Aaron LI has been making a significant number of changes to the tap(4) and tun(4) interfaces, which he recently summarized. As his summary notes, you can now create and destroy tun devices. This will be very useful for some IPv6 and probably also VPN users. There’s some new sysctls, and corresponding man page updates.
Remember the upgrade for dragonflybsd.org machines? It completed, and it’s interesting to see that SSDs have become so easily available that “spinning rust” hard disk drives are only still useful for bulk storage, and even then probably not for much longer.
Another neat side effect: disk usage on developer system leaf.dragonflybsd.org was cut in half, thanks to HAMMER2 dedup/compression. It’s a ‘free’ half-terabyte.
Aaron LI continues to add to initrd(7): it now has scp, grep, diff, telnet, and 70 (!) more tools, bringing the total to over 200. That’s a lot for a “minimal” rescue image.
Various machines in dragonflybsd.org are getting hardware upgrades this week. They aren’t time-consuming, so I daresay it won’t have much effect on uptime.
The article I linked yesterday about Ravenports got me wondering about what package are most popular. avalon.dragonflybsd.org is the default binary package archive for pkg, and it has httpd logs back to 2013, so I collated some information.
I read out a list of packages, and weighed them according to how recently they were downloaded. I also mushed together all the py/ruby/p5/php numbered packages, and excluded lib*.
After all that… there’s a lot of noise. One install of any desktop environment pulls in hundreds of packages automatically, so it’s hard to tell what’s installed by a human and what’s installed by dependency. That being said, here’s some highlights. This is me applying an arbitrary value and then arbitrarily snipping out a list… but it’s fun to see if nothing else.
18596 python27
13564 xorg-server
13499 perl5
13391 xterm
12098 xorg
8512 cups
8453 bash
8389 ffmpeg
8367 spidermonkey170
7884 python
7432 firefox
6997 sudo
6896 bind-tools
6702 openldap-client
5651 nano
5529 xfce4-conf
5052 xfce
4663 ruby
4447 vim
3133 tmux
2578 chromium
2248 zsh
2175 samba44
2132 python36
2007 mate-desktop
1765 mysql56-client
1699 fluxbox
1690 vim-lite
1517 CoinMP
1407 openjdk8
1395 samba46
1384 lumina
1367 kde
1355 mpg123
1353 spidermonkey24
1340 vlc
1338 thunderbird
1329 wpa_supplicant
1252 firebird25-client
1164 gimp
1103 zip
1083 youtube_dl
1044 php
941 freerdp
931 mercurial
927 lynx
866 evolution
848 gnome3
845 openjdk
842 openbox
842 epiphany
799 nmap
798 go
796 mutt
796 gnuchess
743 apache24
726 rxvt-unicode
722 irssi
652 firefox-esr
652 htop
649 rust
619 smartmontools
575 fvwm
529 windowmaker
477 openvpn
472 synth
451 fish
406 npm
403 inkscape
402 enlightenment
367 firefox-i18n
351 dwm
347 neovim
341 R
339 emacs25
320 emacs
320 unbound
312 tor
310 lua
300 cinnamon
300 wireshark
282 netcat
272 pidgin
258 postfix
258 joe
252 GraphicsMagick
251 dillo
249 icewm
242 mosh
236 rtorrent
225 weechat
219 audacious
218 smtube
216 calibre
190 xmms
187 pdksh
184 redis
184 openssh-portable
183 tk85
173 rdesktop
172 nedit
164 terminator
161 fetchmail
160 KeePassX
156 dnsmasq
eerielinux has written an exploratory article about Ravenports. It’s worth a read; Ravenports has been growing actively. You can install it in parallel with dports on DragonFly, or on a number of other operating systems.
A tip for anyone using public keys in SSH: you can start up your xorg session using ssh-agent and then have all subsequent connections be authorized by the agent, saving you some hassle of password typing, etc. Put this in your ~/.xinitrc :
eval `/usr/bin/ssh-agent -c` (insert line to start up your window manager here) /bin/kill $SSH_AGENT_PID
(Yoinked from Matthew Dillon on IRC) Realistically, you should also lock your terminal or otherwise prevent physical access to any workstation where you do this, since it means immediate SSH access to other systems using your identity, for anyone touching that keyboard.
If you’re using Windows, there’s always Pageant.
DragonFly-current, that is. Some newer multi-processor systems use X2APIC to boot, and DragonFly can now use it.
Lots of announcements, lots of reading. Note the first item listed is happening today.
- Book Fair, 23 June 2018. Michael W. Lucas is at the Scriptorium Book Fest today, in Michigan. Go if you are near and get a signed BSD book.
- Escape from System D, Episode V. Interesting cause it mentions BSD and interesting for spot-on characterization of Twitter/Hacker News feedback. (via)
- 25 years of FreeBSD. (via)
- NetBSD Summer of Code reports: libfuzzer, kernel address sanitizer, and kernel undefined behavior sanitizer.
- Valuable News 2018/06/17.
- FreeBSD Desktop, parts 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. I linked to a few of the early ones before, but I want to present a complete (so far) list.
- FreeBSD 11.2-RC3 Available.
- OPNsense 18.1.10 released.
- httpd(8) Gains Simple Request Rewrites.
- SMT Disabled by Default in -current.
- More Mitigations for (potential) CPU Vulnerabilities.
- LDAP client added to -current. This, or a similar LDAP client, should be present in all BSDs.
- KDE on FreeBSD – June 2018. 5 is almost working in DragonFly, too, by the way. (via)
- itch.io Summer Sale + General itch.io Feature.
- “what’s good in openbsd superior than freebsd?“
- HardenedBSD 11-STABLE v1100055.4 Released. (via)
- “Today I stumbled upon a BSD Wikipedia page. Why should I choose BSD over a Linux based distro?“
These would be ‘In Other BSD’ links, but this isn’t Other BSD – It’s DragonFly:
- Towards a HAMMER1 master/slave encrypted setup with LUKS.
- Intro, Installation, and Fun with Hammer2.
Mixed in with the other documentation on the DragonFly website is a “how to build a release” explanation. I use it every time there’s a new DragonFly version. If you were wanting to build a DragonFly ISO/IMG with changes or different preinstalled dports, I’ve added some notes about what’s relevant for non-release building.
We used to have “GUI” releases of DragonFly which were based on the nrelease process installing pkgsrc packages and adding some configuration files. It doesn’t happen now mostly because nobody has had the time to reconfigure for dports; if you were looking for a project this weekend, may I suggest…?
I’m pulling a quote off of IRC to show some of the testing on HAMMER2, specifically as the background for this commit:
14:22 <@dillon_> ^^^ hammer2 bug, could reproduce it around once a day doing a continuous rm -rf on hardlinked snapshots. reproduced about once every 500 million directory entries or so
I am somewhat tickled by the notion that you might have a problem after deleting half a billion directory entries.
I’ve tagged and built DragonFly 5.2.2. This is mostly so that our current release image includes the fixes for the LazyFP bug, CVE-2018-3665. My email to users@ has upgrade details.
DragonFly has had NX (Non-eXecutable) support for some time. It’s now on by default for read operations in DragonFly master – not the current release. You can step it up to level 2, for write operations, with a loader tunable, but it may cause issues with dports.
Matthew Dillon’s added some patches to DragonFly related to securing floating point state, following similar work in OpenBSD. There isn’t a reported catchy-name issue to match it, like Spectre/Meltdown – yet.
(If anyone has a good link to the similar OpenBSD commits, please share; I did not find them on a cursory search.)
Update: the fix is now in 5.2 and an update is recommended.
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
If you have a serial card add-in, DragonFly can now output the console to it – a way to run completely headless. It’s not quite like a normal on-motherboard serial port boot, so look at the commit notes for implementation details.
Bug reports are usually unexciting, but it’s always fun to see someone working through a new idea, especially when it’s something enabled by doing it on DragonFly.