This week’s BSDNow has a lot of “You will not regret knowing this” material – ZFS performance measurement, 2FA SSH, and using Netcat in various ways.
A good, oddball week.
- Happy #CIDRDay!
- Exploring OmniOS in a VM.
- Endless amounts of Commodore 64 games, in-browser. (via many places)
- Dangit, I missed posting about the Roguelike Celebration. (via)
- Software Heritage, archiving code. (thanks, Siju)
- Classic computers in Lego. Cuter than I thought possible. (via)
- Spleen – Monospaced bitmap fonts. A teeny terminal font, working down to 5×8. Designed on OpenBSD? I don’t know the tools used. (thanks, Frederic)
- Engineered Arts, a company that builds robots for interaction. What a fun job to have! (via)
- Bellingcat’s Online Investigation Toolkit. (via)
- 2018 IFComp entries. (via)
- everything you ever wanted to know about terminals (via)
- Oddness: the zoneinfo file on your computer right now could be affected by Earth speeding up.
Your unrelated comics link of the week: Draculagate, a book funded by Kickstarter. Watch the video.
To add to my ongoing slow fiddle with DragonFly: I’ve noted how to install in Hyper-V, and how to use Cygwin to connect to run X. Here’s another step: if you are using PuTTY/Pageant, as I am, and want to connect, Cygwin/X needs to be told to listen on TCP. Find your /usr/bin/startxwin file in Cygwin and change serverargs to:
serverargs=”-listen tcp”
And then in PuTTY, under Connection -> Session -> X11, check “Enable X11 forwarding”, set X display location to “:0.0”, and locate your .Xauthority file. It will be in your user’s Cygwin home directory. (tips found here)
plink can be used to create shortcuts – open an xterm directly into your DragonFly VM from your Windows desktop, for instance, with a shortcut that runs ‘plink <sessionname> xterm’.
If you are running a slightly newer version of Windows and aren’t trying to accommodate a ‘legacy’ PuTTY install, using Windows Subsystem for Linux may work better; I have not yet tried.
For the future edification of others: I mentioned I installed DragonFly under Hyper-V on a Windows 10 laptop. I wanted to be able to open a terminal on DragonFly while in my Windows environment. I have that now; here’s what I did:
- Installed DragonFly in Hyper-V (see my prior install notes)
- Installed xorg on DragonFly. (pkg install xorg)
- Installed Cygwin/X on Windows 10 – specifically, the xauth, xorg, xterm, xclock, cygutils-x11, and openssh packages.
- In DragonFly, set these items in /etc/ssh/sshd_config :
- X11Forwarding Yes
- X11DisplayOffset 0
- XAuthLocation /usr/local/bin/xauth
- Run XWin Server on Windows 10.
- Run CygWin64 Terminal on Windows 10
- export DISPLAY=:0.0
- ssh -Y (address of DragonFly host)
- Once logged in, type ‘xterm’.
At this point, a terminal window should pop up on your Windows machine, showing your DragonFly username@hostname as the prompt. You are set!
Next steps – getting this working with PuTTY, Pageant, and Plink.
BSDNow 265 has a con report – the just-finished EuroBSDCon 2018 in Romania, plus the usual roundup of news items. One news item that will be useful someday: how to perform a BIOS update on a non-Windows computer.
I tried Hyper-V, and of course, I had to install a virtual DragonFly system. Sascha Wildner very helpfully pointed out that DragonFly on Hyper-V requires a legacy network adapter and a gen-1 image type; both changes you can make during initial setup. I’m noting it here for the benefit of future people walking down the same path.
Note: pick ‘legacy BIOS’ during the actual DragonFly install, too.
DragonFly’s root account defaults to tcsh, and that now defaults to autorehash being set on. Useful to remember if you reflexively type ‘rehash’ like I do, and also useful if you come from a shell where ‘rehash’ isn’t needed.
I’ve been linking to other parts of this, but now it’s on one page: “Zenripper“, talking about how to overclock/underclock a Threadripper system on DragonFly.
It turns out Threadripper (well, a Ryzen CPU) delivers good performance at relatively low power usage. As I sit in a room made too warm by a single desktop machine running, this lower wattage sounds pretty good to me.
tuning(7) had some updates from Matthew Dillon. It’s minor, as he says, but it’s such a useful man page I want to make sure people are reading it.
If you haven’t done it before, you can use ‘make rescue’ to build a tiny base system on DragonFly, for use when /usr goes missing, for when your disk is encrypted, and other rather catastrophic problems. It should be in sync with the rest of the system, which is why ‘make rescue’ can be part of a buildworld process. I’m mentioning this because currently, ‘make upgrade’ should be done first.
Sascha Wildner has brought in the NetBSD version of mtree(8), as groundwork for some other changes. There’s little user effect at this point, but it’s worth being familiar with mtree as a tool. Take a look at the man page, especially the section on trojan horse detection under EXAMPLES.
DragonFly now has a port of the ena(4) driver from FreeBSD. If you aren’t familiar with it, it’s the Elastic Network Adapter used for running on Amazon EC2. That link for the commit message points at several dports tools useful for anyone wanting to try the next logical step.
I’ve been remiss in noting new DragonFly mirrors, so here’s the most recent: 4 new locations in Ecuador.
History for a theme, I guess? It’s a random week.
- 80s video game commercials, a hour of video. (via)
- Don’t do this either.
- When generating a random password, the result must still be a valid string.
- Hackaday Prize, now open.
- New apps for MS/DOS.
- Omnicalculator, every type of online calculator you can think of. (via)
- Browsh, a text-based web browser. Uses FireFox under the hood, so all you need to transmit locally is text. (via)
- WordTsar, a modern Wordstar clone. (via).
- How to handle emoji (in code). (via)
- Related: There’s more to HTML escaping than &, <, >, and “ (via)
- A few things I know about LISP Machines. (via)
- Digital life simplification. Not saying all these things are good ideas; some are relative luxuries. (via)
Your Cyriak video of the month: Indigestion.
Aaron LI continues to add to initrd(7): it now has scp, grep, diff, telnet, and 70 (!) more tools, bringing the total to over 200. That’s a lot for a “minimal” rescue image.
A tip for anyone using public keys in SSH: you can start up your xorg session using ssh-agent and then have all subsequent connections be authorized by the agent, saving you some hassle of password typing, etc. Put this in your ~/.xinitrc :
eval `/usr/bin/ssh-agent -c` (insert line to start up your window manager here) /bin/kill $SSH_AGENT_PID
(Yoinked from Matthew Dillon on IRC) Realistically, you should also lock your terminal or otherwise prevent physical access to any workstation where you do this, since it means immediate SSH access to other systems using your identity, for anyone touching that keyboard.
If you’re using Windows, there’s always Pageant.
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
One of these links will be very useful to someone.
- Join us, building a full OpenBSD mailserver. (via)
- Valuable News 2018/05/25.
- May 2018 Status Report: Cross-DSO CFI in HardenedBSD. (via)
- BSDJobs.com. (via)
- Research Positions – Aberdeen Scotland.
- NetBSD: a new version of the CDDL dtrace and ZFS code. (via)
- OpenBSD Kernel Internals — Creation of process from user-space to kernel space. (via)
- iXsystems Newsletter: The April 2018 Edition.
- OPNsense 18.1.9 released.
- OpenBSD’s httpd gets URL rewrite Not the final patch. (via)
- BSD: Networking Included. Some extremely useful tips in here for network troubleshooting. (via)
- Boot All the Things! (via)
A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly. THis applies to both Intel and AMD processors. I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.
Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state. The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.
Update: update.