Lazy Reading for 2018/10/14

A good, oddball week.

Your unrelated comics link of the week: Draculagate, a book funded by Kickstarter.  Watch the video.

 

DragonFly, Cygwin, and PuTTY

To add to my ongoing slow fiddle with DragonFly: I’ve noted how to install in Hyper-V, and how to use Cygwin to connect to run X.  Here’s another step: if you are using PuTTY/Pageant, as I am, and want to connect, Cygwin/X needs to be told to listen on TCP.  Find your /usr/bin/startxwin file in Cygwin and change serverargs to:

serverargs=”-listen tcp”

And then in PuTTY, under Connection -> Session -> X11, check “Enable X11 forwarding”, set X display location to “:0.0”, and locate your .Xauthority file.  It will be in your user’s Cygwin home directory.  (tips found here)

plink can be used to create shortcuts – open an xterm directly into your DragonFly VM from your Windows desktop, for instance, with a shortcut that runs ‘plink <sessionname> xterm’.

If you are running a slightly newer version of Windows and aren’t trying to accommodate a ‘legacy’ PuTTY install, using Windows Subsystem for Linux may work better; I have not yet tried.

DragonFly on Hyper-V, locally

For the future edification of others: I mentioned I installed DragonFly under Hyper-V on a Windows 10 laptop.  I wanted to be able to open a terminal on DragonFly while in my Windows environment.  I have that now; here’s what I did:

  • Installed DragonFly in Hyper-V (see my prior install notes)
  • Installed xorg on DragonFly.  (pkg install xorg)
  • Installed Cygwin/X on Windows 10 – specifically, the xauth, xorg, xterm, xclock, cygutils-x11, and openssh packages.
  • In DragonFly, set these items in /etc/ssh/sshd_config :
    • X11Forwarding Yes
    • X11DisplayOffset 0
    • XAuthLocation /usr/local/bin/xauth
  • Run XWin Server on Windows 10.
  • Run CygWin64 Terminal on Windows 10
    • export DISPLAY=:0.0
    • ssh -Y (address of DragonFly host)
    • Once logged in, type ‘xterm’.

At this point, a terminal window should pop up on your Windows machine, showing your DragonFly username@hostname as the prompt.  You are set!

Next steps – getting this working with PuTTY, Pageant, and Plink.

Hyper-V and DragonFly

I tried Hyper-V, and of course, I had to install a virtual DragonFly system.  Sascha Wildner very helpfully pointed out that DragonFly on Hyper-V requires a legacy network adapter and a gen-1 image type; both changes you can make during initial setup.  I’m noting it here for the benefit of future people walking down the same path.

Note: pick ‘legacy BIOS’ during the actual DragonFly install, too.

Make upgrade, then make rescue

If you haven’t done it before, you can use ‘make rescue’ to build a tiny base system on DragonFly, for use when /usr goes missing, for when your disk is encrypted, and other rather catastrophic problems.  It should be in sync with the rest of the system, which is why ‘make rescue’ can be part of a buildworld process.  I’m mentioning this because currently, ‘make upgrade’ should be done first.

Lazy Reading for 2018/07/22

History for a theme, I guess?  It’s a random week.

Your Cyriak video of the month: Indigestion.

SSH keys and making your life easier

A tip for anyone using public keys in SSH: you can start up your xorg session using ssh-agent and then have all subsequent connections be authorized by the agent, saving you some hassle of password typing, etc.  Put this in your ~/.xinitrc :

eval `/usr/bin/ssh-agent -c`
(insert line to start up your window manager here)
/bin/kill $SSH_AGENT_PID

(Yoinked from Matthew Dillon on IRC)  Realistically, you should also lock your terminal or otherwise prevent physical access to any workstation where you do this, since it means immediate SSH access to other systems using your identity, for anyone touching that keyboard.

If you’re using Windows, there’s always Pageant.

mkinitrd out, initrd in

There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.

Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations.  See the commit message for more detail.  It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it.  (See updated MOTD for details)

In Other BSDs for 2017/06/02

One of these links will be very useful to someone.

CVE-2018-8897 fix in, more Spectre fixes for DragonFly

A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly.  THis applies to both Intel and AMD processors.  I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.

Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state.  The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.

Update: update.

In Other BSDs for 2018/04/21

Opinion time: The Reddit / Hacker News forums have reached the anything/everything point where there’s no longer a focus.  Lobste.rs is worth visiting, though, for BSD content and in general.