu, 14 Mar 2019 16:00:00 -0700

A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. Err codemadness.org 70 i 28468

##Headlines

Err codemadness.org 70 i 28469

###A Kernel Of Failure -
Err codemadness.org 70 i 28470 How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it.

Err codemadness.org 70 i 28471

Err codemadness.org 70 i 28472
Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created.
Err codemadness.org 70 i 28473

Err codemadness.org 70 i 28474

Err codemadness.org 70 i 28475

###CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter

Err codemadness.org 70 i 28476

Err codemadness.org 70 i 28477
Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Err codemadness.org 70 i 28478 Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris.
Err codemadness.org 70 i 28479

Err codemadness.org 70 i 28480

Err codemadness.org 70 i 28481
Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product.
Err codemadness.org 70 i 28482

Err codemadness.org 70 i 28483

Kristof Provost, who maintains the port of pf in FreeBSD added a test for the vulnerability in FreeBSD head.

Err codemadness.org 70 i 28486

Err codemadness.org 70 i 28487

##News Roundup
Err codemadness.org 70 i 28488 How I’m still not using GUIs in 2019: A guide to the terminal

Err codemadness.org 70 i 28489

Err codemadness.org 70 i 28490
TL;DR: Here are my dotfiles. Use them and have fun.
Err codemadness.org 70 i 28491

Err codemadness.org 70 i 28492

Err codemadness.org 70 i 28493
GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal.
Err codemadness.org 70 i 28494 IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better.
Err codemadness.org 70 i 28495 In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows.
Err codemadness.org 70 i 28496

Err codemadness.org 70 i 28497

Don’t forget rule number one.

Err codemadness.org 70 i 28500

Err codemadness.org 70 i 28501
Whenever in doubt, read the manual.
Err codemadness.org 70 i 28502

Err codemadness.org 70 i 28503

Err codemadness.org 70 i 28504

###Using a Yubikey as smartcard for SSH public key authentication

Err codemadness.org 70 i 28505

Err codemadness.org 70 i 28506
SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys.
Err codemadness.org 70 i 28507 You might have heard of Yubikeys.
Err codemadness.org 70 i 28508 These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard.
Err codemadness.org 70 i 28509 In OpenBSD, you can use them for Login (with loginyubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up.
Err codemadness.org 70 i 28510

Err codemadness.org 70 i 28511

Err codemadness.org 70 i 28512

###The 18 Part FreeBSD Desktop Series by Vermaden

Err codemadness.org 70 i 28513

FreeBSD Desktop – Part 1 – Simplified Boot
FreeBSD Desktop – Part 2 – Install (FreeBSD 11)
FreeBSD Desktop – Part 2.1 – Install FreeBSD 12
FreeBSD Desktop – Part 3 – X11 Window System
FreeBSD Desktop – Part 4 – Key Components – Window Manager
FreeBSD Desktop – Part 5 – Key Components – Status Bar
FreeBSD Desktop – Part 6 – Key Components – Task Bar
FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling
FreeBSD Desktop – Part 8 – Key Components – Application Launcher
FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts
FreeBSD Desktop – Part 10 – Key Components – Locking Solution
FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress
FreeBSD Desktop – Part 12 – Configuration – Openbox
FreeBSD Desktop – Part 13 – Configuration – Dzen2
FreeBSD Desktop – Part 14 – Configuration – Tint2
FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks
FreeBSD Desktop – Part 16 – Configuration – Pause Any Application
FreeBSD Desktop – Part 17 – Automount Removable Media

Err codemadness.org 70 i 28533

Err codemadness.org 70 i 28534

##Beastie Bits

Err codemadness.org 70 i 28535

Drist with persistent SSH
ARPANET: Celebrating 50 Years Since “LO”
Termtris - a tetris game for ANSI/VT220 terminals
Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape
Why I use the IBM Model M keyboard that is older than me?
A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon
Google-free Android Setup
BSD Users Stockholm Meetup #6

Err codemadness.org 70 i 28545

Err codemadness.org 70 i 28546

##Feedback/Questions

Err codemadness.org 70 i 28547

Sijmen - Hi, and a Sunday afternoon toy project
Clint - Tuning ZFS for NVME
James - Show question

Err codemadness.org 70 i 28552

Err codemadness.org 70 i 28553

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 28556

Err codemadness.org 70 i 28557 Err codemadness.org 70 i 28558 Err codemadness.org 70 i 28559 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 28560 Err codemadness.org 70 i 28561

288: Turing Complete Sed

Allan Jude — Thu, 07 Mar 2019 07:00:00 -0800

Err codemadness.org 70 i 28926 Software will never fix Spectre-type bugs, a proof that sed is Turing complete, managed jails using Bastille, new version of netdata, using grep with /dev/null, using GMail with mutt, and more.

Err codemadness.org 70 i 28927 Err codemadness.org 70 i 28928

##Headlines
Err codemadness.org 70 i 28929 ###Google: Software is never going to be able to fix Spectre-type bugs

Err codemadness.org 70 i 28930 Err codemadness.org 70 i 28931

Spectre is here to stay: An analysis of side-channels and speculative execution

Err codemadness.org 70 i 28934 Err codemadness.org 70 i 28935

Err codemadness.org 70 i 28936
Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will impose a high performance cost. And whatever the cost, the researchers continue, the software will be inadequate—some Spectre flaws don’t appear to have any effective software-based defense. As such, Spectre is going to be a continued feature of the computing landscape, with no straightforward resolution.
Err codemadness.org 70 i 28937 The discovery and development of the Meltdown and Spectre attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries were made throughout the rest of the year. Both attacks rely on discrepancies between the theoretical architectural behavior of a processor—the documented behavior that programmers depend on and write their programs against—and the real behavior of implementations.
Err codemadness.org 70 i 28938 Specifically, modern processors all perform speculative execution; they make assumptions about, for example, a value being read from memory or whether an if condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it isn’t, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it’s a feature of implementations, and so it’s supposed to be entirely invisible to running programs. When the processor discards the bad speculation, it should be as if the speculation never even happened.
Err codemadness.org 70 i 28939

Err codemadness.org 70 i 28940 Err codemadness.org 70 i 28941

Err codemadness.org 70 i 28942 Err codemadness.org 70 i 28943

###A proof that Unix utility sed is Turing complete

Err codemadness.org 70 i 28944 Err codemadness.org 70 i 28945

Err codemadness.org 70 i 28946
Many people are surprised when they hear that sed is Turing complete. How come a text filtering program is Turing complete, they wonder. Turns out sed is a tiny assembly language that has a comparison operation, a branching operation and a temporary buffer. These operations make sed Turing complete.
Err codemadness.org 70 i 28947 I first learned about this from Christophe Blaess. His proof is by construction – he wrote a Turing machine in sed (download turing.sed). As any programming language that can implement a Turing machine is Turing complete we must conclude that sed is also Turing complete.
Err codemadness.org 70 i 28948 Christophe offers his own introduction to Turing machines and a description of how his sed implementation works in his article Implementation of a Turing Machine as a sed Script.
Err codemadness.org 70 i 28949

Err codemadness.org 70 i 28950 Err codemadness.org 70 i 28951

Err codemadness.org 70 i 28952
Christophe isn’t the first person to realize that sed is almost a general purpose programming language. People have written tetris, sokoban and many other programs in sed. Take a look at these:
Err codemadness.org 70 i 28953

Err codemadness.org 70 i 28954 Err codemadness.org 70 i 28955

Tetris
Sokoban (game)
Calculator

Err codemadness.org 70 i 28960 Err codemadness.org 70 i 28961

Err codemadness.org 70 i 28962 Err codemadness.org 70 i 28963

##News Roundup
Err codemadness.org 70 i 28964 ###Bastille helps you quickly create and manage FreeBSD Jails.

Err codemadness.org 70 i 28965 Err codemadness.org 70 i 28966

Err codemadness.org 70 i 28967
Bastille helps you quickly create and manage FreeBSD Jails.
Err codemadness.org 70 i 28968 Jails are extremely lightweight containers that provide a full-featured UNIX-like operating system inside. These containers can be used for software development, rapid testing, and secure production Internet services.
Err codemadness.org 70 i 28969 Bastille provides an interface to create, manage and destroy these secure virtualized environments.
Err codemadness.org 70 i 28970

Err codemadness.org 70 i 28971 Err codemadness.org 70 i 28972

Current version: 0.3.20190204-beta.
Shell Script Source here: https://github.com/BastilleBSD/bastille/blob/master/usr/local/bin/bastille

Err codemadness.org 70 i 28976 Err codemadness.org 70 i 28977

Err codemadness.org 70 i 28978 Err codemadness.org 70 i 28979

###netdata v1.12 released

Err codemadness.org 70 i 28980 Err codemadness.org 70 i 28981

Err codemadness.org 70 i 28982
Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.
Err codemadness.org 70 i 28983 Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring tool chains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).
Err codemadness.org 70 i 28984 Netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.
Err codemadness.org 70 i 28985

Err codemadness.org 70 i 28986 Err codemadness.org 70 i 28987

Patch release 1.12.1 contains 22 bug fixes and 8 improvements.

Err codemadness.org 70 i 28990 Err codemadness.org 70 i 28991

Err codemadness.org 70 i 28992 Err codemadness.org 70 i 28993

###Using grep with /dev/null, an old Unix trick

Err codemadness.org 70 i 28994 Err codemadness.org 70 i 28995

Err codemadness.org 70 i 28996
Every so often I will find myself writing a grep invocation like this:
Err codemadness.org 70 i 28997

Err codemadness.org 70 i 28998 Err codemadness.org 70 i 28999

find .... -exec grep /dev/null '{}' '+'

Err codemadness.org 70 i 29000 Err codemadness.org 70 i 29001

Err codemadness.org 70 i 29002
The peculiar presence of /dev/null here is an old Unix trick that is designed to force grep to always print out file names, even if your find only matches one file, by always insuring that grep has at least two files as arguments. You can wind up wanting to do the same thing with a direct use of grep if you’re not certain how many files your wildcard may match.
Err codemadness.org 70 i 29003

Err codemadness.org 70 i 29004 Err codemadness.org 70 i 29005

Err codemadness.org 70 i 29006 Err codemadness.org 70 i 29007

###USING GMAIL WITH MUTT

Err codemadness.org 70 i 29008 Err codemadness.org 70 i 29009

Err codemadness.org 70 i 29010
I recently switched to using mutt for email and while setting up mutt to use imap is pretty straightforward, this tutorial will also document some advanced concepts such as encrypting your account password and sending emails from a different From address.
Err codemadness.org 70 i 29011 This tutorial assumes that you have some familiarity with using mutt and have installed it with sidebar support (sudo apt-get install mutt-patched for the ubuntu folks) and are comfortable with editing your muttrc.
Err codemadness.org 70 i 29012 If you would just like to skip to the end, my mutt configuration file can be found here.
Err codemadness.org 70 i 29013

Err codemadness.org 70 i 29014 Err codemadness.org 70 i 29015

Err codemadness.org 70 i 29016 Err codemadness.org 70 i 29017

##Beastie Bits

Err codemadness.org 70 i 29018 Err codemadness.org 70 i 29019

An Extensive UNIX Timeline
Garbage.fm - OEF
brk() to sbrk()
Fred models, found again
Kafe: Can OS Kernels Forward Packets Fast Enough for Software Routers?
ARPANET: Celebrating 50 Years Since “LO”

Err codemadness.org 70 i 29027 Err codemadness.org 70 i 29028

Err codemadness.org 70 i 29029 Err codemadness.org 70 i 29030

##Feedback/Questions

Err codemadness.org 70 i 29031 Err codemadness.org 70 i 29032

Pablo - Topic suggestion: FreeBSD on a Laptop as daily driver
Ron - ZFS on the fly compression and seek
Dave - two zpool, or not two zpool, that is the question

Err codemadness.org 70 i 29037 Err codemadness.org 70 i 29038

Err codemadness.org 70 i 29039 Err codemadness.org 70 i 29040

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 29043 Err codemadness.org 70 i 29044

Err codemadness.org 70 i 29045 Err codemadness.org 70 i 29046 Err codemadness.org 70 i 29047 Err codemadness.org 70 i 29048 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 29049 ]]> Err codemadness.org 70 i 29050

287: rc.d in NetBSD

Allan Jude — Thu, 28 Feb 2019 09:00:00 -0800

Err codemadness.org 70 i 29301 Design and Implementation of NetBSD’s rc.d system, first impressions of Project Trident 18.12, PXE booting a FreeBSD disk image, middle mouse button pasting, NetBSD gains hardware accelerated virtualization, and more.

Err codemadness.org 70 i 29302 Err codemadness.org 70 i 29303

##Headlines
Err codemadness.org 70 i 29304 ###The Design and Implementation of the NetBSD rc.d system

Err codemadness.org 70 i 29305 Err codemadness.org 70 i 29306

Abstract

Err codemadness.org 70 i 29309 Err codemadness.org 70 i 29310

Err codemadness.org 70 i 29311
In this paper I cover the design and implementation of the rc.d system start-up mechanism in NetBSD 1.5, which replaced the monolithic /etc/rc start-up file inherited from 4.4BSD. Topics covered include a history of various UNIX start-up mechanisms (including NetBSD prior to 1.5), design considerations that evolved over six years of discussions, implementation details, an examination of the human issues that occurred during the design and implementation, as well as future directions for the system.
Err codemadness.org 70 i 29312

Err codemadness.org 70 i 29313 Err codemadness.org 70 i 29314

Introduction

Err codemadness.org 70 i 29317 Err codemadness.org 70 i 29318

Err codemadness.org 70 i 29319
NetBSD recently converted from the traditional 4.4BSD monolithic /etc/rc start-up script to an /etc/rc.d mechanism, where there is a separate script to manage each service or daemon, and these scripts are executed in a specific order at system boot.
Err codemadness.org 70 i 29320 This paper covers the motivation, design and implementation of the rc.d system; from the history of what NetBSD had before to the system that NetBSD 1.5 shipped with in December 2000, as well as future directions.
Err codemadness.org 70 i 29321 The changes were contentious and generated some of the liveliest discussions about any feature change ever made in NetBSD. Parts of those discussions will be covered to provide insight into some of the design and implementation decisions.
Err codemadness.org 70 i 29322

Err codemadness.org 70 i 29323 Err codemadness.org 70 i 29324

History

Err codemadness.org 70 i 29327 Err codemadness.org 70 i 29328

Err codemadness.org 70 i 29329
There is great diversity in the system start-up mechanisms used by various UNIX variants. A few of the more pertinent schemes are detailed below. As NetBSD is derived from 4.4BSD, it follows that a description of the latter’s method is relevant. Solaris’ start-up method is also detailed, as it is the most common System V UNIX variant.
Err codemadness.org 70 i 29330

Err codemadness.org 70 i 29331 Err codemadness.org 70 i 29332

Err codemadness.org 70 i 29333 Err codemadness.org 70 i 29334

###First impressions of Project Trident 18.12

Err codemadness.org 70 i 29335 Err codemadness.org 70 i 29336

Err codemadness.org 70 i 29337
Project Trident (hereafter referred to as Trident) is a desktop operating system based on TrueOS. Trident takes the rolling base platform of TrueOS, which is in turn based on FreeBSD’s development branch, and combines it with the Lumina desktop environment.
Err codemadness.org 70 i 29338

Err codemadness.org 70 i 29339 Err codemadness.org 70 i 29340

+Installing

Err codemadness.org 70 i 29341 Err codemadness.org 70 i 29342

Err codemadness.org 70 i 29343
The debut release of Trident is available as a 4.1GB download that can be burned to a disc or transferred to a USB thumb drive. Booting from the Trident media brings up a graphical interface and automatically launches the project’s system installer. Down the left side of the display there are buttons we can click to show hardware information and configuration options. These buttons let us know if our wireless card and video card are compatible with Trident and give us a chance to change our preferred language and keyboard layout. At the bottom of the screen we find buttons that will open a terminal or shutdown the computer.
Err codemadness.org 70 i 29344

Err codemadness.org 70 i 29345 Err codemadness.org 70 i 29346

Early impressions

Err codemadness.org 70 i 29349 Err codemadness.org 70 i 29350

Err codemadness.org 70 i 29351
Trident boots to a graphical login screen where we can sign into the Lumina desktop or a minimal Fluxbox session. Lumina, by default, uses Fluxbox as its window manager. The Lumina desktop places its panel along the bottom of the screen and an application menu sits in the bottom-left corner. On the desktop we find icons for opening the software manager, launching the Falkon web browser, running the VLC media player, opening the Control Panel and adjusting the Lumina theme.
Err codemadness.org 70 i 29352 The application menu has an unusual and compact layout. The menu shows just a search box and buttons for browsing applications, opening a file manager, accessing desktop settings and signing out. To see what applications are available we can click the Browse Applications entry, which opens a window in the menu where we can scroll through installed programs. This is a bit awkward since the display window is small and only shows a few items at a time.
Err codemadness.org 70 i 29353 Early on I found it is possible to swap out the default “Start menu” with an alternative “Application menu” through the Panels configuration tool. This alternative menu offers a classic tree-style application menu. I found the latter menu easier to navigate as it expands to show all the applications in a selected category.
Err codemadness.org 70 i 29354

Err codemadness.org 70 i 29355 Err codemadness.org 70 i 29356

Conclusions

Err codemadness.org 70 i 29359 Err codemadness.org 70 i 29360

Err codemadness.org 70 i 29361
I have a lot of mixed feelings and impressions when it comes to Trident. On the one hand, the operating system has some great technology under the hook. It has cutting edge packages from the FreeBSD ecosystem, we have easy access to ZFS, boot environments, and lots of open source packages. Hardware support, at least on my physical workstation, was solid and the Lumina desktop is flexible.
Err codemadness.org 70 i 29362

Err codemadness.org 70 i 29363 Err codemadness.org 70 i 29364

Err codemadness.org 70 i 29365 Err codemadness.org 70 i 29366

##News Roundup
Err codemadness.org 70 i 29367 ###PXE booting of a FreeBSD disk image

Err codemadness.org 70 i 29368 Err codemadness.org 70 i 29369

Err codemadness.org 70 i 29370
I had to set up a regression and network performance lab. This lab will be managed by a Jenkins, but the first step is to understand how to boot a FreeBSD disk by PXE. This article explains a simple way of doing it.
Err codemadness.org 70 i 29371 For information, all these steps were done using 2 PC Engines APU2 (upgraded with latest BIOS for iPXE support), so it’s a headless (serial port only, this can be IPMI SoL with different hardware) .
Err codemadness.org 70 i 29372

Err codemadness.org 70 i 29373 Err codemadness.org 70 i 29374

THE BIG PICTURE

Err codemadness.org 70 i 29377 Err codemadness.org 70 i 29378

Err codemadness.org 70 i 29379
Before explaining all steps and command line, here is the full big picture of the final process.
Err codemadness.org 70 i 29380

Err codemadness.org 70 i 29381 Err codemadness.org 70 i 29382

Err codemadness.org 70 i 29383 Err codemadness.org 70 i 29384

###Why I like middle mouse button paste in xterm so much

Err codemadness.org 70 i 29385 Err codemadness.org 70 i 29386

Err codemadness.org 70 i 29387
In my entry about how touchpads are not mice, I mused that one of the things I should do on my laptop was insure that I had a keyboard binding for paste, since middle mouse button is one of the harder multi-finger gestures to land on a touchpad. Kurt Mosiejczuk recently left a comment there where they said:
Err codemadness.org 70 i 29388 Shift-Insert is a keyboard equivalent for paste that is in default xterm (at least OpenBSD xterm, and putty on Windows too). I use that most of the time now as it seems less… trigger-happy than right click paste.
Err codemadness.org 70 i 29389 This sparked some thoughts, because I can’t imagine giving up middle mouse paste if I have a real choice. I had earlier seen shift-insert mentioned in other commentary on my entry and so have tried a bit to use it on my laptop, and it hasn’t really felt great even there; on my desktops, it’s even less appealing (I tried shift-insert out there to confirm that it did work in my set of wacky X resources).
Err codemadness.org 70 i 29390 In thinking about why this is, I came to the obvious realization about why all of this is so. I like middle mouse button paste in normal usage because it’s so convenient, because almost all of the time my hand is already on the mouse. And the reason my hand is already on the mouse is because I’ve just used the mouse to shift focus to the window I want to paste into. Even on my laptop, my right hand is usually away from the keyboard as I move the mouse pointer on the touchpad, making shift-Insert at least somewhat awkward.
Err codemadness.org 70 i 29391

Err codemadness.org 70 i 29392 Err codemadness.org 70 i 29393

Err codemadness.org 70 i 29394 Err codemadness.org 70 i 29395

###NetBSD Gains Hardware Accelerated Virtualization

Err codemadness.org 70 i 29396 Err codemadness.org 70 i 29397

NetBSD Virtual Machine Monitor

Err codemadness.org 70 i 29400 Err codemadness.org 70 i 29401

Err codemadness.org 70 i 29402
NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.
Err codemadness.org 70 i 29403

Err codemadness.org 70 i 29404 Err codemadness.org 70 i 29405

Err codemadness.org 70 i 29406 Err codemadness.org 70 i 29407

##Beastie Bits

Err codemadness.org 70 i 29408 Err codemadness.org 70 i 29409

SoloBSD 19.02-STABLE
Project Trident 18.12-U5 available
“Sudo Mastery, Second Edition” and Cover Art
MKSANITIZER - bug detector software integration with the NetBSD userland
Darn kids nowadays… back in my day we drew rude symbols like normal people. {{top two comments}}
ShellCheck
Err codemadness.org 70 i 29416 finds bugs in your shell scripts.
Old School Sean - A history of UNIX

Err codemadness.org 70 i 29419 Err codemadness.org 70 i 29420

Err codemadness.org 70 i 29421 Err codemadness.org 70 i 29422

##Feedback/Questions

Err codemadness.org 70 i 29423 Err codemadness.org 70 i 29424

Ales - OpenBSD, FreeNAS, OpenZFS questions
Malcolm - Thoughts on Pgsql + ZFS thread?
Brad - Boot Environments in FreeBSD

Err codemadness.org 70 i 29429 Err codemadness.org 70 i 29430

Err codemadness.org 70 i 29431 Err codemadness.org 70 i 29432

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 29435 Err codemadness.org 70 i 29436

Err codemadness.org 70 i 29437 Err codemadness.org 70 i 29438 Err codemadness.org 70 i 29439 Err codemadness.org 70 i 29440 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 29441 ]]> Err codemadness.org 70 i 29442

286: Old Machine Revival

Allan Jude — Thu, 21 Feb 2019 13:00:00 -0800

Err codemadness.org 70 i 29706 Adding glue to a desktop environment, flashing the BIOS on a PC Engine, revive a Cisco IDS into a capable OpenBSD computer, An OpenBSD WindowMaker desktop, RealTime data compression, the love for pipes, and more.

Err codemadness.org 70 i 29707 Err codemadness.org 70 i 29708

##Headlines
Err codemadness.org 70 i 29709 ###Adding Glue To a Desktop Environment

Err codemadness.org 70 i 29710 Err codemadness.org 70 i 29711

Err codemadness.org 70 i 29712
In this article we will put some light on a lot of tools used in the world of Unix desktop environment customization, particularly regarding wmctrl, wmutils, xev, xtruss, xwininfo, xprop, xdotools, xdo, sxhkd, xbindkeys, speckeysd, xchainkeys, alttab, triggerhappy, gTile, gidmgr, keynav, and more. If those don’t make sense then this article will help. Let’s hope this can open your mind to new possibilities.
Err codemadness.org 70 i 29713 With that in mind we can wonder if what’s actually needed from a window manager, presentation and operation, can be split up and complemented with other tools. We can also start thinking laterally, the communication and interaction between the different components of the environment. We have the freedom to do so because the X protocol is transparent and components usually implement many standards for interfacing between windows. It’s like gluing parts together to create a desktop environment.
Err codemadness.org 70 i 29714

Err codemadness.org 70 i 29715 Err codemadness.org 70 i 29716

The tools we’ll talk about fall into one of those categories:
Debugging
Window manipulation
Simulation of interaction
Extended manipulation
Hotkey daemon
Layout manager

Err codemadness.org 70 i 29725 Err codemadness.org 70 i 29726

Err codemadness.org 70 i 29727 Err codemadness.org 70 i 29728

###Flashing the BIOS on the PC Engines APU4c4

Err codemadness.org 70 i 29729 Err codemadness.org 70 i 29730

Err codemadness.org 70 i 29731
I absolutely love the PC Engines APU devices. I use them for testing HardenedBSD experimental features in more constrained 64-bit environments and firewalls. Their USB and mSATA ports have a few quirks, and I bumped up against a major quirk that required flashing a different BIOS as a workaround. This article details the hacky way in which I went about doing that.
Err codemadness.org 70 i 29732 What prompted this article is that something in either the CAM or GEOM layer in FreeBSD 11.2 caused the mSATA to hang, preventing file writes. OPNsense 18.7 uses FreeBSD 11.1 whereas the recently-released OPNsense 19.1 uses HardenedBSD 11.2 (based on FreeBSD 11.2). I reached out to PC Engines directly, and they let me know that the issue is a known BIOS issue. Flashing the “legacy” BIOS series would provide me with a working system.
Err codemadness.org 70 i 29733 It also just so happens that a new “legacy” BIOS version was just released which turns on ECC mode for the RAM. So, I get a working OPNsense install AND ECC RAM! I’ll have one bird for dinner, the other for dessert.
Err codemadness.org 70 i 29734 Though I’m using an APU4, these instructions should work for the other APU devices. The BIOS ROM download URLs should be changed to reflect the device you’re targeting along with the BIOS version you wish to deploy.
Err codemadness.org 70 i 29735 SPECIAL NOTE: There be dragons! I’m primarily writing this article to document the procedure for my own purposes. My memory tends to be pretty faulty these days. So, if something goes wrong, please do not hold me responsible. You’re the one at the keyboard. ;)
Err codemadness.org 70 i 29736 VERY SPECIAL NOTE: We’ll use the mSATA drive for swap space, just in case. Should the swap space be used, it will destroy whatever is on the disk.
Err codemadness.org 70 i 29737

Err codemadness.org 70 i 29738 Err codemadness.org 70 i 29739

Err codemadness.org 70 i 29740 Err codemadness.org 70 i 29741

##News Roundup
Err codemadness.org 70 i 29742 ###Revive a Cisco IDS into a capable OpenBSD computer!

Err codemadness.org 70 i 29743 Err codemadness.org 70 i 29744

Err codemadness.org 70 i 29745
Even though Cisco equipment is very capable, it tends to become End-of-Life before you can say “planned obsolescence”. Websites become bigger, bandwidths increase, and as a side effect of those “improvements”, routers, firewalls, and in this case, intrusion prevention systems get old quicker and quicker.
Err codemadness.org 70 i 29746 Apparently, this was also the case for the Cisco IDS-4215 Intrusion Detection Sensor that I was given a few months ago.
Err codemadness.org 70 i 29747 I’m not too proud to admit that at first, I didn’t care about the machine itself, but rather about the add-on PCI network card with 4 Fast Ethernet interfaces. The sensor has obviously seen better days, as it had a broken front panel and needed some cleaning, but upon a closer inspection under the hood (which is held closed by the 4 screws on top), this IDS consists of an embedded Celeron PC with two onboard Ethernet cards, a 2.5″ IDE hard disk, a CF card, and 2 PCI expansion slots (more on them later). Oh, and don’t forget the nasty server-grade fan, which pushed very little air for the noise it was making.
Err codemadness.org 70 i 29748

Err codemadness.org 70 i 29749 Err codemadness.org 70 i 29750

Err codemadness.org 70 i 29751 Err codemadness.org 70 i 29752

###An OpenBSD desktop using WindowMaker

Err codemadness.org 70 i 29753 Err codemadness.org 70 i 29754

Err codemadness.org 70 i 29755
Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64.
Err codemadness.org 70 i 29756 This configuration uses the Nord color-scheme, the Adapta-Nokto-Eta GTK theme and the Moblin Unofficial Icons icon set. I did remove applications icons. I just don’t need them on the bottom of the screen as I heavily use “F11” to pop-up the windows list. To be able to do that and keep the dockapps, I tweaked my ~/GNUstep/Defaults/WMWindowAttributes and created a ~/GNUstep/Library/WindowMaker/Themes/Nord.themed/style.
Err codemadness.org 70 i 29757 And here it is, the NeXT OpenBSD Desktop!
Err codemadness.org 70 i 29758

Err codemadness.org 70 i 29759 Err codemadness.org 70 i 29760

Err codemadness.org 70 i 29761 Err codemadness.org 70 i 29762

###RealTime Data Compression

Err codemadness.org 70 i 29763 Err codemadness.org 70 i 29764

Err codemadness.org 70 i 29765
In a previous episode, we’ve seen that it is possible to create opaque types. However, creation and destruction of such type must be delegated to some dedicated functions, which themselves rely on dynamic allocation mechanisms.
Err codemadness.org 70 i 29766 Sometimes, it can be convenient to bypass the heap, and all its malloc() / free() shenanigans. Pushing a structure onto the stack, or within thread-local storage, are natural capabilities offered by a normal struct. It can be desirable at times.
Err codemadness.org 70 i 29767 The previously described opaque type is so secret that it has no size, hence is not suitable for such scenario.
Err codemadness.org 70 i 29768 Fortunately, static opaque types are possible.
Err codemadness.org 70 i 29769 The main idea is to create a “shell type”, with a known size and an alignment, able to host the target (private) structure.
Err codemadness.org 70 i 29770 For safer maintenance, the shell type and the target structure must be kept in sync, by using typically a static assert. It will ensure that the shell type is always large enough to host the target structure. This check is important to automatically detect future evolution of the target structure.
Err codemadness.org 70 i 29771

Err codemadness.org 70 i 29772 Err codemadness.org 70 i 29773

Err codemadness.org 70 i 29774 Err codemadness.org 70 i 29775

###For the Love of Pipes

Err codemadness.org 70 i 29776 Err codemadness.org 70 i 29777

Err codemadness.org 70 i 29778
My top used shell command is |. This is called a pipe.
Err codemadness.org 70 i 29779 In brief, the | allows for the output of one program (on the left) to become the input of another program (on the right). It is a way of connecting two commands together.
Err codemadness.org 70 i 29780 According to doc.cat-v.org/unix/pipes/, the origin of pipes came long before Unix. Pipes can be traced back to this note from Doug McIlroy in 1964
Err codemadness.org 70 i 29781

Err codemadness.org 70 i 29782 Err codemadness.org 70 i 29783

Err codemadness.org 70 i 29784 Err codemadness.org 70 i 29785

##Beastie Bits

Err codemadness.org 70 i 29786 Err codemadness.org 70 i 29787

Installation Notes for NetBSD/i386 0.9
Porting Zig to NetBSD - a fun, speedy port
NNN - Tiny, lightning fast, feature-packed file manager Release v2.3
eta - A tool for monitoring progress and ETA of an arbitrary process
Err codemadness.org 70 i 29792
A FreeBSD User Tries Out…NetBSD 8.0
Faster vlan(4) forwarding?
FuguIta - OpenBSD 6.4 Live System
Adding Name-based hosting To Nginx on OpenBSD with Acme-Client
HOWTO set up QEMU with HAXM acceleration on NetBSD
README: gcc 7 switch coming to a port near you!

Err codemadness.org 70 i 29800 Err codemadness.org 70 i 29801

Err codemadness.org 70 i 29802 Err codemadness.org 70 i 29803

##BUG Calendar

Err codemadness.org 70 i 29804 Err codemadness.org 70 i 29805

ChiBUG, Chicago, USA: Tuesday, February 26th 18:00 at the Oak Park Library
CharmBUG, Baltimore, USA: Wednesday, February 27, 2019
Err codemadness.org 70 i 29808 19:30 at Columbia Ale House
NYC*BUG, New York, USA: Wednesday, March 6, 2019 18:45 at Suspenders
KnoxBUG, Knoxville, USA: Monday, February 25, 2019 - 18:00 at iX Systems offices
BSDPL, Warsaw, Poland: February 28, 2019 18:15 - 21:00 at Wheel Systems Office

Err codemadness.org 70 i 29813 Err codemadness.org 70 i 29814

Err codemadness.org 70 i 29815 Err codemadness.org 70 i 29816

##Feedback/Questions

Err codemadness.org 70 i 29817 Err codemadness.org 70 i 29818

Sam - Customizing OpenBSD ports source code
Frank - Rivalry Linux & BSD
Zach - mysql/mariadb tuning

Err codemadness.org 70 i 29823 Err codemadness.org 70 i 29824

Err codemadness.org 70 i 29825 Err codemadness.org 70 i 29826

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 29829 Err codemadness.org 70 i 29830

Err codemadness.org 70 i 29831 Err codemadness.org 70 i 29832 Err codemadness.org 70 i 29833 Err codemadness.org 70 i 29834 Your browser does not support the HTML5 video tag. Err codemadness.org 70 i 29835 ]]> Err codemadness.org 70 i 29836

285: BSD Strategy

Allan Jude — Thu, 14 Feb 2019 07:00:00 -0800

Err codemadness.org 70 i 30055 Strategic thinking to keep FreeBSD relevant, reflecting on the soul of a new machine, 10GbE Benchmarks On Nine Linux Distros and FreeBSD, NetBSD integrating LLVM sanitizers in base, FreeNAS 11.2 distrowatch review, and more.

Err codemadness.org 70 i 30056 Err codemadness.org 70 i 30057

##Headlines
Err codemadness.org 70 i 30058 ###Strategic thinking, or what I think what we need to do to keep FreeBSD relevant

Err codemadness.org 70 i 30059 Err codemadness.org 70 i 30060

Err codemadness.org 70 i 30061
Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.
Err codemadness.org 70 i 30062 Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay where we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.
Err codemadness.org 70 i 30063 This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.
Err codemadness.org 70 i 30064 FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end‐users as a work‐horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web‐/mail‐/whatever‐server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.
Err codemadness.org 70 i 30065 I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.
Err codemadness.org 70 i 30066

Err codemadness.org 70 i 30067 Err codemadness.org 70 i 30068

Err codemadness.org 70 i 30069 Err codemadness.org 70 i 30070

###Reflecting on The Soul of a New Machine

Err codemadness.org 70 i 30071 Err codemadness.org 70 i 30072

Err codemadness.org 70 i 30073
Long ago as an undergraduate, I found myself back home on a break from school, bored and with eyes wandering idly across a family bookshelf. At school, I had started to find a calling in computing systems, and now in the den, an old book suddenly caught my eye: Tracy Kidder’s The Soul of a New Machine. Taking it off the shelf, the book grabbed me from its first descriptions of Tom West, captivating me with the epic tale of the development of the Eagle at Data General. I — like so many before and after me — found the book to be life changing: by telling the stories of the people behind the machine, the book showed the creative passion among engineers that might otherwise appear anodyne, inspiring me to chart a course that might one day allow me to make a similar mark.
Err codemadness.org 70 i 30074 Since reading it over two decades ago, I have recommended The Soul of a Machine at essentially every opportunity, believing that it is a part of computing’s literary foundation — that it should be considered our Odyssey. Recently, I suggested it as beach reading to Jess Frazelle, and apparently with perfect timing: when I saw the book at the top of her vacation pile, I knew a fuse had been lit. I was delighted (though not at all surprised) to see Jess livetweet her admiration of the book, starting with the compelling prose, the lucid technical explanations and the visceral anecdotes — but then moving on to the deeper technical inspiration she found in the book. And as she reached the book’s crescendo, Jess felt its full power, causing her to reflect on the nature of engineering motivation.
Err codemadness.org 70 i 30075 Excited to see the effect of the book on Jess, I experienced a kind of reflected recommendation: I was inspired to (re-)read my own recommendation! Shortly after I started reading, I began to realize that (contrary to what I had been telling myself over the years!) I had not re-read the book in full since that first reading so many years ago. Rather, over the years I had merely revisited those sections that I remembered fondly. On the one hand, these sections are singular: the saga of engineers debugging a nasty I-cache data corruption issue; the young engineer who implements the simulator in an impossibly short amount of time because no one wanted to tell him that he was being impossibly ambitious; the engineer who, frustrated with a nanosecond-scale timing problem in the ALU that he designed, moved to a commune in Vermont, claiming a desire to deal with “no unit of time shorter than a season”. But by limiting myself to these passages, I was succumbing to the selection bias of my much younger self; re-reading the book now from start to finish has given new parts depth and meaning. Aspects that were more abstract to me as an undergraduate — from the organizational rivalries and absurdities of the industry to the complexities of West’s character and the tribulations of the team down the stretch — are now deeply evocative of concrete episodes of my own career.
Err codemadness.org 70 i 30076

Err codemadness.org 70 i 30077 Err codemadness.org 70 i 30078

See Article for rest…

Err codemadness.org 70 i 30081 Err codemadness.org 70 i 30082

Err codemadness.org 70 i 30083 Err codemadness.org 70 i 30084

##News Roundup

Err codemadness.org 70 i 30085 Err codemadness.org 70 i 30086

###Out-Of-The-Box 10GbE Network Benchmarks On Nine Linux Distributions Plus FreeBSD 12

Err codemadness.org 70 i 30087 Err codemadness.org 70 i 30088

Err codemadness.org 70 i 30089
Last week I started running some fresh 10GbE Linux networking performance benchmarks across a few different Linux distributions. That testing has now been extended to cover nine Linux distributions plus FreeBSD 12.0 to compare the out-of-the-box networking performance.
Err codemadness.org 70 i 30090 Tested this round alongside FreeBSD 12.0 was Antergos 19.1, CentOS 7, Clear Linux, Debian 9.6, Fedora Server 29, openSUSE Leap 15.0, openSUSE Tumbleweed, Ubuntu 18.04.1 LTS, and Ubuntu 18.10.
Err codemadness.org 70 i 30091 All of the tests were done with a Tyan S7106 1U server featuring two Intel Xeon Gold 6138 CPUs, 96GB of DDR4 system memory, and Samsung 970 EVO SSD. For the 10GbE connectivity on this server was an add-in HP NC523SFP PCIe adapter providing two 10Gb SPF+ ports using a QLogic 8214 controller.
Err codemadness.org 70 i 30092 Originally the plan as well was to include Windows Server 2016/2019. Unfortunately the QLogic driver download site was malfunctioning since Cavium’s acquisition of the company and the other Windows Server 2016 driver options not panning out and there not being a Windows Server 2019 option. So sadly that Windows testing was thwarted so I since started testing over with a Mellanox Connectx-2 10GbE NIC, which is well supported on Windows Server and so that testing is ongoing for the next article of Windows vs. Linux 10 Gigabit network performance plus some “tuned” Linux networking results too.
Err codemadness.org 70 i 30093

Err codemadness.org 70 i 30094 Err codemadness.org 70 i 30095

Err codemadness.org 70 i 30096 Err codemadness.org 70 i 30097

###Integration of the LLVM sanitizers with the NetBSD base system

Err codemadness.org 70 i 30098 Err codemadness.org 70 i 30099

Err codemadness.org 70 i 30100
Over the past month I’ve merged the LLVM compiler-rt sanitizers (LLVM svn r350590) with the base system. I’ve also managed to get a functional set of Makefile rules to build all of them, namely:
Err codemadness.org 70 i 30101 ASan, UBSan, TSan, MSan, libFuzzer, SafeStack, XRay.
Err codemadness.org 70 i 30102 In all supported variations and modes that are supported by the original LLVM compiler-rt package.
Err codemadness.org 70 i 30103

Err codemadness.org 70 i 30104 Err codemadness.org 70 i 30105

Err codemadness.org 70 i 30106 Err codemadness.org 70 i 30107

###Distrowatch FreeNAS 11.2 review

Err codemadness.org 70 i 30108 Err codemadness.org 70 i 30109

Err codemadness.org 70 i 30110
The project’s latest release is FreeNAS 11.2 and, at first, I nearly overlooked the new version because it appeared to be a minor point release. However, a lot of work went into the new version and 11.2 offers a lot of changes when compared next to 11.1, “including a major revamp of the web interface, support for self-encrypting drives, and new, backwards-compatible REST and WebSocket APIs. This update also introduces iocage for improved plugins and jails management and simplified plugin development.”
Err codemadness.org 70 i 30111

Err codemadness.org 70 i 30112 Err codemadness.org 70 i 30113

Err codemadness.org 70 i 30114 Err codemadness.org 70 i 30115

##Beastie Bits

Err codemadness.org 70 i 30116 Err codemadness.org 70 i 30117

Instructions for installing rEFInd to dual boot a computer with FreeBSD and windows (and possibly other OSes as well).
NetBSD desktop pt.6: “vi(1) editor, tmux and unicode $TERM”
Unix flowers
FreeBSD upgrade procedure using GPT
Pull-based Backups using OpenBSD base*
Developing WireGuard for NetBSD
OpenZFS User Conference, April 18-19, Norwalk CT
KnoxBug Feb 25th

Err codemadness.org 70 i 30127 Err codemadness.org 70 i 30128

Err codemadness.org 70 i 30129 Err codemadness.org 70 i 30130

##Feedback/Questions

Err codemadness.org 70 i 30131 Err codemadness.org 70 i 30132

Jake - C Programming
Farhan - Explanation of rtadvd
Nelson - Bug Bounties on Open-Source Software

Err codemadness.org 70 i 30137 Err codemadness.org 70 i 30138

Err codemadness.org 70 i 30139 Err codemadness.org 70 i 30140

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 30143 Err codemadness.org 70 i 30144

]]> Err codemadness.org 70 i 30145

284: FOSDEM 2019

Allan Jude — Thu, 07 Feb 2019 08:00:00 -0800

We recap FOSDEM 2019, FreeBSD Foundation January update, OPNsense 19.1 released, the hardware-assisted virtualization challenge, ZFS and GPL terror, ClonOS 19.01-RELEASE, and more. Err codemadness.org 70 i 30257

Headlines

Err codemadness.org 70 i 30258

FOSDEM 2019 Recap

Err codemadness.org 70 i 30259

Allan and I were at FOSDEM 2019 in Brussels, Belgium over the weekend.
On the Friday before, we held a FreeBSD Devsummit in a hotel conference room, with 25 people attending. We talked about various topics of interest to the project. You can find the notes on the wiki page.
Saturday was the first day of FOSDEM. The FreeBSD Project had a table next to the Illumos Project again. A lot of people visited our table, asked questions, or just said “Hi, I watch BSDNow.tv every week”. We handed out a lot of stickers, pens, swag, and flyers. There was also a full day BSD devroom, with a variety of talks that were well attended.
In the main conference track, Allan held a talk explaining how the ZFS ARC works. A lot of people attended the talk and had more questions afterwards. Another well attended talk was by Jonathan Looney about Netflix and FreeBSD.
Sunday was another day in the same format, but no bsd devroom. A lot of people visited our table, developers and users alike. A lot of meeting and greeting went on.
Overall, FOSDEM was a great success with FreeBSD showing a lot of presence. Thanks to all the people who attended and talked to us. Special thanks to the people who helped out at the FreeBSD table and Rodrigo Osorio for running the BSD devroom again.

Err codemadness.org 70 i 30267

FreeBSD Foundation Update, January 2019

Err codemadness.org 70 i 30268

Err codemadness.org 70 i 30269
Dear FreeBSD Community Member,
Err codemadness.org 70 i 30270 Happy New Year! It’s always exciting starting the new year with ambitious plans to support FreeBSD in new and existing areas. We achieved our fundraising goal for 2018, so we plan on funding a lot of work this year! Though it’s the new year, this newsletter highlights some of the work we accomplished in December. We also put together a list of technologies and features we are considering supporting, and are looking for feedback on what users want to help inform our 2019 development plans. Our advocacy and education efforts are in full swing as we prepare for upcoming conferences including FOSDEM, SANOG33, and SCaLE.
Err codemadness.org 70 i 30271 Finally, we created a year-end video to talk about the work we did in 2018. That in itself was an endeavor, so please take a few minutes to watch it! We’re working on improving the methods we use to inform the community on the work we are doing to support the Project, and are always open to feedback. Now, sit back, grab a refreshing beverage, and enjoy our newsletter!
Err codemadness.org 70 i 30272 Happy reading!!
Err codemadness.org 70 i 30273 Deb
Err codemadness.org 70 i 30274

Err codemadness.org 70 i 30275

Err codemadness.org 70 i 30276

OPNsense 19.1 released

Err codemadness.org 70 i 30277

Err codemadness.org 70 i 30278
For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
Err codemadness.org 70 i 30279 The 19.1 release, nicknamed “Inspiring Iguana”, consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.
Err codemadness.org 70 i 30280

Err codemadness.org 70 i 30281

Err codemadness.org 70 i 30283
These are the most prominent changes since version 18.7:
Err codemadness.org 70 i 30284
Err codemadness.org 70 i 30286
fully functional firewall alias API
Err codemadness.org 70 i 30287
Err codemadness.org 70 i 30289
PIE firewall shaper support
Err codemadness.org 70 i 30290
Err codemadness.org 70 i 30292
firewall NAT rule logging support
Err codemadness.org 70 i 30293
Err codemadness.org 70 i 30295
2FA via LDAP-TOTP combination
Err codemadness.org 70 i 30296
Err codemadness.org 70 i 30298
WPAD / PAC and parent proxy support in the web proxy
Err codemadness.org 70 i 30299
Err codemadness.org 70 i 30301
P12 certificate export with custom passwords
Err codemadness.org 70 i 30302
Err codemadness.org 70 i 30304
Dpinger is now the default gateway monitor
Err codemadness.org 70 i 30305
Err codemadness.org 70 i 30307
ET Pro Telemetry edition plugin[2]
Err codemadness.org 70 i 30308
Err codemadness.org 70 i 30310
extended IPv6 DUID support
Err codemadness.org 70 i 30311
Err codemadness.org 70 i 30313
Dnsmasq DNSSEC support
Err codemadness.org 70 i 30314
Err codemadness.org 70 i 30316
OpenVPN client export API
Err codemadness.org 70 i 30317
Err codemadness.org 70 i 30319
Realtek NIC driver version 1.95
Err codemadness.org 70 i 30320
Err codemadness.org 70 i 30322
HardenedBSD 11.2, LibreSSL 2.7
Err codemadness.org 70 i 30323
Err codemadness.org 70 i 30325
Unbound 1.8, Suricata 4.1
Err codemadness.org 70 i 30326
Err codemadness.org 70 i 30328
Phalcon 3.4, Perl 5.28
Err codemadness.org 70 i 30329
Err codemadness.org 70 i 30331
firmware health check extended to cover all OS files, HTTPS mirror default
Err codemadness.org 70 i 30332
Err codemadness.org 70 i 30334
updates are browser cache-safe regarding CSS and JavaScript assets
Err codemadness.org 70 i 30335
Err codemadness.org 70 i 30337
collapsible side bar menu in the default theme
Err codemadness.org 70 i 30338
Err codemadness.org 70 i 30340
language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian
Err codemadness.org 70 i 30341
Err codemadness.org 70 i 30343
API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy plugins
Err codemadness.org 70 i 30344
Err codemadness.org 70 i 30346
Here are the full changes against version 19.1-RC2:
Err codemadness.org 70 i 30347
Err codemadness.org 70 i 30349
ipsec: add firewall interface as soon as phase 1 is enabled
Err codemadness.org 70 i 30350
Err codemadness.org 70 i 30352
ipsec: phase 1 selection GUI JavaScript compatibility fix
Err codemadness.org 70 i 30353
Err codemadness.org 70 i 30355
monit: widget improvements and bug fix (contributed by Frank Brendel)
Err codemadness.org 70 i 30356
Err codemadness.org 70 i 30358
ui: fix regression in single host or network subnet select in static pages
Err codemadness.org 70 i 30359
Err codemadness.org 70 i 30361
plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)
Err codemadness.org 70 i 30362
Err codemadness.org 70 i 30364
plugins: os-telegraf 1.7.4 fixes packet filter input
Err codemadness.org 70 i 30365
Err codemadness.org 70 i 30367
plugins: os-theme-rebellion 1.8.2 adds image colour invert
Err codemadness.org 70 i 30368
Err codemadness.org 70 i 30370
plugins: os-vnstat 1.1[3]
Err codemadness.org 70 i 30371
Err codemadness.org 70 i 30373
plugins: os-zabbix-agent now uses Zabbix version 4.0
Err codemadness.org 70 i 30374
Err codemadness.org 70 i 30376
src: revert mmccalculateclock() as HS200/HS400 support breaks legacy support
Err codemadness.org 70 i 30377
Err codemadness.org 70 i 30379
src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]
Err codemadness.org 70 i 30380
Err codemadness.org 70 i 30382
src: import tzdata 2018h, 2018i[5]
Err codemadness.org 70 i 30383
Err codemadness.org 70 i 30385
src: avoid unsynchronized updates to knstatus[6]
Err codemadness.org 70 i 30386
Err codemadness.org 70 i 30388
ports: carootnss 3.42
Err codemadness.org 70 i 30389
Err codemadness.org 70 i 30391
ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)
Err codemadness.org 70 i 30392
Err codemadness.org 70 i 30394
ports: sudo patch to fix listpw=never[7]
Err codemadness.org 70 i 30395

Err codemadness.org 70 i 30397

Err codemadness.org 70 i 30398

News Roundup

Err codemadness.org 70 i 30399

The hardware-assisted virtualization challenge

Err codemadness.org 70 i 30400

Err codemadness.org 70 i 30401
Over two years ago, I made a pledge to use NetBSD as my sole OS and only operating system, and to resist booting into any other OS until I had implemented hardware-accelerated virtualization in the NetBSD kernel (the equivalent of Linux’ KVM, or Hyper-V).
Err codemadness.org 70 i 30402 Today, I am here to report: Mission Accomplished!
Err codemadness.org 70 i 30403 It’s been a long road, but we now have hardware-accelerated virtualization in the kernel! And while I had only initially planned to get Oracle VirtualBox working, I have with the help of the Intel HAXM engine (the same backend used for virtualization in Android Studio) and a qemu frontend, successfully managed to boot a range of mainstream operating systems.
Err codemadness.org 70 i 30404

Err codemadness.org 70 i 30405

Err codemadness.org 70 i 30406

ZFS and GPL terror: How much freedom is there in Linux?

Err codemadness.org 70 i 30407

ZFS – the undesirable guest

Err codemadness.org 70 i 30410

Err codemadness.org 70 i 30411
ZFS is todays most advanced filesystem. It originated on the Solaris operating system and thanks to Sun’s decision to open it up, we have it available on quite a number of Unix-like operating systems. That’s just great! Great for everyone.
Err codemadness.org 70 i 30412 For everyone? Nope. There are people out there who don’t like ZFS. Which is totally fine, they don’t need to use it after all. But worse: There are people who actively hate ZFS and think that others should not use it. Ok, it’s nothing new that some random guys on the net are acting like assholes, trying to tell you what you must not do, right? Whoever has been online for more than a couple of days probably already got used to it. Unfortunately its still worse: One such spoilsport is Greg Kroah-Hartman, Linux guru and informal second-in-command after Linus Torvalds.
Err codemadness.org 70 i 30413 There have been some attempts to defend the stance of this kernel developer. One was to point at the fact that the “ZFS on Linux” (ZoL) port uses two kernel functions, _kernelfpubegin() and _kernelfpuend(), which have been deprecated for a very long time and that it makes sense to finally get rid of them since nothing in-kernel uses it anymore. Nobody is going to argue against that. The problem becomes clear by looking at the bigger picture, though:
Err codemadness.org 70 i 30414 The need for functions doing just what the old ones did has of course not vanished. The functions have been replaced with other ones. And those ones are deliberately made GPL-only. Yes, that’s right: There’s no technical reason whatsoever! It’s purely ideology – and it’s a terrible one.
Err codemadness.org 70 i 30415

Err codemadness.org 70 i 30416

Err codemadness.org 70 i 30417

ClonOS 19.01-RELEASE

Err codemadness.org 70 i 30418

Err codemadness.org 70 i 30419
ClonOS is a turnkey Open Source platform based on FreeBSD and the CBSD framework. ClonOS offers a complete web UI for easily controlling, deploying and managing FreeBSD jails containers and Bhyve/Xen hyperviser virtual environments.
Err codemadness.org 70 i 30420 ClonOS is currently the only platform available which allow both Xen and Bhyve hypervisor to coexist on the same host. Being a FreeBSD base platform, ClonOS ability to create and manage jails allows you to run FreeBSD applications without losing performance.
Err codemadness.org 70 i 30421

Err codemadness.org 70 i 30422

Err codemadness.org 70 i 30424
Features:
Err codemadness.org 70 i 30425
Err codemadness.org 70 i 30427
easy management via web UI interface
Err codemadness.org 70 i 30428
Err codemadness.org 70 i 30430
live Bhyve migration [coming soon, roadmap]
Err codemadness.org 70 i 30431
Err codemadness.org 70 i 30433
Bhyve management (create, delete VM)
Err codemadness.org 70 i 30434
Err codemadness.org 70 i 30436
Xen management (create, delete VM) [coming soon, roadmap]
Err codemadness.org 70 i 30437
Err codemadness.org 70 i 30439
connection to the “physical” guest console via VNC from the browser or directly
Err codemadness.org 70 i 30440
Err codemadness.org 70 i 30442
Real time system monitoring
Err codemadness.org 70 i 30443
Err codemadness.org 70 i 30445
access to load statistics through SQLite3 and beanstalkd
Err codemadness.org 70 i 30446
Err codemadness.org 70 i 30448
support for ZFS features (cloning, snapshots)
Err codemadness.org 70 i 30449
Err codemadness.org 70 i 30451
import/export of virtual environments
Err codemadness.org 70 i 30452
Err codemadness.org 70 i 30454
public repository with virtual machine templates
Err codemadness.org 70 i 30455
Err codemadness.org 70 i 30457
puppet-based helpers for configuring popular services
Err codemadness.org 70 i 30458
Err codemadness.org 70 i 30460
ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core:
Err codemadness.org 70 i 30461
Err codemadness.org 70 i 30463
FreeBSD OS as hoster platform
Err codemadness.org 70 i 30464
Err codemadness.org 70 i 30466
bhyve(8) as hypervisor engine
Err codemadness.org 70 i 30467
Err codemadness.org 70 i 30469
Xen as hypervisor engine
Err codemadness.org 70 i 30470
Err codemadness.org 70 i 30472
vale(4) as Virtual Ethernet Switch
Err codemadness.org 70 i 30473
Err codemadness.org 70 i 30475
jail(8) as container engine
Err codemadness.org 70 i 30476
Err codemadness.org 70 i 30478
CBSD Project as management tools
Err codemadness.org 70 i 30479
Err codemadness.org 70 i 30481
Puppet as configuration management
Err codemadness.org 70 i 30482

Err codemadness.org 70 i 30484

Err codemadness.org 70 i 30485

Beastie Bits

Err codemadness.org 70 i 30486

Florian Obser on unwind(8)
A low tech SMS gateway for fun and no profit
Netflix and FreeBSD : Using Open Source to Deliver Streaming Video
powerd++ 0.4.0 release
Is it time to rewrite the operating system in Rust?
Small change, big effect
Swedish BSD Meetup, Feb 19, 2019
Polish BSD User Group Meetup, Feb 21, 2019

Err codemadness.org 70 i 30496

Err codemadness.org 70 i 30497

Feedback/Questions

Err codemadness.org 70 i 30498

Casey - Cool new Digital Ocean Feature
Morgan - Jail w/differnet version of FreeBSD
Brad - FreeBSD Installer

Err codemadness.org 70 i 30503

Err codemadness.org 70 i 30504

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 30507

Err codemadness.org 70 i 30508

283: Graphical Interface-View

Allan Jude — Thu, 31 Jan 2019 08:00:00 -0800

Err codemadness.org 70 i 31125 We’re at FOSDEM 2019 this week having fun. We’d never leave you in a lurch, so we have recorded an interview with Niclas Zeising of the FreeBSD graphics team for you. Enjoy.

Err codemadness.org 70 i 31126 Err codemadness.org 70 i 31127

##Interview - Niclas Zeising - zeising@FreeBSD.org / @niclaszeising
Err codemadness.org 70 i 31128 Interview topic: FreeBSD Graphics Stack

Err codemadness.org 70 i 31129 Err codemadness.org 70 i 31130

BR: Welcome Niclas. Since this is your first time on BSDNow, can you tell us a bit about yourself and how you started with Unix/BSD?
AJ: What made you start working in the FreeBSD graphics stack?
BR: What is the current status with the FreeBSD graphics stack?
AJ: What challenges do you face in the FreeBSD graphics stack?
BR: How many people are working in the graphics team and what kind of help do you need there?
AJ: You’re also involved in FreeBSD ports and held a poudriere tutorial at last years EuroBSDcon. What kind of feedback did you get and will you give that tutorial again?
BR: You’ve been organizing the Stockholm BSD user group meeting. Can you tell us a bit about that, what’s involved, how is it structured?
AJ: What conferences do you go to where people could talk to you?
BR: Is there anything else you’d like to mention before we let you go?

Err codemadness.org 70 i 31141 Err codemadness.org 70 i 31142

Err codemadness.org 70 i 31143 Err codemadness.org 70 i 31144

##Feedback/Questions

Err codemadness.org 70 i 31145 Err codemadness.org 70 i 31146

Casey - TrueOS
Troels - zfs send vs zfs send -R
matclarke - Orphaned packages

Err codemadness.org 70 i 31151 Err codemadness.org 70 i 31152

Err codemadness.org 70 i 31153 Err codemadness.org 70 i 31154

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 31157 Err codemadness.org 70 i 31158

]]> Err codemadness.org 70 i 31159

282: Open the Rsync

Allan Jude — Thu, 24 Jan 2019 08:00:00 -0800

Err codemadness.org 70 i 31317 Project Trident 18.12 released, Spotifyd on NetBSD, OPNsense 18.7.10 is available, Ultra EPYC AMD Powered Sun Ultra 24 Workstation, OpenRsync, LLD porting to NetBSD, and more.

Err codemadness.org 70 i 31318 Err codemadness.org 70 i 31319

##Headlines

Err codemadness.org 70 i 31320 Err codemadness.org 70 i 31321

###AsiaBSDCon 2019 Call for Papers

Err codemadness.org 70 i 31322 Err codemadness.org 70 i 31323

You have until Jan 30th to submit
Full paper requirement is relaxed a bit this year (this year ONLY!) due to the short submission window. You don’t need all 10-12 pages, but it is still preferred.
Send a message to secretary@asiabsdcon.org with your proposal. Could be either for a talk or a tutorial.
Two days of tutorials/devsummit and two days of conference during Sakura season in Tokyo, Japan
The conference is also looking for sponsors
If accepted, flight and hotel is paid for by the conference

Err codemadness.org 70 i 31331 Err codemadness.org 70 i 31332

Err codemadness.org 70 i 31333 Err codemadness.org 70 i 31334

###Project Trident 18.12 Released

Err codemadness.org 70 i 31335 Err codemadness.org 70 i 31336

Twitter account if you want to keep up on project news
Screenshots
Project Trident Community Telegram Channel
DistroWatch Page
LinuxActionNews Review
RoboNuggie’s in depth review

Err codemadness.org 70 i 31344 Err codemadness.org 70 i 31345

Err codemadness.org 70 i 31346 Err codemadness.org 70 i 31347

###Building Spotifyd on NetBSD

Err codemadness.org 70 i 31348 Err codemadness.org 70 i 31349

Err codemadness.org 70 i 31350
These are the steps I went through to build and run Spotifyd (this commit at the time of writing) on NetBSD AMD64. It’s a Spotify Connect client so it means I still need to control Spotify from another device (typically my phone), but the audio is played through my desktop… which is where my speakers and headphones are plugged in - it means I don’t have to unplug stuff and re-plug into my phone, work laptop, etc. This is 100% a “good enough for now solution” for me; I have had a quick play with the Go based microcontroller from spotcontrol and that allows a completely NetBSD only experience (although it is just an example application so doesn’t provide many features - great as a basis to build on though).
Err codemadness.org 70 i 31351

Err codemadness.org 70 i 31352 Err codemadness.org 70 i 31353

Err codemadness.org 70 i 31354 Err codemadness.org 70 i 31355

##News Roundup

Err codemadness.org 70 i 31356 Err codemadness.org 70 i 31357

###OPNsense 18.7.10 released

Err codemadness.org 70 i 31358 Err codemadness.org 70 i 31359

Err codemadness.org 70 i 31360
2019 means 19.1 is almost here. In the meantime accept this small
Err codemadness.org 70 i 31361 incremental update with goodies such as Suricata 4.1, custom passwords
Err codemadness.org 70 i 31362 for P12 certificate export as well as fresh fixes in the FreeBSD base.
Err codemadness.org 70 i 31363 A lot of cleanups went into this update to make sure there will be a
Err codemadness.org 70 i 31364 smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2
Err codemadness.org 70 i 31365 weeks and the final 19.1 on January 29.
Err codemadness.org 70 i 31366

Err codemadness.org 70 i 31367 Err codemadness.org 70 i 31368

Err codemadness.org 70 i 31369 Err codemadness.org 70 i 31370

###Introducing the Ultra EPYC AMD Powered Sun Ultra 24 Workstation

Err codemadness.org 70 i 31371 Err codemadness.org 70 i 31372

Err codemadness.org 70 i 31373
A few weeks ago, I got an itch to build a workstation with AMD EPYC. There are a few constraints. First, I needed a higher-clock part. Second, I knew the whole build would be focused more on being an ultra high-end workstation rather than simply utilizing gaming components. With that, I decided it was time to hit on a bit of nostalgia for our readers. Mainly, I wanted to do an homage to Sun Microsystems. Sun made the server gear that the industry ran on for years, and as a fun fact, if you go behind the 1 Hacker Way sign at Facebook’s campus, they left the Sun Microsystems logo. Seeing that made me wonder if we could do an ultimate AMD EPYC build in a Sun Microsystems workstation.
Err codemadness.org 70 i 31374

Err codemadness.org 70 i 31375 Err codemadness.org 70 i 31376

Err codemadness.org 70 i 31377 Err codemadness.org 70 i 31378

###OpenRsync

Err codemadness.org 70 i 31379 Err codemadness.org 70 i 31380

Err codemadness.org 70 i 31381
This is a clean-room implementation of rsync with a BSD (ISC) license. It is designed to be compatible with a modern rsync (3.1.3 is used for testing). It currently compiles and runs only on OpenBSD.
Err codemadness.org 70 i 31382 This project is still very new and very fast-moving.
Err codemadness.org 70 i 31383 It’s not ready for wide-spread testing. Or even narrow-spread beyond getting all of the bits to work. It’s not ready for strong attention. Or really any attention but by careful programming.
Err codemadness.org 70 i 31384 Many have asked about portability. We’re just not there yet, folks. But don’t worry, the system is easily portable. The hard part for porters is matching OpenBSD’s pledge and unveil.
Err codemadness.org 70 i 31385

Err codemadness.org 70 i 31386 Err codemadness.org 70 i 31387

Err codemadness.org 70 i 31388 Err codemadness.org 70 i 31389

###The first report on LLD porting

Err codemadness.org 70 i 31390 Err codemadness.org 70 i 31391

Err codemadness.org 70 i 31392
LLD is the link editor (linker) component of Clang toolchain. Its main advantage over GNU ld is much lower memory footprint, and linking speed. It is of specific interest to me since currently 8 GiB of memory are insufficient to link LLVM statically (which is the upstream default).
Err codemadness.org 70 i 31393 The first goal of LLD porting is to ensure that LLD can produce working NetBSD executables, and be used to build LLVM itself. Then, it is desirable to look into trying to build additional NetBSD components, and eventually into replacing /usr/bin/ld entirely with lld.
Err codemadness.org 70 i 31394 In this report, I would like to shortly summarize the issues I have found so far trying to use LLD on NetBSD.
Err codemadness.org 70 i 31395

Err codemadness.org 70 i 31396 Err codemadness.org 70 i 31397

Err codemadness.org 70 i 31398 Err codemadness.org 70 i 31399

###Ring in the new

Err codemadness.org 70 i 31400 Err codemadness.org 70 i 31401

Err codemadness.org 70 i 31402
It’s the second week of 2019 already, which means I’m curious what Nate is going to do with his series This week in usability … reset the numbering from week 1? That series is a great read, to keep up with all the little things that change in KDE source each week — aside from the release notes.
Err codemadness.org 70 i 31403 For the big ticket items of KDE on FreeBSD, you should read this blog instead.
Err codemadness.org 70 i 31404

Err codemadness.org 70 i 31405 Err codemadness.org 70 i 31406

In ports this week (mostly KDE, some unrelated):
KDE Plasma has been updated to the latest release, 5.14.5.
KDE Applications 18.12.1 were released today, so we’re right on top of them.
Marble was fixed for FreeBSD-running-on-Power9.
Musescore caught up on 18 months of releases.
Phonon updated to 4.10.1, along with its backends.
And in development, Qt WebEngine 5.12 has been prepared in the incongruously-named plasma-5.13 branch in Area51; that does contain all the latest bits described above, as well.

Err codemadness.org 70 i 31415 Err codemadness.org 70 i 31416

Err codemadness.org 70 i 31417 Err codemadness.org 70 i 31418

##Beastie Bits

Err codemadness.org 70 i 31419 Err codemadness.org 70 i 31420

NomadBSD 1.2-RC1 Released
ZFS - The First Enterprise Blockchain
Powersaving with DragonFly laptop
NetBSD reaches 100% reproducable builds
Potential Bhyve Web Interface?
LibGDX proof of concept on OpenBSD - Video
LiteCLI is a user-friendly CommandLine client for SQLite database
In honor of Donald Knuth’s 81 birthday Stanford uploaded 111 lectures on Youtube
Portland BSD Pizza Night - 2018-01-31 19:00 - Sweet Heart Pizza
Stockholm BSD February meetup
Polish BSD User Group: Jan 25 18:15 - 21:00
AsiaBSDcon 2019 CfP

Err codemadness.org 70 i 31434 Err codemadness.org 70 i 31435

Err codemadness.org 70 i 31436 Err codemadness.org 70 i 31437

##Feedback/Questions

Err codemadness.org 70 i 31438 Err codemadness.org 70 i 31439

Greg - VLANs and jails
Tara - ZFS on removable disks
Casey - Interview with Kirk McKusick

Err codemadness.org 70 i 31444 Err codemadness.org 70 i 31445

Err codemadness.org 70 i 31446 Err codemadness.org 70 i 31447

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 31450 Err codemadness.org 70 i 31451

]]> Err codemadness.org 70 i 31452

281: EPYC Server Battle

Allan Jude — Thu, 17 Jan 2019 07:00:00 -0800

SCP client vulnerabilities, BSDs vs Linux benchmarks on a Tyan EPYC Server, fame for the Unix inventors, Die IPv4, GhostBSD 18.12 released, Unix in pictures, and more. Err codemadness.org 70 i 31609

##Headlines
Err codemadness.org 70 i 31610 ###scp client multiple vulnerabilities

Err codemadness.org 70 i 31611

Overview
SCP clients from multiple vendors are susceptible to a malicious scp server performing
Err codemadness.org 70 i 31614 unauthorized changes to target directory and/or client output manipulation.
Description
Many scp clients fail to verify if the objects returned by the scp server match those
Err codemadness.org 70 i 31617 it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate
Err codemadness.org 70 i 31618 flaw in the client allows the target directory attributes to be changed arbitrarily.
Err codemadness.org 70 i 31619 Finally, two vulnerabilities in clients may allow server to spoof the client output.
Impact
Malicious scp server can write arbitrary files to scp target directory, change the
Err codemadness.org 70 i 31622 target directory permissions and to spoof the client output.
Details

Err codemadness.org 70 i 31625

Err codemadness.org 70 i 31626
The discovered vulnerabilities, described in more detail below, enables the attack
Err codemadness.org 70 i 31627 described here in brief.
Err codemadness.org 70 i 31628

Err codemadness.org 70 i 31629

Err codemadness.org 70 i 31631
1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim’s home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:
Err codemadness.org 70 i 31634

Err codemadness.org 70 i 31636

user@local:~$ scp user@remote:readme.txt .
Err codemadness.org 70 i 31637 readme.txt 100% 494 1.6KB/s 00:00
Err codemadness.org 70 i 31638 user@local:~$

Err codemadness.org 70 i 31639

Err codemadness.org 70 i 31641
1. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.
Err codemadness.org 70 i 31644
*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

Err codemadness.org 70 i 31647

Err codemadness.org 70 i 31648

###FreeBSD 12.0 vs. DragonFlyBSD 5.4 vs. TrueOS 18.12 vs. Linux On A Tyan EPYC Server

Err codemadness.org 70 i 31649

Err codemadness.org 70 i 31650
Last month when running FreeBSD 12.0 benchmarks on a 2P EPYC server I wasn’t able to run any side-by-side benchmarks with the new DragonFlyBSD 5.4 as this BSD was crashing during the boot process on that board. But fortunately on another AMD EPYC server available, the EPYC 1P TYAN Transport SX TN70A-B8026, DragonFlyBSD 5.4.1 runs fine. So for this first round of BSD benchmarking in 2019 are tests of FreeBSD 11.2, FreeBSD 12.0, DragonFlyBSD 5.4.1, the new TrueOS 18.12, and a few Linux distributions (CentOS 7, Ubuntu 18.04.1 LTS, and Clear Linux) on this EPYC 7601 server in a variety of workloads.
Err codemadness.org 70 i 31651

Err codemadness.org 70 i 31652

Err codemadness.org 70 i 31653
DragonFlyBSD 5.4.1 ran fine on this Tyan server and could boot fine unlike the issue encountered on the Dell PowerEdge R7425 for this particular BSD. But on the Tyan server, DragonFlyBSD 5.2.2 wouldn’t boot so only this latest DragonFlyBSD release series was used as part of the comparison.
Err codemadness.org 70 i 31654

Err codemadness.org 70 i 31655

Err codemadness.org 70 i 31657
A summary of the operating systems tested for this EPYC 7601 OS benchmark comparison included:
Err codemadness.org 70 i 31658
Err codemadness.org 70 i 31660
DragonFlyBSD 5.4.1 - The latest release of Matthew Dillon’s operating system while using the HAMMER2 file-system and GCC 8.1 compiler that is now the default system compiler for this BSD.
Err codemadness.org 70 i 31661
Err codemadness.org 70 i 31663
FreeBSD 11.2 - The previous stable release of FreeBSD. Installed with a ZFS file-system.
Err codemadness.org 70 i 31664
Err codemadness.org 70 i 31666
FreeBSD 12.0 - The latest stable release of FreeBSD and installed with its ZFS option.
Err codemadness.org 70 i 31667
Err codemadness.org 70 i 31669
TrueOS 18.12 - The latest release of the iX systems’ FreeBSD derivative. TrueOS 18.12 is based on FreeBSD 13.0-CURRENT and uses ZFS by default and was using the Clang 7.0.1 compiler compared to Clang 6.0.1 on FreeBSD 12.0.
Err codemadness.org 70 i 31670
Err codemadness.org 70 i 31672
CentOS Linux 7 - The latest EL7 operating system performance.
Err codemadness.org 70 i 31673
Err codemadness.org 70 i 31675
Ubuntu 18.04.1 LTS - The latest Ubuntu Long Term Support release.
Err codemadness.org 70 i 31676
Err codemadness.org 70 i 31678
Clear Linux 27120 - The latest rolling release as of testing out of Intel’s Open-Source Technology Center. Clear Linux often reflects as close to the gold standard for performance as possible with its insanely tuned software stack for offering optimal performance on x86_64 performance for generally showing best what the hardware is capable of.
Err codemadness.org 70 i 31679

Err codemadness.org 70 i 31681

Err codemadness.org 70 i 31682
Throughout all of this testing, the Tyan 2U server was kept to its same configuration of an AMD EPYC 7601 (32 cores / 64 threads) at stock speeds, 8 x 16GB DDR4-2666 ECC memory, and 280GB Intel Optane 900p SSD benchmarks.
Err codemadness.org 70 i 31683

Err codemadness.org 70 i 31684

Err codemadness.org 70 i 31685

##News Roundup
Err codemadness.org 70 i 31686 National Inventors Hall of Fame honors creators of Unix

Err codemadness.org 70 i 31687

Err codemadness.org 70 i 31688
Dennis Ritchie (Posthumous) and Ken Thompson: UNIX Operating System
Err codemadness.org 70 i 31689 Thompson and Ritchie’s creation of the UNIX operating system and the C programming language were pivotal developments in the progress of computer science. Today, 50 years after its beginnings, UNIX and UNIX-like systems continue to run machinery from supercomputers to smartphones. The UNIX operating system remains the basis of much of the world’s computing infrastructure, and C language – written to simplify the development of UNIX – is one of the most widely used languages today.
Err codemadness.org 70 i 31690

Err codemadness.org 70 i 31691

Err codemadness.org 70 i 31692

###Die IPV4, Die

Err codemadness.org 70 i 31693

Err codemadness.org 70 i 31694
Imagine, it is 2019. Easy, ha? Imagine, it is 2019 and you want to turn off IPv4. Like, off off. Really off. Not disabling IPv6, but disabling IPv4.
Err codemadness.org 70 i 31695

Err codemadness.org 70 i 31696

Two steps back

Err codemadness.org 70 i 31699

Err codemadness.org 70 i 31700
You might be coming here wondering, why would anybody want to do what we are asking to be done. Well, it is dead simple: We are running data centers (like Data Center Light) with a lot of IPv6 only equipment. There simply is no need for IPv4. So why would we want to have it enabled?
Err codemadness.org 70 i 31701 Also, here at ungleich, we defined 2019 as the year to move away from IPv4.
Err codemadness.org 70 i 31702

Err codemadness.org 70 i 31703

The challenge

Err codemadness.org 70 i 31706

Err codemadness.org 70 i 31707
Do you like puzzles? Competitions? Challenges? Hacking? Well. If ANY of this is of your interest, here is a real challenge for you:
Err codemadness.org 70 i 31708 We offer a 100 CHF (roughly 100 USD) for anyone who can give us a detailed description of how to turn IPv4 completely off in an operating system and allowing it to communicate with IPv6 only. This should obviously include a tiny proof that your operating system is really unable to use IPv4 at all. Just flushing IPv4 addresses and keeping the IPv4 stack loaded, does not count.
Err codemadness.org 70 i 31709

Err codemadness.org 70 i 31710

Err codemadness.org 70 i 31711

###GhostBSD 18.12 released

Err codemadness.org 70 i 31712

Err codemadness.org 70 i 31713
GhostBSD 18.12 is an updated iso of GhostBSD 18.10 with some little changes to the live DVD/USB and with updated packages.
Err codemadness.org 70 i 31714

Err codemadness.org 70 i 31715

What has changed since 18.10
removed default call of kernel modules for AMD and Intel
replaced octopkg by software-station
added back gop hacks to the live system
added ghostbsd-drivers and ghostbsd-utils
we updated the packages to the latest build

Err codemadness.org 70 i 31723

Err codemadness.org 70 i 31724

###And Now for a laugh : #unixinpictures

Err codemadness.org 70 i 31725

Err codemadness.org 70 i 31726

##Beastie Bits

Err codemadness.org 70 i 31727

We are now closer to the Y2038 bug than the Y2K bug
OpenBSD Enterprise use
AT&T Unix Books
Process title and missing memory space
The History of a Security Hole
unbound-adblock: The ultimate network adblocker!
FreeBSD’s name/value pairs library
Pid Rollover
Booting OpenBSD kernels in EFI mode with QEMU
OpenBSD CVS commit: Make mincore lie
BSDCan 2019 CfP ending January 19 - Submit!
OpenZFS User Conference - April 18-19
FreeBSD Journal is a free publication now

Err codemadness.org 70 i 31742

Err codemadness.org 70 i 31743

##Feedback/Questions

Err codemadness.org 70 i 31744

Chris - Boot environments and SSDs
Jonathan - Bytes issued during a zpool scrub
Bostjan - ZFS Record Size and my mistakes

Err codemadness.org 70 i 31749

Err codemadness.org 70 i 31750

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 31753

Err codemadness.org 70 i 31754

Episode 280: FOSS Clothing | BSD Now 280

Allan Jude — Thu, 10 Jan 2019 00:00:00 -0800

Err codemadness.org 70 i 32212 A EULA in FOSS clothing, NetBSD with more LLVM support, Thoughts on FreeBSD 12.0, FreeBSD Performance against Windows and Linux on Xeon, Microsoft shipping NetBSD, and more.

Err codemadness.org 70 i 32213 Err codemadness.org 70 i 32214

Headlines

Err codemadness.org 70 i 32215 Err codemadness.org 70 i 32216

A EULA in FOSS clothing?

Err codemadness.org 70 i 32217 Err codemadness.org 70 i 32218

There was a tremendous amount of reaction to and discussion about my blog entry on the midlife crisis in open source. As part of this discussion on HN, Jay Kreps of Confluent took the time to write a detailed response — which he shortly thereafter elevated into a blog entry.

Err codemadness.org 70 i 32219 Err codemadness.org 70 i 32220

Let me be clear that I hold Jay in high regard, as both a software engineer and an entrepreneur — and I appreciate the time he took to write a thoughtful response. That said, there are aspects of his response that I found troubling enough to closely re-read the Confluent Community License — and that in turn has led me to a deeply disturbing realization about what is potentially going on here.

Err codemadness.org 70 i 32221 Err codemadness.org 70 i 32222

To GitHub: Assuming that this is in fact a EULA, I think it is perilous to allow EULAs to sit in public repositories. It’s one thing to have one click through to accept a license (though again, that itself is dubious), but to say that a git clone is an implicit acceptance of a contract that happens to be sitting somewhere in the repository beggars belief. With efforts like choosealicense.com, GitHub has been a model in guiding projects with respect to licensing; it would be helpful for GitHub’s counsel to weigh in on their view of this new strain of source-available proprietary software and the degree to which it comes into conflict with GitHub’s own terms of service.

Err codemadness.org 70 i 32223 Err codemadness.org 70 i 32224

To foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!

Err codemadness.org 70 i 32225 Err codemadness.org 70 i 32226

Err codemadness.org 70 i 32227 Err codemadness.org 70 i 32228

NetBSD and LLVM

Err codemadness.org 70 i 32229 Err codemadness.org 70 i 32230

NetBSD entering 2019 with more complete LLVM support

Err codemadness.org 70 i 32231 Err codemadness.org 70 i 32232

I’m recently helping the NetBSD developers to improve the support for this operating system in various LLVM components. As you can read in my previous report, I’ve been focusing on fixing build and test failures for the purpose of improving the buildbot coverage. Err codemadness.org 70 i 32233 Previously, I’ve resolved test failures in LLVM, Clang, LLD, libunwind, openmp and partially libc++. During the remainder of the month, I’ve been working on the remaining libc++ test failures, improving the NetBSD clang driver and helping Kamil Rytarowski with compiler-rt.

Err codemadness.org 70 i 32234 Err codemadness.org 70 i 32235

The process of upstreaming support to LLVM sanitizers has been finalized

Err codemadness.org 70 i 32236 Err codemadness.org 70 i 32237

I’ve finished the process of upstreaming patches to LLVM sanitizers (almost 2000LOC of local code) and submitted to upstream new improvements for the NetBSD support. Today out of the box (in unpatched version) we have support for a variety of compiler-rt LLVM features: ASan (finds unauthorized memory access), UBSan (finds unspecified code semantics), TSan (finds threading bugs), MSan (finds uninitialized memory use), SafeStack (double stack hardening), Profile (code coverage), XRay (dynamic code tracing); while other ones such as Scudo (hardened allocator) or DFSan (generic data flow sanitizer) are not far away from completeness. Err codemadness.org 70 i 32238 The NetBSD support is no longer visibly lacking behind Linux in sanitizers, although there are still failing tests on NetBSD that are not observed on Linux. On the other hand there are features working on NetBSD that are not functional on Linux, like sanitizing programs during early initialization process of OS (this is caused by /proc dependency on Linux that is mounted by startup programs, while NetBSD relies on sysctl(3) interfaces that is always available).

Err codemadness.org 70 i 32239 Err codemadness.org 70 i 32240

Err codemadness.org 70 i 32241 Err codemadness.org 70 i 32242

News Roundup

Err codemadness.org 70 i 32243 Err codemadness.org 70 i 32244

Thoughts on FreeBSD 12.0

Err codemadness.org 70 i 32245 Err codemadness.org 70 i 32246

Playing with FreeBSD with past week I don’t feel as though there were any big surprises or changes in this release compared to FreeBSD 11. In typical FreeBSD fashion, progress tends to be evolutionary rather than revolutionary, and this release feels like a polished and improved incremental step forward. I like that the installer handles both UFS and ZFS guided partitioning now and in a friendly manner. In the past I had trouble getting FreeBSD’s boot menu to work with boot environments, but that has been fixed for this release. Err codemadness.org 70 i 32247 I like the security options in the installer too. These are not new, but I think worth mentioning. FreeBSD, unlike most Linux distributions, offers several low-level security options (like hiding other users’ processes and randomizing PIDs) and I like having these presented at install time. It’s harder for people to attack what they cannot see, or predict, and FreeBSD optionally makes these little adjustment for us. Err codemadness.org 70 i 32248 Something which stands out about FreeBSD, compared to most Linux distributions I run, is that FreeBSD rarely holds the user’s hand, but also rarely surprises the user. This means there is more reading to do up front and new users may struggle to get used to editing configuration files in a text editor. But FreeBSD rarely does anything unless told to do it. Updates rarely change the system’s behaviour, working technology rarely gets swapped out for something new, the system and its applications never crashed during my trial. Everything was rock solid. The operating system may seem like a minimal, blank slate to new users, but it’s wonderfully dependable and predictable in my experience. Err codemadness.org 70 i 32249 I probably wouldn’t recommend FreeBSD for desktop use. It’s close relative, GhostBSD, ships with a friendly desktop and does special work to make end user applications run smoothly. But for people who want to run servers, possible for years without change or issues, FreeBSD is a great option. It’s also an attractive choice, in my opinion, for people who like to build their system from the ground up, like you would with Debian’s server install or Arch Linux. Apart from the base tools and documentation, there is nothing on a FreeBSD system apart from what we put on it.

Err codemadness.org 70 i 32250 Err codemadness.org 70 i 32251

Err codemadness.org 70 i 32252 Err codemadness.org 70 i 32253

FreeBSD 12.0 Performance Against Windows & Linux On An Intel Xeon Server

Err codemadness.org 70 i 32254 Err codemadness.org 70 i 32255

Last week I posted benchmarks of Windows Server 2019 against various Linux distributions using a Tyan dual socket Intel Xeon server. In this article are some complementary results when adding in the performance of FreeBSD 11.2 against the new FreeBSD 12.0 stable release for this leading BSD operating system. As some fun benchmarks to end out 2018, here are the results of FreeBSD 11.2/12.0 (including an additional run when using GCC rather than Clang) up against Windows Server and several enterprise-ready Linux distributions. Err codemadness.org 70 i 32256 While FreeBSD 12.0 had picked up just one win of the Windows/Linux comparisons run, the FreeBSD performance is moving in the right direction. FreeBSD 12.0 was certainly faster than FreeBSD 11.2 on this dual Intel Xeon Scalable server based on a Tyan 1U platform. Meanwhile, to no surprise given the data last week, Clear Linux was by far the fastest out-of-the-box operating system tested. Err codemadness.org 70 i 32257 I did run some extra benchmarks on FreeBSD 11.2/12.0 with this hardware: in total I ran 120 benchmarks for these BSD tests. Of the 120 tests, there were just 15 cases where FreeBSD 11.2 was faster than 12.0. Seeing FreeBSD 12.0 faster than 11.2 nearly 90% of the time is an accomplishment and usually with other operating systems we see more of a mixed bag on new releases with not such solidly better performance. It was also great seeing the competitive performance out of FreeBSD when using the Clang compiler for the source-based tests compared to the GCC8 performance. Additional data available via this OpenBenchmarking.org result file.

Err codemadness.org 70 i 32258 Err codemadness.org 70 i 32259

Err codemadness.org 70 i 32260 Err codemadness.org 70 i 32261

How NetBSD came to be shipped by Microsoft

Err codemadness.org 70 i 32262 Err codemadness.org 70 i 32263

Google cache in case the site is down

Err codemadness.org 70 i 32264 Err codemadness.org 70 i 32265

In 2000, Joe Britt, Matt Hershenson and Andy Rubin formed Danger Incorporated. Danger developed the world’s first recognizable smartphone, the Danger HipTop. T-Mobile sold the first HipTop under the brand name Sidekick in October of 2002. Err codemadness.org 70 i 32266 Danger had a well developed kernel that had been designed and built in house. The kernel came to be viewed as not a core intellectual property and Danger started a search for a replacement. For business reasons, mostly to do with legal concerns over the Gnu Public License, Danger rejected Linux and began to consider BSD Unix as a replacement for the kernel. Err codemadness.org 70 i 32267 In 2006 I was hired by Mike Chen, the manager of the kernel development group to investigate the feasibility of replacing the Danger kernel with a BSD kernel, to select the version of BSD to use, to develop a prototype and to develop the plan for adapting BSD to Danger’s requirements. Err codemadness.org 70 i 32268 NetBSD was easily the best choice among the BSD variations at the time because it had well developed cross development tools. It was easy to use a NetBSD desktop running an Intel release to cross compile a NetBSD kernel and runtime for a device running an ARM processor. (Those interested in mailing list archaeology might be amused to investigate NetBSD technical mailing list for mail from picovex, particularly from Bucky Katz at picovex.) Err codemadness.org 70 i 32269 We began product development on the specific prototype of the phone that would become the Sidekick LX2009 in 2007 and contracts for the phone were written with T-Mobile. We were about half way through the two year development cycle when Microsoft purchased Danger in 2008. Err codemadness.org 70 i 32270 Microsoft would have preferred to ship the Sidekick running Windows/CE rather than NetBSD, but a schedule analysis performed by me, and another by an independent outside contractor, indicated that doing so would result in unacceptable delay.

Err codemadness.org 70 i 32271 Err codemadness.org 70 i 32272

Err codemadness.org 70 i 32273 Err codemadness.org 70 i 32274

Beastie Bits

Err codemadness.org 70 i 32275 Err codemadness.org 70 i 32276

Unleashed 1.2 Released
35th CCC - Taming the Chaos: Can we build systems that actually work?
Potholes to avoid when migrating to IPv6
XScreenSaver 5.42
SSH Examples and Tunnels
Help request - mbuf(9) - request for comment
NSA to release free Reverse Engineering Tool
Running FreeBSD on a Raspberry Pi3 using a custom image created with crochet and poudriere

Err codemadness.org 70 i 32286 Err codemadness.org 70 i 32287

Err codemadness.org 70 i 32288 Err codemadness.org 70 i 32289

Feedback/Questions

Err codemadness.org 70 i 32290 Err codemadness.org 70 i 32291

Dries - Lets talk a bit about VIMAGE jails
ohb - Question About ZFS Root Dataset
Micah - Active-Active NAS Sync recommendations

Err codemadness.org 70 i 32296 Err codemadness.org 70 i 32297

Err codemadness.org 70 i 32298 Err codemadness.org 70 i 32299

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 32302 Err codemadness.org 70 i 32303

]]> Err codemadness.org 70 i 32304

Episode 279: Future of ZFS | BSD Now 279

Allan Jude — Thu, 03 Jan 2019 08:00:00 -0800

Err codemadness.org 70 i 32507 The future of ZFS in FreeBSD, we pick highlights from the FreeBSD quarterly status report, flying with the raven, modern KDE on FreeBSD, many ways to launch FreeBSD in EC2, GOG installers on NetBSD, and more.

Err codemadness.org 70 i 32508 Err codemadness.org 70 i 32509

Headlines

Err codemadness.org 70 i 32510 Err codemadness.org 70 i 32511

The future of ZFS in FreeBSD

Err codemadness.org 70 i 32512 Err codemadness.org 70 i 32513

The sources for FreeBSD’s ZFS support are currently taken directly from Illumos with local ifdefs to support the peculiarities of FreeBSD where the Solaris Portability Layer (SPL) shims fall short. FreeBSD has regularly pulled changes from Illumos and tried to push back any bug fixes and new features done in the context of FreeBSD. In the past few years the vast majority of new development in ZFS has taken place in DelphixOS and zfsonlinux (ZoL). Earlier this year Delphix announced that they will be moving to ZoL: https://www.delphix.com/blog/kickoff-future-eko-2018 This shift means that there will be little to no net new development of Illumos. While working through the git history of ZoL I have also discovered that many races and locking bugs have been fixed in ZoL and never made it back to Illumos and thus FreeBSD. This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD’s ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly to ZoL https://github.com/zfsonfreebsd/ZoF so that we might all have a single shared code base. Err codemadness.org 70 i 32514 A port for ZoF can be found at https://github.com/miwi-fbsd/zof-port Before it can be committed some additional functionality needs to be added to the FreeBSD opencrypto framework. These can be found at https://reviews.freebsd.org/D18520 Err codemadness.org 70 i 32515 This port will provide FreeBSD users with multi modifier protection, project quotas, encrypted datasets, allocation classes, vectorized raidz, vectorized checksums, and various command line improvements.

Err codemadness.org 70 i 32516 Err codemadness.org 70 i 32517

Err codemadness.org 70 i 32518 Err codemadness.org 70 i 32519

FreeBSD Quarterly Status Update

Err codemadness.org 70 i 32520 Err codemadness.org 70 i 32521

With FreeBSD having gone all the way to 12, it is perhaps useful to take a look back at all the things that have been accomplished, in terms of many visible changes, as well as all the things that happen behind the scenes to ensure that FreeBSD continues to offer an alternative in both design, implementation, and execution. Err codemadness.org 70 i 32522 The things you can look forward to reading about are too numerous to summarize, but cover just about everything from finalizing releases, administrative work, optimizations and depessimizations, features added and fixed, and many areas of improvement that might just surprise you a little. Err codemadness.org 70 i 32523 Please have a cup of coffee, tea, hot cocoa, or other beverage of choice, and enjoy this culmulative set of reports covering everything that’s been done since October, 2017. Err codemadness.org 70 i 32524 —Daniel Ebdrup

Err codemadness.org 70 i 32525 Err codemadness.org 70 i 32526

Err codemadness.org 70 i 32527 Err codemadness.org 70 i 32528

News Roundup

Err codemadness.org 70 i 32529 Err codemadness.org 70 i 32530

One year of flying with the Raven: Ready for the Desktop?

Err codemadness.org 70 i 32531 Err codemadness.org 70 i 32532

It has been a little over one year now that I’m with the Ravenports project. Time to reflect my involvement, my expectations and hopes.

Err codemadness.org 70 i 32533 Err codemadness.org 70 i 32534

Ravenports

Err codemadness.org 70 i 32537 Err codemadness.org 70 i 32538

Ravenports is a universal packaging framework for *nix operating systems. For the user it provides easy access to binary packages of common software for multiple platforms. It has been the long-lasting champion on Repology’s top 10 repositories regarding package freshness (rarely dropping below 96 percent while all other projects keep below 90!).

Err codemadness.org 70 i 32539 Err codemadness.org 70 i 32540

For the porter it offers a well-designed and elegant means of writing cross-platform buildsheets that allow building the same version of the software with (completely or mostly) the same compile-time configuration on different operating systems or distributions.

Err codemadness.org 70 i 32541 Err codemadness.org 70 i 32542

And for the developer it means a real-world project that’s written in modern Ada (ravenadm) and C (pkg) – as well as some Perl for support scripts and make. Things feel very optimized and fast. Not being a programmer though, I cannot really say anything about the actual code and thus leave it to the interested reader’s judgement.

Err codemadness.org 70 i 32543 Err codemadness.org 70 i 32544

Err codemadness.org 70 i 32545 Err codemadness.org 70 i 32546

Modern KDE on FreeBSD

Err codemadness.org 70 i 32547 Err codemadness.org 70 i 32548

New stuff in the official FreeBSD repositories! The X11 team has landed a newer version of libinput, opening up the way for KDE Plasma 5.14 in ports. That’s a pretty big update and it may frighten people with a new wallpaper. Err codemadness.org 70 i 32549 What this means is that the graphical stack is once again on-par with what Plasma upstream expects, and we can get back to chasing releases as soon as they happen, rather than gnashing our teeth at missing dependencies. The KDE-FreeBSD CI servers are in the process of being upgraded to 12-STABLE, and we’re integrating with the new experimental CI systems as well. This means we are chasing sensibly-modern systems (13-CURRENT is out of scope).

Err codemadness.org 70 i 32550 Err codemadness.org 70 i 32551

Err codemadness.org 70 i 32552 Err codemadness.org 70 i 32553

The many ways to launch FreeBSD in EC2

Err codemadness.org 70 i 32554 Err codemadness.org 70 i 32555

Talking to FreeBSD users recently, I became aware that while I’ve created a lot of tools, I haven’t done a very good job of explaining how, and more importantly when to use them. So for all of the EC2-curious FreeBSD users out there: Here are the many ways to launch and configure FreeBSD in EC2 — ranging from the simplest to the most complicated (but most powerful):

Err codemadness.org 70 i 32556 Err codemadness.org 70 i 32557

Launch FreeBSD and SSH in
Launch FreeBSD and provide user-data
Use the AMI Builder to create a customized FreeBSD AMI
Build a FreeBSD AMI from a modified FreeBSD source tree
Build your own disk image

Err codemadness.org 70 i 32564 Err codemadness.org 70 i 32565

I hope I’ve provided tools which help you to run FreeBSD in EC2, no matter how common or unusual your needs are. If you find my work useful, please consider supporting my work in this area; while this is both something I enjoy working on and something which is useful for my day job (Tarsnap, my online backup service), having support would make it easier for me to prioritize FreeBSD/EC2 issues over other projects.

Err codemadness.org 70 i 32566 Err codemadness.org 70 i 32567

Err codemadness.org 70 i 32568 Err codemadness.org 70 i 32569

Using the GOG.com installers for Linux, on NetBSD

Err codemadness.org 70 i 32570 Err codemadness.org 70 i 32571

GOG.com prefers that you use their GOG Galaxy desktop app to download, install and manage all of your GOG games. But customers always have the option to install the game on their own terms, with a platform-specific installer. Err codemadness.org 70 i 32572 GOG offers these installers for Mac, Windows and/or Linux, depending on which platforms the game is available for.

Err codemadness.org 70 i 32573 Err codemadness.org 70 i 32574

The installers truly are platform-specific:
macOS games are distributed in a standard .pkg
Windows games are distributed in a setup wizard .exe
Linux games are distributed in a goofy shell archive

Err codemadness.org 70 i 32580 Err codemadness.org 70 i 32581

Of course, none of those are NetBSD. So, if I wanted to even attempt to play a game distributed by GOG.com on NetBSD, which one should I pick? The obvious choice is the Linux installer, since Linux is the most similar to NetBSD, right? Au contraire! In practice, I found that it is easier to download the Windows installer.

Err codemadness.org 70 i 32582 Err codemadness.org 70 i 32583

Here’s what I mean. For example, I ported the open source version of Aquaria to pkgsrc, but that package is only the game’s engine, not the multimedia data. The multimedia data is still copyrighted. Therefore, you need to get it from somewhere else. GOG is usually a good choice, because they distribute their games without DRM. And as mentioned earlier, picking the Linux installer seemed like a natural choice.

Err codemadness.org 70 i 32584 Err codemadness.org 70 i 32585

Now, actually PLAYING the games on NetBSD is a separate matter entirely. The game I’ve got here, though, my current obsession Pyre, is built with MonoGame and therefore could theoretically work on NetBSD, too, with the help of a library called FNA and a script for OpenBSD called fnaify. I do hope to create a pkgsrc package for FNA and port the fnaify script to NetBSD at some point.

Err codemadness.org 70 i 32586 Err codemadness.org 70 i 32587

Err codemadness.org 70 i 32588 Err codemadness.org 70 i 32589

Beastie Bits

Err codemadness.org 70 i 32590 Err codemadness.org 70 i 32591

Software as a Reflection of Values With Bryan Cantrill
Collection of bmc talks, updated 2018
wump: incorrect wumpus movement probability
Debugging Rust with VSCode on FreeBSD
SMB/CIFS on FreeBSD
BSD Tattoo
pkgsrc-2018Q4 branch announcement
toying with wireguard on openbsd
new USB audio class v2.0 driver
Todd Mortimer Removing ROP Gadgets from OpenBSD EuroBSDCon 2018
OpenBSD 6.5 release page is online
shell access to historical Unix versions in your browser

Err codemadness.org 70 i 32605 Err codemadness.org 70 i 32606

Err codemadness.org 70 i 32607 Err codemadness.org 70 i 32608

Feedback/Questions

Err codemadness.org 70 i 32609 Err codemadness.org 70 i 32610

Brad - ZFS Features and Upgrades
Andre - Splitting ZFS array
Michael - Priority/nice value for Jails?

Err codemadness.org 70 i 32615 Err codemadness.org 70 i 32616

Err codemadness.org 70 i 32617 Err codemadness.org 70 i 32618

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 32621 Err codemadness.org 70 i 32622

]]> Err codemadness.org 70 i 32623

Episode 278: The Real McCoy | BSD Now 278

Allan Jude — Thu, 27 Dec 2018 01:00:00 -0800

Err codemadness.org 70 i 32782 We sat down at BSDCan 2018 to interview Kirk McKusick about various topics ranging about the early years of Berkeley Unix, his continuing work on UFS, the governance of FreeBSD, and more.

Err codemadness.org 70 i 32783 Err codemadness.org 70 i 32784

##Interview - Kirk McKusick - mckusick@mckusick.com
Err codemadness.org 70 i 32785 25 years of FreeBSD

Err codemadness.org 70 i 32786 Err codemadness.org 70 i 32787

How Kirk got started in BSD, at the very beginning
Predicting the Future
How the code and community grew
The leadership of the project, and how it changed over time
UFS over the years (reading disks from 1982 in 2018)
Conferences
The rise and fall of Linux
The resurgence of FreeBSD

Err codemadness.org 70 i 32797 Err codemadness.org 70 i 32798

Err codemadness.org 70 i 32799 Err codemadness.org 70 i 32800

We want to extend a big thank you to the entire BSD community for making this show possible, and to all of our viewers for watching and providing the feedback that makes this show successful. We wish you all a happy and prosperous new year, and we’ll see you next week.

Err codemadness.org 70 i 32801 Err codemadness.org 70 i 32802

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 32805 Err codemadness.org 70 i 32806

]]> Err codemadness.org 70 i 32807

Episode 277: Nmap Level Up | BSD Now 277

Allan Jude — Mon, 24 Dec 2018 08:00:00 -0800

The Open Source midlife crisis, Donald Knuth The Yoda of Silicon Valley, Certbot For OpenBSD's httpd, how to upgrade FreeBSD from 11 to 12, level up your nmap game, NetBSD desktop, and more. Err codemadness.org 70 i 32854

##Headlines
Err codemadness.org 70 i 32855 Open Source Confronts its midlife crisis

Err codemadness.org 70 i 32856

Err codemadness.org 70 i 32857
Midlife is tough: the idealism of youth has faded, as has inevitably some of its fitness and vigor. At the same time, the responsibilities of adulthood have grown. Making things more challenging, while you are navigating the turbulence of teenagers, your own parents are likely entering life’s twilight, needing help in new ways from their adult children. By midlife, in addition to the singular joys of life, you have also likely experienced its terrible sorrows: death, heartbreak, betrayal. Taken together, the fading of youth, the growth in responsibility and the endurance of misfortune can lead to cynicism or (worse) drastic and poorly thought-out choices. Add in a little fear of mortality and some existential dread, and you have the stuff of which midlife crises are made…
Err codemadness.org 70 i 32858 I raise this not because of my own adventures at midlife, but because it is clear to me that open source — now several decades old and fully adult — is going through its own midlife crisis. This has long been in the making: for years, I (and others) have been critical of service providers’ parasitic relationship with open source, as cloud service providers turn open source software into a service offering without giving back to the communities upon which they implicitly depend. At the same time, open source has been (rightfully) entirely unsympathetic to the proprietary software models that have been burned to the ground — but also seemingly oblivious as to the larger economic waves that have buoyed them.
Err codemadness.org 70 i 32859 So it seemed like only a matter of time before the companies built around open source software would have to confront their own crisis of confidence: open source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it — and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source — the community, the positivity, the energy, the adoption, the downloads — but they also want to enjoy the fruits of proprietary software companies in software lock-in and its monopolistic rents. If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others (including CockroachDB’s Community License, MongoDB’s Server Side Public License, and Confluent’s Community License) are little better. And in particular, as it apparently needs to be said: no, “community” is not the opposite of “open source” — please stop sullying its good name by attaching it to licenses that are deliberately not open source! But even if they were more aptly named (e.g. “the restricted clause” or “the controlled use license” or — perhaps most honest of all — “the please-don’t-put-me-out-of-business-during-the-next-reInvent-keynote clause”), these licenses suffer from a serious problem: they are almost certainly asserting rights that the copyright holder doesn’t in fact have.
Err codemadness.org 70 i 32860 If I sell you a book that I wrote, I can restrict your right to read it aloud for an audience, or sell a translation, or write a sequel; these restrictions are rights afforded the copyright holder. I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine. (Lest you think that last example absurd, that’s almost verbatim the language in the new Confluent Community (sic) License.) I personally think that none of these licenses would withstand a court challenge, but I also don’t think it will come to that: because the vendors behind these licenses will surely fear that they wouldn’t survive litigation, they will deliberately avoid inviting such challenges. In some ways, this netherworld is even worse, as the license becomes a vessel for unverifiable fear of arbitrary liability.
Err codemadness.org 70 i 32861 let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.
Err codemadness.org 70 i 32862 Worse than all of this (and the reason why this madness needs to stop): licenses that are vague with respect to permitted use are corporate toxin. Any company that has been through an acquisition can speak of the peril of the due diligence license audit: the acquiring entity is almost always deep pocketed and (not unrelatedly) risk averse; the last thing that any company wants is for a deal to go sideways because of concern over unbounded liability to some third-party knuckle-head. So companies that engage in license tomfoolery are doing worse than merely not solving their own problem: they are potentially poisoning the wellspring of their own community.
Err codemadness.org 70 i 32863 in the end, open source will survive its midlife questioning just as people in midlife get through theirs: by returning to its core values and by finding rejuvenation in its communities. Indeed, we can all find solace in the fact that while life is finite, our values and our communities survive us — and that our engagement with them is our most important legacy.
Err codemadness.org 70 i 32864

Err codemadness.org 70 i 32865

See the article for the rest

Err codemadness.org 70 i 32868

Err codemadness.org 70 i 32869

###Donald Knuth - The Yoda of Silicon Valley

Err codemadness.org 70 i 32870

Err codemadness.org 70 i 32871
For half a century, the Stanford computer scientist Donald Knuth, who bears a slight resemblance to Yoda — albeit standing 6-foot-4 and wearing glasses — has reigned as the spirit-guide of the algorithmic realm.
Err codemadness.org 70 i 32872 He is the author of “The Art of Computer Programming,” a continuing four-volume opus that is his life’s work. The first volume debuted in 1968, and the collected volumes (sold as a boxed set for about $250) were included by American Scientist in 2013 on its list of books that shaped the last century of science — alongside a special edition of “The Autobiography of Charles Darwin,” Tom Wolfe’s “The Right Stuff,” Rachel Carson’s “Silent Spring” and monographs by Albert Einstein, John von Neumann and Richard Feynman.
Err codemadness.org 70 i 32873 With more than one million copies in print, “The Art of Computer Programming” is the Bible of its field. “Like an actual bible, it is long and comprehensive; no other book is as comprehensive,” said Peter Norvig, a director of research at Google. After 652 pages, volume one closes with a blurb on the back cover from Bill Gates: “You should definitely send me a résumé if you can read the whole thing.”
Err codemadness.org 70 i 32874 The volume opens with an excerpt from “McCall’s Cookbook”:
Err codemadness.org 70 i 32875

Err codemadness.org 70 i 32876

Here is your book, the one your thousands of letters have asked us to publish. It has taken us years to do, checking and rechecking countless recipes to bring you only the best, only the interesting, only the perfect.

Err codemadness.org 70 i 32877

Err codemadness.org 70 i 32878
Inside are algorithms, the recipes that feed the digital age — although, as Dr. Knuth likes to point out, algorithms can also be found on Babylonian tablets from 3,800 years ago. He is an esteemed algorithmist; his name is attached to some of the field’s most important specimens, such as the Knuth-Morris-Pratt string-searching algorithm. Devised in 1970, it finds all occurrences of a given word or pattern of letters in a text — for instance, when you hit Command+F to search for a keyword in a document.
Err codemadness.org 70 i 32879 Now 80, Dr. Knuth usually dresses like the youthful geek he was when he embarked on this odyssey: long-sleeved T-shirt under a short-sleeved T-shirt, with jeans, at least at this time of year. In those early days, he worked close to the machine, writing “in the raw,” tinkering with the zeros and ones.
Err codemadness.org 70 i 32880

Err codemadness.org 70 i 32881

See the article for the rest

Err codemadness.org 70 i 32884

Err codemadness.org 70 i 32885

##News Roundup
Err codemadness.org 70 i 32886 Let’s Encrypt: Certbot For OpenBSD’s httpd

Err codemadness.org 70 i 32887

Intro

Err codemadness.org 70 i 32890

Err codemadness.org 70 i 32891
Let’s Encrypt is “a free, automated, and open Certificate Authority”.
Err codemadness.org 70 i 32892 Certbot is “an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server”, well known as “the official Let’s Encrypt client”.
Err codemadness.org 70 i 32893 I remember well how excited I felt when I read Let’s Encrypt’s “Our First Certificate Is Now Live” in 2015.
Err codemadness.org 70 i 32894 How wonderful the goal of them is; it’s to “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free” “to create a more secure and privacy-respecting Web”!
Err codemadness.org 70 i 32895 Since this year, they have begun to support even ACME v2 and Wildcard Certificate!
Err codemadness.org 70 i 32896 Well, in OpenBSD as well as other operating systems, it’s easy and comfortable to have their big help 😊
Err codemadness.org 70 i 32897

Err codemadness.org 70 i 32898

Environment
OS: OpenBSD 6.4 amd64
Web Server: OpenBSD’s httpd
Certification: Let’s Encrypt with Certbot 0.27
Reference: OpenBSD’s httpd

Err codemadness.org 70 i 32905

Err codemadness.org 70 i 32906

###FreeBSD 12 released: Here is how to upgrade FreeBSD 11 to 12

Err codemadness.org 70 i 32907

Err codemadness.org 70 i 32908
The FreeBSD project announces the availability of FreeBSD 12.0-RELEASE. It is the first release of the stable/12 branch. The new version comes with updated software and features for a wild variety of architectures. The latest release provides performance improvements and better support for FreeBSD jails and more. One can benefit greatly using an upgraded version of FreeBSD.
Err codemadness.org 70 i 32909

Err codemadness.org 70 i 32910

Err codemadness.org 70 i 32911
FreeBSD 12.0 supports amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. One can run it on a standalone server or desktop system. Another option is to run it on Raspberry PI computer. FreeBSD 12 also runs on popular cloud service providers such as AWS EC2/Lightsail or Google compute VM.
Err codemadness.org 70 i 32912

Err codemadness.org 70 i 32913

Err codemadness.org 70 i 32915
New features and highlights:
Err codemadness.org 70 i 32916
Err codemadness.org 70 i 32918
OpenSSL version 1.1.1a (LTS)
Err codemadness.org 70 i 32919
Err codemadness.org 70 i 32921
OpenSSH server 7.8p1
Err codemadness.org 70 i 32922
Err codemadness.org 70 i 32924
Unbound server 1.8.1
Err codemadness.org 70 i 32925
Err codemadness.org 70 i 32927
Clang and co 6.0.1
Err codemadness.org 70 i 32928
Err codemadness.org 70 i 32930
The FreeBSD installer supports EFI+GELI as an installation option
Err codemadness.org 70 i 32931
Err codemadness.org 70 i 32933
VIMAGE FreeBSD kernel configuration option has been enabled by default. VIMAGE was the main reason I custom compiled FreeBSD for the last few years. No more custom compile for me.
Err codemadness.org 70 i 32934
Err codemadness.org 70 i 32936
Graphics drivers for modern ATI/AMD and Intel graphics cards are now available in the FreeBSD ports collection
Err codemadness.org 70 i 32937
Err codemadness.org 70 i 32939
ZFS has been updated to include new sysctl(s), vfs.zfs.arcminprefetchms and vfs.zfs.arcminprescientprefetchms, which improve performance of the zpool scrub subcommand
Err codemadness.org 70 i 32940
Err codemadness.org 70 i 32942
The pf packet filter is now usable within a jail using vnet
Err codemadness.org 70 i 32943
Err codemadness.org 70 i 32945
KDE updated to version 5.12.5
Err codemadness.org 70 i 32946
Err codemadness.org 70 i 32948
The NFS version 4.1 includes pNFS server support
Err codemadness.org 70 i 32949
Err codemadness.org 70 i 32951
Perl 5.26.2
Err codemadness.org 70 i 32952
Err codemadness.org 70 i 32954
The default PAGER now defaults to less for most commands
Err codemadness.org 70 i 32955
Err codemadness.org 70 i 32957
The dd utility has been updated to add the status=progress option to match GNU/Linux dd command to show progress bar while running dd
Err codemadness.org 70 i 32958
Err codemadness.org 70 i 32960
FreeBSD now supports ext4 for read/write operation
Err codemadness.org 70 i 32961
Err codemadness.org 70 i 32963
Python 2.7
Err codemadness.org 70 i 32964
Err codemadness.org 70 i 32966
much more
Err codemadness.org 70 i 32967

Err codemadness.org 70 i 32969

Err codemadness.org 70 i 32970

###Six Ways to Level Up Your nmap Game

Err codemadness.org 70 i 32971

Err codemadness.org 70 i 32972
nmap is a network exploration tool and security / port scanner.
Err codemadness.org 70 i 32973 If you’ve heard of it, and you’re like me, you’ve most likely used it like this:
Err codemadness.org 70 i 32974 ie, you’ve pointed it at an IP address and observed the output which tells you the open ports on a host.
Err codemadness.org 70 i 32975 I used nmap like this for years, but only recently grokked the manual to see what else it could do. Here’s a quick look and some of the more useful things I found out.
Err codemadness.org 70 i 32976

Err codemadness.org 70 i 32977

Err codemadness.org 70 i 32979
1. Scan a Network
Err codemadness.org 70 i 32982
Err codemadness.org 70 i 32984
1. Scan All Ports
Err codemadness.org 70 i 32987
Err codemadness.org 70 i 32989
1. Get service versions
Err codemadness.org 70 i 32992
Err codemadness.org 70 i 32994
1. Use -A for more data
Err codemadness.org 70 i 32997
Err codemadness.org 70 i 32999
1. Find out what nmap is up to
Err codemadness.org 70 i 33002
Err codemadness.org 70 i 33004
1. Script your own scans with NSE
Err codemadness.org 70 i 33007

Err codemadness.org 70 i 33009

Err codemadness.org 70 i 33010

###[NetBSD Desktop]

Err codemadness.org 70 i 33011

Part 1: Manual NetBSD installation on GPT/UEFI
NetBSD desktop pt.2: Set up wireless networking on NetBSD with wpasupplicant and dhcpcd
Part 3: Simple stateful firewall with NPF
Part 4: 4: The X Display Manager (XDM)
Part 5: automounting with Berkeley am-utils

Err codemadness.org 70 i 33018

Err codemadness.org 70 i 33019

##Beastie Bits

Err codemadness.org 70 i 33020

Call For Testing: ZFS on FreeBSD Project
DragonFlyBSD 5.4.1 release within a week
You Can’t Opt Out of the Patent System. That’s Why Patent Pandas Was Created!
Announcing Yggdrasil Network v0.3
OpenBSD Network Engineer Job listing
FreeBSD 12.0 Stable Version Released!
LibreSSL 2.9.0 released
Live stream test: Sgi Octane light bar repair / soldering!
Configure a FreeBSD Email Server Using Postfix, Dovecot, MySQL, DAVICAL and SpamAssassin
Berkeley smorgasbord
FOSDEM BSD Devroom schedule

Err codemadness.org 70 i 33033

Err codemadness.org 70 i 33034

##Feedback/Questions

Err codemadness.org 70 i 33035

Warren - Ep.273: OpenZFS on OS X
cogoman - tarsnap security and using SSDs in raid
Andrew - Portland BSD Pizza Night

Err codemadness.org 70 i 33040

Err codemadness.org 70 i 33041

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 33044

Err codemadness.org 70 i 33045

Episode 276: Ho, Ho, Ho - 12.0 | BSD Now 276

Allan Jude — Thu, 13 Dec 2018 01:15:00 -0800

FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more. Err codemadness.org 70 i 33524

##Headlines
Err codemadness.org 70 i 33525 FreeBSD 12.0 is available

Err codemadness.org 70 i 33526

After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available.
We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes

Err codemadness.org 70 i 33530

Err codemadness.org 70 i 33531
Userland:
Err codemadness.org 70 i 33532 Group permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system.
Err codemadness.org 70 i 33533 The default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8).
Err codemadness.org 70 i 33534 The default PAGER now defaults to less(1) for most commands.
Err codemadness.org 70 i 33535 The newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files.
Err codemadness.org 70 i 33536 The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default.
Err codemadness.org 70 i 33537 A new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds.
Err codemadness.org 70 i 33538 Userland applications:
Err codemadness.org 70 i 33539 The dtrace(1) utility has been updated to support if and else statements.
Err codemadness.org 70 i 33540 The legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64.
Err codemadness.org 70 i 33541 The setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories.
Err codemadness.org 70 i 33542 The geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key.
Err codemadness.org 70 i 33543 The dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1).
Err codemadness.org 70 i 33544 The date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting.
Err codemadness.org 70 i 33545 The bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm.
Err codemadness.org 70 i 33546 The bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively.
Err codemadness.org 70 i 33547 The tftp(1) utility has been updated to change the default transfer mode from ASCII to binary.
Err codemadness.org 70 i 33548 The chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively.
Err codemadness.org 70 i 33549 Kernel:
Err codemadness.org 70 i 33550 The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.
Err codemadness.org 70 i 33551 The amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges.
Err codemadness.org 70 i 33552 The amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs.
Err codemadness.org 70 i 33553 Kernel Configuration:
Err codemadness.org 70 i 33554 The VIMAGE kernel configuration option has been enabled by default.
Err codemadness.org 70 i 33555 The dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information.
Err codemadness.org 70 i 33556 The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations.
Err codemadness.org 70 i 33557 Device Drivers:
Err codemadness.org 70 i 33558 The random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm.
Err codemadness.org 70 i 33559 The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.
Err codemadness.org 70 i 33560 Deprecated Drivers:
Err codemadness.org 70 i 33561 The lmc(4) driver has been removed.
Err codemadness.org 70 i 33562 The ixgb(4) driver has been removed.
Err codemadness.org 70 i 33563 The nxge(4) driver has been removed.
Err codemadness.org 70 i 33564 The vxge(4) driver has been removed.
Err codemadness.org 70 i 33565 The jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4).
Err codemadness.org 70 i 33566 The DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended.
Err codemadness.org 70 i 33567 The following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4)
Err codemadness.org 70 i 33568 Storage:
Err codemadness.org 70 i 33569 The UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2.
Err codemadness.org 70 i 33570 The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously.
Err codemadness.org 70 i 33571 TRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5).
Err codemadness.org 70 i 33572 NFS:
Err codemadness.org 70 i 33573 The NFS version 4.1 server has been updated to include pNFS server support.
Err codemadness.org 70 i 33574 ZFS:
Err codemadness.org 70 i 33575 ZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand.
Err codemadness.org 70 i 33576 The new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps.
Err codemadness.org 70 i 33577 The large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x
Err codemadness.org 70 i 33578 Many bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs.
Err codemadness.org 70 i 33579 Includes the fix for PR 229614 that could cause processes to hang in zil_commit()
Err codemadness.org 70 i 33580 Boot Loader Changes:
Err codemadness.org 70 i 33581 The lua loader(8) has been updated to detect a list of installed kernels to boot.
Err codemadness.org 70 i 33582 The loader(8) has been updated to support geli(8) for all architectures and all disk-like devices.
Err codemadness.org 70 i 33583 The loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process.
Err codemadness.org 70 i 33584
Networking:
Err codemadness.org 70 i 33585 The pf(4) packet filter is now usable within a jail(8) using vnet(9).
Err codemadness.org 70 i 33586 The pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements.
Err codemadness.org 70 i 33587 The SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function.
Err codemadness.org 70 i 33588

Err codemadness.org 70 i 33589

Again, read the release notes for a full list, check out the errata notices. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated!

Err codemadness.org 70 i 33592

Err codemadness.org 70 i 33593

###Abandon Linux. Move to FreeBSD or Illumos

Err codemadness.org 70 i 33594

Err codemadness.org 70 i 33595
If you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why.
Err codemadness.org 70 i 33596 Is your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos.
Err codemadness.org 70 i 33597 I bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly.
Err codemadness.org 70 i 33598 And here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share.
Err codemadness.org 70 i 33599 You have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success.
Err codemadness.org 70 i 33600 But why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator.
Err codemadness.org 70 i 33601 To start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager.
Err codemadness.org 70 i 33602 Jails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those.
Err codemadness.org 70 i 33603 There are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty.
Err codemadness.org 70 i 33604 I have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations.
Err codemadness.org 70 i 33605 But here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail.
Err codemadness.org 70 i 33606 How can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail.
Err codemadness.org 70 i 33607 Want to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability?
Err codemadness.org 70 i 33608 Are you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you.
Err codemadness.org 70 i 33609 But what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages.
Err codemadness.org 70 i 33610 But FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips.
Err codemadness.org 70 i 33611 I am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI.
Err codemadness.org 70 i 33612 You say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too.
Err codemadness.org 70 i 33613 If you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs.
Err codemadness.org 70 i 33614 In conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems.
Err codemadness.org 70 i 33615 Still not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all?
Err codemadness.org 70 i 33616 PS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it.
Err codemadness.org 70 i 33617

Err codemadness.org 70 i 33618

Err codemadness.org 70 i 33619

###A partly-cloudy IPsec VPN

Err codemadness.org 70 i 33620

Audience

Err codemadness.org 70 i 33623

Err codemadness.org 70 i 33624
I’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas.
Err codemadness.org 70 i 33625

Err codemadness.org 70 i 33626

Overview

Err codemadness.org 70 i 33629

Err codemadness.org 70 i 33630
I’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are:
Err codemadness.org 70 i 33631

Err codemadness.org 70 i 33632

VPN
Road-warrior access, so I can use private network resources from anywhere.
A site-to-site VPN, extending my home network to my VPSes.
Hosting for public and private network services.
A proxy service to provide a public IP address to services hosted at home.

Err codemadness.org 70 i 33639

Err codemadness.org 70 i 33640
The last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services.
Err codemadness.org 70 i 33641 I’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on.
Err codemadness.org 70 i 33642 Since this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router.
Err codemadness.org 70 i 33643 The VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit.
Err codemadness.org 70 i 33644

Err codemadness.org 70 i 33645

The end-state network should look like: https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg

Err codemadness.org 70 i 33648

Err codemadness.org 70 i 33649
This VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering.
Err codemadness.org 70 i 33650 Once traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry.
Err codemadness.org 70 i 33651

Err codemadness.org 70 i 33652

Err codemadness.org 70 i 33653

##News Roundup
Err codemadness.org 70 i 33654 KLEAK: Practical Kernel Memory Disclosure Detection

Err codemadness.org 70 i 33655

Err codemadness.org 70 i 33656
Modern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space. Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it.
Err codemadness.org 70 i 33657 We introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort.
Err codemadness.org 70 i 33658 Our approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total, we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures.
Err codemadness.org 70 i 33659 The remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper.
Err codemadness.org 70 i 33660

Err codemadness.org 70 i 33661

Err codemadness.org 70 i 33662

###How To Create Official Synth Repo

Err codemadness.org 70 i 33663

Err codemadness.org 70 i 33665
System Environment
Err codemadness.org 70 i 33666
Err codemadness.org 70 i 33668
Make sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft.
Err codemadness.org 70 i 33669
Err codemadness.org 70 i 33671
Make sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth.
Err codemadness.org 70 i 33672
Err codemadness.org 70 i 33674
Make sure /etc/make.conf is clean.
Err codemadness.org 70 i 33675
Err codemadness.org 70 i 33677
Update /usr/src to the current master, make sure there is no cruft in it
Err codemadness.org 70 i 33678
Err codemadness.org 70 i 33680
Do a full buildworld, buildkernel, installkernel and installworld
Err codemadness.org 70 i 33681
Err codemadness.org 70 i 33683
Reboot
Err codemadness.org 70 i 33684
Err codemadness.org 70 i 33686
After the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel.
Err codemadness.org 70 i 33687
Err codemadness.org 70 i 33689
Synth Environment
Err codemadness.org 70 i 33690
Err codemadness.org 70 i 33692
/usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file.
Err codemadness.org 70 i 33693
Err codemadness.org 70 i 33695
System requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem.
Err codemadness.org 70 i 33696
Err codemadness.org 70 i 33698
synth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less.
Err codemadness.org 70 i 33699

Err codemadness.org 70 i 33701

; Take care when hand editing!
Err codemadness.org 70 i 33702
Err codemadness.org 70 i 33703 [Global Configuration]
Err codemadness.org 70 i 33704 profileselected= LiveSystem
Err codemadness.org 70 i 33705
Err codemadness.org 70 i 33706 [LiveSystem]
Err codemadness.org 70 i 33707 Operatingsystem= DragonFly
Err codemadness.org 70 i 33708 Directorypackages= /build/synth/livepackages
Err codemadness.org 70 i 33709 Directoryrepository= /build/synth/livepackages/All
Err codemadness.org 70 i 33710 Directoryportsdir= /build/synth/dports
Err codemadness.org 70 i 33711 Directoryoptions= /build/synth/options
Err codemadness.org 70 i 33712 Directorydistfiles= /usr/distfiles
Err codemadness.org 70 i 33713 Directorybuildbase= /build/synth/build
Err codemadness.org 70 i 33714 Directorylogs= /build/synth/logs
Err codemadness.org 70 i 33715 Directoryccache= disabled
Err codemadness.org 70 i 33716 Directorysystem= /
Err codemadness.org 70 i 33717 Numberofbuilders= 30
Err codemadness.org 70 i 33718 Maxjobsperbuilder= 30
Err codemadness.org 70 i 33719 Tmpfsworkdir= true
Err codemadness.org 70 i 33720 Tmpfslocalbase= true
Err codemadness.org 70 i 33721 Displaywithncurses= true
Err codemadness.org 70 i 33722 leverageprebuilt= false

Err codemadness.org 70 i 33723

LiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package:

Err codemadness.org 70 i 33726

LICENSESACCEPTED= NONE

Err codemadness.org 70 i 33727

Err codemadness.org 70 i 33729
Make sure there is no other cruft in /usr/local/etc/synth/
Err codemadness.org 70 i 33730
Err codemadness.org 70 i 33732
In the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch:
Err codemadness.org 70 i 33733

Err codemadness.org 70 i 33735

rm -rf /build/synth/livepackages/*
Err codemadness.org 70 i 33736 rm -rf /build/synth/logs
Err codemadness.org 70 i 33737 mkdir /build/synth/logs

Err codemadness.org 70 i 33738

Run synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine).

Err codemadness.org 70 i 33741

(optionally start a screen session)
Err codemadness.org 70 i 33742 synth everything

Err codemadness.org 70 i 33743

A full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off.
When synth finishes, let it rebuild the database. You then have a working binary repo.
It is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build.

Err codemadness.org 70 i 33748

Err codemadness.org 70 i 33749

###Interview with founder and maintainer of GhostBSD, Eric Turgeon

Err codemadness.org 70 i 33750

Thanks you Eric for taking part. To start off, could you tell us a little about yourself, just a bit of background?
How did you become interested in open source?
When and how did you get interested in the BSD operating systems?
On your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job?
You are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it?
Developing an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time?
How did you get to the name GhostBSD? Did you consider any other names?
You recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1?
The current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release
Can you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page.
How about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled?
What was the biggest challenge during development?
If you had to pick one feature readers should check out in GhostBSD, what is it and why?
What is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems?
What is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences?
Where does GhostBSD go from here? What are your plans for 2019?
Is there anything else that wasn’t asked or that you want to share?

Err codemadness.org 70 i 33769

Err codemadness.org 70 i 33770

##Beastie Bits

Err codemadness.org 70 i 33771

dialog(1) script to select audio output on FreeBSD
Erlang otp on OpenBSD
Capsicum
https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html
Introduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime
pkgsrcCon 2018 in Berlin - Videos
Getting started with drm-kmod

Err codemadness.org 70 i 33780

Err codemadness.org 70 i 33781

##Feedback/Questions

Err codemadness.org 70 i 33782

Malcolm - Show segment idea
Fraser - Question: FreeBSD official binary package options
Harri - BSD Magazine

Err codemadness.org 70 i 33787

Err codemadness.org 70 i 33788

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 33791

Err codemadness.org 70 i 33792

Episode 275: OpenBSD in Stereo | BSD Now 275

Allan Jude — Sun, 09 Dec 2018 01:00:00 -0800

Err codemadness.org 70 i 34691 DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more.

Err codemadness.org 70 i 34692 Err codemadness.org 70 i 34693

Headlines

Err codemadness.org 70 i 34694 Err codemadness.org 70 i 34695

DragonflyBSD 5.4 released

Err codemadness.org 70 i 34696 Err codemadness.org 70 i 34697

DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. Err codemadness.org 70 i 34698 The details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0.

Err codemadness.org 70 i 34699 Err codemadness.org 70 i 34700

Big-ticket items
Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs).
Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth.
Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8.
Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys.
GCC 8
DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports.
GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility.
Many passes through world sources were made to address various warnings and errors the new GCC brought with it.
HAMMER2
HAMMER2 is recommended as the default root filesystem in non-clustered mode.
Clustered support is not yet available.
Increased bulkfree cache to reduce the number of iterations required.
Fixed numerous bugs.
Improved support on low-memory machines.
Significant pre-work on the XOP API to help support future networked operations.
Details
Checksums Err codemadness.org 70 i 34719 MD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f Err codemadness.org 70 i 34720 MD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408 Err codemadness.org 70 i 34721 MD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1 Err codemadness.org 70 i 34722 MD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499
Downloads Links

Err codemadness.org 70 i 34725 Err codemadness.org 70 i 34726

DragonFly BSD is 64-bit only, as announced during the 3.8 release.

Err codemadness.org 70 i 34727 Err codemadness.org 70 i 34728

USB: dfly-x86_64-5.4.0_REL.img as bzip2 file
ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file
Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.)

Err codemadness.org 70 i 34733 Err codemadness.org 70 i 34734

Err codemadness.org 70 i 34735 Err codemadness.org 70 i 34736

Down the Gopher hole with OpenBSD, Gophernicus, and TLS

Err codemadness.org 70 i 34737 Err codemadness.org 70 i 34738

In the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (>Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there.

Err codemadness.org 70 i 34739 Err codemadness.org 70 i 34740

Like cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor.

Err codemadness.org 70 i 34741 Err codemadness.org 70 i 34742

Before the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole!

Err codemadness.org 70 i 34743 Err codemadness.org 70 i 34744

Gophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited.

Err codemadness.org 70 i 34745 Err codemadness.org 70 i 34746

If you need a starting point with Gopher, SDF-EU’s wiki has a good article here.

Err codemadness.org 70 i 34747 Err codemadness.org 70 i 34748

https://sdfeu.org/w/tutorials:gopher

Err codemadness.org 70 i 34751 Err codemadness.org 70 i 34752

Finally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic!

Err codemadness.org 70 i 34753 Err codemadness.org 70 i 34754

https://cryogenix.net/NCSA_Mosaic_OpenBSD.html

Err codemadness.org 70 i 34757 Err codemadness.org 70 i 34758

I’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use.

Err codemadness.org 70 i 34759 Err codemadness.org 70 i 34760

https://github.com/0x16h/gophernicus
https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd

Err codemadness.org 70 i 34764 Err codemadness.org 70 i 34765

Err codemadness.org 70 i 34766 Err codemadness.org 70 i 34767

News Roundup

Err codemadness.org 70 i 34768 Err codemadness.org 70 i 34769

OpenBSD in Stereo with Linux VFIO

Err codemadness.org 70 i 34770 Err codemadness.org 70 i 34771

I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker. Err codemadness.org 70 i 34772 Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.

Err codemadness.org 70 i 34773 Err codemadness.org 70 i 34774

VFIO

Err codemadness.org 70 i 34777 Err codemadness.org 70 i 34778

The Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU. Err codemadness.org 70 i 34779 To my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows. Err codemadness.org 70 i 34780 By using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device.

Err codemadness.org 70 i 34781 Err codemadness.org 70 i 34782

Using VFIO

Err codemadness.org 70 i 34785 Err codemadness.org 70 i 34786

To use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub Err codemadness.org 70 i 34787 With the audio device stubbed out, a new VFIO device can be created from it Err codemadness.org 70 i 34788 Then the VFIO device (00:1f.3) can be passed to QEMU Err codemadness.org 70 i 34789 I was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them). Err codemadness.org 70 i 34790 Since I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state. Err codemadness.org 70 i 34791 QEMU will now log each VFIO event which gets saved to a debug-output file. Err codemadness.org 70 i 34792 With a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker. Err codemadness.org 70 i 34793 One strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD.

Err codemadness.org 70 i 34794 Err codemadness.org 70 i 34795

A Primer on Intel HDA Err codemadness.org 70 i 34796 Most modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec. Err codemadness.org 70 i 34797 On OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default. Err codemadness.org 70 i 34798 The azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port. Err codemadness.org 70 i 34799 The newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers. Err codemadness.org 70 i 34800 While reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing. Err codemadness.org 70 i 34801 For speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB. Err codemadness.org 70 i 34802 When the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results. Err codemadness.org 70 i 34803 Since the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU.

Err codemadness.org 70 i 34804 Err codemadness.org 70 i 34805

Logging DMA Memory Values in QEMU

Err codemadness.org 70 i 34808 Err codemadness.org 70 i 34809

Since DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring. Err codemadness.org 70 i 34810 My custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier. Err codemadness.org 70 i 34811 With this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec: Err codemadness.org 70 i 34812 An early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen. Err codemadness.org 70 i 34813 Sure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time.

Err codemadness.org 70 i 34814 Err codemadness.org 70 i 34815

Minimizing the Magic

Err codemadness.org 70 i 34818 Err codemadness.org 70 i 34819

The full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error:

Err codemadness.org 70 i 34820 Err codemadness.org 70 i 34821

Boot OpenBSD with the full list of CORB commands in the azalia driver
Comment out a group of them
Compile kernel and install it, halt the QEMU guest
Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well)
Start QEMU, boot OpenBSD with the new kernel
Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play

Err codemadness.org 70 i 34829 Err codemadness.org 70 i 34830

This required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker.

Err codemadness.org 70 i 34831 Err codemadness.org 70 i 34832

The Result

Err codemadness.org 70 i 34835 Err codemadness.org 70 i 34836

After about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong. Err codemadness.org 70 i 34837 In any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one. Err codemadness.org 70 i 34838 Due to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about. Err codemadness.org 70 i 34839 I’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it.

Err codemadness.org 70 i 34840 Err codemadness.org 70 i 34841

Err codemadness.org 70 i 34842 Err codemadness.org 70 i 34843

Why BSD/OS is the best candidate for being the only tested legally open UNIX

Err codemadness.org 70 i 34844 Err codemadness.org 70 i 34845

Introduction

Err codemadness.org 70 i 34848 Err codemadness.org 70 i 34849

The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed.

Err codemadness.org 70 i 34850 Err codemadness.org 70 i 34851

Ancient UNIX

Err codemadness.org 70 i 34854 Err codemadness.org 70 i 34855

The term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT&T at the time. It was later transferred of the AT&T UNIX Support Group, then AT&T Information Systems and finally the AT&T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany. Err codemadness.org 70 i 34856 In a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT&T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain. Err codemadness.org 70 i 34857 The situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT&T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1). Err codemadness.org 70 i 34858 Note that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294). Err codemadness.org 70 i 34859 In Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19). Err codemadness.org 70 i 34860 Thus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here. Err codemadness.org 70 i 34861 So how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license. Err codemadness.org 70 i 34862 I’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces: Err codemadness.org 70 i 34863 the base Asset Purchase Agreement “APA” (Part I) Err codemadness.org 70 i 34864 the base Asset Purchase Agreement “APA” (Part II) Err codemadness.org 70 i 34865 the Operating Agremeent and Amendment 1 to the APA Err codemadness.org 70 i 34866 the Amendment 2 to the APA Err codemadness.org 70 i 34867 The APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it. Err codemadness.org 70 i 34868 The first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V.

Err codemadness.org 70 i 34869 Err codemadness.org 70 i 34870

BSD/OS

Err codemadness.org 70 i 34873 Err codemadness.org 70 i 34874

Another operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright. Err codemadness.org 70 i 34875 BSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ. Err codemadness.org 70 i 34876 To truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing.

Err codemadness.org 70 i 34877 Err codemadness.org 70 i 34878

System V

Err codemadness.org 70 i 34881 Err codemadness.org 70 i 34882

The fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V. Err codemadness.org 70 i 34883 Obviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives.

Err codemadness.org 70 i 34884 Err codemadness.org 70 i 34885

Newer Research UNIX

Err codemadness.org 70 i 34888 Err codemadness.org 70 i 34889

The fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017. Err codemadness.org 70 i 34890 However, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code.

Err codemadness.org 70 i 34891 Err codemadness.org 70 i 34892

Conclusion Err codemadness.org 70 i 34894 In the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds.

Err codemadness.org 70 i 34896 Err codemadness.org 70 i 34897

A small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing.

Err codemadness.org 70 i 34898 Err codemadness.org 70 i 34899

Err codemadness.org 70 i 34900 Err codemadness.org 70 i 34901

OpenBGPD - Adding Diversity to the Route Server Landscape

Err codemadness.org 70 i 34902 Err codemadness.org 70 i 34903

Introduction

Err codemadness.org 70 i 34906 Err codemadness.org 70 i 34907

As of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. NIC.CZ (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC. Err codemadness.org 70 i 34908 OpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level.

Err codemadness.org 70 i 34909 Err codemadness.org 70 i 34910

Missing features in OpenBGPD

Err codemadness.org 70 i 34913 Err codemadness.org 70 i 34914

The following main missing features were identified in OpenBGPD:

Err codemadness.org 70 i 34915 Err codemadness.org 70 i 34916

Performance

Err codemadness.org 70 i 34919 Err codemadness.org 70 i 34920

In previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled.

Err codemadness.org 70 i 34921 Err codemadness.org 70 i 34922

Lack of RPKI Origin Validation

Err codemadness.org 70 i 34925 Err codemadness.org 70 i 34926

As we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself.

Err codemadness.org 70 i 34927 Err codemadness.org 70 i 34928

Portability

Err codemadness.org 70 i 34931 Err codemadness.org 70 i 34932

OpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option.

Err codemadness.org 70 i 34933 Err codemadness.org 70 i 34934

Development steps

Err codemadness.org 70 i 34937 Err codemadness.org 70 i 34938

By addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation. Err codemadness.org 70 i 34939 Since I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD.

Err codemadness.org 70 i 34940 Err codemadness.org 70 i 34941

OpenBGPD 6.4

Err codemadness.org 70 i 34944 Err codemadness.org 70 i 34945

The OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing!

Err codemadness.org 70 i 34946 Err codemadness.org 70 i 34947

Feature highlights

Err codemadness.org 70 i 34950 Err codemadness.org 70 i 34951

The following changes should be highlighted:

Err codemadness.org 70 i 34952 Err codemadness.org 70 i 34953

Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers.
BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds.
Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently.
Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently. Err codemadness.org 70 i 34958 Introduction of origin-sets
Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources.
Improving third party tools

Err codemadness.org 70 i 34962 Err codemadness.org 70 i 34963

Users can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD.

Err codemadness.org 70 i 34964 Err codemadness.org 70 i 34965

bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features.
arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable.
What still needs to be done

Err codemadness.org 70 i 34970 Err codemadness.org 70 i 34971

A sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point.

Err codemadness.org 70 i 34972 Err codemadness.org 70 i 34973

Looking forward
Job Snijders oversaw this year’s fundraising and project management, he adds:

Err codemadness.org 70 i 34977 Err codemadness.org 70 i 34978

It’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements.

Err codemadness.org 70 i 34979 Err codemadness.org 70 i 34980

Err codemadness.org 70 i 34981 Err codemadness.org 70 i 34982

Beastie Bits

Err codemadness.org 70 i 34983 Err codemadness.org 70 i 34984

DragonFly - git: annotated tag v5.5.0 created
Torchlight 2 on NetBSD
Older, but still good USENIX Login Article on Capsicum
The Super Capsicumizer 9000
Dedicated and Virtual Server PXE provisioning tool
Cirrus CI have announced FreeBSD support
NetBSD PineBook Gameplay
BSDCan 2019 CfP is out
Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th

Err codemadness.org 70 i 34995 Err codemadness.org 70 i 34996

Err codemadness.org 70 i 34997 Err codemadness.org 70 i 34998

Feedback/Questions

Err codemadness.org 70 i 34999 Err codemadness.org 70 i 35000

Malcom - Installing Drivers in Development
Samir - Introduction to ZFS
Newnix - Drive Failures

Err codemadness.org 70 i 35005 Err codemadness.org 70 i 35006

Err codemadness.org 70 i 35007 Err codemadness.org 70 i 35008

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 35011 Err codemadness.org 70 i 35012

]]> Err codemadness.org 70 i 35013

Episode 274: Language: Assembly | BSD Now 274

Allan Jude — Wed, 28 Nov 2018 23:00:00 -0800

Assembly language on OpenBSD, using bhyve for FreeBSD development, FreeBSD Gaming, FreeBSD for Thanksgiving, no space left on Dragonfly’s hammer2, and more. Err codemadness.org 70 i 35357

##Headlines
Err codemadness.org 70 i 35358 Assembly language on OpenBSD amd64+arm64

Err codemadness.org 70 i 35359

Err codemadness.org 70 i 35360
This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.
Err codemadness.org 70 i 35361

Err codemadness.org 70 i 35362

Err codemadness.org 70 i 35363
OpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.
Err codemadness.org 70 i 35364

Err codemadness.org 70 i 35365

Err codemadness.org 70 i 35366
Within the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables - OpenBSD looks for this section to check if it should attempt to execute the program or not.
Err codemadness.org 70 i 35367

Err codemadness.org 70 i 35368

Our first program: in C!

Err codemadness.org 70 i 35371

Err codemadness.org 70 i 35372
It’s often a good idea to prototype your assembly programs in a high level language such as C - it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.
Err codemadness.org 70 i 35373

Err codemadness.org 70 i 35374

See the article for the rest on:
Our first program: in x86-64 Asm (AT&T/GAS syntax)
Our first program: in inline x86-64 assembly
Our first program: in x86-64 asm (NASM syntax)
Our first program: in ARMv8 AArch64 assembly

Err codemadness.org 70 i 35381

Err codemadness.org 70 i 35382

###Using bhyve for FreeBSD Development

Err codemadness.org 70 i 35383

The Hypervisor

Err codemadness.org 70 i 35386

Err codemadness.org 70 i 35387
The bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization. This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent
Err codemadness.org 70 i 35388 processor. The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.
Err codemadness.org 70 i 35389 The hypervisor itself contains both user and kernel components. The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime. It must
Err codemadness.org 70 i 35390 be loaded before any guests can be created. When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.
Err codemadness.org 70 i 35391 The primary user component is the bhyve(8) program. It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices. It also calls the kernel driver to execute the guest. Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.
Err codemadness.org 70 i 35392 Currently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI). Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point. For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution. Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.
Err codemadness.org 70 i 35393 The bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests. Support for 32-bit guests will be included in FreeBSD 10.1.
Err codemadness.org 70 i 35394

Err codemadness.org 70 i 35395

Err codemadness.org 70 i 35397
See the article for the very technical breakdown of the following:
Err codemadness.org 70 i 35398
Err codemadness.org 70 i 35400
Network Setup
Err codemadness.org 70 i 35401
Err codemadness.org 70 i 35403
Bridged Configuration
Err codemadness.org 70 i 35404
Err codemadness.org 70 i 35406
Private Network with NAT
Err codemadness.org 70 i 35407
Err codemadness.org 70 i 35409
Using dnsmasq with a Private Network
Err codemadness.org 70 i 35410
Err codemadness.org 70 i 35412
Running Guests via vmrun.sh
Err codemadness.org 70 i 35413
Err codemadness.org 70 i 35415
Configuring Guests
Err codemadness.org 70 i 35416
Err codemadness.org 70 i 35418
Using a bhyve Guest as a Target
Err codemadness.org 70 i 35419
Err codemadness.org 70 i 35421
Conclusion
Err codemadness.org 70 i 35422

Err codemadness.org 70 i 35424

Err codemadness.org 70 i 35425
The bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox. Guests can be used both to develop new features and to test merges to stable branches. The hypervisor has a wide variety of uses beyond developing FreeBSD as well.
Err codemadness.org 70 i 35426

Err codemadness.org 70 i 35427

Err codemadness.org 70 i 35428

##News Roundup
Err codemadness.org 70 i 35429 Games on FreeBSD

Err codemadness.org 70 i 35430

Err codemadness.org 70 i 35431
What do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.
Err codemadness.org 70 i 35432

Err codemadness.org 70 i 35433

XNA based games

Err codemadness.org 70 i 35436

Err codemadness.org 70 i 35437
One of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.
Err codemadness.org 70 i 35438 I decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.
Err codemadness.org 70 i 35439

Err codemadness.org 70 i 35440

Err codemadness.org 70 i 35441
I didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:
Err codemadness.org 70 i 35442

Err codemadness.org 70 i 35443

Err codemadness.org 70 i 35445
Cryptark
Err codemadness.org 70 i 35446
Err codemadness.org 70 i 35448
Rouge Legacy
Err codemadness.org 70 i 35449
Err codemadness.org 70 i 35451
Apotheon
Err codemadness.org 70 i 35452
Err codemadness.org 70 i 35454
Escape Goat
Err codemadness.org 70 i 35455
Err codemadness.org 70 i 35457
Bastion
Err codemadness.org 70 i 35458
Err codemadness.org 70 i 35460
CrossCode
Err codemadness.org 70 i 35461
Err codemadness.org 70 i 35463
Atom Zombie Smasher
Err codemadness.org 70 i 35464
Err codemadness.org 70 i 35466
Open-Source games
Err codemadness.org 70 i 35467

Err codemadness.org 70 i 35469

Err codemadness.org 70 i 35470
In FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: # pkg install ioquake3
Err codemadness.org 70 i 35471

Err codemadness.org 70 i 35472

Err codemadness.org 70 i 35473
Then move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: # pkg install iourbanterror
Err codemadness.org 70 i 35474

Err codemadness.org 70 i 35475

Err codemadness.org 70 i 35476
In the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:
Err codemadness.org 70 i 35477

Err codemadness.org 70 i 35478

openxcom (Open-source re-implementation of the original X-Com)
openjazz (Free re-implementation of the Jazz Jackrabbit™ game engine)
corsixth (Open source re-implementation of Theme Hospital)
quake2
openra (Red Alert)
openrct2 (Open source re-implementation of RollerCoaster Tycoon 2)
openmw (Open source engine reimplementation of the game Morrowind)

Err codemadness.org 70 i 35487

Err codemadness.org 70 i 35488
All those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.
Err codemadness.org 70 i 35489

Err codemadness.org 70 i 35490

Wine

Err codemadness.org 70 i 35493

Err codemadness.org 70 i 35494
One of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: # pkg install i386-wine
Err codemadness.org 70 i 35495

Err codemadness.org 70 i 35496

Err codemadness.org 70 i 35497
To run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.
Err codemadness.org 70 i 35498

Err codemadness.org 70 i 35499

Summary

Err codemadness.org 70 i 35502

Err codemadness.org 70 i 35503
As you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.
Err codemadness.org 70 i 35504

Err codemadness.org 70 i 35505

Err codemadness.org 70 i 35506

###FreeBSD For Thanksgiving

Err codemadness.org 70 i 35507

Err codemadness.org 70 i 35508
I’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress
Err codemadness.org 70 i 35509 Earlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.
Err codemadness.org 70 i 35510 Earlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.
Err codemadness.org 70 i 35511 Earlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.
Err codemadness.org 70 i 35512 Earlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.
Err codemadness.org 70 i 35513 Earlier this week, I was promoted from a lowly mentee committer to a full src committer.
Err codemadness.org 70 i 35514 Earlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD
Err codemadness.org 70 i 35515

Err codemadness.org 70 i 35516

vandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64

Err codemadness.org 70 i 35517

Err codemadness.org 70 i 35518
6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.
Err codemadness.org 70 i 35519

Err codemadness.org 70 i 35520

Err codemadness.org 70 i 35521

###hammer2: no space left on device on Dragonfly BSD

Err codemadness.org 70 i 35522

The Issue

Err codemadness.org 70 i 35525

Err codemadness.org 70 i 35526
hammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.
Err codemadness.org 70 i 35527 Even with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.
Err codemadness.org 70 i 35528

Err codemadness.org 70 i 35529

The Fix

Err codemadness.org 70 i 35532

Err codemadness.org 70 i 35533
If you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:
Err codemadness.org 70 i 35534

Err codemadness.org 70 i 35535

[root@ ~]# mkdir /tmp/fs
Err codemadness.org 70 i 35536 [root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs

Err codemadness.org 70 i 35537

Err codemadness.org 70 i 35538
If you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from dragonflybsd.org and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.
Err codemadness.org 70 i 35539 If the mount does succeed, then all you have to do is run the following twice:
Err codemadness.org 70 i 35540

Err codemadness.org 70 i 35541

[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs

Err codemadness.org 70 i 35542

Err codemadness.org 70 i 35543
If you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:
Err codemadness.org 70 i 35544

Err codemadness.org 70 i 35545

[root@ ~]# swapon -a

Err codemadness.org 70 i 35546

Err codemadness.org 70 i 35547
Once you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.
Err codemadness.org 70 i 35548

Err codemadness.org 70 i 35549

Err codemadness.org 70 i 35550

##Beastie Bits

Err codemadness.org 70 i 35551

BSD Pizza Night - Portland
bsd@35c3: …the place for you…*NIX!
Project Trident PreRelease Image now available
Play Stardew Valley on OpenBSD
GUI Wrapper for OpenBSD mixerctl
qtv - QuickTextViewer

Err codemadness.org 70 i 35559

Err codemadness.org 70 i 35560

##Feedback/Questions

Err codemadness.org 70 i 35561

Ron - Ideas for feedback section
Paulo - SDIO Firmware
Dan - Some fun ZFS questions about labels

Err codemadness.org 70 i 35566

Err codemadness.org 70 i 35567

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 35570

Err codemadness.org 70 i 35571

Episode 273: A Thoughtful Episode | BSD Now 273

Allan Jude — Thu, 22 Nov 2018 23:00:00 -0800

Thoughts on NetBSD 8.0, Monitoring love for a GigaBit OpenBSD firewall, cat’s source history, X.org root permission bug, thoughts on OpenBSD as a desktop, and NomadBSD review. Err codemadness.org 70 i 36138

##Headlines
Err codemadness.org 70 i 36139 Some thoughts on NetBSD 8.0

Err codemadness.org 70 i 36140

Err codemadness.org 70 i 36141
NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.
Err codemadness.org 70 i 36142 I last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.
Err codemadness.org 70 i 36143

Err codemadness.org 70 i 36144

Early impressions

Err codemadness.org 70 i 36147

Err codemadness.org 70 i 36148
Since I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.
Err codemadness.org 70 i 36149

Err codemadness.org 70 i 36150

Software management

Err codemadness.org 70 i 36153

Err codemadness.org 70 i 36154
NetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.
Err codemadness.org 70 i 36155 The pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.
Err codemadness.org 70 i 36156 The other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.
Err codemadness.org 70 i 36157 Once new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.
Err codemadness.org 70 i 36158

Err codemadness.org 70 i 36159

Hardware

Err codemadness.org 70 i 36162

Err codemadness.org 70 i 36163
I found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.
Err codemadness.org 70 i 36164

Err codemadness.org 70 i 36165

Personal projects

Err codemadness.org 70 i 36168

Err codemadness.org 70 i 36169
Since NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.
Err codemadness.org 70 i 36170 I began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.
Err codemadness.org 70 i 36171 Next, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.
Err codemadness.org 70 i 36172 I set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.
Err codemadness.org 70 i 36173 I experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.
Err codemadness.org 70 i 36174

Err codemadness.org 70 i 36175

Conclusions

Err codemadness.org 70 i 36178

Err codemadness.org 70 i 36179
NetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation - we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.
Err codemadness.org 70 i 36180 Some of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.
Err codemadness.org 70 i 36181 My main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.
Err codemadness.org 70 i 36182 As an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.
Err codemadness.org 70 i 36183 Newcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.
Err codemadness.org 70 i 36184 One quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.
Err codemadness.org 70 i 36185 Ultimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.
Err codemadness.org 70 i 36186

Err codemadness.org 70 i 36187

Err codemadness.org 70 i 36188

###Showing a Gigabit OpenBSD Firewall Some Monitoring Love

Err codemadness.org 70 i 36189

Err codemadness.org 70 i 36190
I have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.
Err codemadness.org 70 i 36191

Err codemadness.org 70 i 36192

Upgrade Time!

Err codemadness.org 70 i 36195

Err codemadness.org 70 i 36196
This setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).
Err codemadness.org 70 i 36197 The way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.
Err codemadness.org 70 i 36198 I needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:
Err codemadness.org 70 i 36199

Err codemadness.org 70 i 36200

small form factor
fan-less
multiple Intel Ethernet ports (good driver support)
low power consumption
not your regular off-the-shelf kit
relatively inexpensive

Err codemadness.org 70 i 36208

Err codemadness.org 70 i 36209
After evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.
Err codemadness.org 70 i 36210 After loading the same rulesets on my new install, the results were fantastic!
Err codemadness.org 70 i 36211

Err codemadness.org 70 i 36212

Monitoring

Err codemadness.org 70 i 36215

Err codemadness.org 70 i 36216
Now that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:
Err codemadness.org 70 i 36217 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.
Err codemadness.org 70 i 36218 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.
Err codemadness.org 70 i 36219 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!
Err codemadness.org 70 i 36220 As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.
Err codemadness.org 70 i 36221 I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.
Err codemadness.org 70 i 36222 A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!
Err codemadness.org 70 i 36223

Err codemadness.org 70 i 36224

###The Source History of Cat

Err codemadness.org 70 i 36225

Err codemadness.org 70 i 36226
I once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.
Err codemadness.org 70 i 36227 I knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.
Err codemadness.org 70 i 36228 My aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone. grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.
Err codemadness.org 70 i 36229 I thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?
Err codemadness.org 70 i 36230 Thanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.
Err codemadness.org 70 i 36231

Err codemadness.org 70 i 36232

Research Unix

Err codemadness.org 70 i 36235

Err codemadness.org 70 i 36236
Ken Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.
Err codemadness.org 70 i 36237 The first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)
Err codemadness.org 70 i 36238 The most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.
Err codemadness.org 70 i 36239 The first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.
Err codemadness.org 70 i 36240 The second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of - to indicate that it should read from stdin.
Err codemadness.org 70 i 36241 In 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K&R C. The heart of the program is the classic two-liner:
Err codemadness.org 70 i 36242

Err codemadness.org 70 i 36243

while ((c = getc(fi)) != EOF)
Err codemadness.org 70 i 36244 putchar(c);

Err codemadness.org 70 i 36245

Err codemadness.org 70 i 36246
There is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.
Err codemadness.org 70 i 36247

Err codemadness.org 70 i 36248

Err codemadness.org 70 i 36251

Err codemadness.org 70 i 36252
After the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.
Err codemadness.org 70 i 36253 cat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT&T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT&T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.
Err codemadness.org 70 i 36254 Fall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.
Err codemadness.org 70 i 36255

Err codemadness.org 70 i 36256

MacOS

Err codemadness.org 70 i 36259

Err codemadness.org 70 i 36260
The very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.
Err codemadness.org 70 i 36261 The NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.
Err codemadness.org 70 i 36262 So the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.
Err codemadness.org 70 i 36263 The cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s rawargs() function and cookargs() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.
Err codemadness.org 70 i 36264 I asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.
Err codemadness.org 70 i 36265

Err codemadness.org 70 i 36266

The Hundred-Year-Old Program

Err codemadness.org 70 i 36269

Err codemadness.org 70 i 36270
In the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?
Err codemadness.org 70 i 36271 Computer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?
Err codemadness.org 70 i 36272 I think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.
Err codemadness.org 70 i 36273

Err codemadness.org 70 i 36274

Err codemadness.org 70 i 36275

##News Roundup
Err codemadness.org 70 i 36276 Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems

Err codemadness.org 70 i 36277

Err codemadness.org 70 i 36278
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment.
Err codemadness.org 70 i 36279 The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.
Err codemadness.org 70 i 36280

Err codemadness.org 70 i 36281

Privilege escalation and arbitrary file overwrite

Err codemadness.org 70 i 36284

Err codemadness.org 70 i 36285
An advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.
Err codemadness.org 70 i 36286 Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.
Err codemadness.org 70 i 36287

Err codemadness.org 70 i 36288

Bug could have been avoided in OpenBSD 6.4

Err codemadness.org 70 i 36291

Err codemadness.org 70 i 36292
OpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.
Err codemadness.org 70 i 36293 Theo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.
Err codemadness.org 70 i 36294 “As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.
Err codemadness.org 70 i 36295 Had OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.
Err codemadness.org 70 i 36296 To remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.
Err codemadness.org 70 i 36297 As a temporary solution, users can disable the Xorg binary by running the following command:
Err codemadness.org 70 i 36298

Err codemadness.org 70 i 36299

chmod u-s /usr/X11R6/bin/Xorg

Err codemadness.org 70 i 36300

Trivial exploitation

Err codemadness.org 70 i 36303

Err codemadness.org 70 i 36304
CVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.
Err codemadness.org 70 i 36305 Leveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.
Err codemadness.org 70 i 36306 Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.
Err codemadness.org 70 i 36307 Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.
Err codemadness.org 70 i 36308

Err codemadness.org 70 i 36309

Err codemadness.org 70 i 36310

###OpenBSD on the Desktop: some thoughts

Err codemadness.org 70 i 36311

Err codemadness.org 70 i 36312
I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.
Err codemadness.org 70 i 36313 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.
Err codemadness.org 70 i 36314 You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.
Err codemadness.org 70 i 36315 That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.
Err codemadness.org 70 i 36316 Their development process is purely based on developers that love to contribute and hack around, just because it’s fun.
Err codemadness.org 70 i 36317 Even the mailing list is a cool place to hang on!
Err codemadness.org 70 i 36318 Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.
Err codemadness.org 70 i 36319 I like the idea of a platform that continually evolves.
Err codemadness.org 70 i 36320 pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.
Err codemadness.org 70 i 36321 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.
Err codemadness.org 70 i 36322 Just install a browser and you’re ready to go.
Err codemadness.org 70 i 36323 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.
Err codemadness.org 70 i 36324 They help you understand inner workings of the operating system, no internet connection needed.
Err codemadness.org 70 i 36325 There are some trade-offs, too.
Err codemadness.org 70 i 36326 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime3.
Err codemadness.org 70 i 36327 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.
Err codemadness.org 70 i 36328 Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.
Err codemadness.org 70 i 36329 But again, trade-offs.
Err codemadness.org 70 i 36330 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.
Err codemadness.org 70 i 36331

Err codemadness.org 70 i 36332

Err codemadness.org 70 i 36333

###Review: NomadBSD 1.1

Err codemadness.org 70 i 36334

Err codemadness.org 70 i 36335
One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”
Err codemadness.org 70 i 36336 The latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.
Err codemadness.org 70 i 36337 Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.
Err codemadness.org 70 i 36338

Err codemadness.org 70 i 36339

Initial setup

Err codemadness.org 70 i 36342

Err codemadness.org 70 i 36343
Booting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “enUS”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.
Err codemadness.org 70 i 36344 I feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.
Err codemadness.org 70 i 36345 The system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.
Err codemadness.org 70 i 36346

Err codemadness.org 70 i 36347

Physical desktop computer

Err codemadness.org 70 i 36350

Err codemadness.org 70 i 36351
At first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.
Err codemadness.org 70 i 36352 Networking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.
Err codemadness.org 70 i 36353 Had I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.
Err codemadness.org 70 i 36354 When running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.
Err codemadness.org 70 i 36355

Err codemadness.org 70 i 36356

Conclusions

Err codemadness.org 70 i 36359

Err codemadness.org 70 i 36360
Ultimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.
Err codemadness.org 70 i 36361 I like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.
Err codemadness.org 70 i 36362

Err codemadness.org 70 i 36363

Err codemadness.org 70 i 36364

##Beastie Bits

Err codemadness.org 70 i 36365

FreeBSD lockless algorithm - seq
Happy Bob’s Libtls tutorial
Locking OpenBSD when it’s sleeping
iio - The OpenBSD Way
Installing Hugo and Hosting Website on OpenBSD Server
Fosdem 2019 reminder: BSD devroom CfP
OpenBGPD, gotta go fast! - Claudio Jeker
Project Trident RC3 available
FreeBSD 10.4 EOL
Play “Crazy Train” through your APU2 speaker

Err codemadness.org 70 i 36377

Err codemadness.org 70 i 36378

##Feedback/Questions

Err codemadness.org 70 i 36379

Tobias - Satisfying my storage hunger and wallet pains
Lasse - Question regarding FreeBSD backups Err codemadness.org 70 i 36382
- https://twitter.com/dlangille
- https://dan.langille.org/
Err codemadness.org 70 i 36386

Err codemadness.org 70 i 36388

Err codemadness.org 70 i 36389

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 36392

Err codemadness.org 70 i 36393

Episode 272: Detain the bhyve | BSD Now 272

Allan Jude — Thu, 15 Nov 2018 10:00:00 -0800

Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more. Err codemadness.org 70 i 37058

##Headlines
###The byproducts of reading OpenBSD netcat code

When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.
(1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.
(2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.
(3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.
(4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.
Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.

###What I learned from porting my projects to FreeBSD

Introduction

I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.

The Projects
https://github.com/shlomif/shlomif-computer-settings/ (my dotfiles).
https://web-cpan.shlomifish.org/latemp/
https://fc-solve.shlomifish.org/
https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/
https://better-scm.shlomifish.org/source/
http://perl-begin.org/source/
https://www.shlomifish.org/meta/site-source/
Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.
Work fine on several Linux distributions and have https://en.wikipedia.org/wiki/TravisCI using Ubuntu 14.04 hosts
Some pass builds and tests on AppVeyor/Win64
What I Learned:
FreeBSD on VBox has become very reliable
Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin
make on FreeBSD is not GNU make
m4 on FreeBSD is not compatible with GNU m4
Some CPAN Modules fail to install using local-lib there
DocBook/XSL Does Not Live Under /usr/share/sgml
FreeBSD’s grep does not have a “-P” flag by default
FreeBSD has no “nproc” command
Conclusion:
It is easier to port a shell than a shell script. — Larry Wall
I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.

##News Roundup
###OpenBSD’s unveil()

One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.
The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.
In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.
Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:

int unveil(const char *path, const char *permissions);

A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.
Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.
Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.
unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.
One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.

###NetBSD Virtual Machine Monitor (NVVM)

NetBSD Virtual Machine Monitor

The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.

Download

The source code of NVMM, plus the associated tools, can be downloaded here.

Technical details

NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.
Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.
Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.
The host must always be x8664, but the guest has no constraint on the mode, so it can be x8632, PAE, real mode, and so on.
The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.
When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.
The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.

###What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)

I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):
I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.
Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.
This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)
In general, there are three different relationships between services that I tend to encounter:

a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.
a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)
an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)

Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?
My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.

(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)

###Jailing The bhyve Hypervisor

As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.
You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.
The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.

A Gentle History Lesson

At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W^X are all applied to bhyve, making it an extremely hardened hypervisor.
So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAPGUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.

Initial Setup

We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.
I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.
By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.

We will use the following in our jail, so we will need to set up devfs(8) rules for them:
A ZFS volume
A null-modem device (nmdm(4))
UEFI GOP (no devfs rule, but IP assigned to the jail)
A tap device
Conclusion

The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:

PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)
PaX NOEXEC is fully applied (strict W^X) (HardenedBSD enhancement)
Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)
Full RELRO (RELRO + BINDNOW) is fully applied (HardenedBSD enhancement)
SafeStack is applied to the application (HardenedBSD enhancement)
Jailed (FreeBSD feature written by HardenedBSD)
Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)
Capsicum is fully applied (FreeBSD feature)

Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)

##Beastie Bits

##Feedback/Questions

Dennis - Core developers leaving illumOS?
Ben - Jumping from snapshot to snapshot
Ias - Question about ZFS snapshots

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 37059

Episode 271: Automatic Drive Tests | BSD Now 271

Allan Jude — Thu, 08 Nov 2018 01:00:00 -0800

Err codemadness.org 70 i 37227 MidnightBSD 1.0 released, MeetBSD review, EuroBSDcon trip reports, DNS over TLS in FreeBSD 12, Upgrading OpenBSD with Ansible, how to use smartd to run tests on your drives automatically, and more.

Err codemadness.org 70 i 37228 Err codemadness.org 70 i 37229

##Headlines
Err codemadness.org 70 i 37230 ###MidnightBSD 1.0 now available

Err codemadness.org 70 i 37231 Err codemadness.org 70 i 37232

Err codemadness.org 70 i 37233
I’m happy to announce the availability of MidnightBSD 1.0 for amd64 and i386. Over the years, many ambitious goals were set for our 1.0 release. As it approached, it was clear we wouldn’t be able to accomplish all of them. This release is more of a natural progression rather than a groundbreaking event. It includes many updates to the base system, improvements to the package manager, an updated compiler, and tools.
Err codemadness.org 70 i 37234 Of particular note, you can now boot off of ZFS and use NVME SSDs and some AMD Radeon graphics cards support acceleration. AMD Ryzen support has greatly improved in this release. We also have added bhyve from FreeBSD.
Err codemadness.org 70 i 37235 The 1.0 release is finally available. Still building packages for i386 and plan to do an amd64 package build later in the week. The single largest issue with the release process has been the web server performance. The CPU is overloaded and has been at solid 100% for several days. The server has a core i7 7700 in it. I’m trying to figure out what to buy as an upgrade so that we don’t continue to have this issue going forward. As it’s actually blocked in multiple processes, a 6 or 8 core chip might be an improvement for the workload…
Err codemadness.org 70 i 37236

Err codemadness.org 70 i 37237 Err codemadness.org 70 i 37238

Download links: https://www.midnightbsd.org/download/
https://www.youtube.com/watch?time_continue=33&v=-rlk2wFsjJ4

Err codemadness.org 70 i 37242 Err codemadness.org 70 i 37243

Err codemadness.org 70 i 37244 Err codemadness.org 70 i 37245

###MeetBSD Review

Err codemadness.org 70 i 37246 Err codemadness.org 70 i 37247

Err codemadness.org 70 i 37248
MeetBSD 2018 took place at the sprawling Intel Santa Clara campus. The venue itself felt more like an olive branch than a simple friendly gesture by Intel. In truth it felt like a bit of an apology. You get the subtle sense they feel bad about how the BSD’s were treated with the Meltdown and Specter flaws. In fact, you may be right to think they felt a bit sorry towards the entire open source community.
Err codemadness.org 70 i 37249

Err codemadness.org 70 i 37250 Err codemadness.org 70 i 37251

MeetBSD 2018

Err codemadness.org 70 i 37254 Err codemadness.org 70 i 37255

Err codemadness.org 70 i 37256
At most massive venues the parking is the first concern, not so here - in fact that was rather straightforward. No, the real challenge is navigating the buildings. Luckily I had help from navigator extraordinaire, Hadea, who located the correct building, SC12 quickly. Finding the entrance took a moment or two though. The lobby itself was converted by iXsystems efficiently into the MeetBSD expo hall, clean, efficient and roomy with registration, some seating, and an extra conference room for on-on-one sessions. On day two sponsor booths were also setup. All who showed up on day one were warmly greeted with badges, lanyards and goodies by Denise and her friendly team.
Err codemadness.org 70 i 37257 Like every great BSD event, plenty of food was made available. And as always they make it look effortless. These events showcase iXsystem’s inherent generosity toward its community; with breakfast items in the back of the main auditorium room in the morning, boxed lunches, fruit and cookies at lunch time, and snacks for the rest of the day. But just in case your still hungry, there is a pizza meetup in another Intel room after day one and two.
Err codemadness.org 70 i 37258 MeetBSD leverages it’s realistically small crowd size on day one. The morning starts off with introductions of the entire group, the mic is passed around the room.
Err codemadness.org 70 i 37259 The group is a good mix of pros in the industry (such as Juniper, Intel, Ebay, Groupon, Cisco, etc), iX staff, and a few enthusiast. Lots of people with a focus or passion for networking. And, of course, some friendly Linux bashing went down for good measure, always followed by a good natured chuckle.
Err codemadness.org 70 i 37260

Err codemadness.org 70 i 37261 Err codemadness.org 70 i 37262

MeetBSD Gives me The Feels

Err codemadness.org 70 i 37265 Err codemadness.org 70 i 37266

Err codemadness.org 70 i 37267
I find that I am subtly unnerved at this venue, and at lunch I saw it clearly. I have always had a strong geek radar, allowing me to navigate a new area (like Berkeley for MeetBSD of 2016, or even SCALE earlier this year in Pasadena), and in a glance I can see who is from my conference and who isn’t. This means it is easy, nearly effortless to know who to greet with a smile and a wave. These are MY people. Here at the Intel campus though it is different. The drive in alone reveals behemoth complexes all with well known tech names prominently displayed. This is Silicon Valley, and all of these people look like MY people. So much for knowing who’s from my conference. Thank goodness for those infamous BSD horns. None-the-less I am struck by how massive these tech giants are. And Intel is one of the largest of those giants, and see the physical reminders of this fact brought home the significance that they had opened their doors, wifi, and bathrooms to the BSD community.
Err codemadness.org 70 i 37268

Err codemadness.org 70 i 37269 Err codemadness.org 70 i 37270

Err codemadness.org 70 i 37271 Err codemadness.org 70 i 37272

###[EuroBSDcon 2018 Trip Reports]
Err codemadness.org 70 i 37273 https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-joseph-mingrone/
Err codemadness.org 70 i 37274 https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-vinicius-zavam/
Err codemadness.org 70 i 37275 https://www.freebsdfoundation.org/blog/eurobsd-2018-trip-report-emmanuel-vadot/

Err codemadness.org 70 i 37276 Err codemadness.org 70 i 37277

Err codemadness.org 70 i 37278 Err codemadness.org 70 i 37279

##News Roundup
Err codemadness.org 70 i 37280 ###DNS over TLS in FreeBSD 12

Err codemadness.org 70 i 37281 Err codemadness.org 70 i 37282

Err codemadness.org 70 i 37283
With the arrival of OpenSSL 1.1.1, an upgraded Unbound, and some changes to the setup and init scripts, FreeBSD 12.0, currently in beta, now supports DNS over TLS out of the box.
Err codemadness.org 70 i 37284 DNS over TLS is just what it sounds like: DNS over TCP, but wrapped in a TLS session. It encrypts your requests and the server’s replies, and optionally allows you to verify the identity of the server. The advantages are protection against eavesdropping and manipulation of your DNS traffic; the drawbacks are a slight performance degradation and potential firewall traversal issues, as it runs over a non-standard port (TCP port 853) which may be blocked on some networks. Let’s take a look at how to set it up.
Err codemadness.org 70 i 37285

Err codemadness.org 70 i 37286 Err codemadness.org 70 i 37287

Conclusion

Err codemadness.org 70 i 37290 Err codemadness.org 70 i 37291

Err codemadness.org 70 i 37292
We’ve seen how to set up Unbound—specifically, the local_unbound service in FreeBSD 12.0—to use DNS over TLS instead of plain UDP or TCP, using Cloudflare’s public DNS service as an example. We’ve looked at the performance impact, and at how to ensure (and verify) that Unbound validates the server certificate to prevent man-in-the-middle attacks.
Err codemadness.org 70 i 37293 The question that remains is whether it is all worth it. There is undeniably a performance hit, though this may improve with TLS 1.3. More importantly, there are currently very few DNS-over-TLS providers—only one, really, since Quad9 filter their responses—and you have to weigh the advantage of encrypting your DNS traffic against the disadvantage of sending it all to a single organization. I can’t answer that question for you, but I can tell you that the parameters are evolving quickly, and if your answer is negative today, it may not remain so for long. More providers will appear. Performance will improve with TLS 1.3 and QUIC. Within a year or two, running DNS over TLS may very well become the rule rather than the experimental exception.
Err codemadness.org 70 i 37294

Err codemadness.org 70 i 37295 Err codemadness.org 70 i 37296

Err codemadness.org 70 i 37297 Err codemadness.org 70 i 37298

###Upgrading OpenBSD with Ansible

Err codemadness.org 70 i 37299 Err codemadness.org 70 i 37300

My router runs OpenBSD -current

Err codemadness.org 70 i 37303 Err codemadness.org 70 i 37304

Err codemadness.org 70 i 37305
A few months ago, I needed software that had just hit the ports tree. I didn’t want to wait for the next release, so I upgraded my router to use -current. Since then, I’ve continued running -current, which means upgrading to a newer snapshot every so often. Running -current is great, but the process of updating to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable and then reboot into bsd.rd, hit enter ten times, then reboot, run sysmerge and update packages.
Err codemadness.org 70 i 37306 I eventually switched to upobsd to be able to upgrade without the need for a serial connection. The process was better, but still tiresome. Usually, I would prepare the special version of bsd.rd, boot on bsd.rd, and do something like wash the dishes in the meantime. After about ten minutes, I would dry my hands and then go back to my workstation to see whether the bsd.rd part had finished so I could run sysmerge and pkg_add, and then return to the dishes while it upgraded packages.
Err codemadness.org 70 i 37307 Out of laziness, I thought: “I should automate this,” but what happened instead is that I simply didn’t upgrade that machine very often. (Yes, laziness). With my router out of commission, life is very dull, because it is my gateway to the Internet. Even services hosted at my place (like my Mastodon instance) are not reachable when the router is down because I use multiple VLANs (so I need the router to jump across VLANs).
Err codemadness.org 70 i 37308

Err codemadness.org 70 i 37309 Err codemadness.org 70 i 37310

Ansible Reboot Module

Err codemadness.org 70 i 37313 Err codemadness.org 70 i 37314

Err codemadness.org 70 i 37315
I recently got a new job, and one of my first tasks was auditing the Ansible roles written by my predecessors. In one role, the machine rebooted and they used the wait_for_connection module to wait for it to come back up. That sounded quite hackish to me, so out of curiosity, I tried to determine whether there was a better way. I also thought I might be able to use something similar to further automate my OpenBSD upgrades, and wanted to assess the cleanliness of this method. ;-)
Err codemadness.org 70 i 37316 I learned that with the then-upcoming 2.7 Ansible release, a proper reboot module would be included. I went to the docs, which stated that for a certain parameter:
Err codemadness.org 70 i 37317 I took this to mean that there was no support for OpenBSD. I looked at the code and, indeed, there was not. However, I believed that it wouldn’t be too hard to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64 and then submitted it upstream. After a quick back and forth, the module’s author merged it into devel (having a friend working at Red Hat helped the process, merci Cyril !) A couple days later, the release engineer merged it into stable-2.7.
Err codemadness.org 70 i 37318 I proceeded to actually write the playbook, and then I hit a bug. The parameter reboot_timeout was not recognized by Ansible. This feature would definitely be useful on a slow machine (such as the Pine64 and its dying SD card). Again, my fix was merged into master by the module’s author and then merged into stable-2.7. 2.7.1 will be the first release to feature these fixes, but if you use OpenBSD -current, you already have access to them. I backported the patches when I updated ansible.
Err codemadness.org 70 i 37319 Fun fact about Ansible and reboots: “The win_reboot module was […] included with Ansible 2.1,” while for unix systems it wasn’t added until 2.7. :D For more details, you can read the module’s author blog article.
Err codemadness.org 70 i 37320

Err codemadness.org 70 i 37321 Err codemadness.org 70 i 37322

The explanations

Err codemadness.org 70 i 37325 Err codemadness.org 70 i 37326

Err codemadness.org 70 i 37327
Ansible runs my script on the remote host to fetch the sets. It creates an answer file from the template and then gives it to upobsd. Once upobsd has created the kernel, Ansible copies it in place of /bsd on the host. The router reboots and boots on /bsd, which is upobsd’s bsd.rd. The installer runs in auto_update mode. Once it comes back from bsd.rd land, it archives the kernel and finishes by upgrading all the packages.
Err codemadness.org 70 i 37328 It also supports upgrading without fetching the sets ahead of time. For instance, I upgrade this way on my Pine64 because if I cared about speed, I wouldn’t use this weak computer with its dying SD card. For this case, I just comment out the path_sets variable and Ansible instead creates an answer file that will instruct the installer to fetch the sets from the designated mirror.
Err codemadness.org 70 i 37329 I’ve been archiving my kernels for a few years. It’s a nice way to fill up / keep a history of my upgrades. If I spot a regression, I can try a previous kernel … which may not work with the then-desynchronized userland, but that’s another story.
Err codemadness.org 70 i 37330 sysmerge already runs with rc.sysmerge in batch mode and sends the result by email. I don’t think there’s merit to running it again in the playbook. The only perk would be discovering in the terminal whether any files need to be manually merged, rather than reading exactly the same output in the email.
Err codemadness.org 70 i 37331 Initially, I used the openbsd_pkg module, but it doesn’t work on -current just before a release because pkg_add automatically looks for pub/OpenBSD/${release}/packages/${arch} (which is empty). I wrote and tested this playbook while 6.4 was around the corner, so I switched to command to be able to pass the -Dsnap parameter.
Err codemadness.org 70 i 37332

Err codemadness.org 70 i 37333 Err codemadness.org 70 i 37334

The result

Err codemadness.org 70 i 37337 Err codemadness.org 70 i 37338

Err codemadness.org 70 i 37339
I’m very happy with the playbook! It performs the upgrade with as little intervention as possible and minimal downtime. \o/
Err codemadness.org 70 i 37340

Err codemadness.org 70 i 37341 Err codemadness.org 70 i 37342

Err codemadness.org 70 i 37343 Err codemadness.org 70 i 37344

###Using smartd to automatically run tests on your drives

Err codemadness.org 70 i 37345 Err codemadness.org 70 i 37346

Err codemadness.org 70 i 37347
Those programs can “control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks. In many cases, these utilities will provide advanced warning of disk degradation and failure.” See the smartmontools website for more information.
Err codemadness.org 70 i 37348

Err codemadness.org 70 i 37349 Err codemadness.org 70 i 37350

Err codemadness.org 70 i 37351
NOTE: “Due to OS-specific issues and also depending on the different state of smartmontools development on the platforms, device support is not the same for all OS platforms.” – use the documentation for your OS.
Err codemadness.org 70 i 37352

Err codemadness.org 70 i 37353 Err codemadness.org 70 i 37354

Err codemadness.org 70 i 37355
I first started using smartd in March 2010 (according to that blog post, that’s when I still writing on both The FreeBSD Diary and this blog). Back then, and until recently, all I did was start smartd. As far as I can tell, all it did was send daily status messages via the FreeBSD periodic tools. I would set my drive devices via daily_status_smart_devices in /etc/periodic.conf and the daily status reports would include drive health information.
Err codemadness.org 70 i 37356

Err codemadness.org 70 i 37357 Err codemadness.org 70 i 37358

Two types of tests
My original abandoned attempt
How do you prove it works?
Looking at the test results
Failed drive to the rescue
smartd.conf I am using
supernews

Err codemadness.org 70 i 37367 Err codemadness.org 70 i 37368

Err codemadness.org 70 i 37369 Err codemadness.org 70 i 37370

##Beastie Bits

Err codemadness.org 70 i 37371 Err codemadness.org 70 i 37372

Decent Pics of “Relayd & Httpd Mastery” signature
A Unix Shell poster from 1983
Cambridge UNIX historians (Cambridge, United Kingdom)
Goals for FreeBSD 13
September/October 2018 Issue of the FreeBSD Journal Now Available
Using acme.sh for Let’s Encrypt certificates on pkgsrc.org servers
Deploying Anycast DNS Using OpenBSD and BGP
How to check your data integrity?

Err codemadness.org 70 i 37382 Err codemadness.org 70 i 37383

Err codemadness.org 70 i 37384 Err codemadness.org 70 i 37385

##Feedback/Questions

Err codemadness.org 70 i 37386 Err codemadness.org 70 i 37387

Raymond - MeetBSD California Err codemadness.org 70 i 37389
- Dev Summit Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8TNG6f94xo9_W-XXrEbqgWI
- Conference Videos: https://www.youtube.com/playlist?list=PLb87fdKUIo8Q41aoPE6vssP-uF4dxk86b
- Conference videos are still being processed, the rest should appear over the next few weeks.
Err codemadness.org 70 i 37394 Err codemadness.org 70 i 37395

Greg - Stable vs Release

Mjrodriguez - Open/FreeBSD support for Single Board computers

Err codemadness.org 70 i 37399

Err codemadness.org 70 i 37400 Err codemadness.org 70 i 37401

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 37404 Err codemadness.org 70 i 37405

]]> Err codemadness.org 70 i 37406

Episode 270: Ghostly Releases | BSD Now 270

Allan Jude — Thu, 01 Nov 2018 04:00:00 -0700

Err codemadness.org 70 i 37957 OpenBSD 6.4 released, GhostBSD RC2 released, MeetBSD - the ultimate hallway track, DragonflyBSD desktop on a Thinkpad, Porting keybase to NetBSD, OpenSSH 7.9, and draft-ietf-6man-ipv6only-flag in FreeBSD.

Err codemadness.org 70 i 37958 Err codemadness.org 70 i 37959

##Headlines
Err codemadness.org 70 i 37960 ###OpenBSD 6.4 released

Err codemadness.org 70 i 37961 Err codemadness.org 70 i 37962

See a detailed log of changes between the 6.3 and 6.4 releases.
See the information on the FTP page for a list of mirror machines.
Have a look at the 6.4 errata page for a list of bugs and workarounds.
signify(1) pubkeys for this release:
base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA
fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97
pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA

Err codemadness.org 70 i 37971 Err codemadness.org 70 i 37972

Err codemadness.org 70 i 37973 Err codemadness.org 70 i 37974

###GhostBSD 18.10 RC2 Announced

Err codemadness.org 70 i 37975 Err codemadness.org 70 i 37976

Err codemadness.org 70 i 37977
This second release candidate of GhostBSD 18.10 is the second official release of GhostBSD with TrueOS under the hood. The official desktop of GhostBSD is MATE. However, in the future, there might be an XFCE community release, but for now, there is no community release yet.
Err codemadness.org 70 i 37978

Err codemadness.org 70 i 37979 Err codemadness.org 70 i 37980

Err codemadness.org 70 i 37982
What has changed since RC1
Err codemadness.org 70 i 37983
Err codemadness.org 70 i 37985
Removed drm-stable-kmod and we will let users installed the propper drm-*-kmod
Err codemadness.org 70 i 37986
Err codemadness.org 70 i 37988
Douglas Joachin added libva-intel-driver libva-vdpau-driver to supports accelerated some video driver for Intel
Err codemadness.org 70 i 37989
Err codemadness.org 70 i 37991
Issues that got fixed
Err codemadness.org 70 i 37992
Err codemadness.org 70 i 37994
Bug #70 Cannot run Octopi, missing libgksu error.
Err codemadness.org 70 i 37995
Err codemadness.org 70 i 37997
Bug #71 LibreOffice doesn’t start because of missing libcurl.so.4
Err codemadness.org 70 i 37998
Err codemadness.org 70 i 38000
Bug #72 libarchive is a missing dependency
Err codemadness.org 70 i 38001

Err codemadness.org 70 i 38003 Err codemadness.org 70 i 38004

Err codemadness.org 70 i 38005
Again thanks to iXsystems, TrueOS, Joe Maloney, Kris Moore, Ken Moore, Martin Wilke, Neville Goddard, Vester “Vic” Thacker, Douglas Joachim, Alex Lyakhov, Yetkin Degirmenci and many more who helped to make the transition from FreeBSD to TrueOS smoother.
Err codemadness.org 70 i 38006

Err codemadness.org 70 i 38007 Err codemadness.org 70 i 38008

Err codemadness.org 70 i 38010
Updating from RC1 to RC2:
Err codemadness.org 70 i 38011
Err codemadness.org 70 i 38013
sudo pkg update -f
Err codemadness.org 70 i 38014
Err codemadness.org 70 i 38016
sudo pkg install -f libarchive curl libgksu
Err codemadness.org 70 i 38017
Err codemadness.org 70 i 38019
sudo pkg upgrade
Err codemadness.org 70 i 38020
Err codemadness.org 70 i 38022
Where to download:
Err codemadness.org 70 i 38023
Err codemadness.org 70 i 38025
All images checksum, hybrid ISO(DVD, USB) and torrent are available here: https://www.ghostbsd.org/download
Err codemadness.org 70 i 38026
Err codemadness.org 70 i 38028
[ScreenShots]
Err codemadness.org 70 i 38029
Err codemadness.org 70 i 38031
https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-22-41.png
Err codemadness.org 70 i 38032
Err codemadness.org 70 i 38034
https://www.ghostbsd.org/sites/default/files/Screenshot_at_2018-10-20_13-27-26.png
Err codemadness.org 70 i 38035

Err codemadness.org 70 i 38037 Err codemadness.org 70 i 38038

Err codemadness.org 70 i 38039 Err codemadness.org 70 i 38040

###OpenSSH 7.9 has been released and it has support for OpenSSL 1.1

Err codemadness.org 70 i 38041 Err codemadness.org 70 i 38042

Changes since OpenSSH 7.8	Err	codemadness.org	70
i 38043 =========================	Err	codemadness.org	70
i 38044 	Err	codemadness.org	70
i 38045 This is primarily a bugfix release.	Err	codemadness.org	70
i 38046 	Err	codemadness.org	70
i 38047 New Features	Err	codemadness.org	70
i 38048 ------------	Err	codemadness.org	70
i 38049  * ssh(1), sshd(8): allow most port numbers to be specified using	Err	codemadness.org	70
i 38050    service names from getservbyname(3) (typically /etc/services).	Err	codemadness.org	70
i 38051  * ssh(1): allow the IdentityAgent configuration directive to accept	Err	codemadness.org	70
i 38052    environment variable names. This supports the use of multiple	Err	codemadness.org	70
i 38053    agent sockets without needing to use fixed paths.	Err	codemadness.org	70
i 38054  * sshd(8): support signalling sessions via the SSH protocol.	Err	codemadness.org	70
i 38055    A limited subset of signals is supported and only for login or	Err	codemadness.org	70
i 38056    command sessions (i.e. not subsystems) that were not subject to	Err	codemadness.org	70
i 38057    a forced command via authorized_keys or sshd_config. bz#1424	Err	codemadness.org	70
i 38058  * ssh(1): support "ssh -Q sig" to list supported signature options.	Err	codemadness.org	70
i 38059    Also "ssh -Q help" to show the full set of supported queries.	Err	codemadness.org	70
i 38060  * ssh(1), sshd(8): add a CASignatureAlgorithms option for the	Err	codemadness.org	70
i 38061    client and server configs to allow control over which signature	Err	codemadness.org	70
i 38062    formats are allowed for CAs to sign certificates. For example,	Err	codemadness.org	70
i 38063    this allows banning CAs that sign certificates using the RSA-SHA1	Err	codemadness.org	70
i 38064    signature algorithm.	Err	codemadness.org	70
i 38065  * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to	Err	codemadness.org	70
i 38066    revoke keys specified by SHA256 hash.	Err	codemadness.org	70
i 38067  * ssh-keygen(1): allow creation of key revocation lists directly	Err	codemadness.org	70
i 38068    from base64-encoded SHA256 fingerprints. This supports revoking	Err	codemadness.org	70
i 38069    keys using only the information contained in sshd(8)	Err	codemadness.org	70
i 38070    authentication log messages.	Err	codemadness.org	70
i 38071 	Err	codemadness.org	70
i 38072 Bugfixes	Err	codemadness.org	70
i 38073 --------	Err	codemadness.org	70
i 38074 	Err	codemadness.org	70
i 38075  * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when	Err	codemadness.org	70
i 38076    attempting to load PEM private keys while using an incorrect	Err	codemadness.org	70
i 38077    passphrase. bz#2901	Err	codemadness.org	70
i 38078  * sshd(8): when a channel closed message is received from a client,	Err	codemadness.org	70
i 38079    close the stderr file descriptor at the same time stdout is	Err	codemadness.org	70
i 38080    closed. This avoids stuck processes if they were waiting for	Err	codemadness.org	70
i 38081    stderr to close and were insensitive to stdin/out closing. bz#2863	Err	codemadness.org	70
i 38082  * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11	Err	codemadness.org	70
i 38083    forwarding timeout and support X11 forwarding indefinitely.	Err	codemadness.org	70
i 38084    Previously the behaviour of ForwardX11Timeout=0 was undefined.	Err	codemadness.org	70
i 38085  * sshd(8): when compiled with GSSAPI support, cache supported method	Err	codemadness.org	70
i 38086    OIDs regardless of whether GSSAPI authentication is enabled in the	Err	codemadness.org	70
i 38087    main section of sshd_config. This avoids sandbox violations if	Err	codemadness.org	70
i 38088    GSSAPI authentication was later enabled in a Match block. bz#2107	Err	codemadness.org	70
i 38089  * sshd(8): do not fail closed when configured with a text key	Err	codemadness.org	70
i 38090    revocation list that contains a too-short key. bz#2897	Err	codemadness.org	70
i 38091  * ssh(1): treat connections with ProxyJump specified the same as	Err	codemadness.org	70
i 38092    ones with a ProxyCommand set with regards to hostname	Err	codemadness.org	70
i 38093    canonicalisation (i.e. don't try to canonicalise the hostname	Err	codemadness.org	70
i 38094    unless CanonicalizeHostname is set to 'always'). bz#2896	Err	codemadness.org	70
i 38095  * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-	Err	codemadness.org	70
i 38096    key authentication using certificates hosted in a ssh-agent(1)	Err	codemadness.org	70
i 38097    or against sshd(8) from OpenSSH <7.8.	Err	codemadness.org	70
i 38098 	Err	codemadness.org	70
i 38099 Portability	Err	codemadness.org	70
i 38100 -----------	Err	codemadness.org	70
i 38101 	Err	codemadness.org	70
i 38102  * All: support building against the openssl-1.1 API (releases 1.1.0g	Err	codemadness.org	70
i 38103    and later). The openssl-1.0 API will remain supported at least	Err	codemadness.org	70
i 38104    until OpenSSL terminates security patch support for that API version.	Err	codemadness.org	70
i 38105  * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;	Err	codemadness.org	70
i 38106    apparently required by some glibc/OpenSSL combinations.	Err	codemadness.org	70
i 38107  * sshd(8): handle getgrouplist(3) returning more than	Err	codemadness.org	70
i 38108    _SC_NGROUPS_MAX groups. Some platforms consider this limit more	Err	codemadness.org	70
i 38109    as a guideline.	Err	codemadness.org	70
i 38110

Err codemadness.org 70 i 38111 Err codemadness.org 70 i 38112

Err codemadness.org 70 i 38113 Err codemadness.org 70 i 38114

##News Roundup

Err codemadness.org 70 i 38115 Err codemadness.org 70 i 38116

###MeetBSD 2018: The Ultimate Hallway Track

Err codemadness.org 70 i 38117 Err codemadness.org 70 i 38118

Err codemadness.org 70 i 38119
Founded in Poland in 2007 and first hosted in California in 2008, MeetBSD combines formal talks with UnConference activities to provide a level of interactivity not found at any other BSD conference. The character of each MeetBSD is determined largely by its venue, ranging from Hacker Dojo in 2010 to Intel’s Santa Clara headquarters this year. The Intel SC12 building provided a beautiful auditorium and sponsors’ room, plus a cafeteria for the Friday night social event and the Saturday night FreeBSD 25th Anniversary Celebration. The formal nature of the auditorium motivated the formation of MeetBSD’s first independent Program Committee and public Call for Participation. Together these resulted in a backbone of talks presented by speakers from the USA, Canada, and Poland, combined with UnConference activities tailored to the space.
Err codemadness.org 70 i 38120

Err codemadness.org 70 i 38121 Err codemadness.org 70 i 38122

MeetBSD Day 0

Err codemadness.org 70 i 38125 Err codemadness.org 70 i 38126

Err codemadness.org 70 i 38127
Day Zero of MeetBSD was a FreeBSD Developer/Vendor Summit hosted in the same auditorium where the talks would take place. Like the conference itself, this event featured a mix of scheduled talks and interactive sessions. The scheduled talks were LWPMFS: LightWeight Persistent Memory Filesystem by Ravi Pokala, Evaluating GIT for FreeBSD by Ed Maste, and NUMA by Mark Johnston. Ed’s overview of the advantages and disadvantages of using Git for FreeBSD development was of the most interest to users and developers, and the discussion continued into the following two days.
Err codemadness.org 70 i 38128

Err codemadness.org 70 i 38129 Err codemadness.org 70 i 38130

MeetBSD Day 1

Err codemadness.org 70 i 38133 Err codemadness.org 70 i 38134

Err codemadness.org 70 i 38135
The first official day of MeetBSD 2018 was kicked off with introductions led by emcee JT Pennington and a keynote, “Using TrueOS to boot-strap your FreeBSD-based project” by Kris Moore. Kris described a new JSON-based release infrastructure that he has exercised with FreeBSD, TrueOS, and FreeNAS. Kris’ talk was followed by “Intel & FreeBSD: Better Together” by Ben Widawsky, the FreeBSD program lead at Intel, who gave an overview of Intel’s past and current efforts supporting FreeBSD. Next came lunch, followed by Kamil Rytarowski’s “Bug detecting software in the NetBSD userland: MKSANITIZER”. This was followed by 5-Minute Lightning Talks, Andrew Fengler’s “FreeBSD: What to (Not) Monitor”, and an OpenZFS Panel Discussion featuring OpenZFS experts Michael W. Lucas, Allan Jude, Alexander Motin, Pawel Dawidek, and Dan Langille. Day one concluded with a social event at the Intel cafeteria where the discussions continued into the night.
Err codemadness.org 70 i 38136

Err codemadness.org 70 i 38137 Err codemadness.org 70 i 38138

MeetBSD Day 2

Err codemadness.org 70 i 38141 Err codemadness.org 70 i 38142

Err codemadness.org 70 i 38143
Day Two of MeetBSD 2018 kicked off with a keynote by Michael W. Lucas entitled “Why BSD?”, where Michael detailed what makes the BSD community different and why it attracts us all. This was followed by Dr. Kirk McKusick’s “The Early Days of BSD” talk, which was followed by “DTrace/dwatch in Production” by Devin Teske. After lunch, we enjoyed “A Curmudgeon’s Language Selection Criteria: Why I Don’t Write Everything in Go, Rust, Elixir, etc” by G. Clifford Williams and, “Best practices of sandboxing applications with Capsicum” by Mariusz Zaborski. I then hosted a Virtualization Panel Discussion that featured eight developers from FreeBSD, OpenBSD, and NetBSD. We then split up for Breakout Sessions and the one on Bloomberg’s controversial article on backdoored Supermicro systems was fascinating given the experts present, all of whom were skeptical of the feasibility of the attack. The day wrapped up with a final talk, “Tales of a Daemontown Performance Peddler: Why ‘it depends’ and what you can do about it” by Nick Principe, followed by the FreeBSD 25th Anniversary Celebration.
Err codemadness.org 70 i 38144

Err codemadness.org 70 i 38145 Err codemadness.org 70 i 38146

Putting the “meet” in MeetBSD

Err codemadness.org 70 i 38149 Err codemadness.org 70 i 38150

Err codemadness.org 70 i 38151
I confess the other organizers and I were nervous about how well one large auditorium would suit a BSD event but the flexible personal space it gave everyone allowed for countless meetings and heated hacking that often brought about immediate results. I watched people take ideas through several iterations with the help and input of obvious and unexpected experts, all of whom were within reach. Not having to pick up and leave for a talk in another room organically resulted in essentially a series of mini hackathons that none of us anticipated but were delighted to witness, taking the “hallway track” to a whole new level. The mix of formal and UnConference activities at MeetBSD is certain to evolve. Thank you to everyone who participated with questions, Lightning Talks, and Panel participation. A huge thanks to our sponsors, including Intel for both hosting and sponsoring MeetBSD California 2018, Western Digital, Supermicro, Verisign, Jupiter Broadcasting, the FreeBSD Foundation, Bank of America Merrill Lynch, the NetBSD Foundation, and the team at iXsystems.
Err codemadness.org 70 i 38152

Err codemadness.org 70 i 38153 Err codemadness.org 70 i 38154

Err codemadness.org 70 i 38155
See you at MeetBSD 2020!
Err codemadness.org 70 i 38156

Err codemadness.org 70 i 38157 Err codemadness.org 70 i 38158

Err codemadness.org 70 i 38159 Err codemadness.org 70 i 38160

###Setup DragonflyBSD with a desktop on real hardware ThinkPad T410
Err codemadness.org 70 i 38161 +Video Demo

Err codemadness.org 70 i 38162 Err codemadness.org 70 i 38163

Err codemadness.org 70 i 38164
Linux has become too mainstream and standard BSD is a common thing now? How about DragonflyBSD which was created as a fork of FreeBSD 4.8 in conflict over system internals. This tutorial will show how to install it and set up a user-oriented desktop. It should work with DragonflyBSD, FreeBSD and probably all BSDs.
Err codemadness.org 70 i 38165 Some background: BSD was is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install!
Err codemadness.org 70 i 38166 I did try two BSD distros before called GhostBSD and TrueOS and you can check out my short reviews. DragonflyBSD comes like FreeBSD bare bones and requires some work to get a desktop running.
Err codemadness.org 70 i 38167

Err codemadness.org 70 i 38168 Err codemadness.org 70 i 38169

Err codemadness.org 70 i 38171
Download image file and burn to USB drive or DVD
Err codemadness.org 70 i 38172
Err codemadness.org 70 i 38174
First installation
Err codemadness.org 70 i 38175
Err codemadness.org 70 i 38177
Setting up the system and installing a desktop
Err codemadness.org 70 i 38178
Err codemadness.org 70 i 38180
Inside the desktop
Err codemadness.org 70 i 38181
Err codemadness.org 70 i 38183
Install some more programs
Err codemadness.org 70 i 38184
Err codemadness.org 70 i 38186
How to enable sound?
Err codemadness.org 70 i 38187
Err codemadness.org 70 i 38189
Let’s play some free games
Err codemadness.org 70 i 38190
Err codemadness.org 70 i 38192
Setup WiFi
Err codemadness.org 70 i 38193
Err codemadness.org 70 i 38195
Power mode settings
Err codemadness.org 70 i 38196
Err codemadness.org 70 i 38198
More to do?
Err codemadness.org 70 i 38199

Err codemadness.org 70 i 38201 Err codemadness.org 70 i 38202

Err codemadness.org 70 i 38203
You can check out this blog post if you want a much more detailed tutorial. If you don’t mind standard BSD, get the GhostBSD distro instead which comes with a ready-made desktop xcfe or mate and many functional presets.
Err codemadness.org 70 i 38204

Err codemadness.org 70 i 38205 Err codemadness.org 70 i 38206

Err codemadness.org 70 i 38208
A small summary of what we got on the upside:
Err codemadness.org 70 i 38209
- Free and open source operating system with a long history
- Drivers worked fine including Ethernet, WiFi, video 2D & 3D, audio, etc
- Hammer2 advanced file system
- You are very unique if you use this OS fork
Err codemadness.org 70 i 38215 Err codemadness.org 70 i 38216

Err codemadness.org 70 i 38218 Err codemadness.org 70 i 38219
Some downsides:
Err codemadness.org 70 i 38220 Err codemadness.org 70 i 38221

Err codemadness.org 70 i 38223 Err codemadness.org 70 i 38224
Less driver and direct app support than Linux
Err codemadness.org 70 i 38225 Err codemadness.org 70 i 38226

Err codemadness.org 70 i 38228 Err codemadness.org 70 i 38229
Installer and desktop have some traps and quirks and require work
Err codemadness.org 70 i 38230 Err codemadness.org 70 i 38231

Err codemadness.org 70 i 38233

Err codemadness.org 70 i 38234 Err codemadness.org 70 i 38235

###Porting Keybase to NetBSD

Err codemadness.org 70 i 38236 Err codemadness.org 70 i 38237

Err codemadness.org 70 i 38238
Keybase significantly simplifies the whole keypair/PGP thing and makes what is usually a confusing, difficult experience actually rather pleasant. At its heart is an open-source command line utility that does all of the heavy cryptographic lifting. But it’s also hooked up to the network of all other Keybase users, so you don’t have to work very hard to maintain big keychains. Pretty cool!
Err codemadness.org 70 i 38239 So, this evening, I tried to get it to all work on NetBSD.
Err codemadness.org 70 i 38240 The Keybase client code base is, in my opinion, not very well architected… there exist many different Keybase clients (command line apps, desktop apps, mobile apps) and for some reason the code for all of them are seemingly in this single repository, without even using Git submodules. Not sure what that’s about.
Err codemadness.org 70 i 38241 Anyway, “go build”-ing the command line program (it’s written in Go) failed immediately because there’s some platform-specific code that just does not seem to recognize that NetBSD exists (but they do for FreeBSD and OpenBSD). Looks like the Keybase developers maintain a Golang wrapper around struct proc, which of course is different from OS to OS. So I literally just copypasted the OpenBSD wrapper, renamed it to “NetBSD”, and the build basically succeeded from there! This is of course super janky and untrustworthy, but it seems to Mostly Just Work…
Err codemadness.org 70 i 38242 I forked the GitHub repo, you can see the diff on top of keybase 2.7.3 here: bccaaf3096a
Err codemadness.org 70 i 38243 Eventually I ended up with a ~/go/bin/keybase which launches just fine. Meaning, I can main() okay. But the moment you try to do anything interesting, it looks super scary:
Err codemadness.org 70 i 38244

Err codemadness.org 70 i 38245 Err codemadness.org 70 i 38246

charlotte@sakuracity:~/go/bin ./keybase login	Err	codemadness.org	70
i 38247 ▶ WARNING Running in devel mode	Err	codemadness.org	70
i 38248 ▶ INFO Forking background server with pid=12932	Err	codemadness.org	70
i 38249 ▶ ERROR unexpected error in Login: API network error: doRetry failed,	Err	codemadness.org	70
i 38250 attempts: 1, timeout 5s, last err: Get	Err	codemadness.org	70
i 38251 http://localhost:3000/_/api/1.0/merkle/path.json?last=3784314&load_deleted=1&load_reset_chain=1&poll=10&sig_hints_low=3&uid=38ae1dfa49cd6831ea2fdade5c5d0519:	Err	codemadness.org	70
i 38252 dial tcp [::1]:3000: connect: connection refused	Err	codemadness.org	70
i 38253

Err codemadness.org 70 i 38254 Err codemadness.org 70 i 38255

Err codemadness.org 70 i 38256
There’s a few things about this error message that stuck out to me:
Err codemadness.org 70 i 38257

Err codemadness.org 70 i 38258 Err codemadness.org 70 i 38259

Forking a background server? What?
It’s trying to connect to localhost? That must be the server that doesn’t work …

Err codemadness.org 70 i 38263 Err codemadness.org 70 i 38264

Err codemadness.org 70 i 38265
Unfortunately, this nonfunctional “background server” sticks around even when a command as simple as ‘login’ command just failed:
Err codemadness.org 70 i 38266

Err codemadness.org 70 i 38267 Err codemadness.org 70 i 38268

charlotte@sakuracity:~/go/bin ps 12932	Err	codemadness.org	70
i 38269   PID TTY STAT    TIME COMMAND	Err	codemadness.org	70
i 38270   12932 ?   Ssl  0:00.21 ./keybase --debug --log-file	Err	codemadness.org	70
i 38271   /home/charlotte/.cache/keybase.devel/keybase.service.log service --chdir	Err	codemadness.org	70
i 38272   /home/charlotte/.config/keybase.devel --auto-forked 	Err	codemadness.org	70
i 38273

Err codemadness.org 70 i 38274 Err codemadness.org 70 i 38275

Err codemadness.org 70 i 38276
I’m not exactly sure what the intended purpose of the “background server” even is, but fortunately we can kill it and even tell the keybase command to not even spawn one:
Err codemadness.org 70 i 38277

Err codemadness.org 70 i 38278 Err codemadness.org 70 i 38279

charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --standalone	Err	codemadness.org	70
i 38280    --standalone                         Use the client without any daemon support.	Err	codemadness.org	70
i 38281

Err codemadness.org 70 i 38282 Err codemadness.org 70 i 38283

Err codemadness.org 70 i 38284
And then we can fix wanting to connect to localhost by specifying an expected Keybase API server – how about the one hosted at https://keybase.io?
Err codemadness.org 70 i 38285

Err codemadness.org 70 i 38286 Err codemadness.org 70 i 38287

charlotte@sakuracity:~/go/bin ./keybase help advanced | grep -- --server	Err	codemadness.org	70
i 38288    --server, -s                         Specify server API.	Err	codemadness.org	70
i 38289

Err codemadness.org 70 i 38290 Err codemadness.org 70 i 38291

Err codemadness.org 70 i 38292
Basically, what I’m trying to say is that if you specify both of these options, the keybase command does what I expect on NetBSD:
Err codemadness.org 70 i 38293

Err codemadness.org 70 i 38294 Err codemadness.org 70 i 38295

charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io login	Err	codemadness.org	70
i 38296 ▶ WARNING Running in devel mode	Err	codemadness.org	70
i 38297 Please enter the Keybase passphrase for dressupgeekout (6+ characters): 	Err	codemadness.org	70
i 38298 	Err	codemadness.org	70
i 38299 charlotte@sakuracity:~/go/bin ./keybase --standalone -s https://keybase.io id dressupgeekout	Err	codemadness.org	70
i 38300 ▶ WARNING Running in devel mode	Err	codemadness.org	70
i 38301 ▶ INFO Identifying dressupgeekout	Err	codemadness.org	70
i 38302 ✔ public key fingerprint: 7873 DA50 A786 9A3F 1662 3A17 20BD 8739 E82C 7F2F	Err	codemadness.org	70
i 38303 ✔ "dressupgeekout" on github:	Err	codemadness.org	70
i 38304 https://gist.github.com/0471c7918d254425835bf5e1b4bcda00 [cached 2018-10-11	Err	codemadness.org	70
i 38305 20:55:21 PDT]	Err	codemadness.org	70
i 38306 ✔ "dressupgeekout" on reddit:	Err	codemadness.org	70
i 38307 https://www.reddit.com/r/KeybaseProofs/comments/9ng5qm/my_keybase_proof_redditdressupgeekout/	Err	codemadness.org	70
i 38308 [cached 2018-10-11 20:55:21 PDT]	Err	codemadness.org	70
i 38309

Err codemadness.org 70 i 38310 Err codemadness.org 70 i 38311

Err codemadness.org 70 i 38312 Err codemadness.org 70 i 38313

###Initial implementation of draft-ietf-6man-ipv6only-flag

Err codemadness.org 70 i 38314 Err codemadness.org 70 i 38315

This change defines the RA "6" (IPv6-Only) flag which routers	Err	codemadness.org	70
i 38316 may advertise, kernel logic to check if all routers on a link	Err	codemadness.org	70
i 38317 have the flag set and accordingly update a per-interface flag.	Err	codemadness.org	70
i 38318 	Err	codemadness.org	70
i 38319 If all routers agree that it is an IPv6-only link, ether_output_frame(),	Err	codemadness.org	70
i 38320 based on the interface flag, will filter out all ETHERTYPE_IP/ARP	Err	codemadness.org	70
i 38321 frames, drop them, and return EAFNOSUPPORT to upper layers.	Err	codemadness.org	70
i 38322 	Err	codemadness.org	70
i 38323 The change also updates ndp to show the "6" flag, ifconfig to	Err	codemadness.org	70
i 38324 display the IPV6_ONLY nd6 flag if set, and rtadvd to allow	Err	codemadness.org	70
i 38325 announcing the flag.	Err	codemadness.org	70
i 38326 	Err	codemadness.org	70
i 38327 Further changes to tcpdump (contrib code) are availble and will	Err	codemadness.org	70
i 38328 be upstreamed.	Err	codemadness.org	70
i 38329 	Err	codemadness.org	70
i 38330 Tested the code (slightly earlier version) with 2 FreeBSD	Err	codemadness.org	70
i 38331 IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,	Err	codemadness.org	70
i 38332 and with Win10 and OSX clients (which did not fall over with	Err	codemadness.org	70
i 38333 the "6" flag set but not understood).	Err	codemadness.org	70
i 38334 	Err	codemadness.org	70
i 38335 We may also want to (a) implement and RX filter, and (b) over	Err	codemadness.org	70
i 38336 time enahnce user space to, say, stop dhclient from running	Err	codemadness.org	70
i 38337 when the interface flag is set.  Also we might want to start	Err	codemadness.org	70
i 38338 IPv6 before IPv4 in the future.	Err	codemadness.org	70
i 38339 	Err	codemadness.org	70
i 38340 All the code is hidden under the EXPERIMENTAL option and not	Err	codemadness.org	70
i 38341 compiled by default as the draft is a work-in-progress and	Err	codemadness.org	70
i 38342 we cannot rely on the fact that IANA will assign the bits	Err	codemadness.org	70
i 38343 as requested by the draft and hence they may change.	Err	codemadness.org	70
i 38344 	Err	codemadness.org	70
i 38345 Dear 6man, you have running code.	Err	codemadness.org	70
i 38346 	Err	codemadness.org	70
i 38347 Discussed with: Bob Hinden, Brian E Carpenter	Err	codemadness.org	70
i 38348

Err codemadness.org 70 i 38349 Err codemadness.org 70 i 38350

##Beastie Bits

Err codemadness.org 70 i 38351 Err codemadness.org 70 i 38352

Running FreeBSD on macOS via xhyve
Auction Winners
OpenSSH Principals
OpenBSD Foundation gets a second Iridium donation from Handshake
NetBSD machines at Open Source Conference 2018 Kagawa
Absolute FreeBSD now shipping!
NextCloud on OpenBSD
FreeBSD 12.0-BETA2 Available
DTrace on Windows ported from FreeBSD
HELBUG fall 2018 meeting scheduled - Thursday the 15th of November
35C3 pre-sale has started
Stockholm BSD User Meeting: Tuesday Nov 13, 18:00 - 21:30
Polish BSD User Group: Thursday Nov 15, 18:30 - 21:00

Err codemadness.org 70 i 38367 Err codemadness.org 70 i 38368

Err codemadness.org 70 i 38369 Err codemadness.org 70 i 38370

##Feedback/Questions

Err codemadness.org 70 i 38371 Err codemadness.org 70 i 38372

Greg - Interview suggestion for the show
Nelson - Ghostscript vulnerabilities
Allison - Ports and GCC

Err codemadness.org 70 i 38377 Err codemadness.org 70 i 38378

Err codemadness.org 70 i 38379 Err codemadness.org 70 i 38380

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 38383 Err codemadness.org 70 i 38384

]]> Err codemadness.org 70 i 38385

Episode 269: Tiny Daemon Lib | BSD Now 269

Allan Jude — Wed, 24 Oct 2018 02:00:00 -0700

FreeBSD Foundation September Update, tiny C lib for programming Unix daemons, EuroBSDcon trip reports, GhostBSD tested on real hardware, and a BSD auth module for duress. Err codemadness.org 70 i 38835

##Headlines
Err codemadness.org 70 i 38836 FreeBSD Foundation Update, September 2018

Err codemadness.org 70 i 38837

MESSAGE FROM THE EXECUTIVE DIRECTOR

Err codemadness.org 70 i 38840

Err codemadness.org 70 i 38841
Dear FreeBSD Community Member, It is hard to believe that September is over. The Foundation team had a busy month promoting FreeBSD all over the globe, bug fixing in preparation for 12.0, and setting plans in motion to kick off our 4th quarter fundraising and advocacy efforts. Take a minute to see what we’ve been up to and please consider making a donation to help us continue our efforts supporting FreeBSD!
Err codemadness.org 70 i 38842

Err codemadness.org 70 i 38843

September 2018 Development Projects Update

Err codemadness.org 70 i 38846

Err codemadness.org 70 i 38847
In preparation for the release of FreeBSD 12.0, I have been working on investigating and fixing a backlog of kernel bug reports. Of course, this kind of work is never finished, and we will continue to make progress after the release. In the past couple of months I have fixed a combination of long-standing issues and recent regressions. Of note are a pair of UNIX domain socket bugs which had been affecting various applications for years. In particular, Chromium tabs would frequently hang unless a workaround was manually applied to the system, and the bug had started affecting recent versions of Firefox as well. Fixing these issues gave me an opportunity to revisit and extend our regression testing for UNIX sockets, which, in turn, resulted in some related bugs being identified and fixed.
Err codemadness.org 70 i 38848 Of late I have also been investigating reports of issues with ZFS, particularly, those reported on FreeBSD 11.2. A number of regressions, including a kernel memory leak and issues with ARC reclamation, have already been fixed for 12.0; investigation of other reports is ongoing. Those who closely follow FreeBSD-CURRENT know that some exciting work to improve memory usage on NUMA systems is now enabled by default. As is usually the case when new code is deployed in a diverse array of systems and workloads, a number of problems since have been identified. We are working on resolving them as soon as possible to ensure the quality of the release.
Err codemadness.org 70 i 38849 I’m passionate about maintaining FreeBSD’s stability and dependability as it continues to expand and grow new features, and I’m grateful to the FreeBSD Foundation for sponsoring this work. We depend on users to report problems to the mailing lists and via the bug tracker, so please try running the 12.0 candidate builds and help us make 12.0 a great release.
Err codemadness.org 70 i 38850

Err codemadness.org 70 i 38851

Fundraising Update: Supporting the Project

Err codemadness.org 70 i 38854

Err codemadness.org 70 i 38855
It’s officially Fall here at Foundation headquarters and we’re heading full-steam into our final fundraising campaign of the year. We couldn’t even have begun to reach our funding goal of $1.25 million dollars without the support from the companies who have partnered with us this year. Thank you to Verisign for becoming a Silver Partner. They now join a growing list of companies like Xiplink, NetApp, Microsoft, Tarsnap, VMware, and NeoSmart Technologies that are stepping up and showing their commitment to FreeBSD!
Err codemadness.org 70 i 38856 Funding from commercial users like these and individual users like yourself, help us continue our efforts of supporting critical areas of FreeBSD such as:
Err codemadness.org 70 i 38857

Err codemadness.org 70 i 38858

Operating System Improvements: Providing staff to immediately respond to urgent problems and implement new features and functionality allowing for the innovation and stability you’ve come to rely on.
Security: Providing engineering resources to bolster the capacity and responsiveness of the Security team providing your users with piece of mind when security issues arise.
Release Engineering: Continue providing a full-time release engineer, resulting in timely and reliable releases you can plan around.
Quality Assurance: Improving and increasing test coverage, continuous integration, and automated testing with a full-time software engineer to ensure you receive the highest quality, secure, and reliable operating system.
New User Experience: Improving the process and documentation for getting new people involved with FreeBSD, and supporting those people as they become integrated into the FreeBSD Community providing the resources you may need to get new folks up to speed.
Training: Supporting more FreeBSD training for undergraduates, graduates, and postgraduates. Growing the community means reaching people and catching their interest in systems software as early as possible and providing you with a bigger pool of candidates with the FreeBSD skills you’re looking for.
Face-to-Face Opportunities: Facilitating collaboration among members of the community, and building connections throughout the industry to support a healthy and growing ecosystem and make it easier for you to find resources when questions emerge .

Err codemadness.org 70 i 38867

Err codemadness.org 70 i 38868
We can continue the above work, if we meet our goal this year!
Err codemadness.org 70 i 38869 If your company uses FreeBSD, please consider joining our growing list of 2018 partners. If you haven’t made your donation yet, please consider donating today. We are indebted to the individual donors, and companies listed above who have already shown their commitment to open source.
Err codemadness.org 70 i 38870 Thank you for supporting FreeBSD and the Foundation!
Err codemadness.org 70 i 38871

Err codemadness.org 70 i 38872

September 2018 Release Engineering Update

Err codemadness.org 70 i 38875

Err codemadness.org 70 i 38876
The FreeBSD Release Engineering team continued working on the upcoming 12.0 RELEASE. At present, the 12.0 schedule had been adjusted by one week to allow for necessary works-in-progress to be completed.
Err codemadness.org 70 i 38877 Of note, one of the works-in-progress includes updating OpenSSL from 1.0.2 to 1.1.1, in order to avoid breaking the application binary interface (ABI) on an established stable branch.
Err codemadness.org 70 i 38878 Due to the level of non-trivial intrusiveness that had already been discovered and addressed in a project branch of the repository, it is possible (but not yet definite) that the schedule will need to be adjusted by another week to allow more time for larger and related updates for this particular update.
Err codemadness.org 70 i 38879 Should the 12.0-RELEASE schedule need to be adjusted at any time during the release cycle, the schedule on the FreeBSD project website will be updated accordingly. The current schedule is available at:
Err codemadness.org 70 i 38880 https://www.freebsd.org/releases/12.0R/schedule.html
Err codemadness.org 70 i 38881

Err codemadness.org 70 i 38882

BSDCam 2018 Trip Report: Marie Helene Kvello-Aune

Err codemadness.org 70 i 38885

Err codemadness.org 70 i 38886
I’d like to start by thanking the FreeBSD Foundation for sponsoring my trip to BSDCam(bridge) 2018. I wouldn’t have managed to attend otherwise. I’ve used FreeBSD in both personal and professional deployments since the year 2000, and over the last few years I have become more involved with development and documentation.
Err codemadness.org 70 i 38887 I arrived in Gatwick, London at midnight. On Monday, August 13, I took the train to Cambridge, and decided to do some touristy activities as I walked from the train station to Churchill College. I ran into Allan outside the hotel right before the sky decided it was time for a heavy rainfall. Monday was mostly spent settling in, recouping after travel, and hanging out with Allan, Brad, Will and Andy later in the afternoon/evening. Read more…
Err codemadness.org 70 i 38888

Err codemadness.org 70 i 38889

Continuous Integration Update

Err codemadness.org 70 i 38892

Err codemadness.org 70 i 38893
The FreeBSD Foundation has sponsored the development of the Project’s continuous integration system, available at https://ci.FreeBSD.org, since June. Over the summer, we improved both the software and hardware infrastructure, and also added some new jobs for extending test coverage of the -CURRENT and -STABLE branches. Following are some highlights.
Err codemadness.org 70 i 38894

Err codemadness.org 70 i 38895

New Hardware

Err codemadness.org 70 i 38898

Err codemadness.org 70 i 38899
The Foundation purchased 4 new build machines for scaling up the computation power for the various test jobs. These newer, faster machines substantially speed up the time it takes to test amd64 builds, so that failing changes can be identified more quickly. Also, in August, we received a donation of 2 PINE A64-LTS boards from PINE64.org, which will be put in the hardware test lab as one part of the continuous tests.
Err codemadness.org 70 i 38900

Err codemadness.org 70 i 38901

CI Staging Environment

Err codemadness.org 70 i 38904

Err codemadness.org 70 i 38905
We used hardware from a previous generation CI system to build a staging environment for the CI infrastructure, which is available at
Err codemadness.org 70 i 38906 https://ci-dev.freebsd.org. It executes the configurations and scripts from the “staging” branch of the FreeBSD-CI repository, and the development feature branches. We also use it to experiment with the new version of the jenkins server and plugins. Having a staging environment avoids affecting the production CI environment, reducing downtime.
Err codemadness.org 70 i 38907

Err codemadness.org 70 i 38908

Mail Notification

Err codemadness.org 70 i 38911

Err codemadness.org 70 i 38912
In July, we turned on failure notification for all the kernel and world build jobs. Committers will receive email containing the build information and failure log to inform them of possible problems with their modification on certain architectures. For amd64 of the -CURRENT branch, we also enabled the notification on failing regression test cases. Currently mail is sent only to the individual committers, but with help from postmaster team, we have created a dev-ci mailing list and will soon be also sending notifications there.
Err codemadness.org 70 i 38913

Err codemadness.org 70 i 38914

New Test Job

Err codemadness.org 70 i 38917

Err codemadness.org 70 i 38918
In August, we updated the embedded script of the virtual machine image. Originally it only executed pre-defined tests, but now this behavior can be modified by the data on the attached disk. This mechanism is used for adding new ZFS tests jobs. We are also working on analyzing and fixing the failing and skipped test cases.
Err codemadness.org 70 i 38919

Err codemadness.org 70 i 38920

Work in Progress

Err codemadness.org 70 i 38923

Err codemadness.org 70 i 38924
In August and September, we had two developer summits, one in Cambridge, UK and one in Bucharest, Romania. In these meetings, we discussed running special tests, such as ztest, which need a longer run time. We also planned the network testing for TCP/IP stack
Err codemadness.org 70 i 38925

Err codemadness.org 70 i 38926

Err codemadness.org 70 i 38927

###Daemonize - a Tiny C Library for Programming the UNIX Daemons

Err codemadness.org 70 i 38928

Err codemadness.org 70 i 38929
Whatever they say, writing System-V style UNIX daemons is hard. One has to follow many rules to make a daemon process behave correctly on diverse UNIX flavours. Moreover, debugging such a code might be somewhat tricky. On the other hand, the process of daemon initialisation is rigid and well defined so the corresponding code has to be written and debugged once and later can be reused countless number of times.
Err codemadness.org 70 i 38930 Developers of BSD UNIX were very aware of this, as there a C library function daemon() was available starting from version 4.4. The function, although non-standard, is present on many UNIXes. Unfortunately, it does not follow all the required steps to reliably run a process in the background on systems which follow System-V semantics (e.g. Linux). The details are available at the corresponding Linux man page. The main problem here, as I understand it, is that daemon() does not use the double-forking technique to avoid the situation when zombie processes appear.
Err codemadness.org 70 i 38931 Whenever I encounter a problem like this one, I know it is time to write a tiny C library which solves it. This is exactly how ‘daemonize’ was born (GitHub mirror). The library consists of only two files which are meant to be integrated into the source tree of your project. Recently I have updated the library and realised that it would be good to describe how to use it on this site.
Err codemadness.org 70 i 38932 If for some reason you want to make a Windows service, I have a battle tested template code for you as well.
Err codemadness.org 70 i 38933

Err codemadness.org 70 i 38934

System-V Daemon Initialisation Procedure

Err codemadness.org 70 i 38937

Err codemadness.org 70 i 38938
To make discussion clear we shall quote the steps which have to be performed during a daemon initialisation (according to daemon(7) manual page on Linux). I do it to demonstrate that this task is more tricky than one might expect.
Err codemadness.org 70 i 38939

Err codemadness.org 70 i 38940

Err codemadness.org 70 i 38942
So, here we go:
Err codemadness.org 70 i 38943
Err codemadness.org 70 i 38945
Close all open file descriptors except standard input, output, and error (i.e. the first three file descriptors 0, 1, 2). This ensures that no accidentally passed file descriptor stays around in the daemon process. On Linux, this is best implemented by iterating through /proc/self/fd, with a fallback of iterating from file descriptor 3 to the value returned by getrlimit() for RLIMITNOFILE.
Err codemadness.org 70 i 38946
Err codemadness.org 70 i 38948
Reset all signal handlers to their default. This is best done by iterating through the available signals up to the limit of _NSIG and resetting them to SIGDFL.
Err codemadness.org 70 i 38949
Err codemadness.org 70 i 38951
Reset the signal mask using sigprocmask().
Err codemadness.org 70 i 38952
Err codemadness.org 70 i 38954
Sanitize the environment block, removing or resetting environment variables that might negatively impact daemon runtime.
Err codemadness.org 70 i 38955
Err codemadness.org 70 i 38957
Call fork(), to create a background process.
Err codemadness.org 70 i 38958
Err codemadness.org 70 i 38960
In the child, call setsid() to detach from any terminal and create an independent session.
Err codemadness.org 70 i 38961
Err codemadness.org 70 i 38963
In the child, call fork() again, to ensure that the daemon can never re-acquire a terminal again.
Err codemadness.org 70 i 38964
Err codemadness.org 70 i 38966
Call exit() in the first child, so that only the second child (the actual daemon process) stays around. This ensures that the daemon process is re-parented to init/PID 1, as all daemons should be.
Err codemadness.org 70 i 38967
Err codemadness.org 70 i 38969
In the daemon process, connect /dev/null to standard input, output, and error.
Err codemadness.org 70 i 38970
Err codemadness.org 70 i 38972
In the daemon process, reset the umask to 0, so that the file modes passed to open(), mkdir() and suchlike directly control the access mode of the created files and directories.
Err codemadness.org 70 i 38973
Err codemadness.org 70 i 38975
In the daemon process, change the current directory to the root directory (/), in order to avoid that the daemon involuntarily blocks mount points from being unmounted.
Err codemadness.org 70 i 38976
Err codemadness.org 70 i 38978
In the daemon process, write the daemon PID (as returned by getpid()) to a PID file, for example /run/foobar.pid (for a hypothetical daemon “foobar”) to ensure that the daemon cannot be started more than once. This must be implemented in race-free fashion so that the PID file is only updated when it is verified at the same time that the PID previously stored in the PID file no longer exists or belongs to a foreign process.
Err codemadness.org 70 i 38979
Err codemadness.org 70 i 38981
In the daemon process, drop privileges, if possible and applicable.
Err codemadness.org 70 i 38982
Err codemadness.org 70 i 38984
From the daemon process, notify the original process started that initialization is complete. This can be implemented via an unnamed pipe or similar communication channel that is created before the first fork() and hence available in both the original and the daemon process.
Err codemadness.org 70 i 38985
Err codemadness.org 70 i 38987
Call exit() in the original process. The process that invoked the daemon must be able to rely on that this exit() happens after initialization is complete and all external communication channels are established and accessible.
Err codemadness.org 70 i 38988

Err codemadness.org 70 i 38990

Err codemadness.org 70 i 38991
The discussed library does most of the above-mentioned initialisation steps as it becomes immediately evident that implementation details for some of them heavily dependent on the internal logic of an application itself, so it is not possible to implement them in a universal library. I believe it is not a flaw, though, as the missed parts are safe to implement in an application code.
Err codemadness.org 70 i 38992

Err codemadness.org 70 i 38993

The Library’s Application Programming Interface

Err codemadness.org 70 i 38996

Err codemadness.org 70 i 38997
The generic programming interface was loosely modelled after above-mentioned BSD’s daemon() function. The library provides two user available functions (one is, in fact, implemented on top of the other) as well as a set of flags to control a daemon creation behaviour.
Err codemadness.org 70 i 38998

Err codemadness.org 70 i 38999

Conclusion

Err codemadness.org 70 i 39002

Err codemadness.org 70 i 39003
The objective of the library is to hide all the trickery of programming a daemon so you could concentrate on the more creative parts of your application. I hope it does this well.
Err codemadness.org 70 i 39004 If you are not only interested in writing a daemon, but also want to make yourself familiar with the techniques which are used to accomplish that, the source code is available. Moreover, I would advise anyone, who starts developing for a UNIX environment to do that, as it shows many intricacies of programming for these platforms.
Err codemadness.org 70 i 39005

Err codemadness.org 70 i 39006

Err codemadness.org 70 i 39007

##News Roundup
Err codemadness.org 70 i 39008 EuroBSDCon 2018 travel report and obligatory pics

Err codemadness.org 70 i 39009

Err codemadness.org 70 i 39010
This was my first big BSD conference. We also planned - planned might be a big word - thought about doing a devsummit on Friday. Since the people who were in charge of that had a change of plans, I was sure it’d go horribly wrong.
Err codemadness.org 70 i 39011 The day before the devsummit and still in the wrong country, I mentioned the hours and venue on the wiki, and booked a reservation for a restaurant.
Err codemadness.org 70 i 39012 It turns out that everything was totally fine, and since the devsummit was at the conference venue (that was having tutorials that day), they even had signs pointing at the room we were given. Thanks EuroBSDCon conference organizers!
Err codemadness.org 70 i 39013 At the devsummit, we spent some time hacking. A few people came with “travel laptops” without access to anything, like Riastradh, so I gave him access to my own laptop. This didn’t hold very long and I kinda forgot about it, but for a few moments he had access to a NetBSD source tree and an 8 thread, 16GB RAM machine with which to build things.
Err codemadness.org 70 i 39014 We had a short introduction and I suggested we take some pictures, so here’s the ones we got. A few people were concerned about privacy, so they’re not pictured. We had small team to hold the camera :-)
Err codemadness.org 70 i 39015 At the actual conference days, I stayed at the speaker hotel with the other speakers. I’ve attempted to make conversation with some visibly FreeBSD/OpenBSD people, but didn’t have plans to talk about anything, so there was a lot of just following people silently.
Err codemadness.org 70 i 39016 Perhaps for the next conference I’ll prepare a list of questions to random BSD people and then very obviously grab a piece of paper and ask, “what was…”, read a bit from it, and say, “your latest kernel panic?”, I’m sure it’ll be a great conversation starter.
Err codemadness.org 70 i 39017 At the conference itself, was pretty cool to have folks like Kirk McKusick give first person accounts of some past events (Kirk gave a talk about governance at FreeBSD), or the second keynote by Ron Broersma.
Err codemadness.org 70 i 39018 My own talk was hastily prepared, it was difficult to bring the topic together into a coherent talk. Nevertheless, I managed to talk about stuff for a while 40 minutes, though usually I skip over so many details that I have trouble putting together a sufficiently long talk.
Err codemadness.org 70 i 39019 I mentioned some of my coolest bugs to solve (I should probably make a separate article about some!). A few people asked for the slides after the talk, so I guess it wasn’t totally incoherent.
Err codemadness.org 70 i 39020 It was really fun to meet some of my favourite NetBSD people. I got to show off my now fairly well working laptop (it took a lot of work by all of us!).
Err codemadness.org 70 i 39021 After the conference I came back with a conference cold, and it took a few days to recover from it. Hopefully I didn’t infect too many people on the way back.
Err codemadness.org 70 i 39022

Err codemadness.org 70 i 39023

Err codemadness.org 70 i 39024

###GhostBSD tested on real hardware T410 – better than TrueOS?

Err codemadness.org 70 i 39025

Err codemadness.org 70 i 39026
You might have heard about FreeBSD which is ultimately derived from UNIX back in the days. It is not Linux even though it is similar in many ways because Linux was designed to follow UNIX principles. Seeing is believing, so check out the video of the install and some apps as well!
Err codemadness.org 70 i 39027

Err codemadness.org 70 i 39028

Err codemadness.org 70 i 39029
Nowadays if you want some of that BSD on your personal desktop how to go about? Well there is a full package or distro called GhostBSD which is based on FreeBSD current with a Mate or XFCE desktop preconfigured. I did try another package called TrueOS before and you can check out my blog post as well.
Err codemadness.org 70 i 39030

Err codemadness.org 70 i 39031

Err codemadness.org 70 i 39032
Let’s give it a try on my Lenovo ThinkPad T410. You can download the latest version from ghostbsd.org. Creating a bootable USB drive was surprisingly difficult as rufus did not work and created a corrupted drive. You have to follow this procedure under Windows: download the 2.5GB .iso file and rename the extension to .img. Download Win32 Disk imager and burn the img file to an USB drive and boot from it. You will be able to start a live session and use the onboard setup to install GhostBSD unto a disk.
Err codemadness.org 70 i 39033

Err codemadness.org 70 i 39034

Err codemadness.org 70 i 39035
I did encounter some bugs or quirks along the way. The installer failed the first time for some unknown reason but worked on the second attempt. The first boot stopped upon initialization of the USB3 ports (the T410 does not have USB3) but I could use some ‘exit’ command line magic to continue. The second boot worked fine. Audio was only available through headphones, not speakers but that could partially be fixed using the command line again. Lot’s of installed apps did not show up in the start menu and on goes the quirks list.
Err codemadness.org 70 i 39036

Err codemadness.org 70 i 39037

Err codemadness.org 70 i 39038
Overall it is still better than TrueOS for me because drivers did work very well and I could address most of the existing bugs.
Err codemadness.org 70 i 39039

Err codemadness.org 70 i 39040

Err codemadness.org 70 i 39042
On the upside:
Err codemadness.org 70 i 39043
Err codemadness.org 70 i 39045
Free and open source FreeBSD package ready to go
Err codemadness.org 70 i 39046
Err codemadness.org 70 i 39048
Mate or XFCE desktop (Mate is the only option for daily builds)
Err codemadness.org 70 i 39049
Err codemadness.org 70 i 39051
Drivers work fine including LAN, WiFi, video 2D & 3D, audio, etc
Err codemadness.org 70 i 39052
Err codemadness.org 70 i 39054
UFS or ZFS advanced file systems available
Err codemadness.org 70 i 39055
Err codemadness.org 70 i 39057
Some downsides:
Err codemadness.org 70 i 39058
Err codemadness.org 70 i 39060
Less driver and direct app support than Linux
Err codemadness.org 70 i 39061
Err codemadness.org 70 i 39063
Installer and desktop have some quirks and bugs
Err codemadness.org 70 i 39064
Err codemadness.org 70 i 39066
App-store is cumbersome, inferior to TrueOS
Err codemadness.org 70 i 39067

Err codemadness.org 70 i 39069

Err codemadness.org 70 i 39070

##Beastie Bits

Err codemadness.org 70 i 39071

EuroBSDCon 2018 and NetBSD sanitizers
New mandoc feature: -T html -O toc
EuroBSDcon 2018
Polish BSD User Group
garbage[43]: What year is it?
The Demo @ 50
Microsoft ports DTrace from FreeBSD to Windows 10
OpenBSD joins Twitter
NetBSD curses ripoffline improvements
FCP-0101: Deprecating most 10/100 Ethernet drivers
Announcing the pkgsrc-2018Q3 release
Debian on OpenBSD vmd (without qemu or another debian system)
A BSD authentication module for duress passwords (Joshua Stein)
Disk Price/Performance Analysis

Err codemadness.org 70 i 39087

Err codemadness.org 70 i 39088

##Feedback/Questions

Err codemadness.org 70 i 39089

DJ - Zombie ZFS
Josua - arm tier 1? how to approach it
-Gamah - 5ghz

Err codemadness.org 70 i 39094

Err codemadness.org 70 i 39095

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 39098

Err codemadness.org 70 i 39099

Episode 268: Netcat Demystified | BSD Now 268

Allan Jude — Tue, 16 Oct 2018 22:00:00 -0700

6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more. Err codemadness.org 70 i 39766

##Headlines
Err codemadness.org 70 i 39767 Six Metrics for Measuring ZFS Pool Performance Part 1

Err codemadness.org 70 i 39768

Err codemadness.org 70 i 39769
The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system.
Err codemadness.org 70 i 39770

Err codemadness.org 70 i 39771

To quantify pool performance, we will consider six primary metrics:
Read I/O operations per second (IOPS)
Write IOPS
Streaming read speed
Streaming write speed
Storage space efficiency (usable capacity after parity versus total raw capacity)
Fault tolerance (maximum number of drives that can fail before data loss)
For the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12).

Err codemadness.org 70 i 39781

Err codemadness.org 70 i 39782
Note that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory).
Err codemadness.org 70 i 39783 There is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics.
Err codemadness.org 70 i 39784 Let’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options.
Err codemadness.org 70 i 39785 Because storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios.
Err codemadness.org 70 i 39786 A striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost.
Err codemadness.org 70 i 39787 The excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z.
Err codemadness.org 70 i 39788 Here’s a summary of the total pool performance (where N is the number of disks in the pool):
Err codemadness.org 70 i 39789

Err codemadness.org 70 i 39790

N-wide striped:
Read IOPS: N * Read IOPS of a single drive
Write IOPS: N * Write IOPS of a single drive
Streaming read speed: N * Streaming read speed of a single drive
Streaming write speed: N * Streaming write speed of a single drive
Storage space efficiency: 100%
Fault tolerance: None!

Err codemadness.org 70 i 39799

Err codemadness.org 70 i 39800
Let’s apply this to our example system, configured with a 12-wide striped pool:
Err codemadness.org 70 i 39801

Err codemadness.org 70 i 39802

12-wide striped:
Read IOPS: 3000
Write IOPS: 3000
Streaming read speed: 1200 MB/s
Streaming write speed: 1200 MB/s
Storage space efficiency: 72 TB
Fault tolerance: None!
Below is a visual depiction of our 12 rainbow blocks written to this pool configuration:

Err codemadness.org 70 i 39812

Err codemadness.org 70 i 39813
The blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails.
Err codemadness.org 70 i 39814 A mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror.
Err codemadness.org 70 i 39815 Streaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk.
Err codemadness.org 70 i 39816

Err codemadness.org 70 i 39817

Err codemadness.org 70 i 39818
Here’s a summary:
Err codemadness.org 70 i 39819

Err codemadness.org 70 i 39820

Err codemadness.org 70 i 39822
N-way mirror:
Err codemadness.org 70 i 39823
Err codemadness.org 70 i 39825
Read IOPS: N * Read IOPS of a single drive
Err codemadness.org 70 i 39826
Err codemadness.org 70 i 39828
Write IOPS: Write IOPS of a single drive
Err codemadness.org 70 i 39829
Err codemadness.org 70 i 39831
Streaming read speed: N * Streaming read speed of a single drive
Err codemadness.org 70 i 39832
Err codemadness.org 70 i 39834
Streaming write speed: Streaming write speed of a single drive
Err codemadness.org 70 i 39835
Err codemadness.org 70 i 39837
Storage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N]
Err codemadness.org 70 i 39838
Err codemadness.org 70 i 39840
Fault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1]
Err codemadness.org 70 i 39841
Err codemadness.org 70 i 39843
For our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not.
Err codemadness.org 70 i 39844
Err codemadness.org 70 i 39846
1x 12-way mirror:
Err codemadness.org 70 i 39847
Err codemadness.org 70 i 39849
Read IOPS: 3000
Err codemadness.org 70 i 39850
Err codemadness.org 70 i 39852
Write IOPS: 250
Err codemadness.org 70 i 39853
Err codemadness.org 70 i 39855
Streaming read speed: 1200 MB/s
Err codemadness.org 70 i 39856
Err codemadness.org 70 i 39858
Streaming write speed: 100 MB/s
Err codemadness.org 70 i 39859
Err codemadness.org 70 i 39861
Storage space efficiency: 8.3% (6 TB)
Err codemadness.org 70 i 39862
Err codemadness.org 70 i 39864
Fault tolerance: 11
Err codemadness.org 70 i 39865

Err codemadness.org 70 i 39867

Err codemadness.org 70 i 39868
As we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array.
Err codemadness.org 70 i 39869

Err codemadness.org 70 i 39870

Err codemadness.org 70 i 39871
Obviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool:
Err codemadness.org 70 i 39872

Err codemadness.org 70 i 39873

Err codemadness.org 70 i 39875
1x 2-way mirror:
Err codemadness.org 70 i 39876
Err codemadness.org 70 i 39878
Read IOPS: 500
Err codemadness.org 70 i 39879
Err codemadness.org 70 i 39881
Write IOPS: 250
Err codemadness.org 70 i 39882
Err codemadness.org 70 i 39884
Streaming read speed: 200 MB/s
Err codemadness.org 70 i 39885
Err codemadness.org 70 i 39887
Streaming write speed: 100 MB/s
Err codemadness.org 70 i 39888
Err codemadness.org 70 i 39890
Storage space efficiency: 50% (6 TB)
Err codemadness.org 70 i 39891
Err codemadness.org 70 i 39893
Fault tolerance: 1
Err codemadness.org 70 i 39894
Err codemadness.org 70 i 39896
Now we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance:
Err codemadness.org 70 i 39897
Err codemadness.org 70 i 39899
6x 2-way mirror:
Err codemadness.org 70 i 39900
Err codemadness.org 70 i 39902
Read IOPS: 3000
Err codemadness.org 70 i 39903
Err codemadness.org 70 i 39905
Write IOPS: 1500
Err codemadness.org 70 i 39906
Err codemadness.org 70 i 39908
Streaming read speed: 3000 MB/s
Err codemadness.org 70 i 39909
Err codemadness.org 70 i 39911
Streaming write speed: 1500 MB/s
Err codemadness.org 70 i 39912
Err codemadness.org 70 i 39914
Storage space efficiency: 50% (36 TB)
Err codemadness.org 70 i 39915
Err codemadness.org 70 i 39917
Fault tolerance: 1 per vdev, 6 total
Err codemadness.org 70 i 39918
Err codemadness.org 70 i 39920
Again, we will examine the configuration from a visual perspective:
Err codemadness.org 70 i 39921

Err codemadness.org 70 i 39923

Err codemadness.org 70 i 39924
Each vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool:
Err codemadness.org 70 i 39925

Err codemadness.org 70 i 39926

4x 3-way mirror:
Read IOPS: 3000
Write IOPS: 1000
Streaming read speed: 3000 MB/s
Streaming write speed: 400 MB/s
Storage space efficiency: 33% (24 TB)
Fault tolerance: 2 per vdev, 8 total

Err codemadness.org 70 i 39935

Err codemadness.org 70 i 39936
While we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system.
Err codemadness.org 70 i 39937 Striped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each.
Err codemadness.org 70 i 39938

Err codemadness.org 70 i 39939

Err codemadness.org 70 i 39940

###2FA with ssh on OpenBSD

Err codemadness.org 70 i 39941

Err codemadness.org 70 i 39942
Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV.
Err codemadness.org 70 i 39943 After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links.
Err codemadness.org 70 i 39944

Err codemadness.org 70 i 39945

SEED CONFIGURATION

Err codemadness.org 70 i 39948

Err codemadness.org 70 i 39949
The first thing we need to do is to install the software which will be used to verify the OTPs we submit.
Err codemadness.org 70 i 39950

Err codemadness.org 70 i 39951

# pkgadd loginoath

Err codemadness.org 70 i 39952

Err codemadness.org 70 i 39953
We need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it.
Err codemadness.org 70 i 39954

Err codemadness.org 70 i 39955

$ openssl rand -hex 20 > ~/.totp-key
Err codemadness.org 70 i 39956 $ chmod 400 ~/.totp-key

Err codemadness.org 70 i 39957

Err codemadness.org 70 i 39958
Now we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion.
Err codemadness.org 70 i 39959 While writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it.
Err codemadness.org 70 i 39960 Here’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy!
Err codemadness.org 70 i 39961

Err codemadness.org 70 i 39962

SYSTEM CONFIGURATION

Err codemadness.org 70 i 39965

Err codemadness.org 70 i 39966
We can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey.
Err codemadness.org 70 i 39967 We need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care.
Err codemadness.org 70 i 39968

Err codemadness.org 70 i 39969

SSHD CONFIGURATION

Err codemadness.org 70 i 39972

Err codemadness.org 70 i 39973
Again, keeping a root shell around decreases the risk of losing access to the system and being locked outside.
Err codemadness.org 70 i 39974 A good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it!
Err codemadness.org 70 i 39975 We need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time.
Err codemadness.org 70 i 39976 To inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system.
Err codemadness.org 70 i 39977 We could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt.
Err codemadness.org 70 i 39978

Err codemadness.org 70 i 39979

IMPROVING SECURITY WITHOUT IMPACTING UX

Err codemadness.org 70 i 39982

Err codemadness.org 70 i 39983
My phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA.
Err codemadness.org 70 i 39984 To find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA.
Err codemadness.org 70 i 39985 To sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD!
Err codemadness.org 70 i 39986

Err codemadness.org 70 i 39987

Err codemadness.org 70 i 39988

##News Roundup
Err codemadness.org 70 i 39989 How ZFS maintains file type information in directories

Err codemadness.org 70 i 39990

Err codemadness.org 70 i 39991
As an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does.
Err codemadness.org 70 i 39992 The easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before).
Err codemadness.org 70 i 39993

Err codemadness.org 70 i 39994

# zdb -dddd fs3-corestaff-01/h/281 1
Err codemadness.org 70 i 39995 Dataset [....]
Err codemadness.org 70 i 39996 [...]
Err codemadness.org 70 i 39997 microzap: 512 bytes, 4 entries
Err codemadness.org 70 i 39998 [...]
Err codemadness.org 70 i 39999 ROOT = 3
Err codemadness.org 70 i 40000
Err codemadness.org 70 i 40001 # zdb -dddd fs3-corestaff-01/h/281 3
Err codemadness.org 70 i 40002 Object lvl iblk dblk dsize lsize %full type
Err codemadness.org 70 i 40003 3 1 16K 1K 8K 1K 100.00 ZFS directory
Err codemadness.org 70 i 40004 [...]
Err codemadness.org 70 i 40005 microzap: 1024 bytes, 8 entries
Err codemadness.org 70 i 40006
Err codemadness.org 70 i 40007 RESTORED = 4396504 (type: Directory)
Err codemadness.org 70 i 40008 ckstst = 12017 (type: not specified)
Err codemadness.org 70 i 40009 ckstst3 = 25069 (type: Directory)
Err codemadness.org 70 i 40010 .demo-file = 5832188 (type: Regular File)
Err codemadness.org 70 i 40011 .peergroup = 12590 (type: not specified)
Err codemadness.org 70 i 40012 cks = 5 (type: not specified)
Err codemadness.org 70 i 40013 cksimap1 = 5247832 (type: Directory)
Err codemadness.org 70 i 40014 .diskuse = 12016 (type: not specified)
Err codemadness.org 70 i 40015 ckstst2 = 12535 (type: not specified)

Err codemadness.org 70 i 40016

Err codemadness.org 70 i 40017
This is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information.
Err codemadness.org 70 i 40018 Once I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories.
Err codemadness.org 70 i 40019 How ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h:
Err codemadness.org 70 i 40020

Err codemadness.org 70 i 40021

/*
Err codemadness.org 70 i 40022 * The directory entry has the type (currently unused on
Err codemadness.org 70 i 40023 * Solaris) in the top 4 bits, and the object number in
Err codemadness.org 70 i 40024 * the low 48 bits. The "middle" 12 bits are unused.
Err codemadness.org 70 i 40025 */

Err codemadness.org 70 i 40026

Err codemadness.org 70 i 40027
In yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero.
Err codemadness.org 70 i 40028 The reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries.
Err codemadness.org 70 i 40029

Err codemadness.org 70 i 40030

Err codemadness.org 70 i 40031

###Everything old is new again

Err codemadness.org 70 i 40032

Err codemadness.org 70 i 40033
Just because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C11 — certainly the availability of compilers with C11 support. The language has changed a great deal in those ten years since the original release.
Err codemadness.org 70 i 40034 The platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though)
Err codemadness.org 70 i 40035 So, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) > 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years.
Err codemadness.org 70 i 40036 However, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it.
Err codemadness.org 70 i 40037

Err codemadness.org 70 i 40038

Err codemadness.org 70 i 40039

###OpenBSD netcat demystified

Err codemadness.org 70 i 40040

Err codemadness.org 70 i 40041
Owing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat:
Err codemadness.org 70 i 40042

Err codemadness.org 70 i 40043

(1) Open a terminal and input following command:

Err codemadness.org 70 i 40046

# nc -l 3003

Err codemadness.org 70 i 40047

Err codemadness.org 70 i 40048
This means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176).
Err codemadness.org 70 i 40049

Err codemadness.org 70 i 40050

(2) Connect aforemontioned netcat process in another machine, and send a greeting:

Err codemadness.org 70 i 40053

# nc 192.168.35.176 3003
Err codemadness.org 70 i 40054 hello

Err codemadness.org 70 i 40055

Err codemadness.org 70 i 40056
Then in the first machine’s terminal, you will see the “hello” text:
Err codemadness.org 70 i 40057

Err codemadness.org 70 i 40058

# nc -l 3003
Err codemadness.org 70 i 40059 hello

Err codemadness.org 70 i 40060

Err codemadness.org 70 i 40061
A primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you.
Err codemadness.org 70 i 40062 In the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat.
Err codemadness.org 70 i 40063 We’re all set. Let’s go!
Err codemadness.org 70 i 40064

Err codemadness.org 70 i 40065

Err codemadness.org 70 i 40066

##Beastie Bits

Err codemadness.org 70 i 40067

What’s in store for NetBSD 9.0
NetBSD machines at Open Source Conference 2018 Hiroshima
nmctl adapted with limited privileges: nmctl-0.6.0
Submit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs
OpenBSD 6.4 site is up! (with a partial list of new features)
Using Alpine to Read Your Email on OpenBSD

Err codemadness.org 70 i 40075

Err codemadness.org 70 i 40076

##Feedback/Questions

Err codemadness.org 70 i 40077

Morgan - Send/Receive to Manage Fragmentation?
Ryan - ZFS and mmap
Marcus - Linux Compat
Ben - Multiple Pools

Err codemadness.org 70 i 40083

Err codemadness.org 70 i 40084

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 40087

Err codemadness.org 70 i 40088

Episode 267: Absolute FreeBSD | BSD Now 267

Allan Jude — Wed, 10 Oct 2018 03:00:00 -0700

Err codemadness.org 70 i 40910 We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience.

Err codemadness.org 70 i 40911 Err codemadness.org 70 i 40912

##Headlines
Err codemadness.org 70 i 40913 ##Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor

Err codemadness.org 70 i 40914 Err codemadness.org 70 i 40915

BR: [Welcome Back]
AJ: What have you been doing since last we talked to you [ed, ssh, and af3e]
BR: Tell us more about AF3e
AJ: How did the first Absolute FreeBSD come about?
BR: Do you have anything special planned for MeetBSD?
AJ: What are you working on now? [FM:Jails, Git sync Murder]
BR: What are your plans for next year?
AJ: How has SEMIBug been going?

Err codemadness.org 70 i 40925 Err codemadness.org 70 i 40926

Auction at https://mwl.io
Err codemadness.org 70 i 40927 Patreon Link:

Err codemadness.org 70 i 40928 Err codemadness.org 70 i 40929

Err codemadness.org 70 i 40930 Err codemadness.org 70 i 40931

##Feedback/Questions

Err codemadness.org 70 i 40932 Err codemadness.org 70 i 40933

Paul - Recent bhyve related videos (daemon)
Michael - freebsd-update question
Sigflup - pkg file search

Err codemadness.org 70 i 40938 Err codemadness.org 70 i 40939

Err codemadness.org 70 i 40940 Err codemadness.org 70 i 40941

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 40944 Err codemadness.org 70 i 40945

]]> Err codemadness.org 70 i 40946

Episode 266: File Type History | BSD Now 266

Allan Jude — Wed, 03 Oct 2018 10:00:00 -0700

Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more. Err codemadness.org 70 i 41004

##Headlines
Err codemadness.org 70 i 41005 OpenBSD/NetBSD on FreeBSD using grub2-bhyve

Err codemadness.org 70 i 41006

Err codemadness.org 70 i 41007
When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!
Err codemadness.org 70 i 41008 The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:
Err codemadness.org 70 i 41009

Err codemadness.org 70 i 41010

# pkg install grub2-bhyve

Err codemadness.org 70 i 41011

Err codemadness.org 70 i 41012
To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.
Err codemadness.org 70 i 41013

Err codemadness.org 70 i 41014

# grub-bhyve test
Err codemadness.org 70 i 41015 GNU GRUB version 2.00
Err codemadness.org 70 i 41016 Minimal BASH-like line editing is supported. For the first word, TAB lists possible command
Err codemadness.org 70 i 41017 completions. Anywhere else TAB lists possible device or file completions.
Err codemadness.org 70 i 41018
Err codemadness.org 70 i 41019
Err codemadness.org 70 i 41020 grub>

Err codemadness.org 70 i 41021

Err codemadness.org 70 i 41022
After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.
Err codemadness.org 70 i 41023

Err codemadness.org 70 i 41024

grub> ls
Err codemadness.org 70 i 41025 (host)
Err codemadness.org 70 i 41026 grub> ls (host)/
Err codemadness.org 70 i 41027 libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/
Err codemadness.org 70 i 41028 grub>

Err codemadness.org 70 i 41029

Err codemadness.org 70 i 41030
To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL ztank/bhyve/post. On another terminal, we create:
Err codemadness.org 70 i 41031

Err codemadness.org 70 i 41032

# zfs create -V 10G ztank/bhyve/post

Err codemadness.org 70 i 41033

Err codemadness.org 70 i 41034
If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.
Err codemadness.org 70 i 41035

Err codemadness.org 70 i 41036

# truncate -s 10G post.img

Err codemadness.org 70 i 41037

Err codemadness.org 70 i 41038
I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.
Err codemadness.org 70 i 41039

Err codemadness.org 70 i 41040

cat > /tmp/post.map << EOF
Err codemadness.org 70 i 41041 (hd0) /directory/to/disk/image
Err codemadness.org 70 i 41042 (hd1) /dev/zvol/ztank/bhyve/post
Err codemadness.org 70 i 41043 EOF

Err codemadness.org 70 i 41044

Err codemadness.org 70 i 41045
The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.
Err codemadness.org 70 i 41046

Err codemadness.org 70 i 41047

# grub-bhyve -m /tmp/post.map post
Err codemadness.org 70 i 41048 grub> ls
Err codemadness.org 70 i 41049 (hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)

Err codemadness.org 70 i 41050

Err codemadness.org 70 i 41051
The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.
Err codemadness.org 70 i 41052

Err codemadness.org 70 i 41053

grub> ls (hd0,msdos4)/
Err codemadness.org 70 i 41054 boot bsd 6.4/ etc/

Err codemadness.org 70 i 41055

Err codemadness.org 70 i 41056
And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:
Err codemadness.org 70 i 41057

Err codemadness.org 70 i 41058

grub> set root=(hd0,msdos4)
Err codemadness.org 70 i 41059 grub> kopenbsd -h com0 -r sd0a /bsd
Err codemadness.org 70 i 41060 grub> boot

Err codemadness.org 70 i 41061

Err codemadness.org 70 i 41062
After that, we can run bhyve virtual machine. In my case it is:
Err codemadness.org 70 i 41063

Err codemadness.org 70 i 41064

# bhyve -c 1 -w -u -H \
Err codemadness.org 70 i 41065 -s 0,amd_hostbridge \
Err codemadness.org 70 i 41066 -s 3,ahci-hd,/directory/to/disk/image \
Err codemadness.org 70 i 41067 -s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \
Err codemadness.org 70 i 41068 -s 31,lpc -l com1,stdio \
Err codemadness.org 70 i 41069 post

Err codemadness.org 70 i 41070

Err codemadness.org 70 i 41071
Unfortunately explaining the whole bhyve(8) command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.
Err codemadness.org 70 i 41072

Err codemadness.org 70 i 41073

cat << EOF | grub-bhyve -m /tmp/post.map -M 512 post
Err codemadness.org 70 i 41074 set root=(hd0,4)
Err codemadness.org 70 i 41075 kopenbsd -h com0 -r sd0a /bsd
Err codemadness.org 70 i 41076 boot
Err codemadness.org 70 i 41077 EOF

Err codemadness.org 70 i 41078

Err codemadness.org 70 i 41079

###My FreeBSD Story

Err codemadness.org 70 i 41080

Err codemadness.org 70 i 41081
My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.
Err codemadness.org 70 i 41082 Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600
Err codemadness.org 70 i 41083 Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.
Err codemadness.org 70 i 41084 At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.
Err codemadness.org 70 i 41085 After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??
Err codemadness.org 70 i 41086 I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.
Err codemadness.org 70 i 41087 I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.
Err codemadness.org 70 i 41088 After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??
Err codemadness.org 70 i 41089 Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.
Err codemadness.org 70 i 41090 Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent BSDForums.org site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.
Err codemadness.org 70 i 41091 Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.
Err codemadness.org 70 i 41092 As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.
Err codemadness.org 70 i 41093 After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t
Err codemadness.org 70 i 41094

Err codemadness.org 70 i 41095

Err codemadness.org 70 i 41096

##News Roundup
Err codemadness.org 70 i 41097 OpenBSD on the Desktop: some thoughts

Err codemadness.org 70 i 41098

Err codemadness.org 70 i 41099
I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.
Err codemadness.org 70 i 41100 The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.
Err codemadness.org 70 i 41101 I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.
Err codemadness.org 70 i 41102 I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.
Err codemadness.org 70 i 41103 Just install a browser and you’re ready to go.
Err codemadness.org 70 i 41104 Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.
Err codemadness.org 70 i 41105 Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.
Err codemadness.org 70 i 41106 I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.
Err codemadness.org 70 i 41107 To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.
Err codemadness.org 70 i 41108

Err codemadness.org 70 i 41109

Err codemadness.org 70 i 41110

###The history of file type information being available in Unix directories

Err codemadness.org 70 i 41111

Err codemadness.org 70 i 41112
The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:
Err codemadness.org 70 i 41113 […], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional dtype field that has the directory entry’s type.
Err codemadness.org 70 i 41114 On Twitter, I recently grumbled about Illumos not having this dtype field. The ensuing conversation wound up with me curious about exactly where dtype came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of dtype.
Err codemadness.org 70 i 41115 On the kernel side, dtype appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a dtype field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD dtype was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.
Err codemadness.org 70 i 41116 (In FreeBSD, the most convenient history I can find is here, and the dtype field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)
Err codemadness.org 70 i 41117 Documentation for dtype appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.
Err codemadness.org 70 i 41118 In Linux, it seems that a dirent structure with a dtype member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the dtype field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented dtype, and probably many years after it was actually available if you peeked at the structure definition.
Err codemadness.org 70 i 41119 As far as I can tell, dtype is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.
Err codemadness.org 70 i 41120 Sidebar: The filesystem also matters on modern Unixes
Err codemadness.org 70 i 41121 Even if your Unix supports dtype in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with dtype support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DTUNKNOWN.
Err codemadness.org 70 i 41122 It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.
Err codemadness.org 70 i 41123

Err codemadness.org 70 i 41124

Err codemadness.org 70 i 41125

###Multiboot Pinebook KDE neon

Err codemadness.org 70 i 41126

Err codemadness.org 70 i 41127
Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.
Err codemadness.org 70 i 41128 Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.
Err codemadness.org 70 i 41129 But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.
Err codemadness.org 70 i 41130 I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.
Err codemadness.org 70 i 41131 Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.
Err codemadness.org 70 i 41132 The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.
Err codemadness.org 70 i 41133 So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.
Err codemadness.org 70 i 41134

Err codemadness.org 70 i 41135

Err codemadness.org 70 i 41136

##Beastie Bits

Err codemadness.org 70 i 41137

Unexpected benefit with Ryzen – reducing power for build server
Happy #CIDRDay!
Absolute FreeBSD 3e ship date
MWL FreeBSD talk @ October 9th 2018 - MUG Meeting
MeetBSD Oct 19-20
October’s London *BSD meetup - 9th Oct 2018
NRW BUG Meeting at Trivago Oct. 9
Lars Wittebrood blogs about his visit to EuroBSDCon 2018
EuroBSDcon 2018 OpenBSD slides available
EuroBSDCon conference site has most slides as well

Err codemadness.org 70 i 41149

Err codemadness.org 70 i 41150

##Feedback/Questions

Err codemadness.org 70 i 41151

Brad - Unmounted ZFS sends
Niclas - Report from a Meetup
Ghislain - Bhyve not used?
Shane - zpool history and snapshots

Err codemadness.org 70 i 41157

Err codemadness.org 70 i 41158

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 41161

Err codemadness.org 70 i 41162

Episode 265: Software Disenchantment | BSD Now 265

Allan Jude — Thu, 27 Sep 2018 01:00:00 -0700

We report from our experiences at EuroBSDcon, disenchant software, LLVM 7.0.0 has been released, Thinkpad BIOS update options, HardenedBSD Foundation announced, and ZFS send vs. rsync. Err codemadness.org 70 i 41593

##Headlines

Err codemadness.org 70 i 41594

###[FreeBSD DevSummit & EuroBSDcon 2018 in Romania]

Err codemadness.org 70 i 41595

Your hosts are back from EuroBSDcon 2018 held in Bucharest, Romania this year. The first two days of the conference are used for tutorials and devsummits (FreeBSD and NetBSD), while the last two are for talks.
Although Benedict organized the devsummit in large parts, he did not attend it this year. He held his Ansible tutorial in the morning of the first day, followed by Niclas Zeising’s new ports and poudriere tutorial (which had a record attendance). It was intended for beginners that had never used poudriere before and those who wanted to create their first port. The tutorial was well received and Niclas already has ideas for extending it for future conferences.
On the second day, Benedict took Kirk McKusick’s “An Introduction to the FreeBSD Open-Source Operating System” tutorial, held as a one full day class this year. Although it was reduced in content, it went into enough depth of many areas of the kernel and operating system to spark many questions from attendees. Clearly, this is a good start into kernel programming as Kirk provides enough material and backstories to understand why certain things are implemented as they are.
Olivier Robert took https://www.talegraph.com/tales/l2o9ltrvsE (pictures from the devsummit) and created a nice gallery out of it.
Devsummit evenings saw dinners at two restaurants that allowed developers to spend some time talking over food and drinks.
The conference opened on the next day with the opening session held by Mihai Carabas. He introduced the first keynote speaker, a colleague of his who presented “Lightweight virtualization with LightVM and Unikraft”.
Benedict helped out at the FreeBSD Foundation sponsor table and talked to people. He saw the following talks in between:

Err codemadness.org 70 i 41604

Err codemadness.org 70 i 41605
Selfhosting as an alternative to the public cloud (by Albert Dengg)
Err codemadness.org 70 i 41606 Using Boot Environments at Scale (by Allan Jude)
Err codemadness.org 70 i 41607 Livepatching FreeBSD kernel (by Maciej Grochowski)
Err codemadness.org 70 i 41608 FreeBSD: What to (Not) Monitor (by Andrew Fengler)
Err codemadness.org 70 i 41609 FreeBSD Graphics (by Niclas Zeising)
Err codemadness.org 70 i 41610

Err codemadness.org 70 i 41611

Allan spent a lot of time talking to people and helping track down issues they were having, in addition to attending many talks: Err codemadness.org 70 i 41613
Err codemadness.org 70 i 41614
Hacking together a FreeBSD presentation streaming box – For as little as possible (by Tom Jones)
Err codemadness.org 70 i 41615 Introduction of FreeBSD in new environments (by Baptiste Daroussin)
Err codemadness.org 70 i 41616 Keynote: Some computing and networking historical perspectives (by Ron Broersma)
Err codemadness.org 70 i 41617 Livepatching FreeBSD kernel (by Maciej Grochowski)
Err codemadness.org 70 i 41618 FreeBSD: What to (Not) Monitor (by Andrew Fengler)
Err codemadness.org 70 i 41619 Being a BSD user (by Roller Angel)
Err codemadness.org 70 i 41620 From “Hello World” to the VFS Layer: building a beadm for DragonFly BSD (by Michael Voight)
Err codemadness.org 70 i 41621
Err codemadness.org 70 i 41622
We also met the winner of our Power Bagel raffle from Episode 2^8. He received the item in the meantime and had it with him at the conference, providing a power outlet to charge other people’s devices.
During the closing session, GroffTheBSDGoat was handed over to Deb Goodkin, who will bring the little guy to the Grace Hopper Celebration of Women in Computing conference and then to MeetBSD later this year. It was also revealed that next year’s EuroBSDcon will be held in Lillehammer, Norway.
Thanks to all the speakers, helpers, sponsors, organizers, and attendees for making it a successful conferences. There were no talks recorded this year, but the slides will be uploaded to the EuroBSDcon website in a couple of weeks. The OpenBSD talks are already available, so check them out.

Err codemadness.org 70 i 41627

###Software disenchantment

Err codemadness.org 70 i 41628

Err codemadness.org 70 i 41629
I’ve been programming for 15 years now. Recently our industry’s lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general.
Err codemadness.org 70 i 41630 Modern cars work, let’s say for the sake of argument, at 98% of what’s physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same.
Err codemadness.org 70 i 41631 Only in software, it’s fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in “why should we worry, computers are fast enough”:
Err codemadness.org 70 i 41632 @tveastman: I have a Python program I run every day, it takes 1.5 seconds. I spent six hours re-writing it in rust, now it takes 0.06 seconds. That efficiency improvement means I’ll make my time back in 41 years, 24 days :-)
Err codemadness.org 70 i 41633 You’ve probably heard this mantra: “programmer time is more expensive than computer time”. What it means basically is that we’re wasting computers at an unprecedented scale. Would you buy a car if it eats 100 liters per 100 kilometers? How about 1000 liters? With computers, we do that all the time.
Err codemadness.org 70 i 41634

Err codemadness.org 70 i 41635

Everything is unbearably slow

Err codemadness.org 70 i 41638

Err codemadness.org 70 i 41639
Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?
Err codemadness.org 70 i 41640 Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails:
Err codemadness.org 70 i 41641 It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.
Err codemadness.org 70 i 41642 Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.
Err codemadness.org 70 i 41643 Pavel Fatin: Typing in editor is a relatively simple process, so even 286 PCs were able to provide a rather fluid typing experience.
Err codemadness.org 70 i 41644 Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?
Err codemadness.org 70 i 41645 As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features. Everything works way below the possible speed. Ever wonder why your phone needs 30 to 60 seconds to boot? Why can’t it boot, say, in one second? There are no physical limitations to that. I would love to see that. I would love to see limits reached and explored, utilizing every last bit of performance we can get for something meaningful in a meaningful way.
Err codemadness.org 70 i 41646

Err codemadness.org 70 i 41647

Everything is HUUUUGE

Err codemadness.org 70 i 41650

Err codemadness.org 70 i 41651
And then there’s bloat. Web apps could open up to 10× faster if you just simply block all ads. Google begs everyone to stop shooting themselves in their feet with AMP initiative—a technology solution to a problem that doesn’t need any technology, just a little bit of common sense. If you remove bloat, the web becomes crazy fast. How smart do you have to be to understand that?
Err codemadness.org 70 i 41652 Android system with no apps takes almost 6 Gb. Just think for a second how obscenely HUGE that number is. What’s in there, HD movies? I guess it’s basically code: kernel, drivers. Some string and resources too, sure, but those can’t be big. So, how many drivers do you need for a phone?
Err codemadness.org 70 i 41653 Windows 95 was 30Mb. Today we have web pages heavier than that! Windows 10 is 4Gb, which is 133 times as big. But is it 133 times as superior? I mean, functionally they are basically the same. Yes, we have Cortana, but I doubt it takes 3970 Mb. But whatever Windows 10 is, is Android really 150% of that?
Err codemadness.org 70 i 41654 Google keyboard app routinely eats 150 Mb. Is an app that draws 30 keys on a screen really five times more complex than the whole Windows 95? Google app, which is basically just a package for Google Web Search, is 350 Mb! Google Play Services, which I do not use (I don’t buy books, music or videos there)—300 Mb that just sit there and which I’m unable to delete.
Err codemadness.org 70 i 41655 All that leaves me around 1 Gb for my photos after I install all the essential (social, chats, maps, taxi, banks etc) apps. And that’s with no games and no music at all! Remember times when an OS, apps and all your data fit on a floppy?
Err codemadness.org 70 i 41656 Your desktop todo app is probably written in Electron and thus has userland driver for Xbox 360 controller in it, can render 3d graphics and play audio and take photos with your web camera.
Err codemadness.org 70 i 41657 A simple text chat is notorious for its load speed and memory consumption. Yes, you really have to count Slack in as a resource-heavy application. I mean, chatroom and barebones text editor, those are supposed to be two of the less demanding apps in the whole world. Welcome to 2018.
Err codemadness.org 70 i 41658 At least it works, you might say. Well, bigger doesn’t imply better. Bigger means someone has lost control. Bigger means we don’t know what’s going on. Bigger means complexity tax, performance tax, reliability tax. This is not the norm and should not become the norm. Overweight apps should mean a red flag. They should mean run away scared.
Err codemadness.org 70 i 41659

Err codemadness.org 70 i 41660

Better world manifesto

Err codemadness.org 70 i 41663

Err codemadness.org 70 i 41664
I want to see progress. I want change. I want state-of-the-art in software engineering to improve, not just stand still. I don’t want to reinvent the same stuff over and over, less performant and more bloated each time. I want something to believe in, a worthy end goal, a future better than what we have today, and I want a community of engineers who share that vision.
Err codemadness.org 70 i 41665 What we have today is not progress. We barely meet business goals with poor tools applied over the top. We’re stuck in local optima and nobody wants to move out. It’s not even a good place, it’s bloated and inefficient. We just somehow got used to it.
Err codemadness.org 70 i 41666 So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!
Err codemadness.org 70 i 41667 I hope I’m not alone at this. I hope there are people out there who want to do the same. I’d appreciate if we at least start talking about how absurdly bad our current situation in the software industry is. And then we maybe figure out how to get out.
Err codemadness.org 70 i 41668

Err codemadness.org 70 i 41669

Err codemadness.org 70 i 41670

##News Roundup
Err codemadness.org 70 i 41671 [llvm-announce] LLVM 7.0.0 Release

Err codemadness.org 70 i 41672

I am pleased to announce that LLVM 7 is now available.	Err	codemadness.org	70
i 41673 	Err	codemadness.org	70
i 41674 Get it here: https://llvm.org/releases/download.html#7.0.0	Err	codemadness.org	70
i 41675 	Err	codemadness.org	70
i 41676 The release contains the work on trunk up to SVN revision 338536 plus	Err	codemadness.org	70
i 41677 work on the release branch. It is the result of the community's work	Err	codemadness.org	70
i 41678 over the past six months, including: function multiversioning in Clang	Err	codemadness.org	70
i 41679 with the 'target' attribute for ELF-based x86/x86_64 targets, improved	Err	codemadness.org	70
i 41680 PCH support in clang-cl, preliminary DWARF v5 support, basic support	Err	codemadness.org	70
i 41681 for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray	Err	codemadness.org	70
i 41682 and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer	Err	codemadness.org	70
i 41683 support for OpenBSD, UBSan checks for implicit conversions, many	Err	codemadness.org	70
i 41684 long-tail compatibility issues fixed in lld which is now production	Err	codemadness.org	70
i 41685 ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and	Err	codemadness.org	70
i 41686 diagtool. And as usual, many optimizations, improved diagnostics, and	Err	codemadness.org	70
i 41687 bug fixes.	Err	codemadness.org	70
i 41688 	Err	codemadness.org	70
i 41689 For more details, see the release notes:	Err	codemadness.org	70
i 41690 https://llvm.org/releases/7.0.0/docs/ReleaseNotes.html	Err	codemadness.org	70
i 41691 https://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.html	Err	codemadness.org	70
i 41692 https://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html	Err	codemadness.org	70
i 41693 https://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html	Err	codemadness.org	70
i 41694 	Err	codemadness.org	70
i 41695 Thanks to everyone who helped with filing, fixing, and code reviewing	Err	codemadness.org	70
i 41696 for the release-blocking bugs!	Err	codemadness.org	70
i 41697 	Err	codemadness.org	70
i 41698 Special thanks to the release testers and packagers: Bero	Err	codemadness.org	70
i 41699 Rosenkränzer, Brian Cain, Dimitry Andric, Jonas Hahnfeld, Lei Huang	Err	codemadness.org	70
i 41700 Michał Górny, Sylvestre Ledru, Takumi Nakamura, and Vedant Kumar.	Err	codemadness.org	70
i 41701 	Err	codemadness.org	70
i 41702 For questions or comments about the release, please contact the	Err	codemadness.org	70
i 41703 community on the mailing lists. Onwards to LLVM 8!	Err	codemadness.org	70
i 41704 	Err	codemadness.org	70
i 41705 Cheers,	Err	codemadness.org	70
i 41706 Hans	Err	codemadness.org	70
i 41707

Err codemadness.org 70 i 41708

Err codemadness.org 70 i 41709

###Update your Thinkpad’s bios with Linux or OpenBSD

Err codemadness.org 70 i 41710

Get your new bios

Err codemadness.org 70 i 41713

Err codemadness.org 70 i 41714
At first, go to the Lenovo website and download your new bios:
Err codemadness.org 70 i 41715

Err codemadness.org 70 i 41716

Go to lenovo support
Use the search bar to find your product (example for me, x270)
Choose the right product (if necessary) and click search
On the right side, click on Update Your System
Click on BIOS/UEFI
Choose *BIOS Update (Bootable CD) for Windows *
Download

Err codemadness.org 70 i 41725

Err codemadness.org 70 i 41726
For me the file is called like this : r0iuj25wd.iso
Err codemadness.org 70 i 41727

Err codemadness.org 70 i 41728

Extract bios update

Err codemadness.org 70 i 41731

Err codemadness.org 70 i 41732
Now you will need to install geteltorito.
Err codemadness.org 70 i 41733

Err codemadness.org 70 i 41734

With OpenBSD:

Err codemadness.org 70 i 41737

$ doas pkgadd geteltorito
Err codemadness.org 70 i 41738 quirks-3.7 signed on 2018-09-09T13:15:19Z
Err codemadness.org 70 i 41739 geteltorito-0.6: ok

Err codemadness.org 70 i 41740

With Debian:

Err codemadness.org 70 i 41743

$ sudo apt-get install genisoimage

Err codemadness.org 70 i 41744

Now we will extract the bios update :

Err codemadness.org 70 i 41747

$ geteltorito -o biosupdate.img r0iuj25wd.iso
Err codemadness.org 70 i 41748 Booting catalog starts at sector: 20
Err codemadness.org 70 i 41749 Manufacturer of CD: NERO BURNING ROM VER 12
Err codemadness.org 70 i 41750 Image architecture: x86
Err codemadness.org 70 i 41751 Boot media type is: harddisk
Err codemadness.org 70 i 41752 El Torito image starts at sector 27 and has 43008 sector(s) of 512 Bytes
Err codemadness.org 70 i 41753
Err codemadness.org 70 i 41754 Image has been written to file "biosupdate.img".
Err codemadness.org 70 i 41755 This will create a file called biosupdate.img.

Err codemadness.org 70 i 41756

Put the image on an USB key
CAREFULL : on my computer, my USB key is sda1 on Linux and sd1 on OpenBSD.

Err codemadness.org 70 i 41760

Err codemadness.org 70 i 41761
Please check twice on your computer the name of your USB key.
Err codemadness.org 70 i 41762

Err codemadness.org 70 i 41763

With OpenBSD :

Err codemadness.org 70 i 41766

$ doas dd if=biosupdate.img of=/dev/rsd1c

Err codemadness.org 70 i 41767

With Linux :

Err codemadness.org 70 i 41770

$ sudo dd if=biosupdate.img of=/dev/sda

Err codemadness.org 70 i 41771

Err codemadness.org 70 i 41772
Now all you need is to reboot, to boot on your USB key and follow the instructions. Enjoy 😉
Err codemadness.org 70 i 41773

Err codemadness.org 70 i 41774

Err codemadness.org 70 i 41775

###Announcing The HardenedBSD Foundation

Err codemadness.org 70 i 41776

Err codemadness.org 70 i 41777
In June of 2018, we announced our intent to become a not-for-profit, tax-exempt 501©(3) organization in the United States. It took a dedicated team months of work behind-the-scenes to make that happen. On 06 September 2018, HardenedBSD Foundation Corp was granted 501©(3) status, from which point all US-based persons making donations can deduct the donation from their taxes.
Err codemadness.org 70 i 41778 We are grateful for those who contribute to HardenedBSD in whatever way they can. Thank you for making HardenedBSD possible. We look forward to a bright future, driven by a helpful and positive community.
Err codemadness.org 70 i 41779

Err codemadness.org 70 i 41780

Err codemadness.org 70 i 41781

###How you migrate ZFS filesystems matters

Err codemadness.org 70 i 41782

Err codemadness.org 70 i 41783
If you want to move a ZFS filesystem around from one host to another, you have two general approaches; you can use ‘zfs send’ and ‘zfs receive’, or you can use a user level copying tool such as rsync (or ‘tar -cf | tar -xf’, or any number of similar options). Until recently, I had considered these two approaches to be more or less equivalent apart from their convenience and speed (which generally tilted in favour of ‘zfs send’). It turns out that this is not necessarily the case and there are situations where you will want one instead of the other.
Err codemadness.org 70 i 41784 We have had two generations of ZFS fileservers so far, the Solaris ones and the OmniOS ones. When we moved from the first generation to the second generation, we migrated filesystems across using ‘zfs send’, including the filesystem with my home directory in it (we did this for various reasons). Recently I discovered that some old things in my filesystem didn’t have file type information in their directory entries. ZFS has been adding file type information to directories for a long time, but not quite as long as my home directory has been on ZFS.
Err codemadness.org 70 i 41785 This illustrates an important difference between the ‘zfs send’ approach and the rsync approach, which is that zfs send doesn’t update or change at least some ZFS on-disk data structures, in the way that re-writing them from scratch from user level does. There are both positives and negatives to this, and a certain amount of rewriting does happen even in the ‘zfs send’ case (for example, all of the block pointers get changed, and ZFS will re-compress your data as applicable).
Err codemadness.org 70 i 41786 I knew that in theory you had to copy things at the user level if you wanted to make sure that your ZFS filesystem and everything in it was fully up to date with the latest ZFS features. But I didn’t expect to hit a situation where it mattered in practice until, well, I did. Now I suspect that old files on our old filesystems may be partially missing a number of things, and I’m wondering how much of the various changes in ‘zfs upgrade -v’ apply even to old data.
Err codemadness.org 70 i 41787 (I’d run into this sort of general thing before when I looked into ext3 to ext4 conversion on Linux.)
Err codemadness.org 70 i 41788 With all that said, I doubt this will change our plans for migrating our ZFS filesystems in the future (to our third generation fileservers). ZFS sending and receiving is just too convenient, too fast and too reliable to give up. Rsync isn’t bad, but it’s not the same, and so we only use it when we have to (when we’re moving only some of the people in a filesystem instead of all of them, for example).
Err codemadness.org 70 i 41789 PS: I was going to try to say something about what ‘zfs send’ did and didn’t update, but having looked briefly at the code I’ve concluded that I need to do more research before running my keyboard off. In the mean time, you can read the OpenZFS wiki page on ZFS send and receive, which has plenty of juicy technical details.
Err codemadness.org 70 i 41790 PPS: Since eliminating all-zero blocks is a form of compression, you can turn zero-filled files into sparse files through a ZFS send/receive if the destination has compression enabled. As far as I know, genuine sparse files on the source will stay sparse through a ZFS send/receive even if they’re sent to a destination with compression off.
Err codemadness.org 70 i 41791

Err codemadness.org 70 i 41792

Err codemadness.org 70 i 41793

##Beastie Bits

Err codemadness.org 70 i 41794

BSD Users Stockholm Meetup #4: Tuesday, November 13, 2018 at 18:00
BSD Poland User Group: Next Meeting: October 11, 2018, 18:15 - 21:15 at Warsaw University of Technology
n2k18 Hackathon report: Ken Westerback (krw@) on disklabel(8) work, dhclient(8) progress
Running MirageOS Unikernels on OpenBSD in vmm (Now Works)
vmm(4) gets support for qcow2
MeetBSD and SecurityBsides
Colin Percival reduced FreeBSD startup time from 10627ms (11.2) to 4738ms (12.0)
FreeBSD 11.1 end-of-life
KnoxBug: Monday, October 1, 2018 at 18:00: Real-world Performance Advantages of NVDIMM and NVMe: Case Study with OpenZFS

Err codemadness.org 70 i 41805

Err codemadness.org 70 i 41806

##Feedback/Questions

Err codemadness.org 70 i 41807

Todd - 2 Nics, 1 bhyve and a jail cell
Thomas - Deep Dive
Morgan - Send/Receive to Manage Fragmentation?
Dominik - hierarchical jails -> networking

Err codemadness.org 70 i 41813

Err codemadness.org 70 i 41814

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 41817

Err codemadness.org 70 i 41818

Episode 264: Optimized-out | BSD Now 264

Allan Jude — Wed, 19 Sep 2018 22:00:00 -0700

Err codemadness.org 70 i 42532 FreeBSD and DragonflyBSD benchmarks on AMD’s Threadripper, NetBSD 7.2 has been released, optimized out DTrace kernel symbols, stuck UEFI bootloaders, why ed is not a good editor today, tell your BSD story, and more.

Err codemadness.org 70 i 42533 Err codemadness.org 70 i 42534

##Headlines
Err codemadness.org 70 i 42535 ###FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux

Err codemadness.org 70 i 42536 Err codemadness.org 70 i 42537

Err codemadness.org 70 i 42538
The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.
Err codemadness.org 70 i 42539 The BSDs I focused my testing on were FreeBSD 11.2-STABLE and 12.0-CURRENT/ALPHA1 (the version in development) as well as iX System’s TrueOS that is tracking FreeBSD 12.0-CURRENT. Also included were DragonFlyBSD, with FreeBSD and DragonFlyBSD being tied as my favorite operating systems when it comes to the BSDs. When it came to FreeBSD 11.2-STABLE and 12.0-ALPHA1 on the Threadripper 2990WX, it worked out surprisingly well. I encountered no real issues during my two days of benchmarking on FreeBSD (and TrueOS). It was a great experience and FreeBSD was happy to exploit the 64 threads on the system.
Err codemadness.org 70 i 42540 DragonFlyBSD was a bit of a different story… Last week when I started this BSD testing I tried DragonFly 5.2.2 as the latest stable release as well as a DragonFlyBSD 5.3 development snapshot from last week: both failed to boot in either BIOS or UEFI modes.
Err codemadness.org 70 i 42541 But then a few days ago DragonFlyBSD lead developer Matthew Dillon bought himself a 2990WX platform. He made the necessary changes to get DragonFlyBSD 5.3 working and he ended up finding really great performance and potential out of the platform. So I tried the latest DragonFlyBSD 5.3 daily ISO on 22 August and indeed it now booted successfully and we were off to the races. Thus there are some DragonFlyBSD 5.3 benchmarks included in this article too.
Err codemadness.org 70 i 42542 Just hours ago, Matthew Dillon landed some 2990WX topology and scheduler enhancements but that fell out of the scope of when DragonFly was installed on this system. But over the weekend or so I plan to re-test DragonFlyBSD 5.3 and see how those optimizations affect the overall 2990WX performance now on that BSD. DragonFlyBSD 5.4 stable should certainly be an interesting release on several fronts!
Err codemadness.org 70 i 42543 With FreeBSD 11.2-STABLE and 12.0-ALPHA1 I ran benchmarks when using their stock compiler (LLVM Clang 6.0) as well as GCC 7.3 obtained via GCC 7.3. That was done to rule out compiler differences in benchmarking against the GCC-based Linux distributions. On DragonFlyBSD 5.3 it defaults to the GCC 5.4.1 but via pkg I also did a secondary run when upgraded to GCC 7.3.
Err codemadness.org 70 i 42544 The hardware and BIOS/UEFI settings were maintained the same throughout the entire benchmarking process. The system was made up of the AMD Ryzen Threadripper 2990WX at stock speeds, the ASUS ROG ZENITH EXTREME motherboard, 4 x 8GB DDR4-3200MHz memory, Samsung 970 EVO 500GB NVMe SSD, and Radeon RX Vega 56 graphics card.
Err codemadness.org 70 i 42545 All of these Linux vs. BSD benchmarks were carried out in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking framework.
Err codemadness.org 70 i 42546 While for the last of today’s BSD vs. Linux benchmarking on the Threadripper 2990WX, the Linux distributions came out slightly ahead of FreeBSD and DragonFlyBSD with GCC (another test having issues with Clang 6.0 on the BSDs).
Err codemadness.org 70 i 42547 Overall, I was quite taken away by the BSD performance on the Threadripper 2990WX – particularly FreeBSD. In a surprising number of benchmarks, the BSDs were outperforming the tested Linux distributions though often by incredibly thin margins. Still, quite an accomplishment for these BSD operating systems and considering how much better Linux is already doing than Windows 10 / Windows Server on this 32-core / 64-thread processor. Then again, the BSDs like Linux have a long history of running on high core/thread-count systems, super computers, and other HPC environments.
Err codemadness.org 70 i 42548 It will be interesting to see how much faster DragonFlyBSD can run given today’s commit to its kernel with scheduler and topology improvements for the 2990WX. Those additional DragonFlyBSD benchmarks will be published in the coming days once they are completed.
Err codemadness.org 70 i 42549

Err codemadness.org 70 i 42550 Err codemadness.org 70 i 42551

Err codemadness.org 70 i 42552 Err codemadness.org 70 i 42553

###NetBSD 7.2 released

Err codemadness.org 70 i 42554 Err codemadness.org 70 i 42555

Err codemadness.org 70 i 42556
The NetBSD Project is pleased to announce NetBSD 7.2, the second feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
Err codemadness.org 70 i 42557

Err codemadness.org 70 i 42558 Err codemadness.org 70 i 42559

General Security Note

Err codemadness.org 70 i 42562 Err codemadness.org 70 i 42563

The NetBSD 7.2 release is a maintenance release of the netbsd-7 branch, which had it's first major release, NetBSD 7.0 in September 2015. A lot of security features have been added to later NetBSD versions, and for new installations we highly recommend using our latest release, NetBSD 8.0 instead.

Err codemadness.org 70 i 42564 Err codemadness.org 70 i 42565

Some highlights of the 7.2 release are:
Support for USB 3.0.
Enhancements to the Linux emulation subsystem.
Fixes in binary compatibility for ancient NetBSD executables.
iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.
Support for Raspberry Pi 3 added.
Fix interrupt setup on Hyper-V VMs with Legacy Network Adapter.
SVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.
Various USB stability enhancements.
Numerous bug fixes and stability improvements.

Err codemadness.org 70 i 42577 Err codemadness.org 70 i 42578

Err codemadness.org 70 i 42579
Complete source and binaries for NetBSD 7.2 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at https://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: https://cdn.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.2_hashes.asc
Err codemadness.org 70 i 42580 NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:
Err codemadness.org 70 i 42581

Err codemadness.org 70 i 42582 Err codemadness.org 70 i 42583

Err codemadness.org 70 i 42584 Err codemadness.org 70 i 42585

##News Roundup
Err codemadness.org 70 i 42586 ###Including optimized-out kernel symbols in dtrace on FreeBSD

Err codemadness.org 70 i 42587 Err codemadness.org 70 i 42588

Err codemadness.org 70 i 42589
Have you ever had dtrace(1) on FreeBSD fail to list a probe that should exist in the kernel? This is because Clang will optimize-out some functions. The result is ctfconvert(1) will not generate debugging symbols that dtrace(1) uses to identify probes. I have a quick solution to getting those probes visible to dtrace(1).
Err codemadness.org 70 i 42590

Err codemadness.org 70 i 42591 Err codemadness.org 70 i 42592

Err codemadness.org 70 i 42593
In my case, I was trying to instrument on ieee80211_ioctl_get80211, whose sister function ieee80211_ioctl_set80211 has a dtrace(1) probe in the generic FreeBSD 11 and 12 kernels. Both functions are located in /usr/src/sys/net80211/ieee80211_ioctl.c.
Err codemadness.org 70 i 42594

Err codemadness.org 70 i 42595 Err codemadness.org 70 i 42596

Err codemadness.org 70 i 42597
My first attempt was to add to /etc/make.conf as follows and recompile the kernel.
Err codemadness.org 70 i 42598

Err codemadness.org 70 i 42599 Err codemadness.org 70 i 42600

CFLAGS+=-O0 and -fno-inline-functions

Err codemadness.org 70 i 42601 Err codemadness.org 70 i 42602

Err codemadness.org 70 i 42603
This failed to produce the dtrace(1) probe. Several other attempts failed and I was getting inconsistent compilation results (Is it me or is ieee80211_ioctl.c compiled with different flags if NO_CLEAN=1 is set?). When I manually compiled the object file by copying the compilation line for the object file and adding -O0 -fno-inline-functions, nm(1) on both the object file and kernel demonstrated that the symbol was present. I installed the kernel, rebooted and it was listed as a dtrace probe. Great!
Err codemadness.org 70 i 42604

Err codemadness.org 70 i 42605 Err codemadness.org 70 i 42606

Err codemadness.org 70 i 42607
But as I continued to debug my WiFi driver (oh yeah, I’m very slowly extending rtwn(4)), I found myself rebuilding the kernel several times and frequently rebooting. Why not do this across the entire kernel?
Err codemadness.org 70 i 42608

Err codemadness.org 70 i 42609 Err codemadness.org 70 i 42610

Err codemadness.org 70 i 42611
After hacking around, my solution was to modify the build scripts. My solution was to edit /usr/src/sys/conf/kern.pre.mk and modify all optimization level 2 to optimization level 0. The following is my diff(1) on FreeBSD 12.0-CURRENT.
Err codemadness.org 70 i 42612

Err codemadness.org 70 i 42613 Err codemadness.org 70 i 42614

A few thoughts:

Err codemadness.org 70 i 42617 Err codemadness.org 70 i 42618

Err codemadness.org 70 i 42619
This seems like a hack rather than a long-term solution. Either the problem is with the hard-coded optimization flags, or the inability to overwrite them in all places in make.conf.
Err codemadness.org 70 i 42620 Removing optimizations is only something I would do in a non-production kernel, so its as if I have to choose between optimizations for a production kernel or having dtrace probes. But dtrace explicitly markets itself as not impactful on production.
Err codemadness.org 70 i 42621 Using the dtrace pony as your featured image on WordPress does not render properly and must be rotated and modified. Blame Bryan Cantrill.
Err codemadness.org 70 i 42622 If you have a better solution, please let me know and I will update the article, but this works for me!
Err codemadness.org 70 i 42623

Err codemadness.org 70 i 42624 Err codemadness.org 70 i 42625

Err codemadness.org 70 i 42626 Err codemadness.org 70 i 42627

###FreeBSD: UEFI Bootloader stuck on BootCurrent/BootOrder/BootInfo on Asus Motherboards (and fix!)

Err codemadness.org 70 i 42628 Err codemadness.org 70 i 42629

Err codemadness.org 70 i 42630
Starting with FreeBSD CURRENT from about a few weeks of posting date, but including FreeBSD 12 alpha releases (not related to DEC Alpha), I noticed one thing: When I boot FreeBSD from UEFI on a homebuilt desktop with a Asus H87M-E motherboard, and have Root on ZFS, the bootloader gets stuck on lines like BootCurrent, BootOrder, and BootInfo. This issue occurs when I try to boot directly to efi\boot\bootx64.efi.
Err codemadness.org 70 i 42631

Err codemadness.org 70 i 42632 Err codemadness.org 70 i 42633

Err codemadness.org 70 i 42634
One person had a similar issue on a Asus H87I-PLUS motherboard. This issue may or may not exist on other Asus motherboards, desktops, or laptops. This may be specific to Asus motherboards for Intel’s Haswell, but may also exist on newer systems (e.g. Skylake) or older (e.g. Ivy Bridge) with Asus motherboards, as well as Asus desktops or laptops.
Err codemadness.org 70 i 42635

Err codemadness.org 70 i 42636 Err codemadness.org 70 i 42637

There are two solutions to this problem:
Use Legacy BIOS mode instead of UEFI mode
Install a FreeBSD UEFI Boot entry

Err codemadness.org 70 i 42642 Err codemadness.org 70 i 42643

Err codemadness.org 70 i 42644
Keep in mind that I am not going to talk about this issue and third-party UEFI boot managers such as rEFInd here.
Err codemadness.org 70 i 42645 The first option is rather straightforward: you need to make sure your computer has “Secure Boot” disabled and “Legacy Boot” or “CSM” enabled. Then, you need to make sure FreeBSD is installed in BIOS mode. However, this solution is (in my opinion) suboptimal. Why? Because:
Err codemadness.org 70 i 42646 You won’t be able to use hard drives bigger than 2TB
Err codemadness.org 70 i 42647 You are limited to MBR Partitioning on Asus motherboards with UEFI as Asus motherboards refuse to boot GPT partitioned disks in BIOS mode
Err codemadness.org 70 i 42648 Legacy BIOS mode may not exist on future computers or motherboards (although those systems may not have this issue, and this issue may get fixed by then)
Err codemadness.org 70 i 42649 The second option, however, is less straightforward, but will let you keep UEFI. Many UEFI systems, including affected Asus motherboards described here, include a boot manager built into the UEFI. FreeBSD includes a tool called efibootmgr to manage this, similar to the similarly-named tool in Linux, but with a different syntax.
Err codemadness.org 70 i 42650

Err codemadness.org 70 i 42651 Err codemadness.org 70 i 42652

Err codemadness.org 70 i 42653 Err codemadness.org 70 i 42654

###Why ed(1) is not a good editor today

Err codemadness.org 70 i 42655 Err codemadness.org 70 i 42656

Err codemadness.org 70 i 42657
I’ll start with my tweet:
Err codemadness.org 70 i 42658

Err codemadness.org 70 i 42659 Err codemadness.org 70 i 42660

Heretical Unix opinion time: ed(1) may be the 'standard Unix editor', but it is not a particularly good editor outside of a limited environment that almost never applies today.

Err codemadness.org 70 i 42661 Err codemadness.org 70 i 42662

Err codemadness.org 70 i 42663
There is a certain portion of Unixdom that really likes ed(1), the ‘standard Unix editor’. Having actually used ed for a not insignificant amount of time (although it was the friendlier ‘UofT ed’ variant), I have some reactions to what I feel is sometimes overzealous praise of it. One of these is what I tweeted.
Err codemadness.org 70 i 42664 The fundamental limitation of ed is that it is what I call an indirect manipulation interface, in contrast to the explicit manipulation interfaces of screen editors like vi and graphical editors like sam (which are generally lumped together as ‘visual’ editors, so called because they actually show you the text you’re editing). When you edit text in ed, you have some problems that you don’t have in visual editors; you have to maintain in your head the context of what the text looks like (and where you are in it), you have to figure out how to address portions of that text in order to modify them, and finally you have to think about how your edit commands will change the context. Copious use of ed’s p command can help with the first problem, but nothing really deals with the other two. In order to use ed, you basically have to simulate parts of ed in your head.
Err codemadness.org 70 i 42665 Ed is a great editor in situations where the editor explicitly presenting this context is a very expensive or outright impossible operation. Ed works great on real teletypes, for example, or over extremely slow links where you want to send and receive as little data as possible (and on real teletypes you have some amount of context in the form of an actual printout that you can look back at). Back in the old days of Unix, this described a fairly large number of situations; you had actual teletypes, you had slow dialup links (and later slow, high latency network links), and you had slow and heavily overloaded systems.
Err codemadness.org 70 i 42666 However, that’s no longer the situation today (at least almost all of the time). Modern systems and links can easily support visual editors that continually show you the context of the text and generally let you more or less directly manipulate it (whether that is through cursoring around it or using a mouse). Such editors are easier and faster to use, and they leave you with more brainpower free to think about things like the program you’re writing (which is the important thing).
Err codemadness.org 70 i 42667 If you can use a visual editor, ed is not a particularly good editor to use instead; you will probably spend a lot of effort (and some amount of time) on doing by hand something that the visual editor will do for you. If you are very practiced at ed, maybe this partly goes away, but I maintain that you are still working harder than you need to be.
Err codemadness.org 70 i 42668 The people who say that ed is a quite powerful editor are correct; ed is quite capable (although sadly limited by only editing a single file). It’s just that it’s also a pain to use.
Err codemadness.org 70 i 42669 (They’re also correct that ed is the foundation of many other things in Unix, including sed and vi. But that doesn’t mean that the best way to learn or understand those things is to learn and use ed.)
Err codemadness.org 70 i 42670 This doesn’t make ed a useless, vestigial thing on modern Unix, though. There are uses for ed in non-interactive editing, for example. But on modern Unix, ed is a specialized tool, much like dc. It’s worth knowing that ed is there and roughly what it can do, but it’s probably not worth learning how to use it before you need it. And you’re unlikely to ever be in a situation where it’s the best choice for interactive editing (and if you are, something has generally gone wrong).
Err codemadness.org 70 i 42671 (But if you enjoy exploring the obscure corners of Unix, sure, go for it. Learn dc too, because it’s interesting in its own way and, like ed, it’s one of those classical old Unix programs.)
Err codemadness.org 70 i 42672

Err codemadness.org 70 i 42673 Err codemadness.org 70 i 42674

Err codemadness.org 70 i 42675 Err codemadness.org 70 i 42676

##Beastie Bits

Err codemadness.org 70 i 42677 Err codemadness.org 70 i 42678

Is there any interest in a #BSD user group in #Montreal?
Tell your BSD story
Finishing leftover tasks from Google Summer of Code
Fuzzing the OpenBSD Kernel
ARM - any Tier-1 *BSD options?

Err codemadness.org 70 i 42685 Err codemadness.org 70 i 42686

Err codemadness.org 70 i 42687 Err codemadness.org 70 i 42688

##Feedback/Questions

Err codemadness.org 70 i 42689 Err codemadness.org 70 i 42690

Chris - byhve question
Paulo - Topic suggestion
Bostjan - How data gets to disk

Err codemadness.org 70 i 42695 Err codemadness.org 70 i 42696

Err codemadness.org 70 i 42697 Err codemadness.org 70 i 42698

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 42701 Err codemadness.org 70 i 42702

]]> Err codemadness.org 70 i 42703

Episode 263: Encrypt That Pool | BSD Now 263

Allan Jude — Fri, 07 Sep 2018 11:00:00 -0700

Mitigating Spectre/Meltdown on HP Proliant servers, omniOS installation setup, debugging a memory corruption issue on OpenBSD, CfT for OpenZFS native encryption, Asigra TrueNAS backup appliance shown at VMworld, NetBSD 6 EoL, and more. Err codemadness.org 70 i 42896

Err codemadness.org 70 i 42897

##Headlines
Err codemadness.org 70 i 42898 How to mitigate Spectre and Meltdown on an HP Proliant server with FreeBSD

Err codemadness.org 70 i 42899

Err codemadness.org 70 i 42900
As recently announced in a previous article I wanted to write a couple of guides on how to mitigate Spectre and Meltdown vulnerabilities in GNU/Linux and UNIX environments. It is always a good and I hope a standard practice to have your systems patched and if they aren’t for whatever the reason (that legacy thing you’re carrying on for ages) you may take the necessary extra steps to protect your environment. I never planned to do any article on patching anything. Nowadays it’s a no brainer and operating systems have provided the necessary tools for this to be easy and as smooth as possible. So why this article?
Err codemadness.org 70 i 42901 Spectre and Meltdown are both hardware vulnerabilities. Major ones. They are meaningful for several reasons among them the world wide impact since they affect Intel and AMD systems which are ubiquitous. And second because patching hardware is not as easy, for the manufacturer and for the users or administrators in charge of the systems. There is still no known exploit around left out in the open hitting servers or desktops anywhere. The question is not if it will ever happen. The question is when will it happen. And it may be sooner than later. This is why big companies, governments and people in charge of big deployments are patching or have already patched their systems. But have you done it to your system? I know you have a firewall. Have you thought about CVE-2018-3639? This particular one could make your browser being a vector to get into your system. So, no, there is no reason to skip this.
Err codemadness.org 70 i 42902 Patching these set of vulnerabilities implies some more steps and concerns than updating the operating system. If you are a regular Windows user I find rare you to be here and many of the things you will read may be foreign to you. I am not planning to do a guide on Windows systems since I believe someone else has or will do it and will do it better than me since I am not a pro Windows user. However there is one basic and common thing for all OS’s when dealing with Spectre and Meltdown and that is a microcode update is necessary for the OS patches to effectively work.
Err codemadness.org 70 i 42903 What is microcode? You can read the Wikipedia article but in short it is basically a layer of code that allows chip manufacturers to deal with modifications on the hardware they’ve produced and the operating systems that will manage that hardware. Since there’s been some issues (namely Spectre and Meltdown) Intel and AMD respectively have released a series of microcode updates to address those problems. First series did come with serious problems and some regressions, to the point GNU/Linux producers stopped releasing the microcode updates through their release channels for updates and placed the ball on Intel’s roof. Patching fast does always include risks, specially when dealing with hardware. OS vendors have resumed their microcode update releases so all seems to be fine now.
Err codemadness.org 70 i 42904 In order to update the microcode we’re faced with two options. Download the most recent BIOS release from our vendor, provided it patches the Spectre and Meltdown vulnerabilities, or patch it from the OS. If your hardware vendor has decided not to provide support on your hardware you are forced to use the latter solution. Yes, you can still keep your hardware. They usually come accompanied with a “release notes” file where there are some explanatory notes on what is fixed, what is new, etc. To make the search easy for you a news site collected the vendors list and linked the right support pages for anyone to look. In some scenarios it would be desirable not to replace the whole BIOS but just update the microcode from the OS side. In my case I should update an HP Proliant ML110 G7 box and the download link for that would be this.
Err codemadness.org 70 i 42905 Instead of using the full blown BIOS update path we’ll use the inner utilities to patch Spectre and Meltdown on FreeBSD. So let’s put our hands on it
Err codemadness.org 70 i 42906

Err codemadness.org 70 i 42907

See the article for the technical breakdown

Err codemadness.org 70 i 42910

Err codemadness.org 70 i 42911

###A look beyond the BSD teacup: OmniOS installation

Err codemadness.org 70 i 42912

Err codemadness.org 70 i 42913
Five years ago I wrote a post about taking a look beyond the Linux teacup. I was an Arch Linux user back then and since there were projects like ArchBSD (called PacBSD today) and Arch Hurd, I decided to take a look at and write about them. Things have changed. Today I’m a happy FreeBSD user, but it’s time again to take a look beyond the teacup of operating systems that I’m familiar with.
Err codemadness.org 70 i 42914

Err codemadness.org 70 i 42915

Why Illumos / OmniOS?

Err codemadness.org 70 i 42918

Err codemadness.org 70 i 42919
There are a couple of reasons. The Solaris derivatives are the other big community in the *nix family besides Linux and the BSDs and we hadn’t met so far. Working with ZFS on FreeBSD, I now and then I read messages that contain a reference to Illumos which certainly helps to keep up the awareness. Of course there has also been a bit of curiosity – what might the OS be like that grew ZFS?
Err codemadness.org 70 i 42920 Also the Ravenports project that I participate in planned to support Solaris/Illumos right from the beginning. I wanted to at least be somewhat “prepared” when support for that platform would finally land. So I did a little research on the various derivatives available and settled on the one that I had heard a talk about at last year’s conference of the German Unix Users Group: “OmniOS – Solaris for the Rest of Us”. I would have chosen SmartOS as I admire what Bryan Cantrill does but for getting to know Illumos I prefer a traditional installation over a run-from-RAM system.
Err codemadness.org 70 i 42921 Of course FreeBSD is not run by corporations, especially when compared to the state of Linux. And when it comes to sponsoring, OpenBSD also takes the money… When it comes to FreeBSD developers, there’s probably some truth to the claim that some of them are using macOS as their desktop systems while OpenBSD devs are more likely to develop on their OS of choice. But then there’s the statement that “every innovation in the past decade comes from Solaris”. Bhyve alone proves this wrong. But let’s be honest: Two of the major technologies that make FreeBSD a great platform today – ZFS and DTrace – actually do come from Solaris. PAM originates there and a more modern way of managing services as well. Also you hear good things about their zones and a lot of small utilities in general.
Err codemadness.org 70 i 42922 In the end it was a lack of time that made me cheat and go down the easiest road: Create a Vagrantfile and just pull a VM image of the net that someone else had prepared… This worked to just make sure that the Raven packages work on OmniOS. I was determined to return, though – someday. You know how things go: “someday” is a pretty common alias for “probably never, actually.”
Err codemadness.org 70 i 42923 But then I heard about a forum post on the BSDNow! podcast. The title “Initial OmniOS impressions by a BSD user” caught my attention. I read that it was written by somebody who had used FreeBSD for years but loathed the new Code of Conduct enough to leave. I also oppose the Conduct and have made that pretty clear in my February post [ ! -z ${COC} ] && exit 1. As stated there, I have stayed with my favorite OS and continue to advocate it. I decided to stop reading the post and try things out on my own instead. Now I’ve finally found the time to do so.
Err codemadness.org 70 i 42924

Err codemadness.org 70 i 42925

What’s next?

Err codemadness.org 70 i 42928

Err codemadness.org 70 i 42929
That’s it for part one. In part two I’ll try to make the system useful. So far I have run into a problem that I haven’t been able to solve. But I have some time now to figure things out for the next post. Let’s see if I manage to get it working or if I have to report failure!
Err codemadness.org 70 i 42930

Err codemadness.org 70 i 42931

Err codemadness.org 70 i 42932

###What are all these types of memory in top(1)?

Err codemadness.org 70 i 42933

Earlier this week I convinced Mark Johnston, one of the FreeBSD VM experts to update a page on the FreeBSD wiki that I saw was being referenced on stackoverflow and similar sites
Mark updated the explanations to be more correct, and to include more technical detail for inquiring minds
He also added the new type that appeared in FreeBSD somewhat recently

Err codemadness.org 70 i 42938

Err codemadness.org 70 i 42939
Active - Contains memory “actively” (recently) being used by applications
Err codemadness.org 70 i 42940 Inactive - Contains memory that has not been touched recently, or was released from the Buffer Cache
Err codemadness.org 70 i 42941 Laundry - Contains memory that Inactive but still potentially contains useful data that needs to be stored before this memory can be used again
Err codemadness.org 70 i 42942 Wired - Memory that cannot be swapped out, including the kernel, network stack, and the ZFS ARC
Err codemadness.org 70 i 42943 Buf - Buffer Cache, used my UFS and most filesystems except ZFS (which uses the ARC)
Err codemadness.org 70 i 42944 Free - Memory that is immediately available for use by the rest of the system
Err codemadness.org 70 i 42945

Err codemadness.org 70 i 42946

Err codemadness.org 70 i 42947

##News Roundup
Err codemadness.org 70 i 42948 OpenBSD saves me again! — Debug a memory corruption issue

Err codemadness.org 70 i 42949

Err codemadness.org 70 i 42950
Yesterday, I came across a third-part library issue, which crashes at allocating memory:
Err codemadness.org 70 i 42951

Err codemadness.org 70 i 42952

Program terminated with signal SIGSEGV, Segmentation fault.
Err codemadness.org 70 i 42953 #0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6
Err codemadness.org 70 i 42954 (gdb) bt
Err codemadness.org 70 i 42955 #0 0x00007f594a5a9b6b in _int_malloc () from /usr/lib/libc.so.6
Err codemadness.org 70 i 42956 #1 0x00007f594a5ab503 in malloc () from /usr/lib/libc.so.6
Err codemadness.org 70 i 42957 #2 0x00007f594b13f159 in operator new (sz=5767168) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/new_op.cc:50

Err codemadness.org 70 i 42958

Err codemadness.org 70 i 42959
It is obvious that the memory tags are corrupted, but who is the murder? Since the library involves a lot of maths computation, it is not an easy task to grasp the code quickly. So I need to find another way:
Err codemadness.org 70 i 42960 (1) Open all warnings during compilation: -Wall. Nothing found.
Err codemadness.org 70 i 42961 (2) Use valgrind, but unfortunately, valgrind crashes itself:
Err codemadness.org 70 i 42962

Err codemadness.org 70 i 42963

valgrind: the 'impossible' happened:
Err codemadness.org 70 i 42964 Killed by fatal signal
Err codemadness.org 70 i 42965
Err codemadness.org 70 i 42966 host stacktrace:
Err codemadness.org 70 i 42967 ==43326== at 0x58053139: get_bszB_as_is (m_mallocfree.c:303)
Err codemadness.org 70 i 42968 ==43326== by 0x58053139: get_bszB (m_mallocfree.c:315)
Err codemadness.org 70 i 42969 ==43326== by 0x58053139: vgPlain_arena_malloc (m_mallocfree.c:1799)
Err codemadness.org 70 i 42970 ==43326== by 0x5800BA84: vgMemCheck_new_block (mc_malloc_wrappers.c:372)
Err codemadness.org 70 i 42971 ==43326== by 0x5800BD39: vgMemCheck___builtin_vec_new (mc_malloc_wrappers.c:427)
Err codemadness.org 70 i 42972 ==43326== by 0x5809F785: do_client_request (scheduler.c:1866)
Err codemadness.org 70 i 42973 ==43326== by 0x5809F785: vgPlain_scheduler (scheduler.c:1433)
Err codemadness.org 70 i 42974 ==43326== by 0x580AED50: thread_wrapper (syswrap-linux.c:103)
Err codemadness.org 70 i 42975 ==43326== by 0x580AED50: run_a_thread_NORETURN (syswrap-linux.c:156)
Err codemadness.org 70 i 42976
Err codemadness.org 70 i 42977 sched status:
Err codemadness.org 70 i 42978 running_tid=1

Err codemadness.org 70 i 42979

Err codemadness.org 70 i 42980
(3) Change compiler, use clang instead of gcc, and hope it can give me some clues. Still no effect.
Err codemadness.org 70 i 42981 (4) Switch Operating System from Linux to OpenBSD, the program crashes again. But this time, it tells me where the memory corruption occurs:
Err codemadness.org 70 i 42982

Err codemadness.org 70 i 42983

Program terminated with signal SIGSEGV, Segmentation fault.
Err codemadness.org 70 i 42984 #0 0x000014b07f01e52d in addMod (r=<error reading variable>, a=4693443247995522, b=28622907746665631,

Err codemadness.org 70 i 42985

Err codemadness.org 70 i 42986
I figure out the issue quickly, and not bother to understand the whole code. OpenBSD saves me again, thanks!
Err codemadness.org 70 i 42987

Err codemadness.org 70 i 42988

Err codemadness.org 70 i 42989

###Native Encryption for ZFS on FreeBSD (Call for Testing)

Err codemadness.org 70 i 42990

Err codemadness.org 70 i 42991
To anyone with an interest in native encryption in ZFS please test the projects/zfs-crypto-merge-0820 branch in my freebsd repo: https://github.com/mattmacy/networking.git
Err codemadness.org 70 i 42992

Err codemadness.org 70 i 42993

git clone https://github.com/mattmacy/networking.git -b projects/zfs-crypto-merge-0820

Err codemadness.org 70 i 42994

Err codemadness.org 70 i 42995
The UI is quite close to the Oracle Solaris ZFS crypto with minor differences for specifying key location.
Err codemadness.org 70 i 42996 Please note that once a feature is enabled on a pool it can’t be disabled. This means that if you enable encryption support on a pool you will never be able to import it in to a ZFS without encryption support. For this reason I would strongly advise against using this on any pool that can’t be easily replaced until this change has made its way in to HEAD after the freeze has been lifted.
Err codemadness.org 70 i 42997 By way of background the original ZoL commit can be found at:
Err codemadness.org 70 i 42998

Err codemadness.org 70 i 42999

https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49

Err codemadness.org 70 i 43002

Err codemadness.org 70 i 43003

###VMworld 2018: Showcasing Hybrid Cloud, Persistent Memory and the Asigra TrueNAS Backup Appliance

Err codemadness.org 70 i 43004

Err codemadness.org 70 i 43005
During its last year in Las Vegas before moving back to San Francisco, VMworld was abuzz with all the popular buzzwords, but the key focus was on supporting a more agile approach to hybrid cloud.
Err codemadness.org 70 i 43006 Surveys of IT stakeholders and analysts agree that most businesses have multiple clouds spanning both public cloud providers and private data centers. While the exact numbers vary, well over half of businesses have a hybrid cloud strategy consisting of at least three different clouds.
Err codemadness.org 70 i 43007 This focus on hybrid cloud provided the perfect timing for our announcement that iXsystems and Asigra are partnering to deliver the Asigra TrueNAS Backup Appliance, which combines Asigra Cloud Backup software backed by TrueNAS storage. Asigra TrueNAS Backup Appliances provide a self-healing and ransomware-resistent OpenZFS backup repository in your private cloud. The appliance can simultaneously be used as general-purpose file, block, and object storage. How does this tie in with the hybrid cloud? The Asigra Cloud Backup software can backup data from public cloud repositories – G Suite, Office 365, Salesforce, etc. – as well as intelligently move backed-up data to the public cloud for long-term retention.
Err codemadness.org 70 i 43008 Another major theme at the technical sessions was persistent memory, as vSphere 6.7 added support for persistent memory – either as a storage tier or virtualized and presented to a guest OS. As detailed in our blog post from SNIA’s Persistent Memory Summit 2018, persistent memory is rapidly becoming mainstream. Persistent memory bridges the gap between memory and flash storage – providing near-memory latency storage that persists across reboots or power loss. vSphere allows both legacy and persistent memory-aware applications to leverage this ultra-fast storage tier. We were excited to show off our newly-introduced TrueNAS M-Series at VMworld, as all TrueNAS M40 and M50 models leverage NVDIMM persistent memory technology to provide a super-fast write cache, or SLOG, without any of the limitations of Flash technology.
Err codemadness.org 70 i 43009 The iXsystems booth’s theme was “Enterprise Storage, Open Source Economics”. iXsystems leverages the power of Open Source software, combined with our enterprise-class hardware and support, to provide incredibly low TCO storage for virtualization environments. Our TrueNAS unified storage and server offerings are an ideal solution for your organization’s private cloud infrastructure. Combined with VMware NSX Hybrid Connect – formerly known as VMware Hybrid Cloud Extension – you can seamlessly shift running systems into a public cloud environment for a true hybrid cloud solution.
Err codemadness.org 70 i 43010 Another special treat at this year’s booth was iXsystems Vice President of Engineering Kris Moore giving demos of an early version of “Project TrueView”, a single-pane of glass management solution for administration of multiple FreeNAS and TrueNAS systems. In addition to simplified administration and enhanced monitoring, Project TrueView will also provide Role-Based Access Control for finer-grained permissions management. A beta version of Project TrueView is expected to be available at the end of this year.
Err codemadness.org 70 i 43011 Overall, we had a great week at VMworld 2018 with lots of good conversations with customers, press, analysts, and future customers about TrueNAS, the Asigra TrueNAS Backup Appliance, iXsystems servers, Project TrueView, and more – our booth was more popular than ever!
Err codemadness.org 70 i 43012

Err codemadness.org 70 i 43013

Err codemadness.org 70 i 43014

###End of life for NetBSD 6.x

Err codemadness.org 70 i 43015

Err codemadness.org 70 i 43016
In keeping with NetBSD’s policy of supporting only the latest (8.x) and next most recent (7.x) major branches, the recent release of NetBSD 8.0 marks the end of life for NetBSD 6.x. As in the past, a month of overlapping support has been provided in order to ease the migration to newer releases.
Err codemadness.org 70 i 43017

Err codemadness.org 70 i 43018

Err codemadness.org 70 i 43020
As of now, the following branches are no longer maintained:
Err codemadness.org 70 i 43021
Err codemadness.org 70 i 43023
netbsd-6-1
Err codemadness.org 70 i 43024
Err codemadness.org 70 i 43026
netbsd-6-0
Err codemadness.org 70 i 43027
Err codemadness.org 70 i 43029
netbsd-6
Err codemadness.org 70 i 43030
Err codemadness.org 70 i 43032
This means:
Err codemadness.org 70 i 43033
Err codemadness.org 70 i 43035
There will be no more pullups to those branches (even for security issues)
Err codemadness.org 70 i 43036
Err codemadness.org 70 i 43038
There will be no security advisories made for any those branches
Err codemadness.org 70 i 43039
Err codemadness.org 70 i 43041
The existing 6.x releases on ftp.NetBSD.org will be moved into /pub/NetBSD-archive/
Err codemadness.org 70 i 43042
Err codemadness.org 70 i 43044
May NetBSD 8.0 serve you well! (And if it doesn’t, please submit a PR!)
Err codemadness.org 70 i 43045

Err codemadness.org 70 i 43047

Err codemadness.org 70 i 43048

##Beastie Bits

Err codemadness.org 70 i 43049

Blast from the past: OpenBSD 3.7 CD artwork
People are asking about scale of BSD projects. Let’s figure it out…
Tuesday, 21 August 18: me, on ed(1), at SemiBUG
arm64 gains RETGUARD
Call for participation
FreeBSD-UPB/bhyvearm64-utils

Err codemadness.org 70 i 43057

Err codemadness.org 70 i 43058

##Feedback/Questions

Err codemadness.org 70 i 43059

Eric - FreeNAS for Vacation
Patrick - Long Live Unix
Jason - Jason - Full MP3 Recordings
Bostjan - Question about jails and kernel

Err codemadness.org 70 i 43065

Err codemadness.org 70 i 43066

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 43069

Err codemadness.org 70 i 43070

Episode 262: OpenBSD Surfacing | BSD Now 262

Allan Jude — Thu, 06 Sep 2018 02:00:00 -0700

OpenBSD on Microsoft Surface Go, FreeBSD Foundation August Update, What’s taking so long with Project Trident, pkgsrc config file versioning, and MacOS remnants in ZFS code. Err codemadness.org 70 i 43535

##Headlines
Err codemadness.org 70 i 43536 OpenBSD on the Microsoft Surface Go

Err codemadness.org 70 i 43537

Err codemadness.org 70 i 43538
For some reason I like small laptops and the constraints they place on me (as long as they’re still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.
Err codemadness.org 70 i 43539

Err codemadness.org 70 i 43540

Hardware

Err codemadness.org 70 i 43543

Err codemadness.org 70 i 43544
The Surface Go is available in two hardware configurations: one with 4Gb of RAM and a 64Gb eMMC, and another with 8Gb of RAM with a 128Gb NVMe SSD. (I went with the latter.) Both ship with an Intel Pentium Gold 4415Y processor which is not very fast, but it’s certainly usable.
Err codemadness.org 70 i 43545 The tablet measures 9.65" across, 6.9" tall, and 0.3" thick. Its 10" diagonal 3:2 touchscreen is covered with Gorilla Glass and has a resolution of 1800x1200. The bezel is quite large, especially for such a small screen, but it makes sense on a device that is meant to be held, to avoid accidental screen touches.
Err codemadness.org 70 i 43546 The keyboard and touchpad are located on a separate, removable slab called the Surface Go Signature Type Cover which is sold separately. I opted for the “cobalt blue” cover which has a soft, cloth-like alcantara material. The cover attaches magnetically along the bottom edge of the device and presents USB-attached keyboard and touchpad devices. When the cover is folded up against the screen, it sends an ACPI sleep signal and is held to the screen magnetically. During normal use, the cover can be positioned flat on a surface or slightly raised up about 3/4" near the screen for better ergonomics. When using the device as a tablet, the cover can be rotated behind the screen which causes it to automatically stop sending keyboard and touchpad events until it is rotated back around.
Err codemadness.org 70 i 43547 The keyboard has a decent amount of key travel and a good layout, with Home/End/Page Up/Page Down being accessible via Fn+Left/Right/Up/Down but also dedicated Home/End/Page Up/Page Down keys on the F9-F12 keys which I find quite useful since the keyboard layout is somewhat small. By default, the F1-F12 keys do not send F1-F12 key codes and Fn must be used, either held down temporarily or Fn pressed by itself to enable Fn-lock which annoyingly keeps the bright Fn LED illuminated. The keys are backlit with three levels of adjustment, handled by the keyboard itself with the F7 key.
Err codemadness.org 70 i 43548 The touchpad on the Type Cover is a Windows Precision Touchpad connected via USB HID. It has a decent click feel but when the cover is angled up instead of flat on a surface, it sounds a bit hollow and cheap.
Err codemadness.org 70 i 43549

Err codemadness.org 70 i 43550

Surface Go Pen

Err codemadness.org 70 i 43553

Err codemadness.org 70 i 43554
The touchscreen is powered by an Elantech chip connected via HID-over-i2c, which also supports pen input. A Surface Pen digitizer is available separately from Microsoft and comes in the same colors as the Type Covers. The pen works without any pairing necessary, though the top button on it works over Bluetooth so it requires pairing to use. Either way, the pen requires an AAAA battery inside it to operate. The Surface Pen can attach magnetically to the left side of the screen when not in use.
Err codemadness.org 70 i 43555 A kickstand can swing out behind the display to use the tablet in a laptop form factor, which can adjust to any angle up to about 170 degrees. The kickstand stays firmly in place wherever it is positioned, which also means it requires a bit of force to pull it out when initially placing the Surface Go on a desk.
Err codemadness.org 70 i 43556 Along the top of the display are a power button and physical volume rocker buttons. Along the right side are the 3.5mm headphone jack, USB-C port, power port, and microSD card slot located behind the kickstand.
Err codemadness.org 70 i 43557 Charging can be done via USB-C or the dedicated charge port, which accommodates a magnetically-attached, thin barrel similar to Apple’s first generation MagSafe adapter. The charging cable has a white LED that glows when connected, which is kind of annoying since it’s near the mid-line of the screen rather than down by the keyboard. Unlike Apple’s MagSafe, the indicator light does not indicate whether the battery is charged or not. The barrel charger plug can be placed up or down, but in either direction I find it puts an awkward strain on the power cable coming out of it due to the vertical position of the port.
Err codemadness.org 70 i 43558 Wireless connectivity is provided by a Qualcomm Atheros QCA6174 802.11ac chip which also provides Bluetooth connectivity.
Err codemadness.org 70 i 43559 Most of the sensors on the device such as the gyroscope and ambient light sensor are connected behind an Intel Sensor Hub PCI device, which provides some power savings as the host CPU doesn’t have to poll the sensors all the time.
Err codemadness.org 70 i 43560

Err codemadness.org 70 i 43561

Firmware

Err codemadness.org 70 i 43564

Err codemadness.org 70 i 43565
The Surface Go’s BIOS/firmware menu can be entered by holding down the Volume Up button, then pressing and releasing the Power button, and releasing Volume Up when the menu appears. Secure Boot as well as various hardware components can be disabled in this menu. Boot order can also be adjusted. A temporary boot menu can be brought up the same way but using Volume Down instead.
Err codemadness.org 70 i 43566

Err codemadness.org 70 i 43567

Err codemadness.org 70 i 43568

###FreeBSD Foundation Update, August 2018

Err codemadness.org 70 i 43569

MESSAGE FROM THE EXECUTIVE DIRECTOR

Err codemadness.org 70 i 43572

Err codemadness.org 70 i 43573
Dear FreeBSD Community Member,
Err codemadness.org 70 i 43574 It’s been a busy summer for the Foundation. From traveling around the globe spreading the word about FreeBSD to bringing on new team members to improve the Project’s Continuous Integration work, we’re very excited about what we’ve accomplished. Take a minute to check out the latest updates within our Foundation sponsored projects; read more about our advocacy efforts in Bangladesh and community building in Cambridge; don’t miss upcoming Travel Grant deadlines, and new Developer Summits; and be sure to find out how your support will ensure our progress continues into 2019.
Err codemadness.org 70 i 43575 We can’t do this without you! Happy reading!! Deb
Err codemadness.org 70 i 43576

Err codemadness.org 70 i 43577

August 2018 Development Projects Update
Fundraising Update: Supporting the Project
August 2018 Release Engineering Update
BSDCam 2018 Recap
October 2018 FreeBSD Developer Summit Call for Participation
SANOG32 and COSCUP 2018 Recap
MeetBSD 2018 Travel Grant Application Deadline: September 7

Err codemadness.org 70 i 43586

Err codemadness.org 70 i 43587

##News Roundup
Err codemadness.org 70 i 43588 Project Trident: What’s taking so long?

Err codemadness.org 70 i 43589

What is taking so long?

Err codemadness.org 70 i 43592

Err codemadness.org 70 i 43593
The short answer is that it’s complicated.
Err codemadness.org 70 i 43594 Project Trident is quite literally a test of the new TrueOS build system. As expected, there have been quite a few bugs, undocumented features, and other optional bits that we discovered we needed that were not initially present. All of these things have to be addressed and retested in a constant back and forth process.
Err codemadness.org 70 i 43595 While Ken and JT are both experienced developers, neither has done this kind of release engineering before. JT has done some release engineering back in his Linux days, but the TrueOS and FreeBSD build system is very different. Both Ken and JT are learning a completely new way of building a FreeBSD/TrueOS distribution. Please keep in mind that no one has used this new TrueOS build system before, so Ken and JT want to not only provide a good Trident release, but also provide a model or template for other potential TrueOS distributions too!
Err codemadness.org 70 i 43596

Err codemadness.org 70 i 43597

Where are we now?

Err codemadness.org 70 i 43600

Err codemadness.org 70 i 43601
Through perseverance, trial and error, and a lot of head-scratching we have reached the point of having successful builds. It took a while to get there, but now we are simply working out a few bugs with the new installer that Ken wrote as well as finding and fixing all the new Xorg configuration options which recently landed in FreeBSD. We also found that a number of services have been removed or replaced between TrueOS 18.03 and 18.06 so we are needing to adjust what we consider the “base” services for the desktop. All of these issues are being resolved and we are continually rebuilding and pulling in new patches from TrueOS as soon as they are committed.
Err codemadness.org 70 i 43602 In the meantime we have made an early BETA release of Trident available to the users in our Telegram Channel for those who want to help out in testing these early versions.
Err codemadness.org 70 i 43603

Err codemadness.org 70 i 43604

Do you foresee any other delays?

Err codemadness.org 70 i 43607

Err codemadness.org 70 i 43608
At the moment we are doing many iterations of testing and tweaking the install ISO and package configurations in order to ensure that all the critical functionality works out-of-box (networking, sound, video, basic apps, etc). While we do not foresee any other major delays, sometimes things happen that our outside of our control. For an example, one of the recent delays that hit recently was completely unexpected: we had a hard drive failure on our build server. Up until recently, The aptly named “Poseidon” build server was running a Micron m500dc drive, but that drive is now constantly reporting errors. Despite ordering a replacement Western Digital Blue SSD several weeks ago, we just received it this past week. The drive is now installed with the builder back to full functionality, but we did lose many precious days with the delay.
Err codemadness.org 70 i 43609 The build server for Project Trident is very similar to the one that JT donated to the TrueOS project. JT had another DL580 G7, so he donated one to the Trident Project for their build server. Poseidon also has 256GB RAM (64 x 4GB sticks) which is a smidge higher than what the TrueOS builder has.
Err codemadness.org 70 i 43610 Since we are talking about hardware, we probably should address another question we get often, “What Hardware are the devs testing on?” So let’s go ahead and answer that one now.
Err codemadness.org 70 i 43611

Err codemadness.org 70 i 43612

Err codemadness.org 70 i 43614
Developer Hardware
Err codemadness.org 70 i 43615
Err codemadness.org 70 i 43617
JT: His main test box is a custom-built Intel i7 7700K system running 32GB RAM, dual Intel Optane 900P drives, and an Nvidia 1070 GTX with four 4K Acer Monitors. He also uses a Lenovo x250 ThinkPad alongside a desk full of x230t and x220 ThinkPads. One of which he gave away at SouthEast LinuxFest this year, which you can read about here. However it’s not done there, being a complete hardware hoarder, JT also tests on several Intel NUCs and his second laptop a Fujitsu t904, not to mention a Plethora of HP DL580 servers, a DL980 server, and a stack of BL485c, BL460c, and BL490c Blades in his HP c7000 and c3000 Bladecenter chassis. (Maybe it’s time for an intervention for his hardware collecting habits)
Err codemadness.org 70 i 43618
Err codemadness.org 70 i 43620
Ken: For a laptop, he primarily uses a 3rd generation X1 Carbon, but also has an old Eee PC T101MT Netbook (dual core 1GHz, 2GB of memory) which he uses for verifying how well Trident works on low-end hardware. As far as workstations go, his office computer is an Intel i7 with an NVIDIA Geforce GTX 960 running three 4K monitors and he has a couple other custom-built workstations (1 AMD, 1 Intel+NVIDIA) at his home. Generally he assembled random workstations based on hardware that was given to him or that he could acquire cheap.
Err codemadness.org 70 i 43621
Err codemadness.org 70 i 43623
Tim: is using a third gen X1 Carbon and a custom built desktop with an Intel Core i5-4440 CPU, 16 GiB RAM, Nvidia GeForce GTX 750 Ti, and a RealTek 8168 / 8111 network card.
Err codemadness.org 70 i 43624
Err codemadness.org 70 i 43626
Rod: Rod uses… No one knows what Rod uses, It’s kinda like how many licks does it take to get to the center of a Tootsie-Roll Tootsie-Pop… the world may just never know.
Err codemadness.org 70 i 43627

Err codemadness.org 70 i 43629

Err codemadness.org 70 i 43630

###NetBSD GSoC: pkgsrc config file versioning

Err codemadness.org 70 i 43631

A series of reports from the course of the summer on this Google Summer of Code project
The goal of the project is to integrate with a VCS (Version Control System) to make managing local changes to config files for packages easier
GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1

Err codemadness.org 70 i 43636

Err codemadness.org 70 i 43637
Packages may install code (both machine executable code and interpreted programs), documentation and manual pages, source headers, shared libraries and other resources such as graphic elements, sounds, fonts, document templates, translations and configuration files, or a combination of them.
Err codemadness.org 70 i 43638 Configuration files are usually the means through which the behaviour of software without a user interface is specified. This covers parts of the operating systems, network daemons and programs in general that don’t come with an interactive graphical or textual interface as the principal mean for setting options.
Err codemadness.org 70 i 43639 System wide configuration for operating system software tends to be kept under /etc, while configuration for software installed via pkgsrc ends up under LOCALBASE/etc (e.g., /usr/pkg/etc).
Err codemadness.org 70 i 43640 Software packaged as part of pkgsrc provides example configuration files, if any, which usually get extracted to LOCALBASE/share/examples/PKGBASE/.
Err codemadness.org 70 i 43641 Don’t worry: automatic merging is disabled by default, set $VCSAUTOMERGE to enable it.
Err codemadness.org 70 i 43642 In order to avoid breakage, installed configuration is backed up first in the VCS, separating user-modified files from files that have been already automatically merged in the past, in order to allow the administrator to easily restore the last manually edited file in case of breakage.
Err codemadness.org 70 i 43643 VCS functionality only applies to configuration files, not to rc.d scripts, and only if the environment variable $NOVCS is unset.
Err codemadness.org 70 i 43644 The version control system to be used as a backend can be set through $VCS. It default to RCS, the Revision Control System, which works only locally and doesn’t support atomic transactions.
Err codemadness.org 70 i 43645 Other backends such as CVS are supported and more will come; these, being used at the explicit request of the administrator, need to be already installed and placed in a directory part of $PATH.
Err codemadness.org 70 i 43646

Err codemadness.org 70 i 43647

GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)

Err codemadness.org 70 i 43650

Err codemadness.org 70 i 43651
pkgsrc is now able to deploy configuration from packages being installed from a remote, site-specific vcs repository.
Err codemadness.org 70 i 43652 User modified files are always tracked even if automerge functionality is not enabled, and a new tool, pkgconftrack(1), exists to manually store user changes made outside of package upgrade time.
Err codemadness.org 70 i 43653 Version Control software is executed as the same user running pkgadd or make install, unless the user is “root”. In this case, a separate, unprivileged user, pkgvcsconf, gets created with its own home directory and a working login shell (but no password). The home directory is not strictly necessary, it exists to facilitate migrations betweens repositories and vcs changes; it also serves to store keys used to access remote repositories.
Err codemadness.org 70 i 43654 Using git instead of rcs is simply done by setting VCS=git in pkginstall.conf
Err codemadness.org 70 i 43655

Err codemadness.org 70 i 43656

GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)
GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements

Err codemadness.org 70 i 43660

Err codemadness.org 70 i 43661
Support for configuration tracking is in scripts, pkginstall scripts, that get built into binary packages and are run by pkgadd upon installation. The idea behind the proposal suggested that users of the new feature should be able to store revisions of their installed configuration files, and of package-provided default, both in local or remote repositories. With this capability in place, it doesn’t take much to make the scripts “pull” configuration from a VCS repository at installation time.
Err codemadness.org 70 i 43662 That’s what setting VCSCONFPULL=yes in pkginstall.conf after having enabled VCSTRACKCONF does: You are free to use official, third party prebuilt packages that have no customization in them, enable these options, and point pkgsrc to a private conf repository. If it contains custom configuration for the software you are installing, an attempt will be made to use it and install it on your system. If it fails, pkginstall will fall back to using the defaults that come inside the package. RC scripts are always deployed from the binary package, if existing and PKGRCDSCRIPTS=yes in pkginstall.conf or the environment.
Err codemadness.org 70 i 43663 This will be part of packages, not a separate solution like configuration management tools. It doesn’t support running scripts on the target system to customize the installation, it doesn’t come with its domain-specific language, it won’t run as a daemon or require remote logins to work. It’s quite limited in scope, but you can define a ROLE for your system in pkginstall.conf or in the environment, and pkgsrc will look for configuration you or your organization crafted for such a role (e.g., public, standalone webserver vs reverse proxy or node in a database cluster)
Err codemadness.org 70 i 43664

Err codemadness.org 70 i 43665

Err codemadness.org 70 i 43666

###A little bit of the one-time MacOS version still lingers in ZFS

Err codemadness.org 70 i 43667

Err codemadness.org 70 i 43668
Once upon a time, Apple came very close to releasing ZFS as part of MacOS. Apple did this work in its own copy of the ZFS source base (as far as I know), but the people in Sun knew about it and it turns out that even today there is one little lingering sign of this hoped-for and perhaps prepared-for ZFS port in the ZFS source code. Well, sort of, because it’s not quite in code.
Err codemadness.org 70 i 43669 Lurking in the function that reads ZFS directories to turn (ZFS) directory entries into the filesystem independent format that the kernel wants is the following comment:
Err codemadness.org 70 i 43670

Err codemadness.org 70 i 43671

objnum = ZFSDIRENTOBJ(zap.zafirstinteger);
Err codemadness.org 70 i 43672 /
Err codemadness.org 70 i 43673 MacOS X can extract the object type here such as:
Err codemadness.org 70 i 43674 * uint8t type = ZFSDIRENTTYPE(zap.zafirstinteger);
Err codemadness.org 70 i 43675 */

Err codemadness.org 70 i 43676

Specifically, this is in zfsreaddir in zfsvnops.c .

Err codemadness.org 70 i 43679

Err codemadness.org 70 i 43680
ZFS maintains file type information in directories. This information can’t be used on Solaris (and thus Illumos), where the overall kernel doesn’t have this in its filesystem independent directory entry format, but it could have been on MacOS (‘Darwin’), because MacOS is among the Unixes that support d_type. The comment itself dates all the way back to this 2007 commit, which includes the change ‘reserve bits in directory entry for file type’, which created the whole setup for this.
Err codemadness.org 70 i 43681 I don’t know if this file type support was added specifically to help out Apple’s MacOS X port of ZFS, but it’s certainly possible, and in 2007 it seems likely that this port was at least on the minds of ZFS developers. It’s interesting but understandable that FreeBSD didn’t seem to have influenced them in the same way, at least as far as comments in the source code go; this file type support is equally useful for FreeBSD, and the FreeBSD ZFS port dates to 2007 too (per this announcement).
Err codemadness.org 70 i 43682 Regardless of the exact reason that ZFS picked up maintaining file type information in directory entries, it’s quite useful for people on both FreeBSD and Linux that it does so. File type information is useful for any number of things and ZFS filesystems can (and do) provide this information on those Unixes, which helps make ZFS feel like a truly first class filesystem, one that supports all of the expected general system features.
Err codemadness.org 70 i 43683

Err codemadness.org 70 i 43684

Err codemadness.org 70 i 43685

##Beastie Bits

Err codemadness.org 70 i 43686

Mac-like FreeBSD Laptop
Syncthing on FreeBSD
New ZFS Boot Environments Tool
My system’s time was so wrong, that even ntpd didn’t work
OpenSSH 7.8/7.8p1 (2018-08-24)
EuroBSD (Sept 20-23rd) registration Early Bird Period is coming to an end
MeetBSD (Oct 18-20th) is coming up fast, hurry up and register!
AsiaBSDcon 2019 Dates

Err codemadness.org 70 i 43696

Err codemadness.org 70 i 43697

##Feedback/Questions

Err codemadness.org 70 i 43698

Will - Kudos and a Question
Peter - Fanless Computers
Ron - ZFS disk clone or replace or something
Bostjan - ZFS Record Size

Err codemadness.org 70 i 43704

Err codemadness.org 70 i 43705

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 43708

Err codemadness.org 70 i 43709

Episode 261: FreeBSDcon Flashback | BSD Now 261

Allan Jude — Thu, 30 Aug 2018 00:00:00 -0700

Err codemadness.org 70 i 44483 Insight into TrueOS and Trident, stop evildoers with pf-badhost, Flashback to FreeBSDcon ‘99, OpenBSD’s measures against TLBleed, play Morrowind on OpenBSD in 5 steps, DragonflyBSD developers shocked at Threadripper performance, and more.

Err codemadness.org 70 i 44484 Err codemadness.org 70 i 44485

##Headlines
Err codemadness.org 70 i 44486 ###An Insight into the Future of TrueOS BSD and Project Trident

Err codemadness.org 70 i 44487 Err codemadness.org 70 i 44488

Err codemadness.org 70 i 44489
Last month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.
Err codemadness.org 70 i 44490

Err codemadness.org 70 i 44491 Err codemadness.org 70 i 44492

It’s FOSS: What is Project Trident?

Err codemadness.org 70 i 44495 Err codemadness.org 70 i 44496

Err codemadness.org 70 i 44497
Project Trident: Project Trident is the continuation of the TrueOS Desktop. Essentially, it is the continuation of the primary “TrueOS software” that people have been using for the past 2 years. The continuing evolution of the entire TrueOS project has reached a stage where it became necessary to reorganize the project. To understand this change, it is important to know the history of the TrueOS project.
Err codemadness.org 70 i 44498

Err codemadness.org 70 i 44499 Err codemadness.org 70 i 44500

Err codemadness.org 70 i 44501
Originally, Kris Moore created PC-BSD. This was a Desktop release of FreeBSD focused on providing a simple and user-friendly graphical experience for FreeBSD. PC-BSD grew and matured over many years. During the evolution of PC-BSD, many users began asking for a server focused version of the software. Kris agreed, and TrueOS was born as a scaled down server version of PC-BSD. In late 2016, more contributors and growth resulted in significant changes to the PC-BSD codebase. Because the new development was so markedly different from the original PC-BSD design, it was decided to rebrand the project.
Err codemadness.org 70 i 44502

Err codemadness.org 70 i 44503 Err codemadness.org 70 i 44504

Err codemadness.org 70 i 44505
TrueOS was chosen as the name for this new direction for PC-BSD as the project had grown beyond providing only a graphical front to FreeBSD and was beginning to make fundamental changes to the FreeBSD operating system. One of these changes was moving PC-BSD from being based on each FreeBSD Release to TrueOS being based on the active and less outdated FreeBSD Current. Other major changes are using OpenRC for service management and being more aggressive about addressing long-standing issues with the FreeBSD release process. TrueOS moved toward a rolling release cycle, twice a year, which tested and merged FreeBSD changes directly from the developer instead of waiting months or even years for the FreeBSD review process to finish. TrueOS also deprecated and removed obsolete technology much more regularly.
Err codemadness.org 70 i 44506

Err codemadness.org 70 i 44507 Err codemadness.org 70 i 44508

Err codemadness.org 70 i 44509
As the TrueOS Project grew, the developers found these changes were needed by other FreeBSD-based projects. These projects began expressing interest in using TrueOS rather than FreeBSD as the base for their project. This demonstrated that TrueOS needed to again evolve into a distribution framework for any BSD project to use. This allows port maintainers and source developers from any BSD project to pool their resources and use the same source repositories while allowing every distribution to still customize, build, and release their own self-contained project. The result is a natural split of the traditional TrueOS team. There were now naturally two teams in the TrueOS project: those working on the build infrastructure and FreeBSD enhancements – the “core” part of the project, and those working on end-user experience and utility – the “desktop” part of the project.
Err codemadness.org 70 i 44510

Err codemadness.org 70 i 44511 Err codemadness.org 70 i 44512

Err codemadness.org 70 i 44513
When the decision was made to formally split the projects, the obvious question that arose was what to call the “Desktop” project. As TrueOS was already positioned to be a BSD distribution platform, the developers agreed the desktop side should pick a new name. There were other considerations too, one notable being that we were concerned that if we continued to call the desktop project “TrueOS Desktop”, it would prevent people from considering TrueOS as the basis for their distribution because of misconceptions that TrueOS was a desktop-focused OS. It also helps to “level the playing field” for other desktop distributions like GhostBSD so that TrueOS is not viewed as having a single “blessed” desktop version.
Err codemadness.org 70 i 44514

Err codemadness.org 70 i 44515 Err codemadness.org 70 i 44516

It’s FOSS: What features will TrueOS add to the FreeBSD base?

Err codemadness.org 70 i 44519 Err codemadness.org 70 i 44520

Err codemadness.org 70 i 44521
Project Trident: TrueOS has already added a number of features to FreeBSD:
Err codemadness.org 70 i 44522 OpenRC replaces rc.d for service management
Err codemadness.org 70 i 44523 LibreSSL in base
Err codemadness.org 70 i 44524 Root NSS certificates out-of-box
Err codemadness.org 70 i 44525 Scriptable installations (pc-sysinstall)
Err codemadness.org 70 i 44526 The full list of changes can be seen on the TrueOS repository (https://github.com/trueos/trueos/blob/trueos-master/README.md). This list does change quite regularly as FreeBSD development itself changes.
Err codemadness.org 70 i 44527

Err codemadness.org 70 i 44528 Err codemadness.org 70 i 44529

It’s FOSS: I understand that TrueOS will have a new feature that will make creating a desktop spin of TrueOS very easy. Could you explain that new feature?

Err codemadness.org 70 i 44532 Err codemadness.org 70 i 44533

Err codemadness.org 70 i 44534
Project Trident: Historically, one of the biggest hurdles for creating a desktop version of FreeBSD is that the build options for packages are tuned for servers rather than desktops. This means a desktop distribution cannot use the pre-built packages from FreeBSD and must build, use, and maintain a custom package repository. Maintaining a fork of the FreeBSD ports tree is no trivial task. TrueOS has created a full distribution framework so now all it takes to create a custom build of FreeBSD is a single JSON manifest file. There is now a single “source of truth” for the source and ports repositories that is maintained by the TrueOS team and regularly tagged with “stable” build markers. All projects can use this framework, which makes updates trivial.
Err codemadness.org 70 i 44535

Err codemadness.org 70 i 44536 Err codemadness.org 70 i 44537

It’s FOSS: Do you think that the new focus of TrueOS will lead to the creation of more desktop-centered BSDs?

Err codemadness.org 70 i 44540 Err codemadness.org 70 i 44541

Err codemadness.org 70 i 44542
Project Trident: That is the hope. Historically, creating a desktop-centered BSD has required a lot of specialized knowledge. Not only do most people not have this knowledge, but many do not even know what they need to learn until they start troubleshooting. TrueOS is trying to drastically simplify this process to enable the wider Open Source community to experiment, contribute, and enjoy BSD-based projects.
Err codemadness.org 70 i 44543

Err codemadness.org 70 i 44544 Err codemadness.org 70 i 44545

It’s FOSS: What is going to happen to TrueOS Pico? Will Project Trident have ARM support?

Err codemadness.org 70 i 44548 Err codemadness.org 70 i 44549

Err codemadness.org 70 i 44550
Project Trident: Project Trident will be dependent on TrueOS for ARM support. The developers have talked about the possibility of supporting ARM64 and RISC-V architectures, but it is not possible at the current time. If more Open Source contributors want to help develop ARM and RISC-V support, the TrueOS project is definitely willing to help test and integrate that code.
Err codemadness.org 70 i 44551

Err codemadness.org 70 i 44552 Err codemadness.org 70 i 44553

It’s FOSS: What does this change (splitting Trus OS into Project Trident) mean for the Lumina desktop environment?

Err codemadness.org 70 i 44556 Err codemadness.org 70 i 44557

Err codemadness.org 70 i 44558
Project Trident: Long-term, almost nothing. Lumina is still the desktop environment for Project Trident and will continue to be developed and enhanced alongside Project Trident just as it was for TrueOS. Short-term, we will be delaying the release of Lumina 2.0 and will release an updated version of the 1.x branch (1.5.0) instead. This is simply due to all the extra overhead to get Project Trident up and running. When things settle down into a rhythm, the development of Lumina will pick up once again.
Err codemadness.org 70 i 44559

Err codemadness.org 70 i 44560 Err codemadness.org 70 i 44561

It’s FOSS: Are you planning on including any desktop environments besides Lumina?

Err codemadness.org 70 i 44564 Err codemadness.org 70 i 44565

Err codemadness.org 70 i 44566
Project Trident: While Lumina is included by default, all of the other popular desktop environments will be available in the package repo exactly as they had been before.
Err codemadness.org 70 i 44567

Err codemadness.org 70 i 44568 Err codemadness.org 70 i 44569

It’s FOSS: Any plans to include Steam to increase the userbase?

Err codemadness.org 70 i 44572 Err codemadness.org 70 i 44573

Err codemadness.org 70 i 44574
Project Trident: Steam is still unavailable natively on FreeBSD, so we do not have any plans to ship it out of the box currently. In the meantime, we highly recommend installing the Windows version of Steam through the PlayOnBSD utility.
Err codemadness.org 70 i 44575

Err codemadness.org 70 i 44576 Err codemadness.org 70 i 44577

It’s FOSS: What will happen to the AppCafe?

Err codemadness.org 70 i 44580 Err codemadness.org 70 i 44581

Err codemadness.org 70 i 44582
Project Trident: The AppCafe is the name of the graphical interface for the “pkg” utility integrated into the SysAdm client created by TrueOS. This hasn’t changed. SysAdm, the graphical client, and by extension AppCafe are still available for all TrueOS-based distributions to use.
Err codemadness.org 70 i 44583

Err codemadness.org 70 i 44584 Err codemadness.org 70 i 44585

It’s FOSS: Does Project Trident have any corporate sponsors lined up? If not, would you be open to it or would you prefer that it be community supported?

Err codemadness.org 70 i 44588 Err codemadness.org 70 i 44589

Err codemadness.org 70 i 44590
Project Trident: iXsystems is the first corporate sponsor of Project Trident and we are always open to other sponsorships as well. We would prefer smaller individual contributions from the community, but we understand that larger project needs or special-purpose goals are much more difficult to achieve without allowing larger corporate sponsorships as well. In either case, Project Trident is always looking out for the best interests of the community and will not allow intrusive or harmful code to enter the project even if a company or individual tries to make that code part of a sponsorship deal.
Err codemadness.org 70 i 44591

Err codemadness.org 70 i 44592 Err codemadness.org 70 i 44593

It’s FOSS: BSD always seems to be lagging in terms of support for newer devices. Will TrueOS be able to remedy that with a quicker release cycle?

Err codemadness.org 70 i 44596 Err codemadness.org 70 i 44597

Err codemadness.org 70 i 44598
Project Trident: Yes! That was a primary reason for TrueOS to start tracking the CURRENT branch of FreeBSD in 2016. This allows for the changes that FreeBSD developers are making, including new hardware support, to be available much sooner than if we followed the FreeBSD release cycle.
Err codemadness.org 70 i 44599

Err codemadness.org 70 i 44600 Err codemadness.org 70 i 44601

It’s FOSS: Do you have any idea when Project Trident will have its first release?

Err codemadness.org 70 i 44604 Err codemadness.org 70 i 44605

Err codemadness.org 70 i 44606
Project Trident: Right now we are targeting a late August release date. This is because Project Trident is “kicking the wheels” on the new TrueOS distribution system. We want to ensure everything is working smoothly before we release. Going forward, we plan on having regular package updates every week or two for the end-user packages and a new release of Trident with an updated OS version every 6 months. This will follow the TrueOS release schedule with a small time offset.
Err codemadness.org 70 i 44607

Err codemadness.org 70 i 44608 Err codemadness.org 70 i 44609

Err codemadness.org 70 i 44610 Err codemadness.org 70 i 44611

###pf-badhost: Stop the evil doers in their tracks!

Err codemadness.org 70 i 44612 Err codemadness.org 70 i 44613

Err codemadness.org 70 i 44614
pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet’s biggest irritants. Annoyances such as ssh bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.
Err codemadness.org 70 i 44615 Filtering performance is exceptional, as the badhost list is stored in a pf table. To quote the OpenBSD FAQ page regarding tables: “the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses.”
Err codemadness.org 70 i 44616 pf-badhost is simple and powerful. The blocklists are pulled from quality, trusted sources. The ‘Firehol’, ‘Emerging Threats’ and ‘Binary Defense’ block lists are used as they are popular, regularly updated lists of the internet’s most egregious offenders. The pf-badhost.sh script can easily be expanded to use additional or alternate blocklists.
Err codemadness.org 70 i 44617 pf-badhost works best when used in conjunction with unbound-adblock for the ultimate badhost blocking.
Err codemadness.org 70 i 44618

Err codemadness.org 70 i 44619 Err codemadness.org 70 i 44620

Notes:
If you are trying to run pf-badhost on a LAN or are using NAT, you will want to add a rule to your pf.conf appearing BEFORE the pf-badhost rules allowing traffic to and from your local subnet so that you can still access your gateway and any DNS servers.
Conversely, adding a line to pf-badhost.sh that removes your subnet range from the table should also work. Just make sure you choose a subnet range / CIDR block that is actually in the list. 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 are the most common home/office subnet ranges.

Err codemadness.org 70 i 44625 Err codemadness.org 70 i 44626

Err codemadness.org 70 i 44627 Err codemadness.org 70 i 44628

DigitalOcean
Err codemadness.org 70 i 44629 https://do.co/bsdnow

Err codemadness.org 70 i 44630 Err codemadness.org 70 i 44631

###FLASHBACK: FreeBSDCon’99: Fans of Linux’s lesser-known sibling gather for the first time

Err codemadness.org 70 i 44632 Err codemadness.org 70 i 44633

Err codemadness.org 70 i 44634
FreeBSD, a port of BSD Unix to Intel, has been around almost as long as Linux has – but without the media hype. Its developer and user community recently got a chance to get together for the first time, and they did it in the city where BSD – the Berkeley Software Distribution – was born some 25 years ago.
Err codemadness.org 70 i 44635 October 17, 1999 marked a milestone in the history of FreeBSD – the first FreeBSD conference was held in the city where it all began, Berkeley, CA. Over 300 developers, users, and interested parties attended from around the globe.
Err codemadness.org 70 i 44636 This was easily 50 percent more people than the conference organizers had expected. This first conference was meant to be a gathering mostly for developers and FreeBSD advocates. The turnout was surprisingly (and gratifyingly) large.
Err codemadness.org 70 i 44637 In fact, attendance exceeded expectations so much that, for instance, Kirk McKusick had to add a second, identical tutorial on FreeBSD internals, because it was impossible for everyone to attend the first!
Err codemadness.org 70 i 44638 But for a first-ever conference, I was impressed by how smoothly everything seemed to go. Sessions started on time, and the sessions I attended were well-run; nothing seemed to be too cold, dark, loud, late, or off-center.
Err codemadness.org 70 i 44639 Of course, the best part about a conference such as this one is the opportunity to meet with other people who share similar interests. Lunches and breaks were a good time to meet people, as was the Tuesday night beer bash.
Err codemadness.org 70 i 44640 The Wednesday night reception was of a type unusual for the technical conferences I usually attend – a three-hour Hornblower dinner cruise on San Francisco Bay. Not only did we all enjoy excellent food and company, but we all got to go up on deck and watch the lights of San Francisco and Berkeley as we drifted by. Although it’s nice when a conference attracts thousands of attendees, there are some things that can only be done with smaller groups of people; this was one of them.
Err codemadness.org 70 i 44641 In short, this was a tiny conference, but a well-run one.
Err codemadness.org 70 i 44642

Err codemadness.org 70 i 44643 Err codemadness.org 70 i 44644

Sessions

Err codemadness.org 70 i 44647 Err codemadness.org 70 i 44648

Err codemadness.org 70 i 44649
Although it was a relatively small conference, the number and quality of the sessions belied the size. Each of the three days of the conference featured a different keynote speaker. In addition to Jordan Hubbard, Jeremy Allison spoke on “Samba Futures” on day two, and Brian Behlendorf gave a talk on “FreeBSD and Apache: A Perfect Combo” to start off the third day.
Err codemadness.org 70 i 44650 The conference sessions themselves were divided into six tracks: advocacy, business, development, networking, security, and panels. The panels track featured three different panels, made up of three different slices of the community: the FreeBSD core team, a press panel, and a prominent user panel with representatives from such prominent commercial users as Yahoo! and USWest.
Err codemadness.org 70 i 44651 I was especially interested in Apple Computer’s talk in the development track. Wilfredo Sanchez, technical lead for open source projects at Apple (no, that’s not an oxymoron!) spoke about Apple’s Darwin project, the company’s operating system road map, and the role of BSD (and, specifically, FreeBSD) in Apple’s plans.
Err codemadness.org 70 i 44652 Apple and Unix have had a long and uneasy history, from the Lisa through the A/UX project to today. Personally, I’m very optimistic about the chances for the Darwin project to succeed. Apple’s core OS kernel team has chosen FreeBSD as its reference platform. I’m looking forward to what this partnership will bring to both sides.
Err codemadness.org 70 i 44653 Other development track sessions included in-depth tutorials on writing device drivers, basics of the Vinum Volume Manager, Fibre Channel, development models (the open repository model), and the FreeBSD Documentation Project (FDP). If you’re interested in contributing to the FreeBSD project, the FDP is a good place to start.
Err codemadness.org 70 i 44654 Advocacy sessions included “How One Person Can Make a Difference” (a timeless topic that would find a home at any technical conference!) and “Starting and Managing A User Group” (trials and tribulations as well as rewards).
Err codemadness.org 70 i 44655 The business track featured speakers from three commercial users of FreeBSD: Cybernet, USWest, and Applix. Applix presented its port of Applixware Office for FreeBSD and explained how Applix has taken the core services of Applixware into open source.
Err codemadness.org 70 i 44656 Commercial applications and open source were once a rare combination; we can only hope the trend away from that state of affairs will continue.
Err codemadness.org 70 i 44657

Err codemadness.org 70 i 44658 Err codemadness.org 70 i 44659

Commercial use of FreeBSD

Err codemadness.org 70 i 44662 Err codemadness.org 70 i 44663

Err codemadness.org 70 i 44664
The use of FreeBSD in embedded applications is increasing as well – and it is increasing at the same rate that hardware power is. These days, even inexpensive systems are able to run a BSD kernel.
Err codemadness.org 70 i 44665 The BSD license and the solid TCP/IP stack prove significant enticements to this market as well. (Unlike the GNU Public License, the BSD license does not require that vendors make derivative works open source.)
Err codemadness.org 70 i 44666 Companies such as USWest and Verio use FreeBSD for a wide variety of different Internet services.
Err codemadness.org 70 i 44667 Yahoo! and Hotmail are examples of companies that use FreeBSD extensively for more specific purposes. Yahoo!, for example, has many hundreds of FreeBSD boxes, and Hotmail has almost 2000 FreeBSD machines at its data center in the San Francisco Bay area.
Err codemadness.org 70 i 44668 Hotmail is owned by Microsoft, so the fact that it runs FreeBSD is a secret. Don’t tell anyone…
Err codemadness.org 70 i 44669 When asked to comment on the increasing commercial interest in BSD, Hubbard said that FreeBSD is learning the Red Hat lesson. “Walnut Creek and others with business interests in FreeBSD have learned a few things from the Red Hat IPO,” he said, “and nobody is just sitting around now, content with business as usual. It’s clearly business as unusual in the open source world today.”
Err codemadness.org 70 i 44670 Hubbard had also singled out some of BSD’s commercial partners, such as Whistle Communications, for praise in his opening day keynote. These partners play a key role in moving the project forward, he said, by contributing various enhancements and major new systems, such as Netgraph, as well as by contributing paid employee time spent on FreeBSD.
Err codemadness.org 70 i 44671 Even short FreeBSD-related contacts can yield good results, Hubbard said. An example of this is the new jail() security code introduced in FreeBSD 3.x and 4.0, which was contributed by R & D Associates. A number of ISPs are also now donating the hardware and bandwidth that allows the project to provide more resource mirrors and experimental development sites.
Err codemadness.org 70 i 44672

Err codemadness.org 70 i 44673 Err codemadness.org 70 i 44674

See you next year

Err codemadness.org 70 i 44677 Err codemadness.org 70 i 44678

Err codemadness.org 70 i 44679
And speaking of corporate sponsors, thanks go to Walnut Creek for sponsoring the conference, and to Yahoo! for covering all the expenses involved in bringing the entire FreeBSD core team to Berkeley.
Err codemadness.org 70 i 44680 As a fan of FreeBSD, I’m happy to see that the project has finally produced a conference. It was time: many of the 16 core team members had been working together on a regular basis for nearly seven years without actually meeting face to face.
Err codemadness.org 70 i 44681 It’s been an interesting year for open source projects. I’m looking forward to the next year – and the next BSD conference – to be even better.
Err codemadness.org 70 i 44682

Err codemadness.org 70 i 44683 Err codemadness.org 70 i 44684

Err codemadness.org 70 i 44685 Err codemadness.org 70 i 44686

##News Roundup
Err codemadness.org 70 i 44687 ###OpenBSD Recommends: Disable SMT/Hyperthreading in all Intel BIOSes

Err codemadness.org 70 i 44688 Err codemadness.org 70 i 44689

Two recently disclosed hardware bugs affected Intel cpus:	Err	codemadness.org	70
i 44690 	Err	codemadness.org	70
i 44691      - TLBleed	Err	codemadness.org	70
i 44692 	Err	codemadness.org	70
i 44693      - T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this	Err	codemadness.org	70
i 44694              bug, more aspects are surely on the way)	Err	codemadness.org	70
i 44695 	Err	codemadness.org	70
i 44696 Solving these bugs requires new cpu microcode, a coding workaround,	Err	codemadness.org	70
i 44697 *AND* the disabling of SMT / Hyperthreading.	Err	codemadness.org	70
i 44698 	Err	codemadness.org	70
i 44699 SMT is fundamentally broken because it shares resources between the two	Err	codemadness.org	70
i 44700 cpu instances and those shared resources lack security differentiators.	Err	codemadness.org	70
i 44701 Some of these side channel attacks aren't trivial, but we can expect	Err	codemadness.org	70
i 44702 most of them to eventually work and leak kernel or cross-VM memory in	Err	codemadness.org	70
i 44703 common usage circumstances, even such as javascript directly in a	Err	codemadness.org	70
i 44704 browser.	Err	codemadness.org	70
i 44705 	Err	codemadness.org	70
i 44706 There will be more hardware bugs and artifacts disclosed.  Due to the	Err	codemadness.org	70
i 44707 way SMT interacts with speculative execution on Intel cpus, I expect SMT	Err	codemadness.org	70
i 44708 to exacerbate most of the future problems.	Err	codemadness.org	70
i 44709 	Err	codemadness.org	70
i 44710 A few months back, I urged people to disable hyperthreading on all	Err	codemadness.org	70
i 44711 Intel cpus.  I need to repeat that:	Err	codemadness.org	70
i 44712 	Err	codemadness.org	70
i 44713     DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.	Err	codemadness.org	70
i 44714 	Err	codemadness.org	70
i 44715 Also, update your BIOS firmware, if you can.	Err	codemadness.org	70
i 44716 	Err	codemadness.org	70
i 44717 OpenBSD -current (and therefore 6.4) will not use hyperthreading if it	Err	codemadness.org	70
i 44718 is enabled, and will update the cpu microcode if possible.	Err	codemadness.org	70
i 44719 	Err	codemadness.org	70
i 44720 But what about 6.2 and 6.3?	Err	codemadness.org	70
i 44721 	Err	codemadness.org	70
i 44722 The situation is very complex, continually evolving, and is taking too	Err	codemadness.org	70
i 44723 much manpower away from other tasks.  Furthermore, Intel isn't telling	Err	codemadness.org	70
i 44724 us what is coming next, and are doing a terrible job by not publically	Err	codemadness.org	70
i 44725 documenting what operating systems must do to resolve the problems.  We	Err	codemadness.org	70
i 44726 are having to do research by reading other operating systems.  There is	Err	codemadness.org	70
i 44727 no time left to backport the changes -- we will not be issuing a	Err	codemadness.org	70
i 44728 complete set of errata and syspatches against 6.2 and 6.3 because it is	Err	codemadness.org	70
i 44729 turning into a distraction.	Err	codemadness.org	70
i 44730 	Err	codemadness.org	70
i 44731 Rather than working on every required patch for 6.2/6.3, we will	Err	codemadness.org	70
i 44732 re-focus manpower and make sure 6.4 contains the best solutions	Err	codemadness.org	70
i 44733 possible.	Err	codemadness.org	70
i 44734 	Err	codemadness.org	70
i 44735 So please try take responsibility for your own machines: Disable SMT in	Err	codemadness.org	70
i 44736 the BIOS menu, and upgrade your BIOS if you can.	Err	codemadness.org	70
i 44737 	Err	codemadness.org	70
i 44738 I'm going to spend my money at a more trustworthy vendor in the future.	Err	codemadness.org	70
i 44739

Err codemadness.org 70 i 44740 Err codemadness.org 70 i 44741

Err codemadness.org 70 i 44742 Err codemadness.org 70 i 44743

###Get Morrowind running on OpenBSD in 5 simple steps

Err codemadness.org 70 i 44744 Err codemadness.org 70 i 44745

Err codemadness.org 70 i 44746
This article contains brief instructions on how to get one of the greatest Western RPGs of all time, The Elder Scrolls III: Morrowind, running on OpenBSD using the OpenMW open source engine recreation. These instructions were tested on a ThinkPad X1 Carbon Gen 3. The information was adapted from this OpenMW forum thread: https://forum.openmw.org/viewtopic.php?t=3510
Err codemadness.org 70 i 44747

Err codemadness.org 70 i 44748 Err codemadness.org 70 i 44749

Err codemadness.org 70 i 44751
1. Purchase and download the DRM-free version from GOG (also considered the best version due to the high quality PDF guide that it comes with): https://www.gog.com/game/the_elder_scrolls_iii_morrowind_goty_edition
Err codemadness.org 70 i 44754
Err codemadness.org 70 i 44756
1. Install the required packages built from the ports tree as root. openmw is the recreated game engine, and innoextract is how we will get the game data files out of the win32 executable.
Err codemadness.org 70 i 44759

Err codemadness.org 70 i 44761 Err codemadness.org 70 i 44762

pkg_add openmw innoextract

Err codemadness.org 70 i 44763 Err codemadness.org 70 i 44764

Err codemadness.org 70 i 44766
1. Move the file from GOG setup_tes_morrowind_goty_2.0.0.7.exe into its own directory morrowind/ due to innoextract’s default behaviour of extracting into the current directory. Then type:
Err codemadness.org 70 i 44769

Err codemadness.org 70 i 44771 Err codemadness.org 70 i 44772

innoextract setup_tes_morrowind_goty_2.0.0.7.exe

Err codemadness.org 70 i 44773 Err codemadness.org 70 i 44774

Err codemadness.org 70 i 44776
1. Type openmw-wizard and follow the straightforward instructions. Note that you have a pre-existing installation, and select the morrowind/app/Data Files folder that innoextract extracted.
Err codemadness.org 70 i 44779
Err codemadness.org 70 i 44781
1. Type in openmw-launcher, toggle the settings to your preferences, and then hit play!
Err codemadness.org 70 i 44784

Err codemadness.org 70 i 44786 Err codemadness.org 70 i 44787

Err codemadness.org 70 i 44788 Err codemadness.org 70 i 44789

iXsystems
Err codemadness.org 70 i 44790 https://twitter.com/allanjude/status/1034647571124367360

Err codemadness.org 70 i 44791 Err codemadness.org 70 i 44792

###My First Clang Bug

Err codemadness.org 70 i 44793 Err codemadness.org 70 i 44794

Err codemadness.org 70 i 44795
Part of the role of being a packager is compiling lots (and lots) of packages. That means compiling lots of code from interesting places and in a variety of styles. In my opinion, being a good packager also means providing feedback to upstream when things are bad. That means filing upstream bugs when possible, and upstreaming patches.
Err codemadness.org 70 i 44796 One of the “exciting” moments in packaging is when tools change. So each and every major CMake update is an exercise in recompiling 2400 or more packages and adjusting bits and pieces. When a software project was last released in 2013, adjusting it to modern tools can become quite a chore (e.g. Squid Report Generator). CMake is excellent for maintaining backwards compatibility, generally accommodating old software with new policies. The most recent 3.12 release candidate had three issues filed from the FreeBSD side, all from fallout with older software. I consider the hours put into good bug reports, part of being a good citizen of the Free Software world.
Err codemadness.org 70 i 44797 My most interesting bug this week, though, came from one line of code somewhere in Kleopatra: Q_UNUSED(gpgagent_data);
Err codemadness.org 70 i 44798 That one line triggered a really peculiar link error in KDE’s FreeBSD CI system. Yup … telling the compiler something is unused made it fall over. Commenting out that line got rid of the link error, but introduced a warning about an unused function. Working with KDE-PIM’s Volker Krause, we whittled the problem down to a six-line example program — two lines if you don’t care much for coding style. I’m glad, at that point, that I could throw it over the hedge to the LLVM team with some explanatory text. Watching the process on their side reminds me ever-so-strongly of how things work in KDE (or FreeBSD for that matter): Bugzilla, Phabricator, and git combine to be an effective workflow for developers (perhaps less so for end-users).
Err codemadness.org 70 i 44799 Today I got a note saying that the issue had been resolved. So brief a time for a bug. Live fast. Get squashed young.
Err codemadness.org 70 i 44800

Err codemadness.org 70 i 44801 Err codemadness.org 70 i 44802

Err codemadness.org 70 i 44803 Err codemadness.org 70 i 44804

###DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance

Err codemadness.org 70 i 44805 Err codemadness.org 70 i 44806

Err codemadness.org 70 i 44807
Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS – those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.
Err codemadness.org 70 i 44808

Err codemadness.org 70 i 44809 Err codemadness.org 70 i 44810

Err codemadness.org 70 i 44811
When I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.
Err codemadness.org 70 i 44812

Err codemadness.org 70 i 44813 Err codemadness.org 70 i 44814

Err codemadness.org 70 i 44815
In announcing his success in bringing up the 2990WX under DragonFlyBSD, which required a few minor changes, he shared his performance thoughts and hopes for the rig. “The cpu is a real beast, packing 32 cores and 64 threads. It blows away our dual-core Xeon to the tune of being +50% faster in concurrent compile tests, and it also blows away our older 4-socket Opteron (which we call ‘Monster’) by about the same margin. It’s an impressive CPU. For now the new beast is going to be used to help us improve I/O performance through the filesystem, further SMP work (but DFly scales pretty well to 64 threads already), and perhaps some driver to work to support the 10gbe on the mobo.”
Err codemadness.org 70 i 44816

Err codemadness.org 70 i 44817 Err codemadness.org 70 i 44818

Err codemadness.org 70 i 44819
Dillon shared some results on the system as well. " The Threadripper 2990WX is a beast. It is at least 50% faster than both the quad socket opteron and the dual socket Xeon system I tested against. The primary limitation for the 2990WX is likely its 4 channels of DDR4 memory, and like all Zen and Zen+ CPUs, memory performance matters more than CPU frequency (and costs almost no power to pump up the performance). That said, it still blow away a dual-socket Xeon with 3x the number of memory channels. That is impressive!"
Err codemadness.org 70 i 44820

Err codemadness.org 70 i 44821 Err codemadness.org 70 i 44822

Err codemadness.org 70 i 44823
The well known BSD developer also added, “This puts the 2990WX at par efficiency vs a dual-socket Xeon system, and better than the dual-socket Xeon with slower memory and a power cap. This is VERY impressive. I should note that the 2990WX is more specialized with its asymetric NUMA architecture and 32 cores. I think the sweet spot in terms of CPU pricing and efficiency is likely going to be with the 2950X (16-cores/32-threads). It is clear that the 2990WX (32-cores/64-threads) will max out 4-channel memory bandwidth for many workloads, making it a more specialized part. But still awesome…This thing is an incredible beast, I’m glad I got it.”
Err codemadness.org 70 i 44824

Err codemadness.org 70 i 44825 Err codemadness.org 70 i 44826

Err codemadness.org 70 i 44827
While I have the FreeBSD vs. Linux benchmarks from a few days ago, it looks like now on my ever growing TODO list will be re-trying out the newest DragonFlyBSD daily snapshot for seeing how the performance compares in the mix. Stay tuned for the numbers that should be in the next day or two.
Err codemadness.org 70 i 44828

Err codemadness.org 70 i 44829 Err codemadness.org 70 i 44830

Err codemadness.org 70 i 44831 Err codemadness.org 70 i 44832

##Beastie Bits

Err codemadness.org 70 i 44833 Err codemadness.org 70 i 44834

X11 on really small devices
mandoc-1.14.4 released
The pfSense Book is now available to everyone
MWL: Burn it down! Burn it all down!
Configuring OpenBSD: System and user config files for a more pleasant laptop
FreeBSD Security Advisory: Resource exhaustion in TCP reassembly
OpenBSD Foundation gets first 2018 Iridium donation
New ZFS commit solves issue a few users reported in the feedback segment
Project Trident should have a beta release by the end of next week
Reminder about Stockholm BUG: September 5, 17:30-22:00
BSD-PL User Group: September 13, 18:30-21:00

Err codemadness.org 70 i 44847 Err codemadness.org 70 i 44848

Err codemadness.org 70 i 44849 Err codemadness.org 70 i 44850

Tarsnap

Err codemadness.org 70 i 44851 Err codemadness.org 70 i 44852

##Feedback/Questions

Err codemadness.org 70 i 44853 Err codemadness.org 70 i 44854

Malcom - Having different routes per interface
Bostjan - ZFS and integrity of data
Michael - Suggestion for Monitoring
Barry - Feedback

Err codemadness.org 70 i 44860 Err codemadness.org 70 i 44861

Err codemadness.org 70 i 44862 Err codemadness.org 70 i 44863

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

]]> Err codemadness.org 70 i 44866

Episode 260: Hacking Tour of Europe | BSD Now 260

Allan Jude — Thu, 23 Aug 2018 02:00:00 -0700

Trip reports from the Essen Hackathon and BSDCam, CfT: ZFS native encryption and UFS trim consolidation, ZFS performance benchmarks on a FreeBSD server, how to port your OS to EC2, Vint Cerf about traceability, Remote Access console to an RPi3 running FreeBSD, and more. Err codemadness.org 70 i 45271

##Headlines
Err codemadness.org 70 i 45272 Essen Hackathon & BSDCam 2018 trip report

Err codemadness.org 70 i 45273

Allan and Benedict met at FRA airport and then headed to the Air Rail terminal for our train to Essen where the Hackathon would happen over the weekend of Aug 10 - 12, 2018. Once there, we did not have to wait long until other early-arrivals would show up and soon we had about 10 people gathered for lunch. After buying some take-out pizzas and bringing it back to the Linuxhotel (there was a training still going on there so we could not get into our rooms yet), we sat in the sunny park and talked. More and more people arrived and soon, people started hacking on their laptops. Some people would not arrive until a few hours before midnight, but we already had a record appearance of 20 people in total.
On Saturday, we gathered everyone in one of the seminar rooms that had rooms and chairs for us. After some organizational infos, we did an introductory round and Benedict wrote down on the whiteboard what people were interested in. It was not long until groups formed to talk about SSL in base, weird ZFS scrubs that would go over 100% completion (fixed now). Other people started working on ports, fixing bugs, or wrote documentation. The day ended in a BBQ in the Linuxhotel park, which was well received by everyone.
On Sunday, after attendees packed up their luggage and stored it in the seminar room, we continued hacking until lunchtime. After a quick group picture, we headed to a local restaurant for the social event (which was not open on Saturday, otherwise we would have had it then). In the afternoon, most people departed, a good half of them were heading for BSDCam.
Commits from the hackathon (the ones from 2018)
Overall, the hackathon was well received by attendees and a lot of them liked the fact that it was close to another BSD gathering so they could nicely combine the two. Also, people thought about doing their own hackathon in the future, which is an exciting prospect. Thanks to all who attended, helped out here and there when needed. Special Thanks to Netzkommune GmbH for sponsoring the social event and the Linuxhotel for having us.
Benedict was having a regular work day on Monday after coming back from the hackathon, but flew out to Heathrow on Tuesday. Allan was in London a day earlier and arrived a couple of hours before Benedict in Cambridge. He headed for the Computer Lab even though the main event would not start until Wednesday. Most people gathered at the Maypole pub on Tuesday evening for welcomes, food and drinks.
On Wednesday, a lot of people met in the breakfast room of Churchill College where most people were staying and went to the Computer Lab, which served as the main venue for BSDCam, together. The morning was spend with introductions and collecting what most people were interested in talking. This unconference style has worked well in the past and soon we had 10 main sessions together for the rest of this and the following two days (full schedule).
Most sessions took notes, which you can find on the FreeBSD wiki.
On Thursday evening, we had a nice formal dinner at Trinity Hall.
BSDCam 2018 was a great success with a lot of fruitful discussions and planning sessions. We thank the organizers for BSDCam for making it happen.
A special mentions goes out to Robert Watson and his family. Even though he was not there, he had a good reason to miss it: they had their first child born at the beginning of the week. Congratulations and best wishes to all three of them!

Err codemadness.org 70 i 45286

Err codemadness.org 70 i 45287

###Call for Testing: ZFS Native Encryption for FreeBSD

Err codemadness.org 70 i 45288

A port of the ZoL (ZFS-on-Linux) feature that provides native crypto support for ZFS is ready for testing on FreeBSD
Most of the porting was done by sef@freebsd.org (Sean Eric Fagan)
The original ZoL commit is here: https://github.com/zfsonlinux/zfs/pull/5769/commits/5aef9bedc801830264428c64cd2242d1b786fd49
For an overview, see Tom Caputi’s presentation from the OpenZFS Developers Summit in 2016
Video: https://youtu.be/frnLiXclAMo
Slides: https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view?usp=sharing
WARNING: test in VMs or with spare disks etc, pools created with this code, or upgraded to this version, will no longer be importable on systems that do not support this feature. The on-disk format or other things may change before the final version, so you will likely have to ‘zfs send | zfs recv’ the data on to a new pool
Thanks for testing to help this feature land in FreeBSD

Err codemadness.org 70 i 45298

Err codemadness.org 70 i 45299

iXsystems

Err codemadness.org 70 i 45300

###Call for Testing: UFS TRIM Consolidation

Err codemadness.org 70 i 45301

Kirk Mckusick posts to the FreeBSD mailing list looking for testers for the new UFS TRIM Consolidation code

Err codemadness.org 70 i 45304

Err codemadness.org 70 i 45305
When deleting files on filesystems that are stored on flash-memory (solid-state) disk drives, the filesystem notifies the underlying disk of the blocks that it is no longer using. The notification allows the drive to avoid saving these blocks when it needs to flash (zero out) one of its flash pages. These notifications of no-longer-being-used blocks are referred to as TRIM notifications. In FreeBSD these TRIM notifications are sent from the filesystem to the drive using the BIODELETE command.
Err codemadness.org 70 i 45306 Until now, the filesystem would send a separate message to the drive for each block of the file that was deleted. Each Gigabyte of file size resulted in over 3000 TRIM messages being sent to the drive. This burst of messages can overwhelm the drive’s task queue causing multiple second delays for read and write requests.
Err codemadness.org 70 i 45307 This implementation collects runs of contiguous blocks in the file and then consolodates them into a single BIODELETE command to the drive. The BIODELETE command describes the run of blocks as a single large block being deleted. Each Gigabyte of file size can result in as few as two BIODELETE commands and is typically less than ten. Though these larger BIODELETE commands take longer to run, they do not clog the drive task queue, so read and write commands can intersperse effectively with them.
Err codemadness.org 70 i 45308 Though this new feature has been throughly reviewed and tested, it is being added disabled by default so as to minimize the possibility of disrupting the upcoming 12.0 release. It can be enabled by running `sysctl vfs.ffs.dotrimcons=1’’. Users are encouraged to test it. If no problems arise, we will consider requesting that it be enabled by default for 12.0.
Err codemadness.org 70 i 45309 This support is off by default, but I am hoping that I can get enough testing to ensure that it (a) works, and (b) is helpful that it will be reasonable to have it turned on by default in 12.0. The cutoff for turning it on by default in 12.0 is September 19th. So I am requesting your testing feedback in the near-term. Please let me know if you have managed to use it successfully (or not) and also if it provided any performance difference (good or bad).
Err codemadness.org 70 i 45310

Err codemadness.org 70 i 45311

To enable TRIM consolidation usesysctl vfs.ffs.dotrimcons=1’
There is also a diff that adds additional statistics: https://lists.freebsd.org/pipermail/freebsd-current/2018-August/070798.html
You can also watch the volume and latency of BIODELETE commands by running gstat with the -d flag

Err codemadness.org 70 i 45316

Err codemadness.org 70 i 45317

##News Roundup
Err codemadness.org 70 i 45318 ZFS performance

Err codemadness.org 70 i 45319

Aravindh Sampathkumar, a Performance Engineer and Sysadmin posts some simple benchmarks he did on a new ZFS server

Err codemadness.org 70 i 45322

Err codemadness.org 70 i 45323
This is NOT an all-in post about ZFS performance. I built a FreeBSD+ZFS file server recently at work to serve as an offsite backup server. I wanted to run a few synthetic workloads on it and look at how it fares from performance perspective. Mostly for curiosity and learning purposes.
Err codemadness.org 70 i 45324 As stated in the notes about building this server, performance was not one of the priorities, as this server will never face our active workload. What I care about from this server is its ability to work with rsync and keep the data synchronised with our primary storage server. With that context, I ran a few write tests to see how good our solution is and what to expect from it in terms of performance.
Err codemadness.org 70 i 45325

Err codemadness.org 70 i 45326

The article then uses FIO to do some benchmarks.
As the author did, make sure you match the FIO block size to the ZFS record size to avoid write amplification. Either tune FIO or adjust the recordsize property in ZFS
You also want to consider compression and cache effects

Err codemadness.org 70 i 45331

Err codemadness.org 70 i 45332
Write Performance: Incompressible: 1600-2600 MB/s, Compressible: 2500-6600 MB/s
Err codemadness.org 70 i 45333 Another over 1200 MB/s is enough to keep your 10 gigabit network saturated
Err codemadness.org 70 i 45334

Err codemadness.org 70 i 45335

The increased latency that is seen with higher number of writers working, may be the result of the ZFS backpressure system (the write throttle). There is some tuning that can be done there. Specifically, since this machine has 768 GB of ram, you might allow more than 4GB of dirty data, which would mean you’d be able to write larger batches and not have to push back while you wait for a transaction group to flush when dealing with gigabytes/sec of writes

Err codemadness.org 70 i 45338

Err codemadness.org 70 i 45339

###How to port your OS to EC2

Err codemadness.org 70 i 45340

Colin Percival reflects on his FreeBSD on EC2 maintainership efforts in his blog:

Err codemadness.org 70 i 45343

Err codemadness.org 70 i 45344
I’ve been the maintainer of the FreeBSD/EC2 platform for about 7.5 years now, and as far as “running things in virtual machines” goes, that remains the only operating system and the only cloud which I work on. That said, from time to time I get questions from people who want to port other operating systems into EC2, and being a member of the open source community, I do my best to help them. I realized a few days ago that rather than replying to emails one by one it would be more efficient to post something publicly; so — for the benefit of the dozen or so people who want to port operating systems to run in EC2, and the curiosity of maybe a thousand more people who use EC2 but will never build AMIs themselves — here’s a rough guide to building EC2 images.
Err codemadness.org 70 i 45345 Before we can talk about building images, there are some things you need:
Err codemadness.org 70 i 45346 Your OS needs to run on x86 hardware. 64-bit (“amd64”, “x86-64”) is ideal, but I’ve managed to run 32-bit FreeBSD on “64-bit” EC2 instances so at least in some cases that’s not strictly necessary.
Err codemadness.org 70 i 45347 You almost certainly want to have drivers for Xen block devices (for all of the pre-Nitro EC2 instances) or for NVMe disks (for the most recent EC2 instances). Theoretically you could make do without these since there’s some ATA emulation available for bootstrapping, but if you want to do any disk I/O after the kernel finishes booting you’ll want to have a disk driver.
Err codemadness.org 70 i 45348 Similarly, you need support for the Xen network interface (older instances), Intel 10 GbE SR-IOV networking (some newer but pre-Nitro instances), or Amazon’s “ENA” network adapters (on Nitro instances), unless you plan on having instances which don’t communicate over the network. The ENA driver is probably the hardest thing to port, since as far as I know there’s no way to get your hands on the hardware directly, and it’s very difficult to do any debugging in EC2 without having a working network.
Err codemadness.org 70 i 45349 Finally, the obvious: You need to have an AWS account, and appropriate API access keys.
Err codemadness.org 70 i 45350 Building a disk image
Err codemadness.org 70 i 45351
Building an AMI
Err codemadness.org 70 i 45352 I wrote a simple tool for converting disk images into EC2 instances: bsdec2-image-upload. It uploads a disk image to Amazon S3; makes an API call to import that disk image into an EBS volume; creates a snapshot of that volume; then registers an EC2 AMI using that snapshot.
Err codemadness.org 70 i 45353 To use bsdec2-image-upload, you’ll first need to create an S3 bucket for it to use as a staging area. You can call it anything you like, but I recommend that you
Err codemadness.org 70 i 45354

Err codemadness.org 70 i 45355

Err codemadness.org 70 i 45356
Create it in a “nearby” region (for performance reasons), and
Err codemadness.org 70 i 45357 Set an S3 “lifecycle policy” which deletes objects automatically after 1 day (since bsdec2-image-upload doesn’t clean up the S3 bucket, and those objects are useless once you’ve finished creating an AMI).
Err codemadness.org 70 i 45358

Err codemadness.org 70 i 45359

Err codemadness.org 70 i 45360
Boot configuration
Err codemadness.org 70 i 45361 Odds are that your instance started booting and got as far as the boot loader launching the kernel, but at some point after that things went sideways. Now we start the iterative process of building disk images, turning them into AMIs, launching said AMIs, and seeing where they break. Some things you’ll probably run into here:
Err codemadness.org 70 i 45362 EC2 instances have two types of console available to them: A serial console and an VGA console. (Or rather, emulated serial and emulated VGA.) If you can have your kernel output go to both consoles, I recommend doing that. If you have to pick one, the serial console (which shows up as the “System Log” in EC2) is probably more useful than the VGA console (which shows up as “instance screenshot”) since it lets you see more than one screen of logs at once; but there’s a catch: Due to some bizarre breakage in EC2 — which I’ve been complaining about for ten years — the serial console is very “laggy”. If you find that you’re not getting any output, wait five minutes and try again.
Err codemadness.org 70 i 45363 You may need to tell your kernel where to find the root filesystem. On FreeBSD we build our disk images using GPT labels, so we simply need to specify in /etc/fstab that the root filesystem is on /dev/gpt/rootfs; but if you can’t do this, you’ll probably need to have different AMIs for Nitro instances vs. non-Nitro instances since Xen block devices will typically show up with different device names from NVMe disks. On FreeBSD, I also needed to set the vfs.root.mountfrom kernel environment variable for a while; this also is no longer needed on FreeBSD but something similar may be needed on other systems.
Err codemadness.org 70 i 45364 You’ll need to enable networking, using DHCP. On FreeBSD, this means placing ifconfigDEFAULT=“SYNCDHCP” into /etc/rc.conf; other systems will have other ways of specifying network parameters, and it may be necessary to specify a setting for the Xen network device, Intel SR-IOV network, and the Amazon ENA interface so that you’ll have the necessary configuration across all EC2 instance types. (On FreeBSD, ifconfigDEFAULT takes care of specifying the network settings which should apply for whatever network interface the kernel finds at boot time.)
Err codemadness.org 70 i 45365 You’ll almost certainly want to turn on SSH, so that you can connect into newly launched instances and make use of them. Don’t worry about setting a password or creating a user to SSH into yet — we’ll take care of that later.
Err codemadness.org 70 i 45366 EC2 configuration
Err codemadness.org 70 i 45367 Now it’s time to make the AMI behave like an EC2 instance. To this end, I prepared a set of rc.d scripts for FreeBSD. Most importantly, they
Err codemadness.org 70 i 45368 Print the SSH host keys to the console, so that you can veriy that they are correct when you first SSH in. (Remember, Verifying SSH host keys is more important than flossing every day.)
Err codemadness.org 70 i 45369 Download the SSH public key you want to use for logging in, and create an account (by default, “ec2-user”) with that key set up for you.
Err codemadness.org 70 i 45370 Fetch EC2 user-data and process it via configinit to allow you to configure the system as part of the process of launching it.
Err codemadness.org 70 i 45371 If your OS has an rc system derived from NetBSD’s rc.d, you may be able to use these scripts without any changes by simply installing them and enabling them in /etc/rc.conf; otherwise you may need to write your own scripts using mine as a model.
Err codemadness.org 70 i 45372 Firstboot scripts
Err codemadness.org 70 i 45373 A feature I added to FreeBSD a few years ago is the concept of “firstboot” scripts: These startup scripts are only run the first time a system boots. The aforementioned configinit and SSH key fetching scripts are flagged this way — so if your OS doesn’t support the “firstboot” keyword on rc.d scripts you’ll need to hack around that — but EC2 instances also ship with other scripts set to run on the first boot:
Err codemadness.org 70 i 45374 FreeBSD Update will fetch and install security and critical errata updates, and then reboot the system if necessary.
Err codemadness.org 70 i 45375 The UFS filesystem on the “boot disk” will be automatically expanded to the full size of the disk — this makes it possible to specify a larger size of disk at EC2 instance launch time.
Err codemadness.org 70 i 45376 Third-party packages will be automatically fetched and installed, according to a list in /etc/rc.conf. This is most useful if configinit is used to edit /etc/rc.conf, since it allows you to specify packages to install via the EC2 user-data.
Err codemadness.org 70 i 45377 While none of these are strictly necessary, I find them to be extremely useful and highly recommend implementing similar functionality in your systems.
Err codemadness.org 70 i 45378 Support my work!
Err codemadness.org 70 i 45379 I hope you find this useful, or at very least interesting. Please consider supporting my work in this area; while I’m happy to contribute my time to supporting open source software, it would be nice if I had money coming in which I could use to cover incidental expenses (e.g., conference travel) so that I didn’t end up paying to contribute to FreeBSD.
Err codemadness.org 70 i 45380

Err codemadness.org 70 i 45381

Err codemadness.org 70 i 45382

Digital Ocean
Err codemadness.org 70 i 45383 https://do.co/bsdnow

Err codemadness.org 70 i 45384

###Traceability, by Vint Cerf

Err codemadness.org 70 i 45385

A recent article from the August issue of the Communications of the ACM, for your contemplation:

Err codemadness.org 70 i 45388

Err codemadness.org 70 i 45389
At a recent workshop on cybersecurity in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated. The bad behaviors range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills requiring a wide range of technical and legal considerations. That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses.
Err codemadness.org 70 i 45390 In other columns, I have argued for better software development tools to reduce the common mistakes that lead to vulnerabilities that are exploited. Here, I want to focus on another aspect of response related to law enforcement and tracking down perpetrators. Of course, not all harms are (or perhaps are not yet) illegal, but discovering those who cause them may still be warranted. The recent adoption and implementation of the General Data Protection Regulation (GDPR) in the European Union creates an interesting tension because it highlights the importance and value of privacy while those who do direct or indirect harm must be tracked down and their identities discovered.
Err codemadness.org 70 i 45391 In passing, I mention that cryptography has sometimes been blamed for protecting the identity or actions of criminals but it is also a tool for protecting privacy. Arguments have been made for “back doors” to cryptographic systems but I am of the opinion that such proposals carry extremely high risk to privacy and safety. It is not my intent to argue this question in this column.
Err codemadness.org 70 i 45392 What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: “Cerfsup”). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.
Err codemadness.org 70 i 45393 In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.
Err codemadness.org 70 i 45394 This suggests to me that the notion of traceability under (internationally?) agreed circumstances (that is, differential traceability) might be a fruitful concept to explore. In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples). While there are conditions under which apparent anonymity is desirable and even justifiable (whistle-blowing, for example) absolute anonymity is actually quite difficult to achieve (another point made at the Ditchley workshop) and might not be absolutely desirable given the misbehaviors apparent anonymity invites. I expect this is a controversial conclusion and I look forward to subsequent discussion.
Err codemadness.org 70 i 45395

Err codemadness.org 70 i 45396

Err codemadness.org 70 i 45397

###Remote Access Console using FreeBSD on an RPi3

Err codemadness.org 70 i 45398

Our friend, and FOSDEM Booth Neighbour, Jorge, has posted a tutorial on how he created a remote access console for his SmartOS server and other machines in his homelab
Parts:
Raspberry Pi 3 B+
NavoLabs micro POE Hat
FT4232H based USB-to-RS232 (4x) adapter
Official Raspberry Pi case (optional)
Heat-sink kit (optional)
USB-to-TTL adaptor (optional)
Sandisk 16Gb microSD

Err codemadness.org 70 i 45409

Err codemadness.org 70 i 45410
For the software I ended up using conserver. Below is a very brief tutorial on how to set everything up. I assume you have basic unix skills.
Err codemadness.org 70 i 45411

Err codemadness.org 70 i 45412

Get an RPi3 image, make some minor modifications for RPi3+, and write it to the USB stick
Configure FreeBSD on the RPi3 Err codemadness.org 70 i 45415
- Load the ‘muge’ Ethernet Driver
- Load USB serial support
- Load the FTDI driver
- Enable SSHd and Conserver
- Configure Conserver
- Setup log rotation
- Start Conserver
Err codemadness.org 70 i 45424
And you’re good to go

Err codemadness.org 70 i 45427

Err codemadness.org 70 i 45428
A small bonus script I wrote to turn on the 2nd LED on the rPI once the system is booted, it will then blink the LED if someone is connected to any of the consoles.
Err codemadness.org 70 i 45429

Err codemadness.org 70 i 45430

There is also a followup post with some additional tips: https://blackdot.be/2018/08/freebsd-uart-and-raspberry-pi-3-b/

Err codemadness.org 70 i 45433

Err codemadness.org 70 i 45434

##Beastie Bits

Err codemadness.org 70 i 45435

Annual Penguin Races
Mscgen - Message Sequence Chart generator
This patch makes FreeBSD boot 500 - 800ms faster, please test on your hardware
FreeBSD’s arc4random() replaced with OpenBSD ChaCha20 implementation
MeetBSD Devsummit open for registrations
New Podcast interview with Michael W. Lucas

Err codemadness.org 70 i 45443

Err codemadness.org 70 i 45444

Tarsnap

Err codemadness.org 70 i 45445

##Feedback/Questions
Err codemadness.org 70 i 45446 We need more feedback emails. Please write to feedback@bsdnow.tv

Err codemadness.org 70 i 45447

Additionally, we are considering a new segment to be added to the end of the show (to make it skippable), where we have a ~15 minute deep dive on a topic. Some initial ideas are on the Virtual Memory subsystem, the Scheduler, Capsicum, and GEOM. What topics would you like to get very detailed explanations of? Many of the explanations may have accompanying graphics, and not be very suitable for audio only listeners, that is why we are planning to put it at the very end of the episode.

Err codemadness.org 70 i 45448

Err codemadness.org 70 i 45449

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 45452

Episode 259: Long Live Unix | BSD Now 259

Allan Jude — Thu, 16 Aug 2018 00:00:00 -0700

Err codemadness.org 70 i 46280 The strange birth and long life of Unix, FreeBSD jail with a single public IP, EuroBSDcon 2018 talks and schedule, OpenBSD on G4 iBook, PAM template user, ZFS file server, and reflections on one year of OpenBSD use.

Err codemadness.org 70 i 46281 Err codemadness.org 70 i 46282

Picking the contest winner

Err codemadness.org 70 i 46283 Err codemadness.org 70 i 46284

Vincent
Bostjan
Andrew
Klaus-Hendrik
Will
Toby
Johnny
David
manfrom
Niclas
Gary
Eddy
Bruce
Lizz
Jim

Err codemadness.org 70 i 46301 Err codemadness.org 70 i 46302

Random number generator

Err codemadness.org 70 i 46303 Err codemadness.org 70 i 46304

##Headlines
Err codemadness.org 70 i 46305 ###The Strange Birth and Long Life of Unix

Err codemadness.org 70 i 46306 Err codemadness.org 70 i 46307

Err codemadness.org 70 i 46308
They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it’s actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written.
Err codemadness.org 70 i 46309 A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone & Telegraph Co., withdrew from a collaborative project with the Massachusetts Institute of Technology and General Electric to create an interactive time-sharing system called Multics, which stood for “Multiplexed Information and Computing Service.” Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.
Err codemadness.org 70 i 46310 Over five years, AT&T invested millions in the Multics project, purchasing a GE-645 mainframe computer and dedicating to the effort many of the top researchers at the company’s renowned Bell Telephone Laboratories—including Thompson and Ritchie, Joseph F. Ossanna, Stuart Feldman, M. Douglas McIlroy, and the late Robert Morris. But the new system was too ambitious, and it fell troublingly behind schedule. In the end, AT&T’s corporate leaders decided to pull the plug.
Err codemadness.org 70 i 46311 After AT&T’s departure from the Multics project, managers at Bell Labs, in Murray Hill, N.J., became reluctant to allow any further work on computer operating systems, leaving some researchers there very frustrated. Although Multics hadn’t met many of its objectives, it had, as Ritchie later recalled, provided them with a “convenient interactive computing service, a good environment in which to do programming, [and] a system around which a fellowship could form.” Suddenly, it was gone.
Err codemadness.org 70 i 46312 With heavy hearts, the researchers returned to using their old batch system. At such an inauspicious moment, with management dead set against the idea, it surely would have seemed foolhardy to continue designing computer operating systems. But that’s exactly what Thompson, Ritchie, and many of their Bell Labs colleagues did. Now, some 40 years later, we should be thankful that these programmers ignored their bosses and continued their labor of love, which gave the world Unix, one of the greatest computer operating systems of all time.
Err codemadness.org 70 i 46313 The rogue project began in earnest when Thompson, Ritchie, and a third Bell Labs colleague, Rudd Canaday, began to sketch out on paper the design for a file system. Thompson then wrote the basics of a new operating system for the lab’s GE-645 mainframe. But with the Multics project ended, so too was the need for the GE-645. Thompson realized that any further programming he did on it was likely to go nowhere, so he dropped the effort.
Err codemadness.org 70 i 46314 Thompson had passed some of his time after the demise of Multics writing a computer game called Space Travel, which simulated all the major bodies in the solar system along with a spaceship that could fly around them. Written for the GE-645, Space Travel was clunky to play—and expensive: roughly US $75 a game for the CPU time. Hunting around, Thompson came across a dusty PDP-7, a minicomputer built by Digital Equipment Corp. that some of his Bell Labs colleagues had purchased earlier for a circuit-analysis project. Thompson rewrote Space Travel to run on it.
Err codemadness.org 70 i 46315 And with that little programming exercise, a second door cracked ajar. It was to swing wide open during the summer of 1969 when Thompson’s wife, Bonnie, spent a month visiting his parents to show off their newborn son. Thompson took advantage of his temporary bachelor existence to write a good chunk of what would become the Unix operating system for the discarded PDP‑7. The name Unix stems from a joke one of Thompson’s colleagues made: Because the new operating system supported only one user (Thompson), he saw it as an emasculated version of Multics and dubbed it “Un-multiplexed Information and Computing Service,” or Unics. The name later morphed into Unix.
Err codemadness.org 70 i 46316 Initially, Thompson used the GE-645 to compose and compile the software, which he then downloaded to the PDP‑7. But he soon weaned himself from the mainframe, and by the end of 1969 he was able to write operating-system code on the PDP-7 itself. That was a step in the right direction. But Thompson and the others helping him knew that the PDP‑7, which was already obsolete, would not be able to sustain their skunkworks for long. They also knew that the lab’s management wasn’t about to allow any more research on operating systems.
Err codemadness.org 70 i 46317 So Thompson and Ritchie got creative. They formulated a proposal to their bosses to buy one of DEC’s newer minicomputers, a PDP-11, but couched the request in especially palatable terms. They said they were aiming to create tools for editing and formatting text, what you might call a word-processing system today. The fact that they would also have to write an operating system for the new machine to support the editor and text formatter was almost a footnote.
Err codemadness.org 70 i 46318 Management took the bait, and an order for a PDP-11 was placed in May 1970. The machine itself arrived soon after, although the disk drives for it took more than six months to appear. During the interim, Thompson, Ritchie, and others continued to develop Unix on the PDP-7. After the PDP-11’s disks were installed, the researchers moved their increasingly complex operating system over to the new machine. Next they brought over the roff text formatter written by Ossanna and derived from the runoff program, which had been used in an earlier time-sharing system.
Err codemadness.org 70 i 46319 Unix was put to its first real-world test within Bell Labs when three typists from AT&T’s patents department began using it to write, edit, and format patent applications. It was a hit. The patent department adopted the system wholeheartedly, which gave the researchers enough credibility to convince management to purchase another machine—a newer and more powerful PDP-11 model—allowing their stealth work on Unix to continue.
Err codemadness.org 70 i 46320 During its earliest days, Unix evolved constantly, so the idea of issuing named versions or releases seemed inappropriate. But the researchers did issue new editions of the programmer’s manual periodically, and the early Unix systems were named after each such edition. The first edition of the manual was completed in November 1971.
Err codemadness.org 70 i 46321 So what did the first edition of Unix offer that made it so great? For one thing, the system provided a hierarchical file system, which allowed something we all now take for granted: Files could be placed in directories—or equivalently, folders—that in turn could be put within other directories. Each file could contain no more than 64 kilobytes, and its name could be no more than six characters long. These restrictions seem awkwardly limiting now, but at the time they appeared perfectly adequate.
Err codemadness.org 70 i 46322 Although Unix was ostensibly created for word processing, the only editor available in 1971 was the line-oriented ed. Today, ed is still the only editor guaranteed to be present on all Unix systems. Apart from the text-processing and general system applications, the first edition of Unix included games such as blackjack, chess, and tic-tac-toe. For the system administrator, there were tools to dump and restore disk images to magnetic tape, to read and write paper tapes, and to create, check, mount, and unmount removable disk packs.
Err codemadness.org 70 i 46323 Most important, the system offered an interactive environment that by this time allowed time-sharing, so several people could use a single machine at once. Various programming languages were available to them, including BASIC, Fortran, the scripting of Unix commands, assembly language, and B. The last of these, a descendant of a BCPL (Basic Combined Programming Language), ultimately evolved into the immensely popular C language, which Ritchie created while also working on Unix.
Err codemadness.org 70 i 46324 The first edition of Unix let programmers call 34 different low-level routines built into the operating system. It’s a testament to the system’s enduring nature that nearly all of these system calls are still available—and still heavily used—on modern Unix and Linux systems four decades on. For its time, first-edition Unix provided a remarkably powerful environment for software development. Yet it contained just 4200 lines of code at its heart and occupied a measly 16 KB of main memory when it ran.
Err codemadness.org 70 i 46325 Unix’s great influence can be traced in part to its elegant design, simplicity, portability, and serendipitous timing. But perhaps even more important was the devoted user community that soon grew up around it. And that came about only by an accident of its unique history.
Err codemadness.org 70 i 46326 The story goes like this: For years Unix remained nothing more than a Bell Labs research project, but by 1973 its authors felt the system was mature enough for them to present a paper on its design and implementation at a symposium of the Association for Computing Machinery. That paper was published in 1974 in the Communications of the ACM. Its appearance brought a flurry of requests for copies of the software.
Err codemadness.org 70 i 46327 This put AT&T in a bind. In 1956, AT&T had agreed to a U.S government consent decree that prevented the company from selling products not directly related to telephones and telecommunications, in return for its legal monopoly status in running the country’s long-distance phone service. So Unix could not be sold as a product. Instead, AT&T released the Unix source code under license to anyone who asked, charging only a nominal fee. The critical wrinkle here was that the consent decree prevented AT&T from supporting Unix. Indeed, for many years Bell Labs researchers proudly displayed their Unix policy at conferences with a slide that read, “No advertising, no support, no bug fixes, payment in advance.”
Err codemadness.org 70 i 46328 With no other channels of support available to them, early Unix adopters banded together for mutual assistance, forming a loose network of user groups all over the world. They had the source code, which helped. And they didn’t view Unix as a standard software product, because nobody seemed to be looking after it. So these early Unix users themselves set about fixing bugs, writing new tools, and generally improving the system as they saw fit.
Err codemadness.org 70 i 46329 The Usenix user group acted as a clearinghouse for the exchange of Unix software in the United States. People could send in magnetic tapes with new software or fixes to the system and get back tapes with the software and fixes that Usenix had received from others. In Australia, the University of New South Wales and the University of Sydney produced a more robust version of Unix, the Australian Unix Share Accounting Method, which could cope with larger numbers of concurrent users and offered better performance.
Err codemadness.org 70 i 46330 By the mid-1970s, the environment of sharing that had sprung up around Unix resembled the open-source movement so prevalent today. Users far and wide were enthusiastically enhancing the system, and many of their improvements were being fed back to Bell Labs for incorporation in future releases. But as Unix became more popular, AT&T’s lawyers began looking harder at what various licensees were doing with their systems.
Err codemadness.org 70 i 46331 One person who caught their eye was John Lions, a computer scientist then teaching at the University of New South Wales, in Australia. In 1977, he published what was probably the most famous computing book of the time, A Commentary on the Unix Operating System, which contained an annotated listing of the central source code for Unix.
Err codemadness.org 70 i 46332 Unix’s licensing conditions allowed for the exchange of source code, and initially, Lions’s book was sold to licensees. But by 1979, AT&T’s lawyers had clamped down on the book’s distribution and use in academic classes. The antiauthoritarian Unix community reacted as you might expect, and samizdat copies of the book spread like wildfire. Many of us have nearly unreadable nth-generation photocopies of the original book.
Err codemadness.org 70 i 46333 End runs around AT&T’s lawyers indeed became the norm—even at Bell Labs. For example, between the release of the sixth edition of Unix in 1975 and the seventh edition in 1979, Thompson collected dozens of important bug fixes to the system, coming both from within and outside of Bell Labs. He wanted these to filter out to the existing Unix user base, but the company’s lawyers felt that this would constitute a form of support and balked at their release. Nevertheless, those bug fixes soon became widely distributed through unofficial channels. For instance, Lou Katz, the founding president of Usenix, received a phone call one day telling him that if he went down to a certain spot on Mountain Avenue (where Bell Labs was located) at 2 p.m., he would find something of interest. Sure enough, Katz found a magnetic tape with the bug fixes, which were rapidly in the hands of countless users.
Err codemadness.org 70 i 46334 By the end of the 1970s, Unix, which had started a decade earlier as a reaction against the loss of a comfortable programming environment, was growing like a weed throughout academia and the IT industry. Unix would flower in the early 1980s before reaching the height of its popularity in the early 1990s.
Err codemadness.org 70 i 46335 For many reasons, Unix has since given way to other commercial and noncommercial systems. But its legacy, that of an elegant, well-designed, comfortable environment for software development, lives on. In recognition of their accomplishment, Thompson and Ritchie were given the Japan Prize earlier this year, adding to a collection of honors that includes the United States’ National Medal of Technology and Innovation and the Association of Computing Machinery’s Turing Award. Many other, often very personal, tributes to Ritchie and his enormous influence on computing were widely shared after his death this past October.
Err codemadness.org 70 i 46336 Unix is indeed one of the most influential operating systems ever invented. Its direct descendants now number in the hundreds. On one side of the family tree are various versions of Unix proper, which began to be commercialized in the 1980s after the Bell System monopoly was broken up, freeing AT&T from the stipulations of the 1956 consent decree. On the other side are various Unix-like operating systems derived from the version of Unix developed at the University of California, Berkeley, including the one Apple uses today on its computers, OS X. I say “Unix-like” because the developers of the Berkeley Software Distribution (BSD) Unix on which these systems were based worked hard to remove all the original AT&T code so that their software and its descendants would be freely distributable.
Err codemadness.org 70 i 46337 The effectiveness of those efforts were, however, called into question when the AT&T subsidiary Unix System Laboratories filed suit against Berkeley Software Design and the Regents of the University of California in 1992 over intellectual property rights to this software. The university in turn filed a counterclaim against AT&T for breaches to the license it provided AT&T for the use of code developed at Berkeley. The ensuing legal quagmire slowed the development of free Unix-like clones, including 386BSD, which was designed for the Intel 386 chip, the CPU then found in many IBM PCs.
Err codemadness.org 70 i 46338 Had this operating system been available at the time, Linus Torvalds says he probably wouldn’t have created Linux, an open-source Unix-like operating system he developed from scratch for PCs in the early 1990s. Linux has carried the Unix baton forward into the 21st century, powering a wide range of digital gadgets including wireless routers, televisions, desktop PCs, and Android smartphones. It even runs some supercomputers.
Err codemadness.org 70 i 46339 Although AT&T quickly settled its legal disputes with Berkeley Software Design and the University of California, legal wrangling over intellectual property claims to various parts of Unix and Linux have continued over the years, often involving byzantine corporate relations. By 2004, no fewer than five major lawsuits had been filed. Just this past August, a software company called the TSG Group (formerly known as the SCO Group), lost a bid in court to claim ownership of Unix copyrights that Novell had acquired when it purchased the Unix System Laboratories from AT&T in 1993.
Err codemadness.org 70 i 46340 As a programmer and Unix historian, I can’t help but find all this legal sparring a bit sad. From the very start, the authors and users of Unix worked as best they could to build and share, even if that meant defying authority. That outpouring of selflessness stands in sharp contrast to the greed that has driven subsequent legal battles over the ownership of Unix.
Err codemadness.org 70 i 46341 The world of computer hardware and software moves forward startlingly fast. For IT professionals, the rapid pace of change is typically a wonderful thing. But it makes us susceptible to the loss of our own history, including important lessons from the past. To address this issue in a small way, in 1995 I started a mailing list of old-time Unix aficionados. That effort morphed into the Unix Heritage Society. Our goal is not only to save the history of Unix but also to collect and curate these old systems and, where possible, bring them back to life. With help from many talented members of this society, I was able to restore much of the old Unix software to working order, including Ritchie’s first C compiler from 1972 and the first Unix system to be written in C, dating from 1973.
Err codemadness.org 70 i 46342 One holy grail that eluded us for a long time was the first edition of Unix in any form, electronic or otherwise. Then, in 2006, Al Kossow from the Computer History Museum, in Mountain View, Calif., unearthed a printed study of Unix dated 1972, which not only covered the internal workings of Unix but also included a complete assembly listing of the kernel, the main component of this operating system. This was an amazing find—like discovering an old Ford Model T collecting dust in a corner of a barn. But we didn’t just want to admire the chrome work from afar. We wanted to see the thing run again.
Err codemadness.org 70 i 46343 In 2008, Tim Newsham, an independent programmer in Hawaii, and I assembled a team of like-minded Unix enthusiasts and set out to bring this ancient system back from the dead. The work was technically arduous and often frustrating, but in the end, we had a copy of the first edition of Unix running on an emulated PDP-11/20. We sent out messages announcing our success to all those we thought would be interested. Thompson, always succinct, simply replied, “Amazing.” Indeed, his brainchild was amazing, and I’ve been happy to do what I can to make it, and the story behind it, better known.
Err codemadness.org 70 i 46344

Err codemadness.org 70 i 46345 Err codemadness.org 70 i 46346

Err codemadness.org 70 i 46347 Err codemadness.org 70 i 46348

Digital Ocean
Err codemadness.org 70 i 46349 http://do.co/bsdnow

Err codemadness.org 70 i 46350 Err codemadness.org 70 i 46351

###FreeBSD jails with a single public IP address

Err codemadness.org 70 i 46352 Err codemadness.org 70 i 46353

Err codemadness.org 70 i 46354
Jails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.
Err codemadness.org 70 i 46355

Err codemadness.org 70 i 46356 Err codemadness.org 70 i 46357

Create the internal network

Err codemadness.org 70 i 46360 Err codemadness.org 70 i 46361

Err codemadness.org 70 i 46362
In this case NAT (“Network Address Translation”) is a good way to expose services in different jails using the same IP address.
Err codemadness.org 70 i 46363 First, let’s create an internal network (“NAT network”) at 192.168.0.0/24. You could generally use any private IPv4 address space as specified in RFC 1918. Here’s an overview: https://en.wikipedia.org/wiki/Private_network. Using pf, FreeBSD’s firewall, we will map requests on different ports of the same public IP address to our individual jails as well as provide network access to the jails themselves.
Err codemadness.org 70 i 46364 First let’s check which network devices are available. In my case there’s em0 which provides connectivity to the internet and lo0, the local loopback device.
Err codemadness.org 70 i 46365

Err codemadness.org 70 i 46366 Err codemadness.org 70 i 46367

  options=209b	Err	codemadness.org	70
i 46368   [...]	Err	codemadness.org	70
i 46369   inet 172.31.1.100 netmask 0xffffff00 broadcast 172.31.1.255	Err	codemadness.org	70
i 46370   nd6 options=23	Err	codemadness.org	70
i 46371   media: Ethernet autoselect (1000baseT )	Err	codemadness.org	70
i 46372   status: active	Err	codemadness.org	70
i 46373 	Err	codemadness.org	70
i 46374 lo0: flags=8049 metric 0 mtu 16384	Err	codemadness.org	70
i 46375   options=600003	Err	codemadness.org	70
i 46376   inet6 ::1 prefixlen 128	Err	codemadness.org	70
i 46377   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2	Err	codemadness.org	70
i 46378   inet 127.0.0.1 netmask 0xff000000	Err	codemadness.org	70
i 46379   nd6 options=21```	Err	codemadness.org	70
i 46380 	Err	codemadness.org	70
i 46381 > For our internal network, we create a cloned loopback device called lo1. Therefore we need to customize the /etc/rc.conf file, adding the following two lines:	Err	codemadness.org	70
i 46382 	Err	codemadness.org	70
i 46383 ```cloned_interfaces="lo1"	Err	codemadness.org	70
i 46384 ipv4_addrs_lo1="192.168.0.1-9/29"```	Err	codemadness.org	70
i 46385 	Err	codemadness.org	70
i 46386 > This defines a /29 network, offering IP addresses for a maximum of 6 jails:	Err	codemadness.org	70
i 46387 	Err	codemadness.org	70
i 46388 ```ipcalc 192.168.0.1/29	Err	codemadness.org	70
i 46389 Address:   192.168.0.1          11000000.10101000.00000000.00000 001	Err	codemadness.org	70
i 46390 Netmask:   255.255.255.248 = 29 11111111.11111111.11111111.11111 000	Err	codemadness.org	70
i 46391 Wildcard:  0.0.0.7              00000000.00000000.00000000.00000 111	Err	codemadness.org	70
i 46392 =>	Err	codemadness.org	70
i 46393 Network:   192.168.0.0/29       11000000.10101000.00000000.00000 000	Err	codemadness.org	70
i 46394 HostMin:   192.168.0.1          11000000.10101000.00000000.00000 001	Err	codemadness.org	70
i 46395 HostMax:   192.168.0.6          11000000.10101000.00000000.00000 110	Err	codemadness.org	70
i 46396 Broadcast: 192.168.0.7          11000000.10101000.00000000.00000 111	Err	codemadness.org	70
i 46397 Hosts/Net: 6                     Class C, Private Internet```	Err	codemadness.org	70
i 46398 	Err	codemadness.org	70
i 46399 > Then we need to restart the network. Please be aware of currently active SSH sessions as they might be dropped during restart. It’s a good moment to ensure you have KVM access to that server ;-)	Err	codemadness.org	70
i 46400 	Err	codemadness.org	70
i 46401 ```service netif restart```	Err	codemadness.org	70
i 46402 	Err	codemadness.org	70
i 46403 > After reconnecting, our newly created loopback device is active:	Err	codemadness.org	70
i 46404 	Err	codemadness.org	70
i 46405 ```lo1: flags=8049 metric 0 mtu 16384	Err	codemadness.org	70
i 46406   options=600003	Err	codemadness.org	70
i 46407   inet 192.168.0.1 netmask 0xfffffff8	Err	codemadness.org	70
i 46408   inet 192.168.0.2 netmask 0xffffffff	Err	codemadness.org	70
i 46409   inet 192.168.0.3 netmask 0xffffffff	Err	codemadness.org	70
i 46410   inet 192.168.0.4 netmask 0xffffffff	Err	codemadness.org	70
i 46411   inet 192.168.0.5 netmask 0xffffffff	Err	codemadness.org	70
i 46412   inet 192.168.0.6 netmask 0xffffffff	Err	codemadness.org	70
i 46413   inet 192.168.0.7 netmask 0xffffffff	Err	codemadness.org	70
i 46414   inet 192.168.0.8 netmask 0xffffffff	Err	codemadness.org	70
i 46415   inet 192.168.0.9 netmask 0xffffffff	Err	codemadness.org	70
i 46416   nd6 options=29```	Err	codemadness.org	70
i 46417 	Err	codemadness.org	70
i 46418 + Setting up	Err	codemadness.org	70
i 46419 	Err	codemadness.org	70
i 46420 > pf part of the FreeBSD base system, so we only have to configure and enable it. By this moment you should already have a clue of which services you want to expose. If this is not the case, just fix that file later on. In my example configuration, I have a jail running a webserver and another jail running a mailserver:	Err	codemadness.org	70
i 46421 	Err	codemadness.org	70
i 46422  +  Public IP address	Err	codemadness.org	70
i 46423 ```IP_PUB="1.2.3.4"```	Err	codemadness.org	70
i 46424 	Err	codemadness.org	70
i 46425  +  Packet normalization	Err	codemadness.org	70
i 46426 ```scrub in all```	Err	codemadness.org	70
i 46427 	Err	codemadness.org	70
i 46428  +  Allow outbound connections from within the jails	Err	codemadness.org	70
i 46429 ```nat on em0 from lo1:network to any -> (em0)```	Err	codemadness.org	70
i 46430 	Err	codemadness.org	70
i 46431  +  webserver jail at 192.168.0.2	Err	codemadness.org	70
i 46432 ```rdr on em0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2```	Err	codemadness.org	70
i 46433 	Err	codemadness.org	70
i 46434  + just an example in case you want to redirect to another port within your jail	Err	codemadness.org	70
i 46435 ```rdr on em0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2 port 8080```	Err	codemadness.org	70
i 46436 	Err	codemadness.org	70
i 46437  + mailserver jail at 192.168.0.3	Err	codemadness.org	70
i 46438 ```rdr on em0 proto tcp from any to $IP_PUB port 25 -> 192.168.0.3```	Err	codemadness.org	70
i 46439 ```rdr on em0 proto tcp from any to $IP_PUB port 587 -> 192.168.0.3```	Err	codemadness.org	70
i 46440 ```rdr on em0 proto tcp from any to $IP_PUB port 143 -> 192.168.0.3```	Err	codemadness.org	70
i 46441 ```rdr on em0 proto tcp from any to $IP_PUB port 993 -> 192.168.0.3```	Err	codemadness.org	70
i 46442 	Err	codemadness.org	70
i 46443 > Now just enable pf like this (which is the equivalent of adding pf_enable=YES to /etc/rc.conf):	Err	codemadness.org	70
i 46444 	Err	codemadness.org	70
i 46445 ```sysrc pf_enable="YES"```	Err	codemadness.org	70
i 46446 	Err	codemadness.org	70
i 46447 > and start it:	Err	codemadness.org	70
i 46448 	Err	codemadness.org	70
i 46449 ```service pf start```	Err	codemadness.org	70
i 46450 	Err	codemadness.org	70
i 46451 + Install ezjail	Err	codemadness.org	70
i 46452 	Err	codemadness.org	70
i 46453 > Ezjail is a collection of scripts by erdgeist that allow you to easily manage your jails.	Err	codemadness.org	70
i 46454 	Err	codemadness.org	70
i 46455 ```pkg install ezjail```	Err	codemadness.org	70
i 46456 	Err	codemadness.org	70
i 46457 > As an alternative, you could install ezjail from the ports tree. Now we need to set up the basejail which contains the shared base system for our jails. In fact, every jail that you create get’s will use that basejail to symlink directories related to the base system like /bin and /sbin. This can be accomplished by running	Err	codemadness.org	70
i 46458 	Err	codemadness.org	70
i 46459 ```ezjail-admin install```	Err	codemadness.org	70
i 46460 	Err	codemadness.org	70
i 46461 > In the next step, we’ll copy the /etc/resolv.conf file from our host to the newjail, which is the template for newly created jails (the parts that are not provided by basejail), to ensure that domain resolution will work properly within our jails later on:	Err	codemadness.org	70
i 46462 	Err	codemadness.org	70
i 46463 ```cp /etc/resolv.conf /usr/jails/newjail/etc/```	Err	codemadness.org	70
i 46464 	Err	codemadness.org	70
i 46465 > Last but not least, we enable ezjail and start it:	Err	codemadness.org	70
i 46466 	Err	codemadness.org	70
i 46467 ```sysrc ezjail_enable="YES"```	Err	codemadness.org	70
i 46468 ```service ezjail start```	Err	codemadness.org	70
i 46469 	Err	codemadness.org	70
i 46470 + Create a jail	Err	codemadness.org	70
i 46471 	Err	codemadness.org	70
i 46472 > Creating a jail is as easy as it could probably be:	Err	codemadness.org	70
i 46473 	Err	codemadness.org	70
i 46474 ```ezjail-admin create webserver 192.168.0.2```	Err	codemadness.org	70
i 46475 ```ezjail-admin start webserver```	Err	codemadness.org	70
i 46476 	Err	codemadness.org	70
i 46477 > Now you can access your jail using:	Err	codemadness.org	70
i 46478 	Err	codemadness.org	70
i 46479 ```ezjail-admin console webserver```	Err	codemadness.org	70
i 46480 	Err	codemadness.org	70
i 46481 > Each jail contains a vanilla FreeBSD installation.	Err	codemadness.org	70
i 46482 	Err	codemadness.org	70
i 46483 + Deploy services	Err	codemadness.org	70
i 46484 	Err	codemadness.org	70
i 46485 > Now you can spin up as many jails as you want to set up your services like web, mail or file shares. You should take care not to enable sshd within your jails, because that would cause problems with the service’s IP bindings. But this is not a problem, just SSH to the host and enter your jail using ezjail-admin console.	Err	codemadness.org	70
i 46486 ***	Err	codemadness.org	70
i 46487 	Err	codemadness.org	70
i 46488 ###[EuroBSDcon 2018 Talks & Schedule](https://2018.eurobsdcon.org/talks-schedule/)	Err	codemadness.org	70
i 46489 ***	Err	codemadness.org	70
i 46490 	Err	codemadness.org	70
i 46491 	Err	codemadness.org	70
i 46492 	Err	codemadness.org	70
i 46493 	Err	codemadness.org	70
i 46494 ##News Roundup	Err	codemadness.org	70
i 46495 ###[OpenBSD on an iBook G4](https://bobstechsite.com/openbsd-on-an-ibook-g4/)	Err	codemadness.org	70
i 46496 > I've mentioned on social media and on the BTS podcast a few times that I wanted to try installing OpenBSD onto an old "snow white" iBook G4 I acquired last summer to see if I could make it a useful machine again in the year 2018.  This particular eBay purchase came with a 14" 1024x768 TFT screen, 1.07GHz PowerPC G4 processor, 1.5GB RAM, 100GB of HDD space and an ATI Radeon 9200 graphics card with 32 MB of SDRAM. The optical drive, ethernet port, battery & USB slots are also fully-functional. The only thing that doesn't work is the CMOS battery, but that's not unexpected for a device that was originally released in 2004.	Err	codemadness.org	70
i 46497 	Err	codemadness.org	70
i 46498 + Initial experiments	Err	codemadness.org	70
i 46499 	Err	codemadness.org	70
i 46500 > This iBook originally arrived at my door running Apple Mac OSX Leopard and came with the original install disk, the iLife & iWork suites for 2008, various instruction manuals, a working power cable and a spare keyboard. As you'll see in the pictures I took for this post the characters on the buttons have started to wear away from 14 years of intensive use, but the replacement needs a very good clean before I decide to swap it in!	Err	codemadness.org	70
i 46501 	Err	codemadness.org	70
i 46502 > After spending some time exploring the last version of OSX to support the IBM PowerPC processor architecture I tried to see if the hardware was capable of modern computing with Linux. Something I knew ahead of trying this was that the WiFi adapter was unlikely to work because it's a highly proprietary component designed by Apple to work specifically with OSX and nothing else, but I figured I could probably use a wireless USB dongle later to get around this limitation.	Err	codemadness.org	70
i 46503 	Err	codemadness.org	70
i 46504 > Unfortunately I found that no recent versions of mainstream Linux distributions would boot off this machine. Debian has dropped support 32-bit PowerPC architectures and the PowerPC variants of Ubuntu 16.04 LTS (vanilla, MATE and Lubuntu) wouldn't even boot the installer! The only distribution I could reliably install on the hardware was Lubuntu 14.04 LTS.	Err	codemadness.org	70
i 46505 	Err	codemadness.org	70
i 46506 > Unfortunately I'm not the biggest fan of the LXDE desktop for regular work and a lot of ported applications were old and broken because it clearly wasn't being maintained by people that use the hardware anymore. Ubuntu 14.04 is also approaching the end of its support life in early 2019, so this limited solution also has a limited shelf-life.	Err	codemadness.org	70
i 46507 	Err	codemadness.org	70
i 46508 + Over to BSD	Err	codemadness.org	70
i 46509 	Err	codemadness.org	70
i 46510 > I discussed this problem with a few people on Mastodon and it was pointed out to me that OSX is built on the Darwin kernel, which happens to be a variant of BSD. NetBSD and OpenBSD fans in particular convinced me that their communities still saw the value of supporting these old pieces of kit and that I should give BSD a try.	Err	codemadness.org	70
i 46511 	Err	codemadness.org	70
i 46512 > So yesterday evening I finally downloaded the "macppc" version of OpenBSD 6.3 with no idea what to expect. I hoped for the best but feared the worst because my last experience with this operating system was trying out PC-BSD in 2008 and discovering with disappointment that it didn't support any of the hardware on my Toshiba laptop.	Err	codemadness.org	70
i 46513 	Err	codemadness.org	70
i 46514 > When I initially booted OpenBSD I was a little surprised to find the login screen provided no visual feedback when I typed in my password, but I can understand the security reasons for doing that. The initial desktop environment that was loaded was very basic. All I could see was a console output window, a terminal and a desktop switcher in the X11 environment the system had loaded.	Err	codemadness.org	70
i 46515 	Err	codemadness.org	70
i 46516 > After a little Googling I found this blog post had some fantastic instructions to follow for the post-installation steps: https://sohcahtoa.org.uk/openbsd.html. I did have to adjust them slightly though because my iBook only has 1.5GB RAM and not every package that page suggests is available on macppc by default. You can see a full list here: https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/powerpc/.	Err	codemadness.org	70
i 46517 	Err	codemadness.org	70
i 46518 + Final thoughts	Err	codemadness.org	70
i 46519 	Err	codemadness.org	70
i 46520 > I was really impressed with the performance of OpenBSD's "macppc" port. It boots much faster than OSX Leopard on the same hardware and unlike Lubuntu 14.04 it doesn't randomly hang for no reason or crash if you launch something demanding like the GIMP.	Err	codemadness.org	70
i 46521 	Err	codemadness.org	70
i 46522 > I was pleased to see that the command line tools I'm used to using on Linux have been ported across too. OpenBSD also had no issues with me performing basic desktop tasks on XFCE like browsing the web with NetSurf, playing audio files with VLC and editing images with the GIMP. Limited gaming is also theoretically possible if you're willing to build them (or an emulator) from source with SDL support.	Err	codemadness.org	70
i 46523 	Err	codemadness.org	70
i 46524 > If I wanted to use this system for heavy duty work then I'd probably be inclined to run key applications like LibreOffice on a Raspberry Pi and then connect my iBook G4 to those using VNC or an SSH connection with X11 forwarding. BSD is UNIX after all, so using my ancient laptop as a dumb terminal should work reasonably well.	Err	codemadness.org	70
i 46525 	Err	codemadness.org	70
i 46526 > In summary I was impressed with OpenBSD and its ability to breathe new life into this old Apple Mac. I'm genuinely excited about the idea of trying BSD with other devices on my network such as an old Asus Eee PC 900 netbook and at least one of the many Raspberry Pi devices I use. Whether I go the whole hog and replace Fedora on my main production laptop though remains to be seen!	Err	codemadness.org	70
i 46527 	Err	codemadness.org	70
i 46528 ***	Err	codemadness.org	70
i 46529 	Err	codemadness.org	70
i 46530 ###[The template user with PAM and login(1)](http://oshogbo.vexillium.org/blog/48)	Err	codemadness.org	70
i 46531 > When you build a new service (or an appliance) you need your users to be able to configure it from the command line. To accomplish this you can create system accounts for all registered users in your service and assign them a special login shell which provides such limited functionality. This can be painful if you have a dynamic user database.	Err	codemadness.org	70
i 46532 > Another challenge is authentication via remote services such as RADIUS. How can we implement  services when we authenticate through it and log into it as a different user? Furthermore, imagine a scenario when RADIUS decides on which account we have the right to access by sending an additional attribute.	Err	codemadness.org	70
i 46533 > To address these two problems we can use a "template" user. Any of the PAM modules can set the value of the PAM_USER item. The value of this item will be used to determine which account we want to login. Only the "template" user must exist on the local password database, but the credential check can be omitted by the module.	Err	codemadness.org	70
i 46534 > This functionality exists in the login(1) used by FreeBSD, HardenedBSD, DragonFlyBSD and illumos. The functionality doesn't exist in the login(1) used in NetBSD, and OpenBSD doesn't support PAM modules at all. In addition what  is also noteworthy is that such functionality was also in the OpenSSH but they decided to remove it and call it a security vulnerability (CVE 2015-6563). I can see how some people may have seen it that way, that’s why I recommend reading this article from an OpenPAM author and a FreeBSD security officer at the time.	Err	codemadness.org	70
i 46535 > Knowing the background let's take a look at an example.	Err	codemadness.org	70
i 46536 	Err	codemadness.org	70
i 46537 ```PAM_EXTERN int	Err	codemadness.org	70
i 46538 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,	Err	codemadness.org	70
i 46539     int argc __unused, const char *argv[] __unused)	Err	codemadness.org	70
i 46540 {	Err	codemadness.org	70
i 46541         const char *user, *password;	Err	codemadness.org	70
i 46542         int err;	Err	codemadness.org	70
i 46543 	Err	codemadness.org	70
i 46544         err = pam_get_user(pamh, &user, NULL);	Err	codemadness.org	70
i 46545         if (err != PAM_SUCCESS)	Err	codemadness.org	70
i 46546                 return (err);	Err	codemadness.org	70
i 46547 	Err	codemadness.org	70
i 46548         err = pam_get_authtok(pamh, PAM_AUTHTOK, &password, NULL);	Err	codemadness.org	70
i 46549         if (err == PAM_CONV_ERR)	Err	codemadness.org	70
i 46550                 return (err);	Err	codemadness.org	70
i 46551         if (err != PAM_SUCCESS)	Err	codemadness.org	70
i 46552                 return (PAM_AUTH_ERR);	Err	codemadness.org	70
i 46553 	Err	codemadness.org	70
i 46554         err = authenticate(user, password);	Err	codemadness.org	70
i 46555         if (err != PAM_SUCCESS) {	Err	codemadness.org	70
i 46556                 return (err);	Err	codemadness.org	70
i 46557         }	Err	codemadness.org	70
i 46558 	Err	codemadness.org	70
i 46559         return (pam_set_item(pamh, PAM_USER, "template"));	Err	codemadness.org	70
i 46560 }	Err	codemadness.org	70
i 46561

Err codemadness.org 70 i 46562 Err codemadness.org 70 i 46563

Err codemadness.org 70 i 46564
In the listing above we have an example of a PAM module. The pam_get_user(3) provides a username. The pam_get_authtok(3) shows us a secret given by the user. Both functions allow us to give an optional prompt which should be shown to the user. The authenticate function is our crafted function which authenticates the user. In our first scenario we wanted to keep all users in an external database. If authentication is successful we then switch to a template user which has a shell set up for a script allowing us to configure the machine. In our second scenario the authenticate function authenticates the user in RADIUS.
Err codemadness.org 70 i 46565

Err codemadness.org 70 i 46566 Err codemadness.org 70 i 46567

Err codemadness.org 70 i 46568
Another step is to add our PAM module to the /etc/pam.d/system or to the /etc/pam.d/login configuration:
Err codemadness.org 70 i 46569

Err codemadness.org 70 i 46570 Err codemadness.org 70 i 46571

auth sufficient pam_template.so no_warn allow_local

Err codemadness.org 70 i 46572 Err codemadness.org 70 i 46573

Err codemadness.org 70 i 46574
Unfortunately the description of all these options goes beyond this article - if you would like to know more about it you can find them in the PAM manual. The last thing we need to do is to add our template user to the system which you can do by the adduser(8) command or just simply modifying the /etc/master.passwd file and use pwd_mkdb(8) program:
Err codemadness.org 70 i 46575

Err codemadness.org 70 i 46576 Err codemadness.org 70 i 46577

$ tail -n /etc/master.passwd
Err codemadness.org 70 i 46578 template:*:1000:1000::0:0:User &:/:/usr/local/bin/templatesh
Err codemadness.org 70 i 46579 $ sudo pwd_mkdb /etc/master.passwd

Err codemadness.org 70 i 46580 Err codemadness.org 70 i 46581

Err codemadness.org 70 i 46582
As you can see,the template user can be locked and we still can use it in our PAM module (the * character after login).
Err codemadness.org 70 i 46583 I would like to thank Dag-Erling Smørgrav for pointing this functionality out to me when I was looking for it some time ago.
Err codemadness.org 70 i 46584

Err codemadness.org 70 i 46585 Err codemadness.org 70 i 46586

Err codemadness.org 70 i 46587 Err codemadness.org 70 i 46588

iXsystems
Err codemadness.org 70 i 46589 iXsystems @ VMWorld

Err codemadness.org 70 i 46590 Err codemadness.org 70 i 46591

###ZFS file server

Err codemadness.org 70 i 46592 Err codemadness.org 70 i 46593

What is the need?

Err codemadness.org 70 i 46596 Err codemadness.org 70 i 46597

Err codemadness.org 70 i 46598
At work, we run a compute cluster that uses an Isilon cluster as primary NAS storage. Excluding snapshots, we have about 200TB of research data, some of them in compressed formats, and others not. We needed an offsite backup file server that would constantly mirror our primary NAS and serve as a quick recovery source in case of a data loss in the the primary NAS. This offsite file server would be passive - will never face the wrath of the primary cluster workload.
Err codemadness.org 70 i 46599 In addition to the role of a passive backup server, this solution would take on some passive report generation workloads as an ideal way of offloading some work from the primary NAS. The passive work is read-only.
Err codemadness.org 70 i 46600 The backup server would keep snapshots in a best effort basis dating back to 10 years. However, this data on this backup server would be archived to tapes periodically.
Err codemadness.org 70 i 46601

Err codemadness.org 70 i 46602 Err codemadness.org 70 i 46603

Err codemadness.org 70 i 46605
A simple guidance of priorities:
Err codemadness.org 70 i 46606
Err codemadness.org 70 i 46608
Data integrity > Cost of solution > Storage capacity > Performance.
Err codemadness.org 70 i 46609
Err codemadness.org 70 i 46611
Why not enterprise NAS? NetApp FAS or EMC Isilon or the like?
Err codemadness.org 70 i 46612

Err codemadness.org 70 i 46614 Err codemadness.org 70 i 46615

Err codemadness.org 70 i 46616
We decided that enterprise grade NAS like NetAPP FAS or EMC Isilon are prohibitively expensive and an overkill for our needs.
Err codemadness.org 70 i 46617 An open source & cheaper alternative to enterprise grade filesystem with the level of durability we expect turned up to be ZFS. We’re already spoilt from using snapshots by a clever Copy-on-Write Filesystem(WAFL) by NetApp. ZFS providing snapshots in almost identical way was a big influence in the choice. This is also why we did not consider just a CentOS box with the default XFS filesystem.
Err codemadness.org 70 i 46618

Err codemadness.org 70 i 46619 Err codemadness.org 70 i 46620

FreeBSD vs Debian for ZFS

Err codemadness.org 70 i 46623 Err codemadness.org 70 i 46624

Err codemadness.org 70 i 46625
This is a backup server, a long-term solution. Stability and reliability are key requirements. ZFS on Linux may be popular at this time, but there is a lot of churn around its development, which means there is a higher probability of bugs like this to occur. We’re not looking for cutting edge features here. Perhaps, Linux would be considered in the future.
Err codemadness.org 70 i 46626

Err codemadness.org 70 i 46627 Err codemadness.org 70 i 46628

FreeBSD + ZFS

Err codemadness.org 70 i 46631 Err codemadness.org 70 i 46632

Err codemadness.org 70 i 46633
We already utilize FreeBSD and OpenBSD for infrastructure services and we have nothing but praises for the stability that the BSDs have provided us. We’d gladly use FreeBSD and OpenBSD wherever possible.
Err codemadness.org 70 i 46634

Err codemadness.org 70 i 46635 Err codemadness.org 70 i 46636

Okay, ZFS, but why not FreeNAS?

Err codemadness.org 70 i 46639 Err codemadness.org 70 i 46640

Err codemadness.org 70 i 46641
IMHO, FreeNAS provides a integrated GUI management tool over FreeBSD for a novice user to setup and configure FreeBSD, ZFS, Jails and many other features. But, this user facing abstraction adds an extra layer of complexity to maintain that is just not worth it in simpler use cases like ours. For someone that appreciates the commandline interface, and understands FreeBSD enough to administer it, plain FreeBSD + ZFS is simpler and more robust than FreeNAS.
Err codemadness.org 70 i 46642

Err codemadness.org 70 i 46643 Err codemadness.org 70 i 46644

Specifications
Lenovo SR630 Rackserver
2 X Intel Xeon silver 4110 CPUs
768 GB of DDR4 ECC 2666 MHz RAM
4 port SAS card configured in passthrough mode(JBOD)
Intel network card with 10 Gb SFP+ ports
128GB M.2 SSD for use as boot drive
2 X HGST 4U60 JBOD
120(2 X 60) X 10TB SAS disks

Err codemadness.org 70 i 46655 Err codemadness.org 70 i 46656

Err codemadness.org 70 i 46657 Err codemadness.org 70 i 46658

###Reflection on one-year usage of OpenBSD

Err codemadness.org 70 i 46659 Err codemadness.org 70 i 46660

Err codemadness.org 70 i 46661
I have used OpenBSD for more than one year, and it is time to give a summary of the experience:
Err codemadness.org 70 i 46662

Err codemadness.org 70 i 46663 Err codemadness.org 70 i 46664

(1) What do I get from OpenBSD?

Err codemadness.org 70 i 46667 Err codemadness.org 70 i 46668

Err codemadness.org 70 i 46669
a) A good UNIX tutorial. When I am curious about some UNIXcommands’ implementation, I will refer to OpenBSD source code, and I actually gain something every time. E.g., refresh socket programming skills from nc; know how to process file efficiently from cat.
Err codemadness.org 70 i 46670

Err codemadness.org 70 i 46671 Err codemadness.org 70 i 46672

Err codemadness.org 70 i 46673
b) A better test bed. Although my work focus on developing programs on Linux, I will try to compile and run applications on OpenBSD if it is possible. One reason is OpenBSD usually gives more helpful warnings. E.g., hint like this:
Err codemadness.org 70 i 46674

Err codemadness.org 70 i 46675 Err codemadness.org 70 i 46676

......
Err codemadness.org 70 i 46677 warning: sprintf() is often misused, please use snprintf()
Err codemadness.org 70 i 46678 ......

Err codemadness.org 70 i 46679 Err codemadness.org 70 i 46680

Err codemadness.org 70 i 46681
Or you can refer this post which I wrote before. The other is sometimes program run well on Linux may crash on OpenBSD, and OpenBSD can help you find hidden bugs.
Err codemadness.org 70 i 46682

Err codemadness.org 70 i 46683 Err codemadness.org 70 i 46684

Err codemadness.org 70 i 46685
c) Some handy tools. E.g. I find tcpbench is useful, so I ported it into Linux for my own usage (project is here).
Err codemadness.org 70 i 46686

Err codemadness.org 70 i 46687 Err codemadness.org 70 i 46688

(2) What I give back to OpenBSD?

Err codemadness.org 70 i 46691 Err codemadness.org 70 i 46692

Err codemadness.org 70 i 46693
a) Patches. Although most of them are trivial modifications, they are still my contributions.
Err codemadness.org 70 i 46694

Err codemadness.org 70 i 46695 Err codemadness.org 70 i 46696

Err codemadness.org 70 i 46697
b) Write blog posts to share experience about using OpenBSD.
Err codemadness.org 70 i 46698

Err codemadness.org 70 i 46699 Err codemadness.org 70 i 46700

Err codemadness.org 70 i 46701
c) Develop programs for OpenBSD/*BSD: lscpu and free.
Err codemadness.org 70 i 46702

Err codemadness.org 70 i 46703 Err codemadness.org 70 i 46704

Err codemadness.org 70 i 46705
d) Porting programs into OpenBSD: E.g., I find google/benchmark is a nifty tool, but lacks OpenBSD support, I submitted PR and it is accepted. So you can use google/benchmark on OpenBSD now.
Err codemadness.org 70 i 46706

Err codemadness.org 70 i 46707 Err codemadness.org 70 i 46708

Generally speaking, the time invested on OpenBSD is rewarding. If you are still hesitating, why not give a shot?

Err codemadness.org 70 i 46711 Err codemadness.org 70 i 46712

Err codemadness.org 70 i 46713 Err codemadness.org 70 i 46714

##Beastie Bits

Err codemadness.org 70 i 46715 Err codemadness.org 70 i 46716

BSD Users Stockholm Meetup
BSDCan 2018 Playlist
OPNsense 18.7 released
Testing TrueOS (FreeBSD derivative) on real hardware ThinkPad T410
Kernel Hacker Wanted!
Replace a pair of 8-bit writes to VGA memory with a single 16-bit write
Reduce taskq and context-switch cost of zio pipe
Proposed FreeBSD Memory Management change, expected to improve ZFS ARC interactions

Err codemadness.org 70 i 46726 Err codemadness.org 70 i 46727

Err codemadness.org 70 i 46728 Err codemadness.org 70 i 46729

Tarsnap

Err codemadness.org 70 i 46730 Err codemadness.org 70 i 46731

##Feedback/Questions

Err codemadness.org 70 i 46732 Err codemadness.org 70 i 46733

Anian_Z - Question
Robert - Pool question
Lain - Congratulations
Thomas - L2arc

Err codemadness.org 70 i 46739 Err codemadness.org 70 i 46740

Err codemadness.org 70 i 46741 Err codemadness.org 70 i 46742

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 46745 Err codemadness.org 70 i 46746

]]> Err codemadness.org 70 i 46747

Episode 258: OS Foundations | BSD Now 258

Allan Jude — Tue, 07 Aug 2018 22:00:00 -0700

Err codemadness.org 70 i 47497 FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.

Err codemadness.org 70 i 47498 Err codemadness.org 70 i 47499

##Headlines
Err codemadness.org 70 i 47500 ###FreeBSD Foundation Update, July 2018

Err codemadness.org 70 i 47501 Err codemadness.org 70 i 47502

MESSAGE FROM THE EXECUTIVE DIRECTOR

Err codemadness.org 70 i 47505 Err codemadness.org 70 i 47506

Err codemadness.org 70 i 47507
We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!
Err codemadness.org 70 i 47508 In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.
Err codemadness.org 70 i 47509 Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!
Err codemadness.org 70 i 47510

Err codemadness.org 70 i 47511 Err codemadness.org 70 i 47512

June 2018 Development Projects Update
Fundraising Update: Supporting the Project
July 2018 Release Engineering Update
OSCON 2018 Recap
Submit Your Work: MeetBSD 2018
FreeBSD Discount for 2018 SNIA Developer Conference
EuroBSDcon 2018 Travel Grant Application Deadline: August 2

Err codemadness.org 70 i 47521 Err codemadness.org 70 i 47522

Err codemadness.org 70 i 47523 Err codemadness.org 70 i 47524

iXsystems

Err codemadness.org 70 i 47525 Err codemadness.org 70 i 47526

###BSDCan Trip Reports

Err codemadness.org 70 i 47527 Err codemadness.org 70 i 47528

BSDCan 2018 Trip Report: Constantin Stan
BSDCan 2018 Trip Report: Danilo G. Baio
BSDCan 2018 Trip Report: Rodrigo Osorio
BSDCan 2018 Trip Report: Dhananjay Balan
BSDCan 2018 Trip Report: Kyle Evans

Err codemadness.org 70 i 47535 Err codemadness.org 70 i 47536

Err codemadness.org 70 i 47537 Err codemadness.org 70 i 47538

##News Roundup
Err codemadness.org 70 i 47539 ###FreeBSD and OSPFd

Err codemadness.org 70 i 47540 Err codemadness.org 70 i 47541

Err codemadness.org 70 i 47542
With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…
Err codemadness.org 70 i 47543

Err codemadness.org 70 i 47544 Err codemadness.org 70 i 47545

Err codemadness.org 70 i 47546
OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send & receive.
Err codemadness.org 70 i 47547

Err codemadness.org 70 i 47548 Err codemadness.org 70 i 47549

Err codemadness.org 70 i 47550
In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)
Err codemadness.org 70 i 47551

Err codemadness.org 70 i 47552 Err codemadness.org 70 i 47553

Err codemadness.org 70 i 47554
In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:
Err codemadness.org 70 i 47555

Err codemadness.org 70 i 47556 Err codemadness.org 70 i 47557

Server 1: 172.16.3.0/28
Err codemadness.org 70 i 47558 Server 2: 172.16.3.16/28
Err codemadness.org 70 i 47559 Server 3: 172.16.3.32/28
Err codemadness.org 70 i 47560 Server 4: 172.16.3.48/28
Err codemadness.org 70 i 47561 Server 5: 172.16.3.64/28

Err codemadness.org 70 i 47562 Err codemadness.org 70 i 47563

Err codemadness.org 70 i 47564
When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.
Err codemadness.org 70 i 47565

Err codemadness.org 70 i 47566 Err codemadness.org 70 i 47567

Err codemadness.org 70 i 47569
To get started, first we install the Quagga package.
Err codemadness.org 70 i 47570
Err codemadness.org 70 i 47572
The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.
Err codemadness.org 70 i 47573
Err codemadness.org 70 i 47575
Starting with zebra.conf, we’ll define the hostname and a management password.
Err codemadness.org 70 i 47576
Err codemadness.org 70 i 47578
Second, we will populate the ospfd.conf file.
Err codemadness.org 70 i 47579
Err codemadness.org 70 i 47581
To break this down:
Err codemadness.org 70 i 47582
Err codemadness.org 70 i 47584
service advanced-vty allows you to skip the en or enable command. Since I’m the only one who uses this service, it’s one less command to type.
Err codemadness.org 70 i 47585
Err codemadness.org 70 i 47587
ip ospf authentication message-digest and ip ospf message-diget-key… ignores non-authenticated OSPF communication. This is useful when communicating over the WAN and to prevent a replay attack. Since I’m using a VPN to communicate, I could exclude these.
Err codemadness.org 70 i 47588
Err codemadness.org 70 i 47590
passive-interface default turns off the active communication of OSPF messages on all interfaces except for the interfaces listed as no passive-interface [interface name]. Since my ospf communication needs to leverage the VPNs, this prevents the servers from trying to send ospf data out the WAN interface (a firewall would work too).
Err codemadness.org 70 i 47591
Err codemadness.org 70 i 47593
network 172.16.2.0/23 area 0.0.0.0 lists a supernet of both 172.16.2.0/24 and 172.16.3.0/24. This ensures routes for the jails are advertised along with the P2P links used by OpenVPN. The OpenVPN links are not required but can provide another IP to access your server if one of the links goes down. (See the suggested tasks below).
Err codemadness.org 70 i 47594
Err codemadness.org 70 i 47596
At this point, we can enable the services in rc.conf.local and start them.
Err codemadness.org 70 i 47597
Err codemadness.org 70 i 47599
We bind the management interface to 127.0.0.1 so that it’s only accessable to local telnet sessions. If you want to access this service remotely, you can bind to a remotely accessable IP. Remember telnet is not secure. If you need remote access, use a VPN.
Err codemadness.org 70 i 47600
Err codemadness.org 70 i 47602
To manage the services, you can telnet to your host’s localhost address.
Err codemadness.org 70 i 47603
Err codemadness.org 70 i 47605
Use 2604 for the ospf service.
Err codemadness.org 70 i 47606
Err codemadness.org 70 i 47608
Remember, this is accessible by non-root users so set a good password.
Err codemadness.org 70 i 47609

Err codemadness.org 70 i 47611 Err codemadness.org 70 i 47612

Err codemadness.org 70 i 47613 Err codemadness.org 70 i 47614

###A broad overview of how ZFS is structured on disk

Err codemadness.org 70 i 47615 Err codemadness.org 70 i 47616

Err codemadness.org 70 i 47617
When I wrote yesterday’s entry, it became clear that I didn’t understand as much about how ZFS is structured on disk (and that this matters, since I thought that ZFS copy on write updates updated a lot more than they do). So today I want to write down my new broad understanding of how this works. (All of this can be dug out of the old, draft ZFS on-disk format specification, but that spec is written in a very detailed way and things aren’t always immediately clear from it.)
Err codemadness.org 70 i 47618

Err codemadness.org 70 i 47619 Err codemadness.org 70 i 47620

Err codemadness.org 70 i 47621
Almost everything in ZFS is in DMU object. All objects are defined by a dnode, and object dnodes are almost always grouped together in an object set. Object sets are themselves DMU objects; they store dnodes as basically a giant array in a ‘file’, which uses data blocks and indirect blocks and so on, just like anything else. Within a single object set, dnodes have an object number, which is the index of their position in the object set’s array of dnodes. (Because an object number is just the index of the object’s dnode in its object set’s array of dnodes, object numbers are basically always going to be duplicated between object sets (and they’re always relative to an object set). For instance, pretty much every object set is going to have an object number ten, although not all object sets may have enough objects that they have an object number ten thousand. One corollary of this is that if you ask zdb to tell you about a given object number, you have to tell zdb what object set you’re talking about. Usually you do this by telling zdb which ZFS filesystem or dataset you mean.)
Err codemadness.org 70 i 47622

Err codemadness.org 70 i 47623 Err codemadness.org 70 i 47624

Err codemadness.org 70 i 47625
Each ZFS filesystem has its own object set for objects (and thus dnodes) used in the filesystem. As I discovered yesterday, every ZFS filesystem has a directory hierarchy and it may go many levels deep, but all of this directory hierarchy refers to directories and files using their object number.
Err codemadness.org 70 i 47626

Err codemadness.org 70 i 47627 Err codemadness.org 70 i 47628

Err codemadness.org 70 i 47629
ZFS organizes and keeps track of filesystems, clones, and snapshots through the DSL (Dataset and Snapshot Layer). The DSL has all sorts of things; DSL directories, DSL datasets, and so on, all of which are objects and many of which refer to object sets (for example, every ZFS filesystem must refer to its current object set somehow). All of these DSL objects are themselves stored as dnodes in another object set, the Meta Object Set, which the uberblock points to. To my surprise, object sets are not stored in the MOS (and as a result do not have ‘object numbers’). Object sets are always referred to directly, without indirection, using a block pointer to the object set’s dnode. (I think object sets are referred to directly so that snapshots can freeze their object set very simply.)
Err codemadness.org 70 i 47630

Err codemadness.org 70 i 47631 Err codemadness.org 70 i 47632

Err codemadness.org 70 i 47633
The DSL directories and datasets for your pool’s set of filesystems form a tree themselves (each filesystem has a DSL directory and at least one DSL dataset). However, just like in ZFS filesystems, all of the objects in this second tree refer to each other indirectly, by their MOS object number. Just as with files in ZFS filesystems, this level of indirection limits the amount of copy on write updates that ZFS had to do when something changes.
Err codemadness.org 70 i 47634

Err codemadness.org 70 i 47635 Err codemadness.org 70 i 47636

Err codemadness.org 70 i 47637
PS: If you want to examine MOS objects with zdb, I think you do it with something like ‘zdb -vvv -d ssddata 1’, which will get you object number 1 of the MOS, which is the MOS object directory. If you want to ask zdb about an object in the pool’s root filesystem, use ‘zdb -vvv -d ssddata/ 1’. You can tell which one you’re getting depending on what zdb prints out. If it says ‘Dataset mos [META]’ you’re looking at objects from the MOS; if it says ‘Dataset ssddata [ZPL]’, you’re looking at the pool’s root filesystem (where object number 1 is the ZFS master node).
Err codemadness.org 70 i 47638

Err codemadness.org 70 i 47639 Err codemadness.org 70 i 47640

Err codemadness.org 70 i 47641
PPS: I was going to write up what changed on a filesystem write, but then I realized that I didn’t know how blocks being allocated and freed are reflected in pool structures. So I’ll just say that I think that ignoring free space management, only four DMU objects get updated; the file itself, the filesystem’s object set, the filesystem’s DSL dataset object, and the MOS.
Err codemadness.org 70 i 47642

Err codemadness.org 70 i 47643 Err codemadness.org 70 i 47644

(As usual, doing the research to write this up taught me things that I didn’t know about ZFS.)

Err codemadness.org 70 i 47647 Err codemadness.org 70 i 47648

Err codemadness.org 70 i 47649 Err codemadness.org 70 i 47650

Digital Ocean

Err codemadness.org 70 i 47651 Err codemadness.org 70 i 47652

###HardenedBSD Foundation Status

Err codemadness.org 70 i 47653 Err codemadness.org 70 i 47654

Err codemadness.org 70 i 47655
On 09 July 2018, the HardenedBSD Foundation Board of Directors held the kick-off meeting to start organizing the Foundation. The following people attended the kick-off meeting:
Err codemadness.org 70 i 47656

Err codemadness.org 70 i 47657 Err codemadness.org 70 i 47658

Err codemadness.org 70 i 47660
1. Shawn Webb (in person)
Err codemadness.org 70 i 47663
Err codemadness.org 70 i 47665
1. George Saylor (in person)
Err codemadness.org 70 i 47668
Err codemadness.org 70 i 47670
1. Ben Welch (in person)
Err codemadness.org 70 i 47673
Err codemadness.org 70 i 47675
1. Virginia Suydan (in person)
Err codemadness.org 70 i 47678
Err codemadness.org 70 i 47680
1. Ben La Monica (phone)
Err codemadness.org 70 i 47683
Err codemadness.org 70 i 47685
1. Dean Freeman (phone)
Err codemadness.org 70 i 47688
Err codemadness.org 70 i 47690
1. Christian Severt (phone)
Err codemadness.org 70 i 47693

Err codemadness.org 70 i 47695 Err codemadness.org 70 i 47696

Err codemadness.org 70 i 47697
We discussed the very first steps that need to be taken to organize the HardenedBSD Foundation as a 501©(3) not-for-profit organization in the US. We determined we could file a 1023EZ instead of the full-blown 1023. This will help speed the process up drastically.
Err codemadness.org 70 i 47698

Err codemadness.org 70 i 47699 Err codemadness.org 70 i 47700

The steps are laid out as follows:
Register a Post Office Box (PO Box) (completed on 10 Jul 2018).
Register The HardenedBSD Foundation as a tax-exempt nonstock corporation in the state of Maryland (started on 10 Jul 2018, submitted on 18 Jul 2018, granted 20 Jul 2018).
Obtain a federal tax ID (obtained 20 Jul 2018).
Close the current bank account and create a new one using the federal tax ID (completed on 20 Jul 2018).
File the 1023EZ paperwork with the federal government (started on 20 Jul 2018).
Hire an attorney to help draft the organization bylaws.
Each of the steps must be done serially and in order.

Err codemadness.org 70 i 47710 Err codemadness.org 70 i 47711

Err codemadness.org 70 i 47712
We added Christian Severt, who is on Emerald Onion’s Board of Directors, to the HardenedBSD Foundation Board of Directors as an advisor. He was foundational in getting Emerald Onion their 501©(3) tax-exempt, not-for-profit status and has really good insight. Additionally, he’s going to help HardenedBSD coordinate hosting services, figuring out the best deals for us.
Err codemadness.org 70 i 47713

Err codemadness.org 70 i 47714 Err codemadness.org 70 i 47715

Err codemadness.org 70 i 47716
We promoted George Saylor to Vice President and changed Shawn Webb’s title to President and Director. This is to help resolve potential concerns both the state and federal agencies might have with an organization having only a single President role.
Err codemadness.org 70 i 47717

Err codemadness.org 70 i 47718 Err codemadness.org 70 i 47719

Err codemadness.org 70 i 47720
We hope to be granted our 501©(3) status before the end of the year, though that may be subject to change. We are excited for the formation of the HardenedBSD Foundation, which will open up new opportunities not otherwise available to HardenedBSD.
Err codemadness.org 70 i 47721

Err codemadness.org 70 i 47722 Err codemadness.org 70 i 47723

Err codemadness.org 70 i 47724 Err codemadness.org 70 i 47725

###More mitigations against speculative execution vulnerabilities

Err codemadness.org 70 i 47726 Err codemadness.org 70 i 47727

Err codemadness.org 70 i 47728
Philip Guenther (guenther@) and Bryan Steele (brynet@) have added more mitigations against speculative execution CPU vulnerabilities on the amd64 platform.
Err codemadness.org 70 i 47729

Err codemadness.org 70 i 47730 Err codemadness.org 70 i 47731

	Err	codemadness.org	70
i 47732 CVSROOT:    /cvs	Err	codemadness.org	70
i 47733 Module name:    src	Err	codemadness.org	70
i 47734 Changes by: guenther@cvs.openbsd.org    2018/07/23 11:54:04	Err	codemadness.org	70
i 47735 	Err	codemadness.org	70
i 47736 Modified files:	Err	codemadness.org	70
i 47737     sys/arch/amd64/amd64: locore.S 	Err	codemadness.org	70
i 47738     sys/arch/amd64/include: asm.h cpufunc.h frameasm.h 	Err	codemadness.org	70
i 47739 	Err	codemadness.org	70
i 47740 Log message:	Err	codemadness.org	70
i 47741 Do "Return stack refilling", based on the "Return stack underflow" discussion	Err	codemadness.org	70
i 47742 and its associated appendix at https://support.google.com/faqs/answer/7625886	Err	codemadness.org	70
i 47743 This should address at least some cases of "SpectreRSB" and earlier	Err	codemadness.org	70
i 47744 Spectre variants; more commits to follow.	Err	codemadness.org	70
i 47745 	Err	codemadness.org	70
i 47746 The refilling is done in the enter-kernel-from-userspace and	Err	codemadness.org	70
i 47747 return-to-userspace-from-kernel paths, making sure to do it before	Err	codemadness.org	70
i 47748 unblocking interrupts so that a successive interrupt can't get the	Err	codemadness.org	70
i 47749 CPU to C code without doing this refill.  Per the link above, it	Err	codemadness.org	70
i 47750 also does it immediately after mwait, apparently in case the low-power	Err	codemadness.org	70
i 47751 CPU states of idle-via-mwait flush the RSB.	Err	codemadness.org	70
i 47752 	Err	codemadness.org	70
i 47753 ok mlarkin@ deraadt@```	Err	codemadness.org	70
i 47754 	Err	codemadness.org	70
i 47755 + and:	Err	codemadness.org	70
i 47756 	Err	codemadness.org	70
i 47757 ```CVSROOT: /cvs	Err	codemadness.org	70
i 47758 Module name:    src	Err	codemadness.org	70
i 47759 Changes by: guenther@cvs.openbsd.org    2018/07/23 20:42:25	Err	codemadness.org	70
i 47760 	Err	codemadness.org	70
i 47761 Modified files:	Err	codemadness.org	70
i 47762     sys/arch/amd64/amd64: locore.S vector.S vmm_support.S 	Err	codemadness.org	70
i 47763     sys/arch/amd64/include: asm.h cpufunc.h 	Err	codemadness.org	70
i 47764 	Err	codemadness.org	70
i 47765 Log message:	Err	codemadness.org	70
i 47766 Also do RSB refilling when context switching, after vmexits, and	Err	codemadness.org	70
i 47767 when vmlaunch or vmresume fails.	Err	codemadness.org	70
i 47768 	Err	codemadness.org	70
i 47769 Follow the lead of clang and the intel recommendation and do an lfence	Err	codemadness.org	70
i 47770 after the pause in the speculation-stop path for retpoline, RSB refill,	Err	codemadness.org	70
i 47771 and meltover ASM bits.	Err	codemadness.org	70
i 47772 	Err	codemadness.org	70
i 47773 ok kettenis@ deraadt@```	Err	codemadness.org	70
i 47774 	Err	codemadness.org	70
i 47775 + "Mitigation G-2" for AMD processors:	Err	codemadness.org	70
i 47776 	Err	codemadness.org	70
i 47777 ```CVSROOT: /cvs	Err	codemadness.org	70
i 47778 Module name:    src	Err	codemadness.org	70
i 47779 Changes by: brynet@cvs.openbsd.org  2018/07/23 17:25:03	Err	codemadness.org	70
i 47780 	Err	codemadness.org	70
i 47781 Modified files:	Err	codemadness.org	70
i 47782     sys/arch/amd64/amd64: identcpu.c 	Err	codemadness.org	70
i 47783     sys/arch/amd64/include: specialreg.h 	Err	codemadness.org	70
i 47784 	Err	codemadness.org	70
i 47785 Log message:	Err	codemadness.org	70
i 47786 Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for	Err	codemadness.org	70
i 47787 Managing Speculation on AMD Processors"	Err	codemadness.org	70
i 47788 	Err	codemadness.org	70
i 47789 By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing	Err	codemadness.org	70
i 47790 instruction.	Err	codemadness.org	70
i 47791 	Err	codemadness.org	70
i 47792 Tested on AMD FX-4100 "Bulldozer", and Linux guest in SVM vmd(8)	Err	codemadness.org	70
i 47793 	Err	codemadness.org	70
i 47794 ok deraadt@ mlarkin@```	Err	codemadness.org	70
i 47795 ***	Err	codemadness.org	70
i 47796 	Err	codemadness.org	70
i 47797 	Err	codemadness.org	70
i 47798 ##Beastie Bits	Err	codemadness.org	70
i 47799 + [HardenedBSD will stop supporting 10-STABLE on 10 August 2018](https://groups.google.com/a/hardenedbsd.org/forum/#!topic/users/xvU0g-g1l5U)	Err	codemadness.org	70
i 47800 + [GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2](https://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1)	Err	codemadness.org	70
i 47801 + [ZFS Boot Environments at PBUG](https://vermaden.wordpress.com/2018/07/30/zfs-boot-environments-at-pbug/)	Err	codemadness.org	70
i 47802 + [Second Editions versus the Publishing Business](https://blather.michaelwlucas.com/archives/3229)	Err	codemadness.org	70
i 47803 + [Theo de Raadt on "unveil(2) usage in base"](https://undeadly.org/cgi?action=article;sid=20180728063716)	Err	codemadness.org	70
i 47804 + [rtadvd(8) has been replaced by rad(8)](https://undeadly.org/cgi?action=article;sid=20180724072205)	Err	codemadness.org	70
i 47805 + [BSD Users Stockholm Meetup #3](https://www.meetup.com/BSD-Users-Stockholm/events/253447019/)	Err	codemadness.org	70
i 47806 + [Changes to NetBSD release support policy](https://blog.netbsd.org/tnf/entry/changes_to_netbsd_release_support)	Err	codemadness.org	70
i 47807 + [The future of HAMMER1](http://lists.dragonflybsd.org/pipermail/users/2018-July/357832.html)	Err	codemadness.org	70
i 47808 ***	Err	codemadness.org	70
i 47809 	Err	codemadness.org	70
i 47810 **Tarsnap**	Err	codemadness.org	70
i 47811 	Err	codemadness.org	70
i 47812 ##Feedback/Questions	Err	codemadness.org	70
i 47813 + Rodriguez - [A Question](http://dpaste.com/0Y1B75Q#wrap)	Err	codemadness.org	70
i 47814 + Shane - [About ZFS Mostly](http://dpaste.com/32YGNBY#wrap)	Err	codemadness.org	70
i 47815 + Leif - [ZFS less than 8gb](http://dpaste.com/2GY6HHC#wrap)	Err	codemadness.org	70
i 47816 + Wayne - [ZFS vs EMC](http://dpaste.com/17PSCXC#wrap)	Err	codemadness.org	70
i 47817 ***	Err	codemadness.org	70
i 47818 	Err	codemadness.org	70
i 47819 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)	Err	codemadness.org	70
i 47820

]]> Err codemadness.org 70 i 47821

Episode 257: Great NetBSD 8 | BSD Now 257

Allan Jude — Thu, 02 Aug 2018 00:00:00 -0700

NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more. Err codemadness.org 70 i 48167

Err codemadness.org 70 i 48168

##Headlines
Err codemadness.org 70 i 48169 NetBSD v8.0 Released

Err codemadness.org 70 i 48170

Err codemadness.org 70 i 48171
The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.
Err codemadness.org 70 i 48172

Err codemadness.org 70 i 48173

Err codemadness.org 70 i 48174
This release brings stability improvements, hundreds of bug fixes, and many new features.
Err codemadness.org 70 i 48175

Err codemadness.org 70 i 48176

Err codemadness.org 70 i 48178
Some highlights of the NetBSD 8.0 release are:
Err codemadness.org 70 i 48179
Err codemadness.org 70 i 48181
USB stack rework, USB3 support added.
Err codemadness.org 70 i 48182
Err codemadness.org 70 i 48184
In-kernel audio mixer (audio_system(9)).
Err codemadness.org 70 i 48185
Err codemadness.org 70 i 48187
Reproducible builds (MKREPRO, see mk.conf(5)).
Err codemadness.org 70 i 48188
Err codemadness.org 70 i 48190
Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.
Err codemadness.org 70 i 48191
Err codemadness.org 70 i 48193
PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.
Err codemadness.org 70 i 48194
Err codemadness.org 70 i 48196
PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.
Err codemadness.org 70 i 48197
Err codemadness.org 70 i 48199
Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.
Err codemadness.org 70 i 48200
Err codemadness.org 70 i 48202
A new socket layer can(4) has been added for communication of devices on a CAN bus.
Err codemadness.org 70 i 48203
Err codemadness.org 70 i 48205
A special pseudo interface ipsecif(4) for route-based VPNs has been added.
Err codemadness.org 70 i 48206
Err codemadness.org 70 i 48208
Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.
Err codemadness.org 70 i 48209
Err codemadness.org 70 i 48211
Hardening of the network stack in general.
Err codemadness.org 70 i 48212
Err codemadness.org 70 i 48214
Various WAPBL (the NetBSD file system “log” option) stability and performance improvements.
Err codemadness.org 70 i 48215
Err codemadness.org 70 i 48217
Specific to i386 and amd64 CPUs:
Err codemadness.org 70 i 48218
Err codemadness.org 70 i 48220
Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.
Err codemadness.org 70 i 48221
Err codemadness.org 70 i 48223
SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.
Err codemadness.org 70 i 48224
Err codemadness.org 70 i 48226
SpectreV4 mitigations available for Intel and AMD.
Err codemadness.org 70 i 48227
Err codemadness.org 70 i 48229
PopSS workaround: user access to debug registers is turned off by default.
Err codemadness.org 70 i 48230
Err codemadness.org 70 i 48232
Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).
Err codemadness.org 70 i 48233
Err codemadness.org 70 i 48235
SMAP support.
Err codemadness.org 70 i 48236
Err codemadness.org 70 i 48238
Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.
Err codemadness.org 70 i 48239
Err codemadness.org 70 i 48241
(U)EFI bootloader.
Err codemadness.org 70 i 48242
Err codemadness.org 70 i 48244
Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.
Err codemadness.org 70 i 48245
Err codemadness.org 70 i 48247
Lots of updates to 3rd party software included:
Err codemadness.org 70 i 48248
Err codemadness.org 70 i 48250
GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer
Err codemadness.org 70 i 48251
Err codemadness.org 70 i 48253
GDB 7.12
Err codemadness.org 70 i 48254
Err codemadness.org 70 i 48256
GNU binutils 2.27
Err codemadness.org 70 i 48257
Err codemadness.org 70 i 48259
Clang/LLVM 3.8.1
Err codemadness.org 70 i 48260
Err codemadness.org 70 i 48262
OpenSSH 7.6
Err codemadness.org 70 i 48263
Err codemadness.org 70 i 48265
OpenSSL 1.0.2k
Err codemadness.org 70 i 48266
Err codemadness.org 70 i 48268
mdocml 1.14.1
Err codemadness.org 70 i 48269
Err codemadness.org 70 i 48271
acpica 20170303
Err codemadness.org 70 i 48272
Err codemadness.org 70 i 48274
ntp 4.2.8p11-o
Err codemadness.org 70 i 48275
Err codemadness.org 70 i 48277
dhcpcd 7.0.6
Err codemadness.org 70 i 48278
Err codemadness.org 70 i 48280
Lua 5.3.4
Err codemadness.org 70 i 48281

Err codemadness.org 70 i 48283

Err codemadness.org 70 i 48284

###Running FreeBSD on the ARM64 VPS from Scaleway

Err codemadness.org 70 i 48285

Err codemadness.org 70 i 48286
I’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.
Err codemadness.org 70 i 48287 Turns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.
Err codemadness.org 70 i 48288 I managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:
Err codemadness.org 70 i 48289 For some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivotroot and then we can do whatever to our one and only disk.
Err codemadness.org 70 i 48290 Spin up an instance with Ubuntu Zesty and ssh in.
Err codemadness.org 70 i 48291

Err codemadness.org 70 i 48292

Prepare the system and change the root to a tmpfs:

Err codemadness.org 70 i 48295

apt install gdisk	Err	codemadness.org	70
i 48296 mount -t tmpfs tmpfs /tmp	Err	codemadness.org	70
i 48297 cp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp	Err	codemadness.org	70
i 48298 mkdir /tmp/proc /tmp/sys /tmp/oldroot	Err	codemadness.org	70
i 48299 mount /dev/vda /tmp/oldroot	Err	codemadness.org	70
i 48300 mount --make-rprivate /	Err	codemadness.org	70
i 48301 pivotroot /tmp /tmp/oldroot	Err	codemadness.org	70
i 48302 for i in dev proc sys run; do mount --move /oldroot/$i /$i; done	Err	codemadness.org	70
i 48303 systemctl daemon-reload	Err	codemadness.org	70
i 48304 systemctl restart sshd	Err	codemadness.org	70
i 48305

Err codemadness.org 70 i 48306

Err codemadness.org 70 i 48307
Now reconnect to ssh from a second terminal (note: rm the connection file if you use ControlPersist in ssh config), then exit the old session. Kill the old sshd process, restart or stop the rest of the stuff using the old disk:
Err codemadness.org 70 i 48308

Err codemadness.org 70 i 48309

pkill -f notty	Err	codemadness.org	70
i 48310 sed -ibak 's/RefuseManualStart.$//g' /lib/systemd/system/dbus.service	Err	codemadness.org	70
i 48311 systemctl daemon-reload	Err	codemadness.org	70
i 48312 systemctl restart dbus	Err	codemadness.org	70
i 48313 systemctl daemon-reexec	Err	codemadness.org	70
i 48314 systemctl stop user@0 ntp cron systemd-logind	Err	codemadness.org	70
i 48315 systemctl restart systemd-journald systemd-udevd	Err	codemadness.org	70
i 48316 pkill agetty	Err	codemadness.org	70
i 48317 pkill rsyslogd	Err	codemadness.org	70
i 48318

Err codemadness.org 70 i 48319

Err codemadness.org 70 i 48320
Check that nothing is touching /oldroot:
Err codemadness.org 70 i 48321

Err codemadness.org 70 i 48322

lsof | grep oldroot	Err	codemadness.org	70
i 48323

Err codemadness.org 70 i 48324

Err codemadness.org 70 i 48325
There will probably be an old dbus-daemon, kill it.
Err codemadness.org 70 i 48326 And finally, unmount the old root and overwrite the hard disk with a memstick image:
Err codemadness.org 70 i 48327

Err codemadness.org 70 i 48328

umount -R /oldroot	Err	codemadness.org	70
i 48329 wget https://download.freebsd.org/ftp/snapshots/arm64/aarch64/ISO-IMAGES/12.0/FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz	Err	codemadness.org	70
i 48330 xzcat FreeBSD-12.0-CURRENT-arm64-aarch64-20180719-r336479-mini-memstick.img.xz | dd if=/dev/stdin of=/dev/vda bs=1M	Err	codemadness.org	70
i 48331

Err codemadness.org 70 i 48332

Err codemadness.org 70 i 48333
(Look for the newest snapshot, don’t copy paste the July 19 link above if you’re reading this in the future. Actually maybe use a release instead of CURRENT…)
Err codemadness.org 70 i 48334 Now, fix the GPT: move the secondary table to the end of the disk and resize the table.
Err codemadness.org 70 i 48335 It’s important to resize here, as FreeBSD does not do that and silently creates partitions that won’t persist across reboots
Err codemadness.org 70 i 48336

Err codemadness.org 70 i 48337

gdisk /dev/vda	Err	codemadness.org	70
i 48338 x	Err	codemadness.org	70
i 48339 e	Err	codemadness.org	70
i 48340 s	Err	codemadness.org	70
i 48341 4	Err	codemadness.org	70
i 48342 w	Err	codemadness.org	70
i 48343 y	Err	codemadness.org	70
i 48344

Err codemadness.org 70 i 48345

And reboot. (You might actually want to hard reboot here: for some reason on the first reboot from Linux, pressing the any-key to enter the prompt in the loader hangs the console for me.)

Err codemadness.org 70 i 48346

I didn’t have to go into the ESC menu and choose the local disk in the boot manager, it seems to boot from disk automatically.

Err codemadness.org 70 i 48347

Now we’re in the FreeBSD EFI loader.
Err codemadness.org 70 i 48348 For some reason, the (recently fixed? 2) serial autodetection from EFI is not working correctly. Or something.
Err codemadness.org 70 i 48349 So you don’t get console output by default.
Err codemadness.org 70 i 48350 To fix, you have to run these commands in the boot loader command prompt:

Err codemadness.org 70 i 48351

set console=comconsole,efi	Err	codemadness.org	70
i 48352 boot	Err	codemadness.org	70
i 48353

Err codemadness.org 70 i 48354

Ignore the warning about comconsole not being a valid console.
Err codemadness.org 70 i 48355 Since there’s at least one (efi) that the loader thinks is valid, it sets the whole variable.)

Err codemadness.org 70 i 48356

(UPD: shouldn’t be necessary in the next snapshot)

Err codemadness.org 70 i 48357

Now it’s a regular installation process!
Err codemadness.org 70 i 48358 When asked about partitioning, choose Shell, and manually add a partition and set up a root filesystem:

Err codemadness.org 70 i 48359

gpart add -t freebsd-zfs -a 4k -l zroot vtbd0	Err	codemadness.org	70
i 48360 zpool create -R /mnt -O mountpoint=none -O atime=off zroot /dev/gpt/zroot	Err	codemadness.org	70
i 48361 zfs create -o canmount=off -o mountpoint=none zroot/ROOT	Err	codemadness.org	70
i 48362 zfs create -o mountpoint=/ zroot/ROOT/default	Err	codemadness.org	70
i 48363 zfs create -o mountpoint=/usr zroot/ROOT/default/usr	Err	codemadness.org	70
i 48364 zfs create -o mountpoint=/var zroot/ROOT/default/var	Err	codemadness.org	70
i 48365 zfs create -o mountpoint=/var/log zroot/ROOT/default/var/log	Err	codemadness.org	70
i 48366 zfs create -o mountpoint=/usr/home zroot/home	Err	codemadness.org	70
i 48367 zpool set bootfs=zroot/ROOT/default zroot	Err	codemadness.org	70
i 48368 exit	Err	codemadness.org	70
i 48369

Err codemadness.org 70 i 48370

(In this example, I set up ZFS with a beadm-compatible layout which allows me to use Boot Environments.)

Err codemadness.org 70 i 48371

In the post-install chroot shell, fix some configs like so:

Err codemadness.org 70 i 48372

echo 'zfsload="YES"' >> /boot/loader.conf	Err	codemadness.org	70
i 48373 echo 'console="comconsole,efi"' >> /boot/loader.conf	Err	codemadness.org	70
i 48374 echo 'vfs.zfs.arcmax="512M"' >> /boot/loader.conf	Err	codemadness.org	70
i 48375 sysrc zfsenable=YES	Err	codemadness.org	70
i 48376 exit	Err	codemadness.org	70
i 48377

Err codemadness.org 70 i 48378

(Yeah, for some reason, the loader does not load zfs.ko’s dependency opensolaris.ko automatically here. idk what even. It does on my desktop and laptop.)

Err codemadness.org 70 i 48379

Now you can reboot into the installed system!!

Err codemadness.org 70 i 48380

Here’s how you can set up IPv6 (and root’s ssh key) auto configuration on boot:

Err codemadness.org 70 i 48381

Pkg bootstrap	Err	codemadness.org	70
i 48382 pkg install curl	Err	codemadness.org	70
i 48383 curl https://raw.githubusercontent.com/scaleway/image-tools/master/bases/overlay-common/usr/local/bin/scw-metadata > /usr/local/bin/scw-metadata	Err	codemadness.org	70
i 48384 chmod +x /usr/local/bin/scw-metadata	Err	codemadness.org	70
i 48385 echo '#!/bin/sh' > /etc/rc.local	Err	codemadness.org	70
i 48386 echo 'PATH=/usr/local/bin:$PATH' >> /etc/rc.local	Err	codemadness.org	70
i 48387 echo 'eval $(scw-metadata)' >> /etc/rc.local	Err	codemadness.org	70
i 48388 echo 'echo $SSHPUBLICKEYS0KEY > /root/.ssh/authorizedkeys' >> /etc/rc.local	Err	codemadness.org	70
i 48389 echo 'chmod 0400 /root/.ssh/authorizedkeys' >> /etc/rc.local	Err	codemadness.org	70
i 48390 echo 'ifconfig vtnet0 inet6 $IPV6ADDRESS/$IPV6NETMASK' >> /etc/rc.local	Err	codemadness.org	70
i 48391 echo 'route -6 add default $IPV6GATEWAY' >> /etc/rc.local	Err	codemadness.org	70
i 48392 mkdir /run	Err	codemadness.org	70
i 48393 mkdir /root/.ssh	Err	codemadness.org	70
i 48394 sh /etc/rc.local	Err	codemadness.org	70
i 48395

Err codemadness.org 70 i 48396

Err codemadness.org 70 i 48397
And to fix incoming TCP connections, configure the DHCP client to change the broadcast address:
Err codemadness.org 70 i 48398

Err codemadness.org 70 i 48399

echo 'interface "vtnet0" { supersede broadcast-address 255.255.255.255; }' >> /etc/dhclient.conf
Err codemadness.org 70 i 48400 killall dhclient
Err codemadness.org 70 i 48401 dhclient vtnet0

Err codemadness.org 70 i 48402

Other random notes:
keep in mind that -CURRENT snapshots come with a debugging kernel by default, which limits syscall performance by a lot, you might want to build your own 2 with config GENERIC-NODEBUG
also disable heavy malloc debugging features by running ln -s ‘abort:false,junk:false’ /etc/malloc.conf (yes that’s storing config in a symlink)
you can reuse the installer’s partition for swap

Err codemadness.org 70 i 48408

Err codemadness.org 70 i 48409

* Digital Ocean **
Err codemadness.org 70 i 48410 http://do.co/bsdnow

Err codemadness.org 70 i 48411

###Easy encrypted backups on OpenBSD with base tools

Err codemadness.org 70 i 48412

Err codemadness.org 70 i 48413
Today’s topic is “Encrypted backups” using only OpenBSD base tools. I am planning to write a bigger article later about backups but it’s a wide topic with a lot of software to cover and a lot of explanations about the differents uses cases, needs, issues an solutions. Here I will stick on explaining how to make reliable backups for an OpenBSD system (my laptop).
Err codemadness.org 70 i 48414 What we need is the dump command (see man 8 dump for its man page). It’s an utility to make a backup for a filesystem, it can only make a backup of one filesystem at a time. On my laptop I only backup /home partition so this solution is suitable for me while still being easy.
Err codemadness.org 70 i 48415 Dump can do incremental backups, it means that it will only save what changed since the last backup of lower level. If you do not understand this, please refer to the dump man page.
Err codemadness.org 70 i 48416 What is very interesting with dump is that it honors nodump flag which is an extended attribute of a FFS filesystem. One can use the command chflags nodump /home/solene/Downloads to tells dump not do save that folder (under some circumstances). By default, dump will not save thoses files, EXCEPT for a level 0 backup.
Err codemadness.org 70 i 48417

Err codemadness.org 70 i 48418

Important features of this backup solution:
save files with attributes, permissions and flags
can recreate a partition from a dump, restore files interactively, from a list or from its inode number (useful when you have files in lost+found)
one dump = one file

Err codemadness.org 70 i 48424

Err codemadness.org 70 i 48425
My process is to make a huge dump of level 0 and keep it on a remote server, then, once a week I make a level 1 backup which will contain everything changed since the last dump of level 0, and everyday I do a level 2 backup of my files. The level 2 will contain latest files and the files changing a lot, which are often the most interesting. The level 1 backup is important because it will offload a lot of changes for the level 2.
Err codemadness.org 70 i 48426 Let me explain: let says my full backup is 60 GB, full of pictures, sources files, GUI applications data files etc… A level 1 backup will contain every new picture, new projects, new GUI files etc… since the full backup, which will produce bigger and bigger dump over time, usually it is only 100 MB to 1GB. As I don’t add new pictures everyday or use new software everyday, the level 2 will take care of most littles changes to my data, like source code edited, little works on files etc… The level 2 backup is really small, I try to keep it under 50 MB so I can easily send it on my remote server everyday.
Err codemadness.org 70 i 48427 One could you more dump level, up to level 9, but keep in mind that those are incremental. In my case, if I need to restore all my partition, I will need to use level 0, 1 and 2 to get up to latest backup state. If you want to restore a file deleted a few days ago, you need to remember in which level its latest version is.
Err codemadness.org 70 i 48428 History note: dump was designed to be used with magnetic tapes.
Err codemadness.org 70 i 48429

Err codemadness.org 70 i 48430

See the article for the remainder of the article

Err codemadness.org 70 i 48433

Err codemadness.org 70 i 48434

##News Roundup
Err codemadness.org 70 i 48435 Status of DFly server storage upgrades (Matt Dillon)

Err codemadness.org 70 i 48436

Err codemadness.org 70 i 48437
Last month we did some storage upgrades, particularly of internet-facing machines for package and OS distribution. Yesterday we did a number of additional upgrades, described below. All using funds generously donated by everyone!
Err codemadness.org 70 i 48438

Err codemadness.org 70 i 48439

Err codemadness.org 70 i 48440
The main repository server received a 2TB SSD to replace the HDDs it was using before. This will improve access to a number of things maintained by this server, including the mail archives, and gives the main repo server more breathing room for repository expansion. Space was at a premium before. Now there’s plenty.
Err codemadness.org 70 i 48441

Err codemadness.org 70 i 48442

Err codemadness.org 70 i 48443
Monster, the quad socket opteron which we currently use as the database builder and repository that we export to our public grok service (grok.dragonflybsd.org) received a 512G SSD to add swap space for swapcache, to help cache the grok meta-data. It now has 600GB of swapcache configured. Over the next few weeks we will also be changing the grok updates to ping-pong between the two 4TB data drives it received in the last upgrade so we can do concurrent updates and web accesses without them tripping over each other performance-wise.
Err codemadness.org 70 i 48444

Err codemadness.org 70 i 48445

Err codemadness.org 70 i 48446
The main developer box, Leaf, received a 2TB SSD and we are currently in the midst of migrating all the developer accounts in /home and /build from its old HDDs to its new SSD. This machine serves developer repos, developer web stuff, our home page and wiki, etc, so those will become snappier as well.
Err codemadness.org 70 i 48447

Err codemadness.org 70 i 48448

Err codemadness.org 70 i 48449
Hard drives are becoming real dinosaurs. We still have a few left from the old days but in terms of active use the only HDDs we feel we really need to keep now are the ones we use for backups and grok data, owing to the amount of storage needed for those functions.
Err codemadness.org 70 i 48450

Err codemadness.org 70 i 48451

Err codemadness.org 70 i 48452
Five years ago when we received the blade server that now sits in the colo, we had a small 256G SSD for root on every blade, and everything else used HDDs. To make things operate smoothly, most of that 256G root SSD was assigned to swapcache (200G of it, in fact, in most cases). Even just 2 years ago replacing all those HDDs with SSDs, even just the ones being used to actively serve data and support developers, would have been cost prohibitive. But today it isn’t and the only HDDs we really need anywhere are for backups or certain very large bits of bulk data (aka the grok source repository and index). The way things are going, even the backup drives will probably become SSDs over the next two years.
Err codemadness.org 70 i 48453

Err codemadness.org 70 i 48454

Err codemadness.org 70 i 48455

###iX ad spot
Err codemadness.org 70 i 48456 OSCON 2018 Recap

Err codemadness.org 70 i 48457

Err codemadness.org 70 i 48458

###zpool checkpoints

Err codemadness.org 70 i 48459

Err codemadness.org 70 i 48460
In March, to FreeBSD landed a very interesting feature called ‘zpool checkpoints’. Before we jump straight into the topic, let’s take a step back and look at another ZFS feature called ‘snapshot’. Snapshot allows us to create an image of our single file systems. This gives us the option to modify data on the dataset without the fear of losing some data.
Err codemadness.org 70 i 48461

Err codemadness.org 70 i 48462

Err codemadness.org 70 i 48463
A very good example of how to use ZFS snapshot is during an upgrade of database schema. Let us consider a situation where we have a few scripts which change our schema. Sometimes we are unable to upgrade in one transaction (for example, when we attempt to alter a table and then update it in single transaction). If our database is on dataset, we can just snapshot it, and if something goes wrong, simply rollback the file system to its previous state.
Err codemadness.org 70 i 48464

Err codemadness.org 70 i 48465

Err codemadness.org 70 i 48466
The problem with snapshot is that it works only on a single dataset. If we added some dataset, we wouldn’t then be able to create the snapshot which would rollback that operation. The same with changing the attributes of a dataset. If we change the compression on the dataset, we cannot rollback it. We would need to change that manually.
Err codemadness.org 70 i 48467

Err codemadness.org 70 i 48468

Err codemadness.org 70 i 48469
Another interesting problem involves upgrading the whole operating system when we upgrade system with a new ZFS version. What if we start upgrading our dataset and our kernel begins to crash? (If you use FreeBSD, I doubt you will ever have had that experience but still…). If we rollback to the old kernel, there is a chance the dataset will stop working because the new kernel doesn’t know how to use the new features.
Err codemadness.org 70 i 48470

Err codemadness.org 70 i 48471

Err codemadness.org 70 i 48472
Zpool checkpoints is the solution to all those problems. Instead of taking a single snapshot of the dataset, we can now take a snapshot of the whole pool. That means we will not only rollback the data but also all the metadata. If we rewind to the checkpoint, all our ZFS properties will be rolled back; the upgrade will be rolledback, and even the creation/deletion of the dataset, and the snapshot, will be rolledback.
Err codemadness.org 70 i 48473

Err codemadness.org 70 i 48474

Zpool Checkpoint has introduced a few simple functions:
For a creating checkpoint:

Err codemadness.org 70 i 48478

zpool checkpoint <pool>

Err codemadness.org 70 i 48479

Rollbacks state to checkpoint and remove the checkpoint:

Err codemadness.org 70 i 48482

zpool import -- rewind-to-checkpoint <pool>

Err codemadness.org 70 i 48483

Mount the pool read only - this does not rollback the data:

Err codemadness.org 70 i 48486

zpool import --read-only=on --rewind-to-checkpoint

Err codemadness.org 70 i 48487

Remove the checkpoint

Err codemadness.org 70 i 48490

zpool checkpoint --discard <pool> or zpool checkpoint -d <pool>

Err codemadness.org 70 i 48491

With this powerful feature we need to remember some safety rules:
Scrub will work only on data that isn’t in checkpool.
You can’t remove vdev if you have a checkpoint.
You can’t split mirror.
Reguid will not work either.
Create a checkpoint when one of the disks is removed…

Err codemadness.org 70 i 48499

Err codemadness.org 70 i 48500
For me, this feature is incredibly useful, especially when upgrading an operating system, or when I need to experiment with additional data sets. If you speak Polish, I have some additional information for you. During the first Polish BSD user group meeting, I had the opportunity to give a short talk about this feature. Here you find the video of that talk, and here is the slideshow.
Err codemadness.org 70 i 48501

Err codemadness.org 70 i 48502

Err codemadness.org 70 i 48503
I would like to offer my thanks to Serapheim Dimitropoulos for developing this feature, and for being so kind in sharing with me so many of its intricacies. If you are interested in knowing more about the technical details of this feature, you should check out Serapheim’s blog, and his video about checkpoints.
Err codemadness.org 70 i 48504

Err codemadness.org 70 i 48505

Err codemadness.org 70 i 48506

###g2k18 Reports

Err codemadness.org 70 i 48507

g2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff
g2k18 hackathon report: Kenneth Westerback on dhcpd(8) fixes, disklabel(8) refactoring and more
g2k18 Hackathon Report: Marc Espie on ports and packages progress
g2k18 hackathon report: Antoine Jacoutot on porting
g2k18 hackathon report: Matthieu Herrb on font caches and xenodm
g2k18 hackathon report: Florian Obser on rtadvd(8) -> rad(8) progress (actually, rewrite)
g2k18 Hackathon Report: Klemens Nanni on improvements to route(8), pfctl(8), and mount(2)
g2k18 hackathon report: Carlos Cardenas on vmm/vmd progress, LACP
g2k18 hackathon report: Claudio Jeker on OpenBGPD developments
Picture of the last day of the g2k18 hackathon in Ljubljana, Slovenia

Err codemadness.org 70 i 48519

Err codemadness.org 70 i 48520

##Beastie Bits

Err codemadness.org 70 i 48521

Something blogged (on pkgsrcCon 2018)
GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1
There should be a global ‘awareness’ week for developers
Polish BSD User Group – Upcoming Meeting: Aug 9th 2018
London BSD User Group – Upcoming Meeting: Aug 14th 2018
Phillip Smith’s collection of reasons why ZFS is better so that he does not have to repeat
Err codemadness.org 70 i 48528 himself all the time
EuroBSDCon 2018: Sept 20-23rd in Romania – Register NOW!
MeetBSD 2018: Oct 19-20 in Santa Clara, California. Call for Papers closes on Aug 12

Err codemadness.org 70 i 48532

Err codemadness.org 70 i 48533

Tarsnap

Err codemadness.org 70 i 48534

##Feedback/Questions

Err codemadness.org 70 i 48535

Dale - L2ARC recommendations & drive age question
Todd - ZFS & S3
efraim - License Poem
Henrick - Yet another ZFS question

Err codemadness.org 70 i 48541

Err codemadness.org 70 i 48542

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 48545

Err codemadness.org 70 i 48546

Episode 256: Because Computers | BSD Now 2^8

Allan Jude — Tue, 24 Jul 2018 22:00:00 -0700

Err codemadness.org 70 i 49687 FreeBSD ULE vs. Linux CFS, OpenBSD on Tuxedo InfinityBook, how zfs diff reports filenames efficiently, why choose FreeBSD over Linux, PS4 double free exploit, OpenBSD’s wifi autojoin, and FreeBSD jails the hard way.

Err codemadness.org 70 i 49688 Err codemadness.org 70 i 49689

Win

Err codemadness.org 70 i 49690 Err codemadness.org 70 i 49691

Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored).

Err codemadness.org 70 i 49692 Err codemadness.org 70 i 49693

To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They spell different words in each of the 4 episodes. Send us these words in order to feedback@bsdnow.tv with the subject “bsdnow256” until August 8th, 2018 18:00 UTC and we’ll randomly draw the winner on the live show. We’ll then contact you to ship the item.
Err codemadness.org 70 i 49694 Only one item to win. All decisions are final. Better luck next time.

Err codemadness.org 70 i 49695 Err codemadness.org 70 i 49696

Headlines

Err codemadness.org 70 i 49697 Err codemadness.org 70 i 49698

Battle of the Schedulers: FreeBSD ULE vs. Linux CFS

Err codemadness.org 70 i 49699 Err codemadness.org 70 i 49700

Introduction
Err codemadness.org 70 i 49701 This paper analyzes the impact on application performance of the design and implementation choices made in two widely used open-source schedulers: ULE, the default FreeBSD scheduler, and CFS, the default Linux scheduler. We compare ULE and CFS in otherwise identical circumstances. We have ported ULE to Linux, and use it to schedule all threads that are normally scheduled by CFS. We compare the performance of a large suite of applications on the modified kernel running ULE and on the standard Linux kernel running CFS. The observed performance differences are solely the result of scheduling decisions, and do not reflect differences in other subsystems between FreeBSD and Linux. There is no overall winner. On many workloads the two schedulers perform similarly, but for some workloads there are significant and even surprising differences. ULE may cause starvation, even when executing a single application with identical threads, but this starvation may actually lead to better application performance for some workloads. The more complex load balancing mechanism of CFS reacts more quickly to workload changes, but ULE achieves better load balance in the long run.
Err codemadness.org 70 i 49702 Operating system kernel schedulers are responsible for maintaining high utilization of hardware resources (CPU cores, memory, I/O devices) while providing fast response time to latency-sensitive applications. They have to react to workload changes, and handle large numbers of cores and threads with minimal overhead [12]. This paper provides a comparison between the default schedulers of two of the most widely deployed open-source operating systems: the Completely Fair Scheduler (CFS) used in Linux, and the ULE scheduler used in FreeBSD. Our goal is not to declare an overall winner.
Err codemadness.org 70 i 49703 In fact, we find that for some workloads ULE is better and for others CFS is better. Instead, our goal is to illustrate how differences in the design and the implementation of the two schedulers are reflected in application performance under different workloads. ULE and CFS are both designed to schedule large numbers of threads on large multicore machines. Scalability considerations have led both schedulers to adopt per-core run-queues. On a context switch, a core accesses only its local run-queue to find the next thread to run. Periodically and at select times, e.g., when a thread wakes up, both ULE and CFS perform load balancing, i.e., they try to balance the amount of work waiting in the run-queues of different cores.
Err codemadness.org 70 i 49704 ULE and CFS, however, differ greatly in their design and implementation choices. FreeBSD ULE is a simple scheduler (2,950 lines of code in FreeBSD 11.1), while Linux CFS is much more complex (17,900 lines of code in the latest LTS Linux kernel, Linux 4.9). FreeBSD run-queues are FIFO. For load balancing, FreeBSD strives to even out the number of threads per core. In Linux, a core decides which thread to run next based on prior execution time, priority, and perceived cache behavior of the threads in its runqueue. Instead of evening out the number of threads between cores, Linux strives to even out the average amount of pending work.

Err codemadness.org 70 i 49705 Err codemadness.org 70 i 49706

Performance analysis
Err codemadness.org 70 i 49707 We now analyze the impact of the per-core scheduling on the performance of 37 applications. We define “performance” as follows: for database workloads and NAS applications, we compare the number of operations per second, and for the other applications we compare “execution time”. The higher the “performance”, the better a scheduler performs. Figure 5 presents the performance difference between CFS and ULE on a single core, with percentages above 0 meaning that the application executes faster with ULE than CFS.
Err codemadness.org 70 i 49708 Overall, the scheduler has little influence on most workloads. Indeed, most applications use threads that all perform the same work, thus both CFS and ULE endup scheduling all of the threads in a round-robin fashion. The average performance difference is 1.5%, in favor of ULE. Still, scimark is 36% slower on ULE than CFS, and apache is 40% faster on ULE than CFS. Scimark is a single-threaded Java application. It launches one compute thread, and the Java runtime executes other Java system threads in the background (for the garbage collector, I/O, etc.).
Err codemadness.org 70 i 49709 When the application is executed with ULE, the compute thread can be delayed, because Java system threads are considered interactive and get priority over the computation thread. The apache workload consists of two applications: the main server (httpd) running 100 threads, and ab, a single-threaded load injector.
Err codemadness.org 70 i 49710 The performance difference between ULE and CFS is explained by different choices regarding thread preemption. In ULE, full preemption is disabled, while CFS preempts the running thread when the thread that has just been woken up has a vruntime that is much smaller than the vruntime of the currently executing thread (1ms difference in practice). In CFS, ab is preempted 2 million times during the benchmark, while it never preempted with ULE.
Err codemadness.org 70 i 49711 This behavior is explained as follows: ab starts by sending 100 requests to the httpd server, and then waits for the server to answer. When ab is woken up, it checks which requests have been processed and sends new requests to the server. Since ab is single-threaded, all requests sent to the server are sent sequentially. In ULE, ab is able to send as many new requests as it has received responses. In CFS, every request sent by ab wakes up a httpd thread, which preempts ab.

Err codemadness.org 70 i 49712 Err codemadness.org 70 i 49713

Conclusion
Err codemadness.org 70 i 49714 Scheduling threads on a multicore machine is hard. In this paper, we perform a fair comparison of the design choices of two widely used schedulers: the ULE scheduler from FreeBSD and CFS from Linux. We show that they behave differently even on simple workloads, and that no scheduler performs better than the other on all workloads.

Err codemadness.org 70 i 49715 Err codemadness.org 70 i 49716

OpenBSD 6.3 on Tuxedo InfinityBook

Err codemadness.org 70 i 49717 Err codemadness.org 70 i 49718

Disclaimer:
Err codemadness.org 70 i 49719 I came across the Tuxedo Computers InfinityBook last year at the Open! Conference where Tuxedo had a small booth. Previously they came to my attention since they’re a member of the OSB Alliance on whose board I’m a member. Furthermore Tuxedo Computers are a sponsor of the OSBAR which I’m part of the organizational team.

Err codemadness.org 70 i 49720 Err codemadness.org 70 i 49721

OpenBSD on the Tuxedo InfinityBook
Err codemadness.org 70 i 49722 I’ve asked the guys over at Tuxedo Computers whether they would be interested to have some tests with *BSD done and that I could test drive one of their machines and give feedback on what works and what does not - and possibly look into it.+

Err codemadness.org 70 i 49723 Err codemadness.org 70 i 49724

Within a few weeks they shipped me a machine and last week the InfinityBook Pro 14” arrived. Awesome. Thanks already to the folks at Tuxedo Computers. The machine arrived accompanied by lot’s of swag :)

Err codemadness.org 70 i 49725 Err codemadness.org 70 i 49726

The InfinityBook is a very nice machine and allows a wide range of configuration. The configuration that was shipped to me:

Err codemadness.org 70 i 49727 Err codemadness.org 70 i 49728

Intel Core i7-8550U
Err codemadness.org 70 i 49729 1x 16GB RAM 2400Mhz Crucial Ballistix Sport LT
Err codemadness.org 70 i 49730 250 GB Samsung 860 EVO (M.2 SATAIII)

Err codemadness.org 70 i 49731 Err codemadness.org 70 i 49732

I used a USB-stick to boot install63.fs and re-installed the machine with OpenBSD. Full dmesg.

Err codemadness.org 70 i 49733 Err codemadness.org 70 i 49734

The installation went flawlessly, the needed intel firmware is being installed after installation automatically via fw_update(1).

Err codemadness.org 70 i 49735 Err codemadness.org 70 i 49736

Out of the box the graphics works and once installed the machine presents the login.

Err codemadness.org 70 i 49737 Err codemadness.org 70 i 49738

Video
Err codemadness.org 70 i 49739 When X starts the display is turned off for some reason. You will need to hit fn+f12 (the key with the moon on it) then the display will go on. Aside from that little nit, X works just fine and presents one the expected resolution.

Err codemadness.org 70 i 49740 Err codemadness.org 70 i 49741

External video is working just fine as well. Either via hdmi output or via the mini displayport connector.

Err codemadness.org 70 i 49742 Err codemadness.org 70 i 49743

The buttons for adjusting brightness (fn+f8 and fn+f9) are not working. Instead one has to use wsconsctl(8) to adjust the brightness.

Err codemadness.org 70 i 49744 Err codemadness.org 70 i 49745

Networking
Err codemadness.org 70 i 49746 The infinityBook has built-in ethernet, driven by re(4) And for the wireless interface the iwm(4) driver is being used. Both work as expected.

Err codemadness.org 70 i 49747 Err codemadness.org 70 i 49748

ACPI
Err codemadness.org 70 i 49749 Neither suspend nor hibernate work. Reporting of battery status is bogus as well. Some of the keyboard function keys work:

Err codemadness.org 70 i 49750 Err codemadness.org 70 i 49751

LCD on/off works (fn+f2)
Err codemadness.org 70 i 49752 Keyboard backlight dimming works (fn+f4)
Err codemadness.org 70 i 49753 Volume (fn+f5 / fn+f6) works

Err codemadness.org 70 i 49754 Err codemadness.org 70 i 49755

Sound
Err codemadness.org 70 i 49756 The azalia chipset is being used for audio processing. Works as expected, volume can be controlled via buttons (fn+f5, fn+f6) or via mixerctl.

Err codemadness.org 70 i 49757 Err codemadness.org 70 i 49758

Touchpad
Err codemadness.org 70 i 49759 Can be controlled via wsconsctl(8).
Err codemadness.org 70 i 49760 So far I must say, that the InfinityBook makes a nice machine - and I’m enjoying working with it.

Err codemadness.org 70 i 49761 Err codemadness.org 70 i 49762

iXsystems
Err codemadness.org 70 i 49763 iXsystems - Its all NAS

Err codemadness.org 70 i 49764 Err codemadness.org 70 i 49765

How ZFS makes things like ‘zfs diff’ report filenames efficiently

Err codemadness.org 70 i 49766 Err codemadness.org 70 i 49767

As a copy on write (file)system, ZFS can use the transaction group (txg) numbers that are embedded in ZFS block pointers to efficiently find the differences between two txgs; this is used in, for example, ZFS bookmarks. However, as I noted at the end of my entry on block pointers, this doesn’t give us a filesystem level difference; instead, it essentially gives us a list of inodes (okay, dnodes) that changed.
Err codemadness.org 70 i 49768 In theory, turning an inode or dnode number into the path to a file is an expensive operation; you basically have to search the entire filesystem until you find it. In practice, if you’ve ever run ‘zfs diff’, you’ve likely noticed that it runs pretty fast. Nor is this the only place that ZFS quickly turns dnode numbers into full paths, as it comes up in ‘zpool status’ reports about permanent errors. At one level, zfs diff and zpool status do this so rapidly because they ask the ZFS code in the kernel to do it for them. At another level, the question is how the kernel’s ZFS code can be so fast.
Err codemadness.org 70 i 49769 The interesting and surprising answer is that ZFS cheats, in a way that makes things very fast when it works and almost always works in normal filesystems and with normal usage patterns. The cheat is that ZFS dnodes record their parent’s object number.
Err codemadness.org 70 i 49770 If you’re familiar with the twists and turns of Unix filesystems, you’re now wondering how ZFS deals with hardlinks, which can cause a file to be in several directories at once and so have several parents (and then it can be removed from some of the directories). The answer is that ZFS doesn’t; a dnode only ever tracks a single parent, and ZFS accepts that this parent information can be inaccurate. I’ll quote the comment in zfs_obj_to_pobj:
Err codemadness.org 70 i 49771 When a link is removed [the file’s] parent pointer is not changed and will be invalid. There are two cases where a link is removed but the file stays around, when it goes to the delete queue and when there are additional links.
Err codemadness.org 70 i 49772 Before I get into the details, I want to say that I appreciate the brute force elegance of this cheat. The practical reality is that most Unix files today don’t have extra hardlinks, and when they do most hardlinks are done in ways that won’t break ZFS’s parent stuff. The result is that ZFS has picked an efficient implementation that works almost all of the time; in my opinion, the great benefit we get from having it around are more than worth the infrequent cases where it fails or malfunctions. Both zfs diff and having filenames show up in zpool status permanent error reports are very useful (and there may be other cases where this gets used).
Err codemadness.org 70 i 49773 The current details are that any time you hardlink a file to somewhere or rename it, ZFS updates the file’s parent to point to the new directory. Often this will wind up with a correct parent even after all of the dust settles; for example, a common pattern is to write a file to an initial location, hardlink it to its final destination, and then remove the initial location version. In this case, the parent will be correct and you’ll get the right name.

Err codemadness.org 70 i 49774 Err codemadness.org 70 i 49775

News Roundup

Err codemadness.org 70 i 49776 Err codemadness.org 70 i 49777

What is FreeBSD? Why Should You Choose It Over Linux?

Err codemadness.org 70 i 49778 Err codemadness.org 70 i 49779

Not too long ago I wondered if and in what situations FreeBSD could be faster than Linux and we received a good amount of informative feedback. So far, Linux rules the desktop space and FreeBSD rules the server space.

Err codemadness.org 70 i 49780 Err codemadness.org 70 i 49781

In the meantime, though, what exactly is FreeBSD? And at what times should you choose it over a GNU/Linux installation? Let’s tackle these questions.

Err codemadness.org 70 i 49782 Err codemadness.org 70 i 49783

FreeBSD is a free and open source derivative of BSD (Berkeley Software Distribution) with a focus on speed, stability, security, and consistency, among other features. It has been developed and maintained by a large community ever since its initial release many years ago on November 1, 1993.

Err codemadness.org 70 i 49784 Err codemadness.org 70 i 49785

BSD is the version of UNIX® that was developed at the University of California in Berkeley. And being a free and open source version, “Free” being a prefix to BSD is a no-brainer.

Err codemadness.org 70 i 49786 Err codemadness.org 70 i 49787

What’s FreeBSD Good For?

Err codemadness.org 70 i 49788 Err codemadness.org 70 i 49789

FreeBSD offers a plethora of advanced features and even boasts some not available in some commercial Operating Systems. It makes an excellent Internet and Intranet server thanks to its robust network services that allow it to maximize memory and work with heavy loads to deliver and maintain good response times for thousands of simultaneous user processes.

Err codemadness.org 70 i 49790 Err codemadness.org 70 i 49791

FreeBSD runs a huge number of applications with ease. At the moment, it has over 32,000 ported applications and libraries with support for desktop, server, and embedded environments. with that being said, let me also add that FreeBSD is excellent for working with advanced embedded platforms. Mail and web appliances, timer servers, routers, MIPS hardware platforms, etc. You name it!

Err codemadness.org 70 i 49792 Err codemadness.org 70 i 49793

FreeBSD is available to install in several ways and there are directions to follow for any method you want to use; be it via CD-ROM, over a network using NFS or FTP, or DVD.

Err codemadness.org 70 i 49794 Err codemadness.org 70 i 49795

FreeBSD is easy to contribute to and all you have to do is to locate the section of the FreeBSD code base to modify and carefully do a neat job. Potential contributors are also free to improve on its artwork and documentation, among other project aspects.

Err codemadness.org 70 i 49796 Err codemadness.org 70 i 49797

FreeBSD is backed by the FreeBSD Foundation, a non-profit organization that you can contribute to financially and all direct contributions are tax deductible.

Err codemadness.org 70 i 49798 Err codemadness.org 70 i 49799

FreeBSD’s license allows users to incorporate the use of proprietary software which is ideal for companies interested in generating revenues. Netflix, for example, could cite this as one of the reasons for using FreeBSD servers.

Err codemadness.org 70 i 49800 Err codemadness.org 70 i 49801

Why Should You Choose It over Linux?

Err codemadness.org 70 i 49802 Err codemadness.org 70 i 49803

From what I’ve gathered about both FreeBSD and Linux, FreeBSD has a better performance on servers than Linux does. Yes, its packaged applications are configured to offer better a performance than Linux and it is usually running fewer services by default, there really isn’t a way to certify which is faster because the answer is dependent on the running hardware and applications and how the system is tuned.

Err codemadness.org 70 i 49804 Err codemadness.org 70 i 49805

FreeBSD is reportedly more secure than Linux because of the way the whole project is developed and maintained.

Err codemadness.org 70 i 49806 Err codemadness.org 70 i 49807

Unlike with Linux, the FreeBSD project is controlled by a large community of developers around the world who fall into any of these categories; core team, contributors, and committers.

Err codemadness.org 70 i 49808 Err codemadness.org 70 i 49809

FreeBSD is much easier to learn and use because there aren’t a thousand and one distros to choose from with different package managers, DEs, etc.

Err codemadness.org 70 i 49810 Err codemadness.org 70 i 49811

FreeBSD is more convenient to contribute to because it is the entire OS that is preserved and not just the kernel and a repo as is the case with Linux. You can easily access all of its versions since they are sorted by release numbers.

Err codemadness.org 70 i 49812 Err codemadness.org 70 i 49813

Apart from the many documentations and guides that you can find online, FreeBSD has a single official documentation wherein you can find the solution to virtually any issue you will come across. So, you’re sure to find it resourceful.

Err codemadness.org 70 i 49814 Err codemadness.org 70 i 49815

FreeBSD has close to no software issues compared to Linux because it has Java, is capable of running Windows programs using Wine, and can run .NET programs using Mono.

Err codemadness.org 70 i 49816 Err codemadness.org 70 i 49817

FreeBSD’s ports/packages system allows you to compile software with specific configurations, thereby avoiding conflicting dependency and version issues.

Err codemadness.org 70 i 49818 Err codemadness.org 70 i 49819

Both the FreeBSD and GNU/Linux project are always receiving updates. The platform you decide to go with is largely dependent on what you want to use it for, your technical know-how, willingness to learn new stuff, and ultimately your preference.
Err codemadness.org 70 i 49820 What is your take on the topic? For what reasons would you choose FreeBSD over Linux if you would? Let us know what you think about both platforms in the comments section below.

Err codemadness.org 70 i 49821 Err codemadness.org 70 i 49822

PS4 5.05 BPF Double Free Kernel Exploit Writeup

Err codemadness.org 70 i 49823 Err codemadness.org 70 i 49824

Introduction
Err codemadness.org 70 i 49825 Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here.
Err codemadness.org 70 i 49826 This bug is no longer accessible however past 5.05 firmware, because the BPF driver has finally been blocked from unprivileged processes - WebKit can no longer open it. Sony also introduced a new security mitigation in 5.0x firmwares to prevent the stack pointer from pointing into user space, however we’ll go more in detail on this a bit further down.

Err codemadness.org 70 i 49827 Err codemadness.org 70 i 49828

Assumptions
Err codemadness.org 70 i 49829 Some assumptions are made of the reader’s knowledge for the writeup. The avid reader should have a basic understanding of how memory allocators work - more specifically, how malloc() and free() allocate and deallocate memory respectively. They should also be aware that devices can be issued commands concurrently, as in, one command could be received while another one is being processed via threading. An understanding of C, x86, and exploitation basics is also very helpful, though not necessarily required.

Err codemadness.org 70 i 49830 Err codemadness.org 70 i 49831

Background
Err codemadness.org 70 i 49832 This section contains some helpful information to those newer to exploitation, or are unfamiliar with device drivers, or various exploit techniques such as heap spraying and race conditions. Feel free to skip to the “A Tale of Two Free()'s” section if you’re already familiar with this material.

Err codemadness.org 70 i 49833 Err codemadness.org 70 i 49834

What Are Drivers?
Err codemadness.org 70 i 49835 There are a few ways that applications can directly communicate with the operating system. One of which is system calls, which there are over 600 of in the PS4 kernel, ~500 of which are FreeBSD - the rest are Sony-implemented. Another method is through something called “Device Drivers”. Drivers are typically used to bridge the gap between software and hardware devices (usb drives, keyboard/mouse, webcams, etc) - though they can also be used just for software purposes.
Err codemadness.org 70 i 49836 There are a few operations that a userland application can perform on a driver (if it has sufficient permissions) to interface with it after opening it. In some instances, one can read from it, write to it, or in some cases, issue more complex commands to it via the ioctl() system call. The handlers for these commands are implemented in kernel space - this is important, because any bugs that could be exploited in an ioctl handler can be used as a privilege escalation straight to ring0 - typically the most privileged state.
Err codemadness.org 70 i 49837 Drivers are often the more weaker points of an operating system for attackers, because sometimes these drivers are written by developers who don’t understand how the kernel works, or the drivers are older and thus not wise to newer attack methods.

Err codemadness.org 70 i 49838 Err codemadness.org 70 i 49839

The BPF Device Driver
Err codemadness.org 70 i 49840 If we take a look around inside of WebKit’s sandbox, we’ll find a /dev directory. While this may seem like the root device driver path, it’s a lie. Many of the drivers that the PS4 has are not exposed to this directory, but rather only ones that are needed for WebKit’s operation (for the most part). For some reason though, BPF (aka. the “Berkely Packet Filter”) device is not only exposed to WebKit’s sandbox - it also has the privileges to open the device as R/W. This is very odd, because on most systems this driver is root-only (and for good reason). If you want to read more into this, refer to my previous write-up with 4.55FW.

Err codemadness.org 70 i 49841 Err codemadness.org 70 i 49842

What Are Packet Filters?
Err codemadness.org 70 i 49843 Below is an excerpt from the 4.55 bpfwrite writeup.
Err codemadness.org 70 i 49844 Since the bug is directly in the filter system, it is important to know the basics of what packet filters are. Filters are essentially sets of pseudo-instructions that are parsed by bpf_filter() (which are ran when packets are received). While the pseudo-instruction set is fairly minimal, it allows you to do things like perform basic arithmetic operations and copy values around inside it’s buffer. Breaking down the BPF VM in it’s entirety is far beyond the scope of this write-up, just know that the code produced by it is ran in kernel mode - this is why read/write access to /dev/bpf should be privileged.

Err codemadness.org 70 i 49845 Err codemadness.org 70 i 49846

Race Conditions
Err codemadness.org 70 i 49847 Race conditions occur when two processes/threads try to access a shared resource at the same time without mutual exclusion. The problem was ultimately solved by introducing concepts such as the “mutex” or “lock”. The idea is when one thread/process tries to access a resource, it will first acquire a lock, access it, then unlock it once it’s finished. If another thread/process tries to access it while the other has the lock, it will wait until the other thread is finished. This works fairly well - when it’s used properly.
Err codemadness.org 70 i 49848 Locking is hard to get right, especially when you try to implement fine-grained locking for performance. One single instruction or line of code outside the locking window could introduce a race condition. Not all race conditions are exploitable, but some are (such as this one) - and they can give an attacker very powerful bugs to work with.

Err codemadness.org 70 i 49849 Err codemadness.org 70 i 49850

Heap Spraying
Err codemadness.org 70 i 49851 The process of heap spraying is fairly simple - allocate a bunch of memory and fill it with controlled data in a loop and pray your allocation doesn’t get stolen from underneath you. It’s a very useful technique when exploiting something such as a use-after-free(), as you can use it to get controlled data into your target object’s backing memory.
Err codemadness.org 70 i 49852 By extension, it’s useful to do this for a double free() as well, because once we have a stale reference, we can use a heap spray to control the data. Since the object will be marked “free” - the allocator will eventually provide us with control over this memory, even though something else is still using it. That is, unless, something else has already stolen the pointer from you and corrupts it - then you’ll likely get a system crash, and that’s no fun. This is one factor that adds to the variance of exploits, and typically, the smaller the object, the more likely this is to happen.

Err codemadness.org 70 i 49853 Err codemadness.org 70 i 49854

Follow the link to read more of the article
Err codemadness.org 70 i 49855 DigitalOcean
Err codemadness.org 70 i 49856 http://do.co/bsdnow

Err codemadness.org 70 i 49857 Err codemadness.org 70 i 49858

OpenBSD gains Wi-Fi “auto-join”

Err codemadness.org 70 i 49859 Err codemadness.org 70 i 49860

In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks. Peter Hessler (phessler@) has been working on this for quite some time and he wrote about it in his p2k18 hackathon report. He has committed the work from the g2k18 hackathon in Ljubljana:

Err codemadness.org 70 i 49861 Err codemadness.org 70 i 49862

CVSROOT: /cvs
Err codemadness.org 70 i 49863 Module name: src
Err codemadness.org 70 i 49864 Changes by: phessler@cvs.openbsd.org 2018/07/11 14:18:09

Err codemadness.org 70 i 49865 Err codemadness.org 70 i 49866

Modified files:
Err codemadness.org 70 i 49867 sbin/ifconfig : ifconfig.8 ifconfig.c
Err codemadness.org 70 i 49868 sys/net80211 : ieee80211_ioctl.c ieee80211_ioctl.h
Err codemadness.org 70 i 49869 ieee80211_node.c ieee80211_node.h
Err codemadness.org 70 i 49870 ieee80211_var.h

Err codemadness.org 70 i 49871 Err codemadness.org 70 i 49872

Log message:
Err codemadness.org 70 i 49873 Introduce 'auto-join' to the wifi 802.11 stack.

Err codemadness.org 70 i 49874 Err codemadness.org 70 i 49875

This allows a system to remember which ESSIDs it wants to connect to, any
Err codemadness.org 70 i 49876 relevant security configuration, and switch to it when the network we are
Err codemadness.org 70 i 49877 currently connected to is no longer available.
Err codemadness.org 70 i 49878 Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

Err codemadness.org 70 i 49879 Err codemadness.org 70 i 49880

example hostname.if:
Err codemadness.org 70 i 49881 join home wpakey password
Err codemadness.org 70 i 49882 join work wpakey mekmitasdigoat
Err codemadness.org 70 i 49883 join open-lounge
Err codemadness.org 70 i 49884 join cafe wpakey cafe2018
Err codemadness.org 70 i 49885 join "wepnetwork" nwkey "12345"
Err codemadness.org 70 i 49886 dhcp
Err codemadness.org 70 i 49887 inet6 autoconf
Err codemadness.org 70 i 49888 up

Err codemadness.org 70 i 49889 Err codemadness.org 70 i 49890

OK stsp@ reyk@
Err codemadness.org 70 i 49891 and enthusiasm from every hackroom I've been in for the last 3 years
Err codemadness.org 70 i 49892 The usage should be clear from the commit message, but basically you ‘join’ all the networks you want to auto-join as you would previously use ‘nwid’ to connect to one specific network. Then the kernel will join the network that’s actually in range and do the rest automagically for you. When you move out of range of that network you lose connectivity until you come in range of the original (where things will continue to work as you’ve been used to) or one of the other networks (where you will associate and then get a new lease).

Err codemadness.org 70 i 49893 Err codemadness.org 70 i 49894

Thanks to Peter for working on this feature - something many a Wi-Fi using OpenBSD user will be able to benefit from.

Err codemadness.org 70 i 49895 Err codemadness.org 70 i 49896

FreeBSD Jails the hard way

Err codemadness.org 70 i 49897 Err codemadness.org 70 i 49898

There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.

Err codemadness.org 70 i 49899 Err codemadness.org 70 i 49900

This post goes over what is involved in creating and managing jails using only the tools built into FreeBSD.

Err codemadness.org 70 i 49901 Err codemadness.org 70 i 49902

For this guide, I’m going to be putting my jails in /usr/local/jails.

Err codemadness.org 70 i 49903 Err codemadness.org 70 i 49904

I’ll start with a very simple, isolated jail. Then I’ll go over how to use ZFS snapshots, and lastly nullfs mounts to share the FreeBSD base files with multiple jails.

Err codemadness.org 70 i 49905 Err codemadness.org 70 i 49906

I’ll also show some examples of how to use the templating power of jail.conf to apply similar settings to all your jails.

Err codemadness.org 70 i 49907 Err codemadness.org 70 i 49908

Full Jail
Err codemadness.org 70 i 49909 Make a directory for the jail, or a zfs dataset if you prefer.
Err codemadness.org 70 i 49910 Download the FreeBSD base files, and any other parts of FreeBSD you want. In this example I’ll include the 32 bit libraries as well.
Err codemadness.org 70 i 49911 Update your FreeBSD base install.
Err codemadness.org 70 i 49912 Verify your download. We’re downloading these archives over FTP after all, we should confirm that this download is valid and not tampered with. The freebsd-update IDS command verifies the installation using a PGP key which is in your base system, which was presumably installed with an ISO that you verified using the FreeBSD signed checksums. Admittedly this step is a bit of paranoia, but I think it’s prudent.
Err codemadness.org 70 i 49913 Make sure you jail has the right timezone and dns servers and a hostname in rc.conf.
Err codemadness.org 70 i 49914 Edit jail.conf with the details about your jail.
Err codemadness.org 70 i 49915 Start and login to your jail.
Err codemadness.org 70 i 49916 11 commands and a config file, but this is the most tedious way to make a jail. With a little bit of templating it can be even easier. So I’ll start by making a template. Making a template is basically the same as steps 1, 2 and 3 above, but with a different destination folder, I’ll condense them here.

Err codemadness.org 70 i 49917 Err codemadness.org 70 i 49918

Creating a template
Err codemadness.org 70 i 49919 Create a template or a ZFS dataset. If you’d like to use the zfs clone method of deploying templates, you’ll need to create a zfs dataset instead of a folder.
Err codemadness.org 70 i 49920 Update your template with freebsd-update.
Err codemadness.org 70 i 49921 Verify your install
Err codemadness.org 70 i 49922 And that’s it, now you have a fully up to date jail template. If you’ve made this template with zfs, you can easily deploy it using zfs snapshots.

Err codemadness.org 70 i 49923 Err codemadness.org 70 i 49924

Deploying a template with ZFS snapshots
Err codemadness.org 70 i 49925 Create a snapshot. My last freebsd-update to my template brought it to patch level 17, so I’ll call my snapshot p10.
Err codemadness.org 70 i 49926 Clone the snapshot to a new jail.
Err codemadness.org 70 i 49927 Configure the jail hostname.
Err codemadness.org 70 i 49928 Add the jail definition to jail.conf, make sure you have the global jail settings from jail.conf listed in the fulljail example.
Err codemadness.org 70 i 49929 Start the jail.
Err codemadness.org 70 i 49930 The downside with the zfs approach is that each jail is now a fully independent, and if you need to update your jails, you have to update them all individually. By sharing a template using nullfs mounts you can have only one copy of the base system that only needs to be updated once.

Err codemadness.org 70 i 49931 Err codemadness.org 70 i 49932

Follow the link to see the rest of the article about
Err codemadness.org 70 i 49933 Thin jails using NullFS mounts
Err codemadness.org 70 i 49934 Simplifying jail.conf
Err codemadness.org 70 i 49935 Hopefully this has helped you understand the process of how to create and manage FreeBSD jails without tools that abstract away all the details. Those tools are often quite useful, but there is always benefit in learning to do things the hard way. And in this case, the hard way doesn’t seem to be that hard after all.

Err codemadness.org 70 i 49936 Err codemadness.org 70 i 49937

Beastie Bits

Err codemadness.org 70 i 49938 Err codemadness.org 70 i 49939

Meetup in Zurich #4, July edition (July 19) – Which you likely missed, but now you know to look for the August edition!
Err codemadness.org 70 i 49940 The next two BSD-PL User group meetings in Warsaw have been scheduled for July 30th and Aug 9th @ 1830 CEST – Submit your topic proposals now
Err codemadness.org 70 i 49941 Linux Geek Books - Humble Bundle
Err codemadness.org 70 i 49942 Extend loader(8) geli support to all architectures and all disk-like devices
Err codemadness.org 70 i 49943 Upgrading from a bootpool to a single encrypted pool – skip the gptzfsboot part, and manually update your EFI partition with loader.efi
Err codemadness.org 70 i 49944 The pkgsrc 2018Q2 for Illumos is available with 18500+ binary packages
Err codemadness.org 70 i 49945 NetBSD ARM64 Images Available with SMP for RPi3 / NanoPi / Pine64 Boards
Err codemadness.org 70 i 49946 Recently released CDE 2.3.0 running on Tribblix (Illumos)
Err codemadness.org 70 i 49947 An Interview With Tech & Science Fiction Author Michael W Lucas
Err codemadness.org 70 i 49948 A reminder : MeetBSD CFP
Err codemadness.org 70 i 49949 EuroBSDCon talk acceptances have gone out, and once the tutorials are confirmed, registration will open. That will likely have happened by time you see this episode, so go register! See you in Romania
Err codemadness.org 70 i 49950 Tarsnap

Err codemadness.org 70 i 49951 Err codemadness.org 70 i 49952

Feedback/Questions

Err codemadness.org 70 i 49953 Err codemadness.org 70 i 49954

Wilyarti - Adblocked on FreeBSD Continued…
Err codemadness.org 70 i 49955 Andrew - A Question and a Story
Err codemadness.org 70 i 49956 Matthew - Thanks
Err codemadness.org 70 i 49957 Brian - PCI-E Controller
Err codemadness.org 70 i 49958 Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

]]> Err codemadness.org 70 i 49959

Episode 255: What Are You Pointing At | BSD Now 255

Allan Jude — Wed, 18 Jul 2018 00:00:00 -0700

Err codemadness.org 70 i 50570 What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T.

Err codemadness.org 70 i 50571 Err codemadness.org 70 i 50572

##Headlines
Err codemadness.org 70 i 50573 ###What ZFS block pointers are and what’s in them

Err codemadness.org 70 i 50574 Err codemadness.org 70 i 50575

Err codemadness.org 70 i 50576
I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS.
Err codemadness.org 70 i 50577

Err codemadness.org 70 i 50578 Err codemadness.org 70 i 50579

Err codemadness.org 70 i 50580
The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF):
Err codemadness.org 70 i 50581

Err codemadness.org 70 i 50582 Err codemadness.org 70 i 50583

Err codemadness.org 70 i 50584
A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk.
Err codemadness.org 70 i 50585

Err codemadness.org 70 i 50586 Err codemadness.org 70 i 50587

Err codemadness.org 70 i 50588
Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata).
Err codemadness.org 70 i 50589

Err codemadness.org 70 i 50590 Err codemadness.org 70 i 50591

Err codemadness.org 70 i 50592
So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains:
Err codemadness.org 70 i 50593

Err codemadness.org 70 i 50594 Err codemadness.org 70 i 50595

various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to.
Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata).
The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s).
The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal.
The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks.

Err codemadness.org 70 i 50602 Err codemadness.org 70 i 50603

Err codemadness.org 70 i 50604
Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object.
Err codemadness.org 70 i 50605

Err codemadness.org 70 i 50606 Err codemadness.org 70 i 50607

Err codemadness.org 70 i 50608
(The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.)
Err codemadness.org 70 i 50609

Err codemadness.org 70 i 50610 Err codemadness.org 70 i 50611

Err codemadness.org 70 i 50612
There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object.
Err codemadness.org 70 i 50613

Err codemadness.org 70 i 50614 Err codemadness.org 70 i 50615

Err codemadness.org 70 i 50616
Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently).
Err codemadness.org 70 i 50617

Err codemadness.org 70 i 50618 Err codemadness.org 70 i 50619

Err codemadness.org 70 i 50620
As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg.
Err codemadness.org 70 i 50621

Err codemadness.org 70 i 50622 Err codemadness.org 70 i 50623

Err codemadness.org 70 i 50624
However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed).
Err codemadness.org 70 i 50625

Err codemadness.org 70 i 50626 Err codemadness.org 70 i 50627

Err codemadness.org 70 i 50628
(ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.)
Err codemadness.org 70 i 50629

Err codemadness.org 70 i 50630 Err codemadness.org 70 i 50631

Err codemadness.org 70 i 50632 Err codemadness.org 70 i 50633

###Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days

Err codemadness.org 70 i 50634 Err codemadness.org 70 i 50635

Err codemadness.org 70 i 50636
Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.
Err codemadness.org 70 i 50637 The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement.
Err codemadness.org 70 i 50638 The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category.
Err codemadness.org 70 i 50639

Err codemadness.org 70 i 50640 Err codemadness.org 70 i 50641

BSD zero-day rewards will be on par with Linux payouts

Err codemadness.org 70 i 50644 Err codemadness.org 70 i 50645

Err codemadness.org 70 i 50646
The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000.
Err codemadness.org 70 i 50647 In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.
Err codemadness.org 70 i 50648 Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros.
Err codemadness.org 70 i 50649 The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions.
Err codemadness.org 70 i 50650 Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros.
Err codemadness.org 70 i 50651

Err codemadness.org 70 i 50652 Err codemadness.org 70 i 50653

Zero-day price varies based on exploitation chain

Err codemadness.org 70 i 50656 Err codemadness.org 70 i 50657

Err codemadness.org 70 i 50658
The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said.
Err codemadness.org 70 i 50659 Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs).
Err codemadness.org 70 i 50660

Err codemadness.org 70 i 50661 Err codemadness.org 70 i 50662

Zero-days in servers “can reach exceptional amounts”

Err codemadness.org 70 i 50665 Err codemadness.org 70 i 50666

Err codemadness.org 70 i 50667
“Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email.
Err codemadness.org 70 i 50668 Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following:
Err codemadness.org 70 i 50669 "Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.”
Err codemadness.org 70 i 50670 “We may also react to customers’ requests and their operational needs,” Bekrar said.
Err codemadness.org 70 i 50671

Err codemadness.org 70 i 50672 Err codemadness.org 70 i 50673

It’s becoming a crowded market

Err codemadness.org 70 i 50676 Err codemadness.org 70 i 50677

Err codemadness.org 70 i 50678
Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.
Err codemadness.org 70 i 50679 The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers.
Err codemadness.org 70 i 50680

Err codemadness.org 70 i 50681 Err codemadness.org 70 i 50682

Twitter Announcement

Err codemadness.org 70 i 50683 Err codemadness.org 70 i 50684

Err codemadness.org 70 i 50685 Err codemadness.org 70 i 50686

Digital Ocean
Err codemadness.org 70 i 50687 http://do.co/bsdnow

Err codemadness.org 70 i 50688 Err codemadness.org 70 i 50689

###KDE on FreeBSD – June 2018

Err codemadness.org 70 i 50690 Err codemadness.org 70 i 50691

Err codemadness.org 70 i 50692
The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this:
Err codemadness.org 70 i 50693

Err codemadness.org 70 i 50694 Err codemadness.org 70 i 50695

http://FreeBSD.kde.org | Bleeding edge 	Err	codemadness.org	70
i 50696 http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0	Err	codemadness.org	70
i 50697

Err codemadness.org 70 i 50698 Err codemadness.org 70 i 50699

Err codemadness.org 70 i 50700
It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).
Err codemadness.org 70 i 50701

Err codemadness.org 70 i 50702 Err codemadness.org 70 i 50703

In no particular order:
Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile.
Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though.
KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs.
Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer.
The freebsd.kde.org website has been slightly updated; it was terribly out-of-date.

Err codemadness.org 70 i 50711 Err codemadness.org 70 i 50712

Err codemadness.org 70 i 50713
So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for the amazing application for downloading and displaying a flamingo … niche usecases FTW)
Err codemadness.org 70 i 50714

Err codemadness.org 70 i 50715 Err codemadness.org 70 i 50716

Err codemadness.org 70 i 50717 Err codemadness.org 70 i 50718

##News Roundup
Err codemadness.org 70 i 50719 ###New FreeBSD Core Team Elected

Err codemadness.org 70 i 50720 Err codemadness.org 70 i 50721

Err codemadness.org 70 i 50722
Active committers to the project have elected your tenth FreeBSD Core
Err codemadness.org 70 i 50723 Team.
Err codemadness.org 70 i 50724

Err codemadness.org 70 i 50725 Err codemadness.org 70 i 50726

Allan Jude (allanjude)
Benedict Reuschling (bcr)
Brooks Davis (brooks)
Hiroki Sato (hrs)
Jeff Roberson (jeff)
John Baldwin (jhb)
Kris Moore (kmoore)
Sean Chittenden (seanc)
Warner Losh (imp)

Err codemadness.org 70 i 50737 Err codemadness.org 70 i 50738

Err codemadness.org 70 i 50739
Let’s extend our gratitude to the outgoing Core Team members:
Err codemadness.org 70 i 50740

Err codemadness.org 70 i 50741 Err codemadness.org 70 i 50742

Baptiste Daroussin (bapt)
Benno Rice (benno)
Ed Maste (emaste)
George V. Neville-Neil (gnn)
Matthew Seaman (matthew)

Err codemadness.org 70 i 50749 Err codemadness.org 70 i 50750

Err codemadness.org 70 i 50751
Matthew, after having served as the Core Team Secretary for the past
Err codemadness.org 70 i 50752 four years, will be stepping down from that role.
Err codemadness.org 70 i 50753

Err codemadness.org 70 i 50754 Err codemadness.org 70 i 50755

Err codemadness.org 70 i 50756
The Core Team would also like to thank Dag-Erling Smørgrav for running a
Err codemadness.org 70 i 50757 flawless election.
Err codemadness.org 70 i 50758

Err codemadness.org 70 i 50759 Err codemadness.org 70 i 50760

To read about the responsibilities of the Core Team, refer to https://www.freebsd.org/administration.html#t-core.

Err codemadness.org 70 i 50763 Err codemadness.org 70 i 50764

Err codemadness.org 70 i 50765 Err codemadness.org 70 i 50766

###NetBSD WiFi refresh

Err codemadness.org 70 i 50767 Err codemadness.org 70 i 50768

Err codemadness.org 70 i 50769
The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%NetBSD.org@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are:
Err codemadness.org 70 i 50770

Err codemadness.org 70 i 50771 Err codemadness.org 70 i 50772

Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier.
Adding support for the newer protocols 801.11/N and 802.11/AC.
Improving SMP support in the IEEE 802.11 stack.
Adding Virtual Access Point (VAP) support.
Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes.

Err codemadness.org 70 i 50779 Err codemadness.org 70 i 50780

Err codemadness.org 70 i 50781
Status reports will be posted to tech-net%NetBSD.org@localhost every other week
Err codemadness.org 70 i 50782 while the contract is active.
Err codemadness.org 70 i 50783

Err codemadness.org 70 i 50784 Err codemadness.org 70 i 50785

Err codemadness.org 70 i 50786 Err codemadness.org 70 i 50787

iXsystems

Err codemadness.org 70 i 50788 Err codemadness.org 70 i 50789

###Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape

Err codemadness.org 70 i 50790 Err codemadness.org 70 i 50791

Err codemadness.org 70 i 50792
Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.)
Err codemadness.org 70 i 50793

Err codemadness.org 70 i 50794 Err codemadness.org 70 i 50795

Err codemadness.org 70 i 50796
The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible.
Err codemadness.org 70 i 50797

Err codemadness.org 70 i 50798 Err codemadness.org 70 i 50799

Err codemadness.org 70 i 50800
Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.)
Err codemadness.org 70 i 50801

Err codemadness.org 70 i 50802 Err codemadness.org 70 i 50803

ARCHITECTURE

Err codemadness.org 70 i 50806 Err codemadness.org 70 i 50807

Err codemadness.org 70 i 50808
A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section.
Err codemadness.org 70 i 50809

Err codemadness.org 70 i 50810 Err codemadness.org 70 i 50811

Err codemadness.org 70 i 50813
Poor Man’s CI consists of the following components and their interactions:
Err codemadness.org 70 i 50814
Err codemadness.org 70 i 50816
Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components:
Err codemadness.org 70 i 50817
- Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub.
- Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build.
- Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool.
Err codemadness.org 70 i 50822 Err codemadness.org 70 i 50823

Err codemadness.org 70 i 50825 Err codemadness.org 70 i 50826
PubSub Topics:
Err codemadness.org 70 i 50827 Err codemadness.org 70 i 50828
- workq: Transports work messages that contain the link of the repository to build.
- poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq.
- doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances.
Err codemadness.org 70 i 50833 Err codemadness.org 70 i 50834

Err codemadness.org 70 i 50836 Err codemadness.org 70 i 50837
builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script.
Err codemadness.org 70 i 50838 Err codemadness.org 70 i 50839

Err codemadness.org 70 i 50841 Err codemadness.org 70 i 50842
Build Logs: A Storage bucket that contains the logs of builds performed by builder instances.
Err codemadness.org 70 i 50843 Err codemadness.org 70 i 50844

Err codemadness.org 70 i 50846 Err codemadness.org 70 i 50847
Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq.
Err codemadness.org 70 i 50848 Err codemadness.org 70 i 50849

Err codemadness.org 70 i 50851 Err codemadness.org 70 i 50852
BUGS
Err codemadness.org 70 i 50853 Err codemadness.org 70 i 50854

Err codemadness.org 70 i 50856 Err codemadness.org 70 i 50857

Err codemadness.org 70 i 50858
The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see https://tinyurl.com/ybkycuub.
Err codemadness.org 70 i 50859

Err codemadness.org 70 i 50860 Err codemadness.org 70 i 50861

$ ./pmci queue_post poolq builder0
Err codemadness.org 70 i 50862 # ./pmci queue_post poolq builder1
Err codemadness.org 70 i 50863 # ... repeat for as many builders as you want

Err codemadness.org 70 i 50864 Err codemadness.org 70 i 50865

Err codemadness.org 70 i 50866
The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see https://tinyurl.com/yb2vbwfd.
Err codemadness.org 70 i 50867

Err codemadness.org 70 i 50868 Err codemadness.org 70 i 50869

Err codemadness.org 70 i 50870 Err codemadness.org 70 i 50871

###The Power of Ctrl-T

Err codemadness.org 70 i 50872 Err codemadness.org 70 i 50873

Err codemadness.org 70 i 50874
Did you know that you can check what a process is doing by pressing CTRL+T?
Err codemadness.org 70 i 50875 Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal.
Err codemadness.org 70 i 50876 On FreeBSD it looks like this:
Err codemadness.org 70 i 50877

Err codemadness.org 70 i 50878 Err codemadness.org 70 i 50879

ping pingtest.com	Err	codemadness.org	70
i 50880 PING pingtest.com (5.22.149.135): 56 data bytes	Err	codemadness.org	70
i 50881 64 bytes from 5.22.149.135: icmp_seq=0 ttl=51 time=86.232 ms	Err	codemadness.org	70
i 50882 64 bytes from 5.22.149.135: icmp_seq=1 ttl=51 time=85.477 ms	Err	codemadness.org	70
i 50883 64 bytes from 5.22.149.135: icmp_seq=2 ttl=51 time=85.493 ms	Err	codemadness.org	70
i 50884 64 bytes from 5.22.149.135: icmp_seq=3 ttl=51 time=85.211 ms	Err	codemadness.org	70
i 50885 64 bytes from 5.22.149.135: icmp_seq=4 ttl=51 time=86.002 ms	Err	codemadness.org	70
i 50886 load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k	Err	codemadness.org	70
i 50887 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max	Err	codemadness.org	70
i 50888 64 bytes from 5.22.149.135: icmp_seq=5 ttl=51 time=85.725 ms	Err	codemadness.org	70
i 50889 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms	Err	codemadness.org	70
i 50890

Err codemadness.org 70 i 50891 Err codemadness.org 70 i 50892

Err codemadness.org 70 i 50893
As you can see it not only outputs the name of the running command but the following parameters as well:
Err codemadness.org 70 i 50894

Err codemadness.org 70 i 50895 Err codemadness.org 70 i 50896

94371 – PID	Err	codemadness.org	70
i 50897 4.70r – since when is the process running	Err	codemadness.org	70
i 50898 0.00u – user time	Err	codemadness.org	70
i 50899 0.00s – system time	Err	codemadness.org	70
i 50900 0% – CPU usage	Err	codemadness.org	70
i 50901 2500k – resident set size of the process or RSS	Err	codemadness.org	70
i 50902 ``	Err	codemadness.org	70
i 50903 	Err	codemadness.org	70
i 50904 > An even better example is with the following cp command:	Err	codemadness.org	70
i 50905 	Err	codemadness.org	70
i 50906

Err codemadness.org 70 i 50907 Err codemadness.org 70 i 50908

cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null
Err codemadness.org 70 i 50909 load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k
Err codemadness.org 70 i 50910 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 15%
Err codemadness.org 70 i 50911 load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k
Err codemadness.org 70 i 50912 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 32%
Err codemadness.org 70 i 50913 load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k
Err codemadness.org 70 i 50914 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 49%
Err codemadness.org 70 i 50915 load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k
Err codemadness.org 70 i 50916 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 64%
Err codemadness.org 70 i 50917 load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k
Err codemadness.org 70 i 50918 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 79%
Err codemadness.org 70 i 50919 load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k
Err codemadness.org 70 i 50920 FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 95%

Err codemadness.org 70 i 50921 Err codemadness.org 70 i 50922

	Err	codemadness.org	70
i 50923 > I prcessed CTRL+T six times.  Without that, all the output would have been is the first line.	Err	codemadness.org	70
i 50924 	Err	codemadness.org	70
i 50925 > Another example how the process is changing states:	Err	codemadness.org	70
i 50926 	Err	codemadness.org	70
i 50927

Err codemadness.org 70 i 50928 Err codemadness.org 70 i 50929

wget https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso
Err codemadness.org 70 i 50930 –2018-06-17 18:47:48– https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso
Err codemadness.org 70 i 50931 Resolving download.freebsd.org (download.freebsd.org)… 96.47.72.72, 2610:1c1:1:606c::15:0
Err codemadness.org 70 i 50932 Connecting to download.freebsd.org (download.freebsd.org)|96.47.72.72|:443… connected.
Err codemadness.org 70 i 50933 HTTP request sent, awaiting response… 200 OK
Err codemadness.org 70 i 50934 Length: 3348465664 (3.1G) [application/octet-stream]
Err codemadness.org 70 i 50935 Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’

Err codemadness.org 70 i 50936 Err codemadness.org 70 i 50937

FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s
Err codemadness.org 70 i 50938 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s
Err codemadness.org 70 i 50939 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s
Err codemadness.org 70 i 50940 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s
Err codemadness.org 70 i 50941 FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============> ] 460.23M 7.01MB/s eta 9m 0s 1

Err codemadness.org 70 i 50942 Err codemadness.org 70 i 50943

	Err	codemadness.org	70
i 50944 > The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X:	Err	codemadness.org	70
i 50945 	Err	codemadness.org	70
i 50946

Err codemadness.org 70 i 50947 Err codemadness.org 70 i 50948

—> Fetching distfiles for gmp
Err codemadness.org 70 i 50949 —> Attempting to fetch gmp-6.1.2.tar.bz2 from https://distfiles.macports.org/gmp
Err codemadness.org 70 i 50950 —> Verifying checksums for gmp
Err codemadness.org 70 i 50951 —> Extracting gmp
Err codemadness.org 70 i 50952 —> Applying patches to gmp
Err codemadness.org 70 i 50953 —> Configuring gmp
Err codemadness.org 70 i 50954 load: 2.81 cmd: clang 74287 running 0.31u 0.28s

Err codemadness.org 70 i 50955 Err codemadness.org 70 i 50956

	Err	codemadness.org	70
i 50957 > PS: If I recall correctly Feld showed me CTRL+T, thank you!	Err	codemadness.org	70
i 50958 	Err	codemadness.org	70
i 50959 ***	Err	codemadness.org	70
i 50960 	Err	codemadness.org	70
i 50961 	Err	codemadness.org	70
i 50962 ##Beastie Bits	Err	codemadness.org	70
i 50963 + [Half billion tries for a HAMMER2 bug](http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html)	Err	codemadness.org	70
i 50964 + OpenBSD with various Desktops	Err	codemadness.org	70
i 50965  + [OpenBSD 6.3 running twm window manager](https://youtu.be/v6XeC5wU2s4)	Err	codemadness.org	70
i 50966  + [OpenBSD 6.3 jwm and rox desktop](https://youtu.be/jlSK2oi7CBc)	Err	codemadness.org	70
i 50967  + [OpenBSD 6.3 cwm youtube video](https://youtu.be/mgqNyrP2CPs)	Err	codemadness.org	70
i 50968 + [pf: Increase default state table size](https://svnweb.freebsd.org/base?view=revision&revision=336221)	Err	codemadness.org	70
i 50969 ***	Err	codemadness.org	70
i 50970 	Err	codemadness.org	70
i 50971 **Tarsnap**	Err	codemadness.org	70
i 50972 	Err	codemadness.org	70
i 50973 ##Feedback/Questions	Err	codemadness.org	70
i 50974 + Ben Sims - [Full feed?](http://dpaste.com/3XVH91T#wrap)	Err	codemadness.org	70
i 50975 + Scott - [Questions and Comments](http://dpaste.com/08P34YN#wrap)	Err	codemadness.org	70
i 50976 + Troels - [Features of FreeBSD 11.2 that deserve a mention](http://dpaste.com/3DDPEC2#wrap)	Err	codemadness.org	70
i 50977 + [Fred - Show Ideas](http://dpaste.com/296ZA0P#wrap)	Err	codemadness.org	70
i 50978 ***	Err	codemadness.org	70
i 50979 	Err	codemadness.org	70
i 50980 - Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [feedback@bsdnow.tv](mailto:feedback@bsdnow.tv)	Err	codemadness.org	70
i 50981 ***	Err	codemadness.org	70
i 50982 	Err	codemadness.org	70
i 50983 ***	Err	codemadness.org	70
i 50984 	Err	codemadness.org	70
i 50985 iXsystems [It's all NAS](https://www.ixsystems.com/blog/its-all-nas/)	Err	codemadness.org	70
i 50986

]]> Err codemadness.org 70 i 50987

Episode 254: Bare the OS | BSD Now 254

Allan Jude — Thu, 12 Jul 2018 08:00:00 -0700

Err codemadness.org 70 i 51538 Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more.

Err codemadness.org 70 i 51539 Err codemadness.org 70 i 51540

##Headlines
Err codemadness.org 70 i 51541 ###Silent Fanless FreeBSD Desktop/Server

Err codemadness.org 70 i 51542 Err codemadness.org 70 i 51543

Err codemadness.org 70 i 51544
Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines
Err codemadness.org 70 i 51545 ###Cross-DSO CFI in HardenedBSD
Err codemadness.org 70 i 51546 Control Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness.
Err codemadness.org 70 i 51547 HardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications.
Err codemadness.org 70 i 51548 This article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there.
Err codemadness.org 70 i 51549 Brace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;)
Err codemadness.org 70 i 51550

Err codemadness.org 70 i 51551 Err codemadness.org 70 i 51552

Using More llvm Toolchain Components

Err codemadness.org 70 i 51555 Err codemadness.org 70 i 51556

Err codemadness.org 70 i 51557
CFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects.
Err codemadness.org 70 i 51558 In March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time.
Err codemadness.org 70 i 51559 Building libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files.
Err codemadness.org 70 i 51560 In preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump.
Err codemadness.org 70 i 51561 With ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64.
Err codemadness.org 70 i 51562

Err codemadness.org 70 i 51563 Err codemadness.org 70 i 51564

Building Libraries With LTO

Err codemadness.org 70 i 51567 Err codemadness.org 70 i 51568

Err codemadness.org 70 i 51569
The primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself.
Err codemadness.org 70 i 51570 I reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails.
Err codemadness.org 70 i 51571 With llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls.
Err codemadness.org 70 i 51572 Disabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today.
Err codemadness.org 70 i 51573

Err codemadness.org 70 i 51574 Err codemadness.org 70 i 51575

The Sanitizers in FreeBSD

Err codemadness.org 70 i 51578 Err codemadness.org 70 i 51579

Err codemadness.org 70 i 51580
FreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack.
Err codemadness.org 70 i 51581 I had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used.
Err codemadness.org 70 i 51582 In my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached.
Err codemadness.org 70 i 51583

Err codemadness.org 70 i 51584 Err codemadness.org 70 i 51585

Known Issues And Limitations

Err codemadness.org 70 i 51588 Err codemadness.org 70 i 51589

Err codemadness.org 70 i 51590
There are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI.
Err codemadness.org 70 i 51591 It seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again.
Err codemadness.org 70 i 51592 NO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO.
Err codemadness.org 70 i 51593 One goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned.
Err codemadness.org 70 i 51594 When Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against. When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above.
Err codemadness.org 70 i 51595

Err codemadness.org 70 i 51596 Err codemadness.org 70 i 51597

Current Status

Err codemadness.org 70 i 51600 Err codemadness.org 70 i 51601

Err codemadness.org 70 i 51602
I’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works).
Err codemadness.org 70 i 51603 I’m now working through the known issues list, researching and learning.
Err codemadness.org 70 i 51604

Err codemadness.org 70 i 51605 Err codemadness.org 70 i 51606

Future Work

Err codemadness.org 70 i 51609 Err codemadness.org 70 i 51610

Err codemadness.org 70 i 51611
Fixing pretty much everything in the “Known Issues And Limitations” section. ;P
Err codemadness.org 70 i 51612 I need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework.
Err codemadness.org 70 i 51613 Next I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3).
Err codemadness.org 70 i 51614 There’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020.
Err codemadness.org 70 i 51615

Err codemadness.org 70 i 51616 Err codemadness.org 70 i 51617

Conclusion

Err codemadness.org 70 i 51620 Err codemadness.org 70 i 51621

Err codemadness.org 70 i 51622
I have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen.
Err codemadness.org 70 i 51623 We’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018.
Err codemadness.org 70 i 51624 I would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support.
Err codemadness.org 70 i 51625

Err codemadness.org 70 i 51626 Err codemadness.org 70 i 51627

Err codemadness.org 70 i 51628 Err codemadness.org 70 i 51629

iXsystems
Err codemadness.org 70 i 51630 FreeNAS 11.2-BETAs are starting to appear

Err codemadness.org 70 i 51631 Err codemadness.org 70 i 51632

###Bareos Backup Server on FreeBSD

Err codemadness.org 70 i 51633 Err codemadness.org 70 i 51634

Err codemadness.org 70 i 51635
Ever heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula?
Err codemadness.org 70 i 51636 Bareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from bacula.org site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages.
Err codemadness.org 70 i 51637

Err codemadness.org 70 i 51638 Err codemadness.org 70 i 51639

Err codemadness.org 70 i 51640
I started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group).
Err codemadness.org 70 i 51641 This way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that.
Err codemadness.org 70 i 51642 The implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result.
Err codemadness.org 70 i 51643 Not bad for my taste.
Err codemadness.org 70 i 51644

Err codemadness.org 70 i 51645 Err codemadness.org 70 i 51646

Err codemadness.org 70 i 51647
Today I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine:
Err codemadness.org 70 i 51648

Err codemadness.org 70 i 51649 Err codemadness.org 70 i 51650

bareos-dir
bareos-sd
bareos-webui
bareos-fd

Err codemadness.org 70 i 51656 Err codemadness.org 70 i 51657

Err codemadness.org 70 i 51658
I also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares.
Err codemadness.org 70 i 51659

Err codemadness.org 70 i 51660 Err codemadness.org 70 i 51661

Err codemadness.org 70 i 51662
To get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers.
Err codemadness.org 70 i 51663

Err codemadness.org 70 i 51664 Err codemadness.org 70 i 51665

Err codemadness.org 70 i 51666
Also this diagram may be useful for You to get some grip into the Bareos world.
Err codemadness.org 70 i 51667

Err codemadness.org 70 i 51668 Err codemadness.org 70 i 51669

System

Err codemadness.org 70 i 51672 Err codemadness.org 70 i 51673

Err codemadness.org 70 i 51674
As every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.
Err codemadness.org 70 i 51675

]]> Err codemadness.org 70 i 51676

Episode 253: Silence of the Fans | BSD Now 253

Allan Jude — Thu, 05 Jul 2018 04:00:00 -0700

Fanless server setup with FreeBSD, NetBSD on pinebooks, another BSDCan trip report, transparent network audio, MirBSD's Korn Shell on Plan9, static site generators on OpenBSD, and more. Err codemadness.org 70 i 51836

##Headlines
Err codemadness.org 70 i 51837 Silent Fanless FreeBSD Desktop/Server

Err codemadness.org 70 i 51838

Err codemadness.org 70 i 51839
Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.
Err codemadness.org 70 i 51840

Err codemadness.org 70 i 51841

Err codemadness.org 70 i 51842
I have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the ark.intel.com page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.
Err codemadness.org 70 i 51843

Err codemadness.org 70 i 51844

Here is how the system look powered up and working

Err codemadness.org 70 i 51847

Err codemadness.org 70 i 51848
This motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.
Err codemadness.org 70 i 51849

Err codemadness.org 70 i 51850

Components

Err codemadness.org 70 i 51853

Err codemadness.org 70 i 51854
Now, an example system would look like that one below, here are the components with their prices.
Err codemadness.org 70 i 51855

Err codemadness.org 70 i 51856

$49 CPU/Motherboard ASRock J3355B-ITX Mini-ITX
$14 RAM Crucial 4 GB DDR3L 1.35V (low power)
$17 PSU 12V 160W Pico (internal)
$11 PSU 12V 96W FSP (external)
$5 USB 2.0 Drive 16 GB ADATA
$4 USB Wireless 802.11n
$100 TOTAL

Err codemadness.org 70 i 51865

Err codemadness.org 70 i 51866
The PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on aliexpress.com or ebay.com for example, at least I got them there. Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.
Err codemadness.org 70 i 51867

Err codemadness.org 70 i 51868

Err codemadness.org 70 i 51869
This gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.
Err codemadness.org 70 i 51870

Err codemadness.org 70 i 51871

Err codemadness.org 70 i 51872
You can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.
Err codemadness.org 70 i 51873

Err codemadness.org 70 i 51874

Err codemadness.org 70 i 51875

###An annotated look at a NetBSD Pinebook’s startup

Err codemadness.org 70 i 51876

Pinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.
Photo
Pinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.
NetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:
Pinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.
The A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.
The interrupt controller is a standard ARM GIC-400 design.
Clock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).

Err codemadness.org 70 i 51886

# sysctl hw.clk.sun50ia64ccu0.mmc2	Err	codemadness.org	70
i 51887 hw.clk.sun50ia64ccu0.mmc2.rate = 200000000	Err	codemadness.org	70
i 51888 hw.clk.sun50ia64ccu0.mmc2.parent = pllperiph02x	Err	codemadness.org	70
i 51889 hw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0	Err	codemadness.org	70
i 51890

Err codemadness.org 70 i 51891

Err codemadness.org 70 i 51892

Digital Ocean
Err codemadness.org 70 i 51893 http://do.co/bsdnow

Err codemadness.org 70 i 51894

###BSDCan 2018 Trip Report: Mark Johnston

Err codemadness.org 70 i 51895

Err codemadness.org 70 i 51896
BSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD. While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences. In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.
Err codemadness.org 70 i 51897 As is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak. This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up. In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM. Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform. POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.
Err codemadness.org 70 i 51898 Wednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper. Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule. The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election. Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.
Err codemadness.org 70 i 51899 One side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality. With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.
Err codemadness.org 70 i 51900 After a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases. This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want). This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0. The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work. I’m hopeful that most, if not all of it, will make it into the release.
Err codemadness.org 70 i 51901 After lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS. Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL. Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing. While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9). I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.
Err codemadness.org 70 i 51902 Friday and Saturday were, of course, taken up by BSDCan talks. Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change. The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve. Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards. While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround. This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds. After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace. After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD. After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time. Finally, I continued my debugging session from Wednesday with help from a couple of other developers.
Err codemadness.org 70 i 51903 Saturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year. As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.
Err codemadness.org 70 i 51904 At the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity. I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get. At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.
Err codemadness.org 70 i 51905

Err codemadness.org 70 i 51906

Thanks to Mark for sharing his experiences at this years BSDCan

Err codemadness.org 70 i 51909

Err codemadness.org 70 i 51910

##News Roundup
Err codemadness.org 70 i 51911 Transparent network audio with mpd & sndiod

Err codemadness.org 70 i 51912

Err codemadness.org 70 i 51913
Landry Breuil (landry@ when wearing his developer hat) wrote in…
Err codemadness.org 70 i 51914

Err codemadness.org 70 i 51915

I've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…	Err	codemadness.org	70
i 51916 	Err	codemadness.org	70
i 51917 audio_output {	Err	codemadness.org	70
i 51918        type            "sndio"	Err	codemadness.org	70
i 51919        name            "Local speakers"	Err	codemadness.org	70
i 51920        mixer_type      "software"	Err	codemadness.org	70
i 51921 }	Err	codemadness.org	70
i 51922 audio_output {	Err	codemadness.org	70
i 51923        type            "httpd"	Err	codemadness.org	70
i 51924        name            "HTTP stream"	Err	codemadness.org	70
i 51925        mixer_type      "software"	Err	codemadness.org	70
i 51926        encoder         "vorbis"	Err	codemadness.org	70
i 51927        port            "8000"	Err	codemadness.org	70
i 51928        format          "44100:16:2"	Err	codemadness.org	70
i 51929 }	Err	codemadness.org	70
i 51930 this setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:	Err	codemadness.org	70
i 51931 	Err	codemadness.org	70
i 51932 a distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay	Err	codemadness.org	70
i 51933 sometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted	Err	codemadness.org	70
i 51934 i need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)	Err	codemadness.org	70
i 51935 it's not that elegant to reencode the stream, and it wastes cpu cycles	Err	codemadness.org	70
i 51936 So the current scheme is:	Err	codemadness.org	70
i 51937 	Err	codemadness.org	70
i 51938 mpd -> http output -> network -> mplayer -> sndiod on remote machine	Err	codemadness.org	70
i 51939 |	Err	codemadness.org	70
i 51940 -> sndio output -> sndiod on soundserver	Err	codemadness.org	70
i 51941 Fiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).	Err	codemadness.org	70
i 51942 	Err	codemadness.org	70
i 51943 So in the end, it's super easy to:	Err	codemadness.org	70
i 51944 	Err	codemadness.org	70
i 51945 enable network support in sndio on the remote machine i want the audio to play by adding -L<local ip> to sndiod_flags (i have two audio devices, with an input coming from the webcam):	Err	codemadness.org	70
i 51946 sndiod_flags="-L10.246.200.10 -f rsnd/0 -f rsnd/1"	Err	codemadness.org	70
i 51947 open pf on port 11025 from the sound server ip:	Err	codemadness.org	70
i 51948 pass in proto tcp from 10.246.200.1 to any port 11025	Err	codemadness.org	70
i 51949 configure a new output in mpd:	Err	codemadness.org	70
i 51950 audio_output {	Err	codemadness.org	70
i 51951        type            "sndio"	Err	codemadness.org	70
i 51952        name            "sndio on renton"	Err	codemadness.org	70
i 51953        device          "snd@10.246.200.10/0"	Err	codemadness.org	70
i 51954        mixer_type      "software"	Err	codemadness.org	70
i 51955 }	Err	codemadness.org	70
i 51956 and enable the new output in mpd:	Err	codemadness.org	70
i 51957 $mpc enable 2	Err	codemadness.org	70
i 51958 Output 1 (Local speakers) is disabled	Err	codemadness.org	70
i 51959 Output 2 (sndio on renton) is enabled	Err	codemadness.org	70
i 51960 Output 3 (HTTP stream) is disabled	Err	codemadness.org	70
i 51961 Results in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.	Err	codemadness.org	70
i 51962 	Err	codemadness.org	70
i 51963 mpd -> sndio output 2 -> network -> sndiod on remote machine	Err	codemadness.org	70
i 51964 |	Err	codemadness.org	70
i 51965 -> sndio output 1 -> sndiod on soundserver	Err	codemadness.org	70
i 51966 Thanks ratchov@ for sndiod :)	Err	codemadness.org	70
i 51967

Err codemadness.org 70 i 51968

Err codemadness.org 70 i 51969

###MirBSD’s Korn Shell on Plan9 Jehanne

Err codemadness.org 70 i 51970

Err codemadness.org 70 i 51971
Let start by saying that I’m not really a C programmer.
Err codemadness.org 70 i 51972 My last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.
Err codemadness.org 70 i 51973 So while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.
Err codemadness.org 70 i 51974 This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.
Err codemadness.org 70 i 51975 So I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.
Err codemadness.org 70 i 51976 I approached MirBSD’s Korn Shell for several reason:
Err codemadness.org 70 i 51977

Err codemadness.org 70 i 51978

it is simple, powerful and well written
it has been ported to several different operating systems
it has few dependencies
it’s the default shell in Android, so it’s really battle tested

Err codemadness.org 70 i 51984

Err codemadness.org 70 i 51985
I was very confident. I had read the POSIX standard after all! And I had a test suite!
Err codemadness.org 70 i 51986 I remember, I thought “Given newlib, how hard can it be?”
Err codemadness.org 70 i 51987 The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.
Err codemadness.org 70 i 51988 Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!
Err codemadness.org 70 i 51989

Err codemadness.org 70 i 51990

Err codemadness.org 70 i 51991

iXsystems

Err codemadness.org 70 i 51992

###Static site generator with rsync and lowdown on OpenBSD

Err codemadness.org 70 i 51993

Err codemadness.org 70 i 51995
ssg is a tiny POSIX-compliant shell script with few dependencies:
Err codemadness.org 70 i 51996
Err codemadness.org 70 i 51998
lowdown(1) to parse markdown,
Err codemadness.org 70 i 51999
Err codemadness.org 70 i 52001
rsync(1) to copy temporary files, and
Err codemadness.org 70 i 52002
Err codemadness.org 70 i 52004
entr(1) to watch file changes.
Err codemadness.org 70 i 52005
Err codemadness.org 70 i 52007
It generates Markdown articles to a static website.
Err codemadness.org 70 i 52008
Err codemadness.org 70 i 52010
It copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first <h1> tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/
Err codemadness.org 70 i 52011

Err codemadness.org 70 i 52013

Err codemadness.org 70 i 52014
Why not Jekyll or “$X”?
Err codemadness.org 70 i 52015

Err codemadness.org 70 i 52016

ssg is one hundred times smaller than Jekyll.

Err codemadness.org 70 i 52019

Err codemadness.org 70 i 52020
ssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.
Err codemadness.org 70 i 52021 Obviously, ssg is tailored for my needs, it has all features I need and only those I use.
Err codemadness.org 70 i 52022 Keeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.
Err codemadness.org 70 i 52023

Err codemadness.org 70 i 52024

Performance

Err codemadness.org 70 i 52027

Err codemadness.org 70 i 52028
100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained. ;)
Err codemadness.org 70 i 52029

Err codemadness.org 70 i 52030

Err codemadness.org 70 i 52031

###Why does FreeBSD have virtually no (0%) desktop market share?

Err codemadness.org 70 i 52032

Because someone made a horrible design decision back in 1984.

Err codemadness.org 70 i 52035

Err codemadness.org 70 i 52036
In absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.
Err codemadness.org 70 i 52037

Err codemadness.org 70 i 52038

Why and what.

Err codemadness.org 70 i 52041

Err codemadness.org 70 i 52042
The decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.
Err codemadness.org 70 i 52043 At the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.
Err codemadness.org 70 i 52044 Mostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.
Err codemadness.org 70 i 52045 So a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.
Err codemadness.org 70 i 52046

Err codemadness.org 70 i 52047

The ramifications of this were pretty staggering.

Err codemadness.org 70 i 52050

Err codemadness.org 70 i 52051
First, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.
Err codemadness.org 70 i 52052 Despite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.
Err codemadness.org 70 i 52053 Second, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.
Err codemadness.org 70 i 52054 But, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.
Err codemadness.org 70 i 52055

Err codemadness.org 70 i 52056

Between these early decisions reigned chaos.

Err codemadness.org 70 i 52059

Err codemadness.org 70 i 52060
Specifically, the consequences of these decisions have been with us ever since:
Err codemadness.org 70 i 52061 Look-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.
Err codemadness.org 70 i 52062 You could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.
Err codemadness.org 70 i 52063 Window management style is a preference.
Err codemadness.org 70 i 52064 You could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.
Err codemadness.org 70 i 52065 In other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.
Err codemadness.org 70 i 52066 Both of these ultimately render an X-based system unsuitable for desktops.
Err codemadness.org 70 i 52067 I can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.
Err codemadness.org 70 i 52068

Err codemadness.org 70 i 52069

Is there hope for the future?

Err codemadness.org 70 i 52072

Err codemadness.org 70 i 52073
Well, the Linux community has been working on something called Wayland, and it is very promising…
Err codemadness.org 70 i 52074 …In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.
Err codemadness.org 70 i 52075 So Wayland is screwing up again.
Err codemadness.org 70 i 52076 But hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.
Err codemadness.org 70 i 52077 Maybe if we try again in 2037, we can get to where Windows was in 1995.
Err codemadness.org 70 i 52078

Err codemadness.org 70 i 52079

Err codemadness.org 70 i 52080

##Beastie Bits

Err codemadness.org 70 i 52081

New washing machine comes with 7 pages of open source licenses!
BSD Jobs Site
FreeBSD Foundation Update, May 2018
FreeBSD Journal looking for book reviewers
zedenv ZFS Boot Environment Manager

Err codemadness.org 70 i 52088

Err codemadness.org 70 i 52089

Tarsnap

Err codemadness.org 70 i 52090

##Feedback/Questions

Err codemadness.org 70 i 52091

Wouter - Feedback
Efraim - OS Suggestion
kevr - Raspberry Pi2/FreeBSD/Router on a Stick
Vanja - Interview Suggestion

Err codemadness.org 70 i 52097

Err codemadness.org 70 i 52098

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 52101

Episode 252: Goes to 11.2 | BSD Now 252

Allan Jude — Thu, 28 Jun 2018 00:00:00 -0700

FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report. Err codemadness.org 70 i 52776

##Headlines
Err codemadness.org 70 i 52777 FreeBSD 11.2-RELEASE Available

Err codemadness.org 70 i 52778

FreeBSD 11.2 was released today (June 27th) and is ready for download
Highlights:

Err codemadness.org 70 i 52782

Err codemadness.org 70 i 52783
OpenSSH has been updated to version 7.5p1.
Err codemadness.org 70 i 52784 OpenSSL has been updated to version 1.0.2o.
Err codemadness.org 70 i 52785 The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.
Err codemadness.org 70 i 52786 The libarchive(3) library has been updated to version 3.3.2.
Err codemadness.org 70 i 52787 The libxo(3) library has been updated to version 0.9.0.
Err codemadness.org 70 i 52788 Major Device driver updates to:
Err codemadness.org 70 i 52789

Err codemadness.org 70 i 52790

cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6
ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k
ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags

Err codemadness.org 70 i 52795

Err codemadness.org 70 i 52796
New drivers:
Err codemadness.org 70 i 52797 + drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.
Err codemadness.org 70 i 52798

Err codemadness.org 70 i 52799

mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs
ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters
smartpqi(4) – HP Gen10 Smart Array Controller Family

Err codemadness.org 70 i 52804

Err codemadness.org 70 i 52805
The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs
Err codemadness.org 70 i 52806 The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.
Err codemadness.org 70 i 52807 The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used
Err codemadness.org 70 i 52808 The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.
Err codemadness.org 70 i 52809 The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’
Err codemadness.org 70 i 52810 The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID
Err codemadness.org 70 i 52811 The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).
Err codemadness.org 70 i 52812 The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.
Err codemadness.org 70 i 52813 The dwatch(1) utility has been introduced
Err codemadness.org 70 i 52814 The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.
Err codemadness.org 70 i 52815 The etdump(1) utility has been added, which is used to view El Torito boot catalog information.
Err codemadness.org 70 i 52816 The linux(4) ABI compatibility layer has been updated to include support for musl consumers.
Err codemadness.org 70 i 52817 The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior
Err codemadness.org 70 i 52818 Support for virtio_console(4) has been added to bhyve(4).
Err codemadness.org 70 i 52819 The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.
Err codemadness.org 70 i 52820

Err codemadness.org 70 i 52821

In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on: Err codemadness.org 70 i 52823
- Amazon EC2
- Google Compute Engine
- Hashicorp/Atlas Vagrant
- Microsoft Azure
Err codemadness.org 70 i 52829
In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for: Err codemadness.org 70 i 52831
- GUMSTIX
- BANANAPI
- BEAGLEBONE
- CUBIEBOARD
- CUBIEBOARD2
- CUBOX-HUMMINGBOARD
- RASPBERRY PI 2
- PANDABOARD
- WANDBOARD
Err codemadness.org 70 i 52842
Full Release Notes

Err codemadness.org 70 i 52845

Err codemadness.org 70 i 52846

###Setting up an MTA Behind Tor

Err codemadness.org 70 i 52847

Err codemadness.org 70 i 52848
This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).
Err codemadness.org 70 i 52849

Err codemadness.org 70 i 52850

Err codemadness.org 70 i 52851
Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.
Err codemadness.org 70 i 52852

Err codemadness.org 70 i 52853

Err codemadness.org 70 i 52854
The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.
Err codemadness.org 70 i 52855

Err codemadness.org 70 i 52856

Err codemadness.org 70 i 52858
Requirements:
Err codemadness.org 70 i 52859
Err codemadness.org 70 i 52861
A fully Tor-ified network
Err codemadness.org 70 i 52862
Err codemadness.org 70 i 52864
HardenedBSD as the operating system
Err codemadness.org 70 i 52865
Err codemadness.org 70 i 52867
A server (or VM) running HardenedBSD behind the fully Tor-ified network.
Err codemadness.org 70 i 52868
Err codemadness.org 70 i 52870
/usr/ports is empty
Err codemadness.org 70 i 52871
Err codemadness.org 70 i 52873
Or is already pre-populated with the HardenedBSD Ports tree
Err codemadness.org 70 i 52874
Err codemadness.org 70 i 52876
Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.
Err codemadness.org 70 i 52877

Err codemadness.org 70 i 52879

Err codemadness.org 70 i 52880
Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.
Err codemadness.org 70 i 52881

Err codemadness.org 70 i 52882

Err codemadness.org 70 i 52883
On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.
Err codemadness.org 70 i 52884

Err codemadness.org 70 i 52885

Steps
Installation
Generating Cryptographic Key Material
Tor Configuration
OpenSMTPD Configuration
Dovecot Configuration
Testing your configuration
Optional: Webmail Access

Err codemadness.org 70 i 52895

Err codemadness.org 70 i 52896

iXsystems
Err codemadness.org 70 i 52897 https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec
Err codemadness.org 70 i 52898 https://www.ixsystems.com/blog/self-2018-recap/

Err codemadness.org 70 i 52899

###Running pfSense on a Digital Ocean Droplet

Err codemadness.org 70 i 52900

Err codemadness.org 70 i 52901
I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy <enter brand name fw appliance here> for a pfSense setup on a decent hardware.
Err codemadness.org 70 i 52902

Err codemadness.org 70 i 52903

Err codemadness.org 70 i 52904
I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.
Err codemadness.org 70 i 52905 <shameless plug: head over to JupiterBroadcasting.com, the best technology content out there, they have coupon codes to get you started with DO>.
Err codemadness.org 70 i 52906

Err codemadness.org 70 i 52907

Err codemadness.org 70 i 52908
Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.
Err codemadness.org 70 i 52909

Err codemadness.org 70 i 52910

Err codemadness.org 70 i 52911
Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):
Err codemadness.org 70 i 52912

Err codemadness.org 70 i 52913

Err codemadness.org 70 i 52914
There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.
Err codemadness.org 70 i 52915

Err codemadness.org 70 i 52916

One note though, before we wrap up:

Err codemadness.org 70 i 52919

Err codemadness.org 70 i 52920
You have two ways to initiate the initial setup wizard of the web-configurator:
Err codemadness.org 70 i 52921 Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses.
Err codemadness.org 70 i 52922 or
Err codemadness.org 70 i 52923 Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.
Err codemadness.org 70 i 52924 Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do <enter scary thing here>.
Err codemadness.org 70 i 52925

Err codemadness.org 70 i 52926

Err codemadness.org 70 i 52927
I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.
Err codemadness.org 70 i 52928

Err codemadness.org 70 i 52929

Err codemadness.org 70 i 52930
Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.
Err codemadness.org 70 i 52931 Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.
Err codemadness.org 70 i 52932

Err codemadness.org 70 i 52933

Err codemadness.org 70 i 52934

##News Roundup
Err codemadness.org 70 i 52935 One year of C

Err codemadness.org 70 i 52936

Err codemadness.org 70 i 52937
It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.
Err codemadness.org 70 i 52938

Err codemadness.org 70 i 52939

Err codemadness.org 70 i 52940
In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.
Err codemadness.org 70 i 52941

Err codemadness.org 70 i 52942

Err codemadness.org 70 i 52943
Here are all the github projects I wrote in C:
Err codemadness.org 70 i 52944

Err codemadness.org 70 i 52945

sokol: a slowly growing set of platform-abstraction headers
sokol-samples - examples for Sokol
chips - 8-bit chip emulators
chips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)

Err codemadness.org 70 i 52951

Err codemadness.org 70 i 52952
All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.
Err codemadness.org 70 i 52953

Err codemadness.org 70 i 52954

Err codemadness.org 70 i 52955
So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).
Err codemadness.org 70 i 52956

Err codemadness.org 70 i 52957

Err codemadness.org 70 i 52959
Here’s a few things I learned:
Err codemadness.org 70 i 52960
Err codemadness.org 70 i 52962
Pick the right language for a problem
Err codemadness.org 70 i 52963
Err codemadness.org 70 i 52965
C is a perfect match for WebAssembly
Err codemadness.org 70 i 52966
Err codemadness.org 70 i 52968
C99 is a huge improvement over C89
Err codemadness.org 70 i 52969
Err codemadness.org 70 i 52971
The dangers of pointers and explicit memory management are overrated
Err codemadness.org 70 i 52972
Err codemadness.org 70 i 52974
Less Boilerplate Code
Err codemadness.org 70 i 52975
Err codemadness.org 70 i 52977
Less Language Feature ‘Anxiety’
Err codemadness.org 70 i 52978
Err codemadness.org 70 i 52980
Conclusion
Err codemadness.org 70 i 52981

Err codemadness.org 70 i 52983

Err codemadness.org 70 i 52984
All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon.
Err codemadness.org 70 i 52985

Err codemadness.org 70 i 52986

Err codemadness.org 70 i 52987
I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).
Err codemadness.org 70 i 52988

Err codemadness.org 70 i 52989

Err codemadness.org 70 i 52990

###Configuring OpenBGPD to announce VM’s virtual networks

Err codemadness.org 70 i 52991

Err codemadness.org 70 i 52992
We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.
Err codemadness.org 70 i 52993

Err codemadness.org 70 i 52994

Err codemadness.org 70 i 52995
My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.
Err codemadness.org 70 i 52996

Err codemadness.org 70 i 52997

Err codemadness.org 70 i 52998
I’ve installed openbgpd on both hosts and configured it like this:
Err codemadness.org 70 i 52999

Err codemadness.org 70 i 53000

vmhost: /usr/local/etc/bgpd.conf	Err	codemadness.org	70
i 53001 AS 65002	Err	codemadness.org	70
i 53002 router-id 192.168.87.48	Err	codemadness.org	70
i 53003 fib-update no	Err	codemadness.org	70
i 53004 network 10.0.1.1/24	Err	codemadness.org	70
i 53005 neighbor 192.168.87.41 {	Err	codemadness.org	70
i 53006     descr "desktop"	Err	codemadness.org	70
i 53007     remote-as 65001	Err	codemadness.org	70
i 53008 }	Err	codemadness.org	70
i 53009

Err codemadness.org 70 i 53010

Err codemadness.org 70 i 53011
Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:
Err codemadness.org 70 i 53012

Err codemadness.org 70 i 53013

desktop: /usr/local/etc/bgpd.conf	Err	codemadness.org	70
i 53014 AS 65001	Err	codemadness.org	70
i 53015 router-id 192.168.87.41	Err	codemadness.org	70
i 53016 fib-update yes	Err	codemadness.org	70
i 53017 neighbor 192.168.87.48 {                                                                                                                                                                                           	Err	codemadness.org	70
i 53018         descr "vmhost"                                                                                                                                                                                             	Err	codemadness.org	70
i 53019         remote-as 65002                                                                                                                                                                                            	Err	codemadness.org	70
i 53020 }	Err	codemadness.org	70
i 53021

Err codemadness.org 70 i 53022

Err codemadness.org 70 i 53023
It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:
Err codemadness.org 70 i 53024

Err codemadness.org 70 i 53025

/etc/rc.conf.local	Err	codemadness.org	70
i 53026 openbgpdenable="YES"	Err	codemadness.org	70
i 53027

Err codemadness.org 70 i 53028

Conclusion

Err codemadness.org 70 i 53031

Err codemadness.org 70 i 53032
As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.
Err codemadness.org 70 i 53033

Err codemadness.org 70 i 53034

Err codemadness.org 70 i 53035
As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.
Err codemadness.org 70 i 53036

Err codemadness.org 70 i 53037

Err codemadness.org 70 i 53038

Digital Ocean

Err codemadness.org 70 i 53039

###The Power to Serve

Err codemadness.org 70 i 53040

Err codemadness.org 70 i 53041
All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.
Err codemadness.org 70 i 53042

Err codemadness.org 70 i 53043

Err codemadness.org 70 i 53044
I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:
Err codemadness.org 70 i 53045

Err codemadness.org 70 i 53046

Rent some cloud based services or
DIY (Do IT Yourself) on premise

Err codemadness.org 70 i 53050

Err codemadness.org 70 i 53051
Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.
Err codemadness.org 70 i 53052

Err codemadness.org 70 i 53053

Err codemadness.org 70 i 53054
One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.
Err codemadness.org 70 i 53055

Err codemadness.org 70 i 53056

Err codemadness.org 70 i 53057
FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.
Err codemadness.org 70 i 53058

Err codemadness.org 70 i 53059

Err codemadness.org 70 i 53060
If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.
Err codemadness.org 70 i 53061

Err codemadness.org 70 i 53062

Err codemadness.org 70 i 53063
FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.
Err codemadness.org 70 i 53064

Err codemadness.org 70 i 53065

Err codemadness.org 70 i 53066
June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.
Err codemadness.org 70 i 53067

Err codemadness.org 70 i 53068

Err codemadness.org 70 i 53069

###Dave’s BSDCan trip report

Err codemadness.org 70 i 53070

So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.

Err codemadness.org 70 i 53073

Err codemadness.org 70 i 53074
Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018.
Err codemadness.org 70 i 53075 This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.
Err codemadness.org 70 i 53076 Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.
Err codemadness.org 70 i 53077 Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!
Err codemadness.org 70 i 53078 The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.
Err codemadness.org 70 i 53079 The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.
Err codemadness.org 70 i 53080 With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.
Err codemadness.org 70 i 53081 I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.
Err codemadness.org 70 i 53082 The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!
Err codemadness.org 70 i 53083 After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.
Err codemadness.org 70 i 53084 I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!
Err codemadness.org 70 i 53085 Regards,
Err codemadness.org 70 i 53086 Dave (aka m0nkey)
Err codemadness.org 70 i 53087

Err codemadness.org 70 i 53088

Thanks to Dave for sharing his experiences with us and our viewers

Err codemadness.org 70 i 53091

Err codemadness.org 70 i 53092

##Beastie Bits

Err codemadness.org 70 i 53093

Robert Watson (from 2008) on how much FreeBSD is in Mac OS X
Why Intel Skylake CPUs are sometimes 50% slower than older CPUs
Kristaps Dzonsons is looking for somebody to maintain this as mentioned at this link
camcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive
32+ great indie games now playable on OpenBSD -current; 7 currently on sale!
Warsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw

Err codemadness.org 70 i 53101

Tarsnap

Err codemadness.org 70 i 53102

##Feedback/Questions

Err codemadness.org 70 i 53103

Ron - Adding a disk to ZFS
Marshall - zfs question
Thomas - Allan, the myth perpetuator
Ross - ZFS IO stats per dataset

Err codemadness.org 70 i 53109

Err codemadness.org 70 i 53110

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Err codemadness.org 70 i 53113