Sascha Wildner has brought in the NetBSD version of mtree(8), as groundwork for some other changes. There’s little user effect at this point, but it’s worth being familiar with mtree as a tool. Take a look at the man page, especially the section on trojan horse detection under EXAMPLES.
New ena(4) driver for DragonFly
DragonFly now has a port of the ena(4) driver from FreeBSD. If you aren’t familiar with it, it’s the Elastic Network Adapter used for running on Amazon EC2. That link for the commit message points at several dports tools useful for anyone wanting to try the next logical step.
More DragonFly mirrors
I’ve been remiss in noting new DragonFly mirrors, so here’s the most recent: 4 new locations in Ecuador.
Lazy Reading for 2018/07/22
History for a theme, I guess? It’s a random week.
- 80s video game commercials, a hour of video. (via)
- Don’t do this either.
- When generating a random password, the result must still be a valid string.
- Hackaday Prize, now open.
- New apps for MS/DOS.
- Omnicalculator, every type of online calculator you can think of. (via)
- Browsh, a text-based web browser. Uses FireFox under the hood, so all you need to transmit locally is text. (via)
- WordTsar, a modern Wordstar clone. (via).
- How to handle emoji (in code). (via)
- Related: There’s more to HTML escaping than &, <, >, and “ (via)
- A few things I know about LISP Machines. (via)
- Digital life simplification. Not saying all these things are good ideas; some are relative luxuries. (via)
Your Cyriak video of the month: Indigestion.
More initrd additions
Aaron LI continues to add to initrd(7): it now has scp, grep, diff, telnet, and 70 (!) more tools, bringing the total to over 200. That’s a lot for a “minimal” rescue image.
SSH keys and making your life easier
A tip for anyone using public keys in SSH: you can start up your xorg session using ssh-agent and then have all subsequent connections be authorized by the agent, saving you some hassle of password typing, etc. Put this in your ~/.xinitrc :
eval `/usr/bin/ssh-agent -c` (insert line to start up your window manager here) /bin/kill $SSH_AGENT_PID
(Yoinked from Matthew Dillon on IRC) Realistically, you should also lock your terminal or otherwise prevent physical access to any workstation where you do this, since it means immediate SSH access to other systems using your identity, for anyone touching that keyboard.
If you’re using Windows, there’s always Pageant.
mkinitrd out, initrd in
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
In Other BSDs for 2017/06/02
One of these links will be very useful to someone.
- Join us, building a full OpenBSD mailserver. (via)
- Valuable News 2018/05/25.
- May 2018 Status Report: Cross-DSO CFI in HardenedBSD. (via)
- BSDJobs.com. (via)
- Research Positions – Aberdeen Scotland.
- NetBSD: a new version of the CDDL dtrace and ZFS code. (via)
- OpenBSD Kernel Internals — Creation of process from user-space to kernel space. (via)
- iXsystems Newsletter: The April 2018 Edition.
- OPNsense 18.1.9 released.
- OpenBSD’s httpd gets URL rewrite Not the final patch. (via)
- BSD: Networking Included. Some extremely useful tips in here for network troubleshooting. (via)
- Boot All the Things! (via)
CVE-2018-8897 fix in, more Spectre fixes for DragonFly
A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly. THis applies to both Intel and AMD processors. I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.
Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state. The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.
Update: update.
In Other BSDs for 2018/04/21
Opinion time: The Reddit / Hacker News forums have reached the anything/everything point where there’s no longer a focus. Lobste.rs is worth visiting, though, for BSD content and in general.
MAP_STACKStack Register Checking Committed to -current.- Nextcloud 13 on FreeBSD. (via)
- Run OpenBSD on your web server. (via)
- Introduction to HardenedBSD World. (via)
- MirBSD Korn Shell on Jehanne. (via)
- Distributed Object Storage with Minio on FreeBSD. (via)
- Open vSwitch Overview.
- How to do math on the Linux command line. Or BSD.
- IKEV2 EAP User name/Password client on *BSD.
- Taylor Campbell, new to netbsd-core.
- [on sale] Bioware, FTL, System Shock, and more. (OpenBSD Gaming, though it may extend to other BSDs.)
- BSD Magazine wants article feedback.
- OpenBSD router/firewall?
Lazy Reading for 2018/04/08
Accidental theme this week: Social media is a dead end.
- ViperCard – An open source re-creation and re-imagination of HyperCard. I… could have sworn I already linked to this but I can’t find it. (via)
- gokrazy – Go userland. Every language eventually reinvents the wheel this way. (via)
- The Game of Everything, Part 4: Civilization and Geography. First 3 parts linked last week.
- It’s Time for a RSS Revival. (via)
- Growth At Any Cost. Facebook is designed to take your data and give it to others. It will never not do that. Don’t participate.
- Cracks in the Wall. Blogging is better than social media, but of course I would say that. (via)
- And here’s some more reinforcement of that idea. (via)
- A 1970s disk drive that wouldn’t seek: getting our Xerox Alto running again. I like the platter shots.
- An oral history of the L0pht. Part 1, with subsequent parts linked. (via)
- The definitive resource for imagemagick scripts. I have needed this many times. (via)
- AlterEgo: A Personalized Wearable Silent Speech Interface. Neat but creepy creepy creepy from the illustations. (via)
- dotdrop, dotfile management. (via)
- Prince of Persia from Apple ][ to BBC Master. (via)
Your unrelated food link for the week: King Arthur test kitchen disasters. Summarized annually on April Fools Day, every year.
BSDNow 239: The Return to ptrace
BSDNow 239 does not have an interview, but it does talk about using OpenBSD to prevent unwanted traffic out to the internet, plus a ‘poetic license’.
Shell tool for updating DragonFly
Aaron LI wrote a tool to update a running DragonFly system from an existing image – release or snapshot. I haven’t tried it yet, but it’s very promising. It’s up on Github so if this gets you excited, you know what to do.
Loader hint to stop attachments
Rimvydas Jasinskas created a loader.conf(5) hint that keeps various nata(4) devices from attaching during boot. This is super useful if it’s a device that screws up your boot process. and I think it’s also great if you get irritated having something in your dmesg every time about the device you never use, like a CDROM.
morse(6) now encodes and decodes
I’m sure this was needed by someone: morse(6) can now encode and decode Morse code, signified by . and – of course.
One more microcode tip
I say “one more” like I know when this saga will end. If you are using the devcpu-data port to update your processors, you’ll need to add
microcode_update_enable="YES"
to your /etc/rc.conf, as Sepherosa Ziehau points out.
HAMMER1, mounted and unmounted cleanup
The regular maintenance scripts for HAMMER1 assume that it’s mounted at the time of cleanup. If you have them unmounted, they won’t go through that regular maintenance, but it’s easy enough to fix.
Microcode updates on DragonFly
One side effect of Meltdown/Spectre are CPU microcode (firmware) updates. For future needs: sysutils/devcpu-data is the port that has the updates for Intel, and cpucontrol(8) is the program you run on DragonFly to add them.
I haven’t used this myself, yet, so I can’t tell you how necessary an immediate update could be – but you will probably want to use it soon.
Update: Newer CPUs might require this sizing change.
Update update: a better explanation of applying microcode updates. There’s new ones out, too. (via)
More Meltdown fixes
If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.
Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware. There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.
Update: step-by-step microcode fixes from Intel if you really want to trash your performance.
In Other BSDs for 2018/01/06
Note the non-profit link; that may be useful to you.
- BSD on New Hardware.
- BSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer. (video)
- Moving bacula-sd into a FreeBSD jail.
- As noted here in a comment, you can name a BSD non-profit as a recipient of the ‘commission’ from Amazon purchases. Doesn’t cost you anything, or at least Amazon keeps that part of their pricing opaque.
- OpenBSD Workstation Guide. More hardware detail than I expected… and I really like the key storage idea. (via)
- Scripts to run an OpenBSD mirror, rsync and verify. (via)
- Best BSD for PowerPC machine?
- The LLVM Memory Sanitizer support work in progress. On NetBSD. (via)
- Linux Professional Institute and BSD Certification Group Join Efforts. (via)
- Thinking of joining Mastodon? Try bsd.network!
- Which BSD systems are affected by new Intel cpu bug?
- Meltdown, aka “Dear Intel, you suck”
- Every day a bug is embargoed is actually two days. Looking at it that way, the 48 hours it took Matt Dillon to patch DragonFly turned into 367 days – and it was Google/Intel’s decision to have it that way. (via)
- MWL’s 2017 Wrap-Up. Ironically, systemd is a moneymaker for him.