A tip for anyone using public keys in SSH: you can start up your xorg session using ssh-agent and then have all subsequent connections be authorized by the agent, saving you some hassle of password typing, etc. Put this in your ~/.xinitrc :
eval `/usr/bin/ssh-agent -c`
(insert line to start up your window manager here)
(Yoinked from Matthew Dillon on IRC) Realistically, you should also lock your terminal or otherwise prevent physical access to any workstation where you do this, since it means immediate SSH access to other systems using your identity, for anyone touching that keyboard.
If you’re using Windows, there’s always Pageant.
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
One of these links will be very useful to someone.
A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly. THis applies to both Intel and AMD processors. I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.
Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state. The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.
Opinion time: The Reddit / Hacker News forums have reached the anything/everything point where there’s no longer a focus. Lobste.rs is worth visiting, though, for BSD content and in general.
Accidental theme this week: Social media is a dead end.
Your unrelated food link for the week: King Arthur test kitchen disasters. Summarized annually on April Fools Day, every year.
BSDNow 239 does not have an interview, but it does talk about using OpenBSD to prevent unwanted traffic out to the internet, plus a ‘poetic license’.
Aaron LI wrote a tool to update a running DragonFly system from an existing image – release or snapshot. I haven’t tried it yet, but it’s very promising. It’s up on Github so if this gets you excited, you know what to do.
Rimvydas Jasinskas created a loader.conf(5) hint that keeps various nata(4) devices from attaching during boot. This is super useful if it’s a device that screws up your boot process. and I think it’s also great if you get irritated having something in your dmesg every time about the device you never use, like a CDROM.
I’m sure this was needed by someone: morse(6) can now encode and decode Morse code, signified by . and – of course.
I say “one more” like I know when this saga will end. If you are using the devcpu-data port to update your processors, you’ll need to add
to your /etc/rc.conf, as Sepherosa Ziehau points out.
The regular maintenance scripts for HAMMER1 assume that it’s mounted at the time of cleanup. If you have them unmounted, they won’t go through that regular maintenance, but it’s easy enough to fix.
One side effect of Meltdown/Spectre are CPU microcode (firmware) updates. For future needs: sysutils/devcpu-data is the port that has the updates for Intel, and cpucontrol(8) is the program you run on DragonFly to add them.
I haven’t used this myself, yet, so I can’t tell you how necessary an immediate update could be – but you will probably want to use it soon.
Update: Newer CPUs might require this sizing change.
Update update: a better explanation of applying microcode updates. There’s new ones out, too. (via)
If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.
Update: step-by-step microcode fixes from Intel if you really want to trash your performance.
Note the non-profit link; that may be useful to you.
A minor bit of housekeeping: the archives page has been fixed up to correctly list all categories, and list posts grouped by month. So if you want to see what I posted under the roguelike category, or see what I posted in February 2011, you can. Post counts provided, too.
Syscons now holds 10 screens back, not 4. Every few years, I really, really need that.
I just wasted an hour trying to figure out why xorg had strange output but no errors on this laptop, and it’s because I had i915_load=”YES” in /boot/loader.conf instead of i915_load=”YES” in /etc/rc.conf. I’m almost nearly sure I’ve mentioned that before, but if not: here you go.
(though if you never plan to run X, you can put it in loader.conf and everything will just work.)
(Title updated for a more correct sentence)
Noted from this commit: if you are routing over IPv6 directly to another address, the sysctl net.inet6.icmp6.nd6_onlink_ns_rfc4861 must be set to 1.