NetBSD Planet

With more and more Linux distributions – as well as the kernel itself – dropping support for more exotic, often dead architectures, it’s a blessing T2 Linux exists. This unique, source-based Linux distribution focuses on making it as easy as possible to build a Linux installation tailored to your needs, and supports an absolutely insane amount of architectures and platforms. In fact, calling T2 a “distribution” does it a bit of a disservice, since it’s much more than that.

You may have noticed the banner at the top of OSNews, and if we somehow – unlikely! -manage to reach that goal before the two remaining new-in-box HP c8000 PA-RISC workstations on eBay are sold, my plan is indeed to run HP-UX as my only operating system for a week, because I like inflicting pain on myself. However, I also intend to use that machine to see just how far T2 Linux on PA-RISC can take me, and if it can make a machine like the c8000, which is plenty powerful with its two dual-core 1.0Ghz PA-RISC processors, properly useful in 2024.

T2 Linux 24.12 has just been released, and it brings with it the latest versions of the Linux kernel, gcc, LLVM/Clang, and so on. With T2 Linux, which describes itself as a System Development Environment, it’s very easy to spin up a heavily customised Linux installation fit for your purpose, targeting anything from absolutely resource-starved embedded systems to big hunks of, I don’t know, SPARC or POWER metal. If you’ve got hardware with a processor in it, you can most likely build T2 for it. The project also provides a large number of pre-built ISOs for a whole slew of supported architectures, sometimes further divided into glibc or musl, so you can quickly get started even without having to build something yourself.

It’s an utterly unique project that deserves more attention than it’s getting, especially since it seems to be one of the last Linux “distributions” that takes supporting weird platforms out-of-the-box seriously. Think of it as the NetBSD of the Linux world, and I know for a fact that there’s a very particular type of person to whom that really appeals.

NetBSD 10.1 has been released. As the version number indicates, this isn’t supposed to be a major, groundbreaking release, but it still contains a ton of changes, fixes, and improvements. It’s got the usual set of new and improved drivers, kernel improvements – like the ability to hotplug spares and components in a RAID – and improvements for various specific architectures, and much more.

If you’re using NetBSD you already know how to upgrade, and if you’re not yet using NetBSD, here’s the download page for the various supported architectures. There are a lot of them.

Hello,

I would like to know if I can use the NetBSD logo to make a single mug for personal use. This mug will also feature other logos, such as Blender, Fedora Debian FreeBSD, and so on. I go also to ask for this project if I can use logos their.

Milton César

The NetBSD project is pleased to announce the first update of the NetBSD 10 release branch NetBSD 10.1! See the release announcement for details.

This release includes 9 months of bug fixes and a few new features after the 10.0 release in March. It also gives those still using older release a good reason to finally update to the NetBSD 10 release branch, even if they avoid dot-zero releases by all means.

If you want to try NetBSD 10.1 please check the installation notes for your architecture and download the preferred install image from the CDN or if you are using an ARM based device from the netbsd-10 builds from the bootable ARM images page.

If you have any issues with installation or run into issues with the system during use, please contact us on one of the mailing lists or file a problem report.

Hi, I'm currently testing partitioning layouts in VMs to install NetBSD on a spare laptop and I have some problems installing it with / on different kind of striped solutions.
The goal is to have something like LVM from Linux so I'll be able to gradually allocate more disk space to the filesystem and also probably use spare space for dualboot (but this is not very important).

For now I've avoided using ZFS since the hardware isn't very capable and has an old CPU (Intel N3520), although it has 8GB RAM which should be enough to use ZFS and there is probably some configuration to adjust it. I also will be using UEFI, but in search of working layout some attempts were made on BIOS VMs and not on UEFI.

So far, my attempts to solve this were:

1. Using extended partitioning in the installer (BIOS, UEFI). Made manual partitioning using "extended partitioning" in the installer and set up / on RAID0 volume (also tried with LVM). This resulted in inability to install system on this volume or write any data to it at all.
2. Moving to CCD post install (BIOS). Made regular install with some spare space, configured CCD post install and tried to migrate to it. If I understand it correctly, (based on boot messages in green text) CCD disks are initialized after the boot stage so it doesn't worked for me.
3. Manual EFI + installer using wedge on RAID0. Made manual install of EFI partition (following this guide from the wiki, specifically "Partitioning and Formating the Disk" section) then set up / on RAID0 volume using the installer. This one was strange since i was immediately dropped back to menu after confirming installation on the specific wedge, but was able to complete both, upgrade or reinstallation of file sets with the installer. In all cases it wasn't possible to change anything in configuration like shell, network, etc. (I think it was something like "unable to find file" error) and I was able to see only the bootloader iterating over different options and dropping me into it's shell.

I've really liked NetBSD so far and will be very grateful for any help with such setup!

I had a series of roles in my old Ansible library that were configured, a little something, like this:

./roles/
└── bootstrap/
    └── tasks/
        ├── debian.yml
        ├── freebsd.yml
        ├── illumos.yml
        ├── main.yml
        └── netbsd.yml

The tasks folder contains playbooks for the most common OSs I use, which were automatically selected by main.yml. That way, I could add a role to whatever new playbook I wanted, and it would work irrespective of the target server OS.

The main.yml file consisted only of includes to reference these OSs:

- include: debian.yml
  when: ansible_os_family == 'Linux'
     
- include: freebsd.yml
  when: ansible_os_family == 'FreeBSD'
   
[...]

Alas, some of these older roles no longer worked, with Ansible reporting the following errors:

ERROR! this task 'include' has extra params, which is only allowed
in the following modules: [...] import_tasks [...]

Sure enough, according to the Ansible docs:

- name: Install the correct web server for Debian
  import_tasks: debian.yml
  when: ansible_facts['os_family']|lower == 'debian'

I updated my main.yml with that syntax, and It Worked.™ Now to stop messing with pyinfra and fix this Ansible stuff in time for Christmas cough.

By Ruben Schade in Sydney, 2024-12-15.

This is my makefile:

CC = gcc
TARGET = target

CFLAGS = -O3 -Wall -Wextra -pedantic

SRCS = $(shell find . -type f -name '*.c')
OBJS = $(patsubst %.c,%.o,$(SRCS))

.PHONY: all clean

all: $(TARGET)

$(OBJS): $(SRCS)
    $(CC) $(CFLAGS) -c $< -o $@

.PRECIOUS: $(TARGET) $(OBJS)

$(TARGET): $(OBJS)
    $(CC) $(OBJS) -o $@

clean:
    -rm -f *.o
    -rm -f $(TARGET)

this is the output message:

gcc  -o target
gcc: fatal error: no input files
compilation terminated.
*** Error code 1

I'm trying to get this to work on NetBSD. What am I doing wrong? Also, I've found that $(SRCS) is just empty, but if I run find . -type f -name '*.c' in the shell on it's own, I do get the desired files. Please help !

pax foederata!

I wanted to title this "why doesn't NetBSD cp have a no-clobber option" but since my answer was pax, I thought it more interesting to discuss what we all use pax for.

pax is touted as a replacement for tar but I have never used it as such. I use it to copy a large directory tree from one place to another, especially when doing it remotely, as the process might get interrupted. When resuming such a process; it becomes necessary to skip the files that are already copied. So I pax -r -w -v -pe source target where source is the file pattern to copy and target is an already existing directory.

What do you use pax for?

Hi, folks!

Could someone point me to sacred knowledge of how I could possibly downgrade the Transmission bittorrent client from version 4.something to previous version 3.something?

I’m running NetBSD 9.3 on RPI2, I was building from sources some third-party software and it was behaving quite weirdly so before submitting issue to bugtracker I’ve updated/upgraded my system to be sure that problem was not on my side(upgrade was overdue for few years :-D ). Everything went smoothly except for transmission-daemon which started to complain about libunistring library or something(transmission-daemon itself was not upgraded because its package is missing in the current packages tree for earmv7hf architecture). Yep, I did stupid thing and removed transmission-daemon version 3.something with pkgin and took for tests binary from 4.0.5nb2 package for the correct arch, I guess I was in a newer-better mood... It’s working but that thing is tremendously slow, slow to start, slow with response to remote client, heavy on cpu usage, it is not obeying set speed limits and so on.

I was not able to find repository with older packages for NetBSD so I’ve tried to build transmission from sources(checkout by 3.00 tag from github with submodules), no luck here(build errors in miniupnpc third-party library), I have built transmission against its dependencies installed via pkgin but resulted transmission-daemon crashes shortly after it being started, I was able to connect with remote client but not for long. Configuration directory for transmission-daemon was used from backup made prior to system upgrade, so it shouldn't be a problem. So yeah, I kinda stuck, any ideas?

One of the reasons I've been exploring NetBSD over the past few months is that, after more than 30 years in IT, I've grown increasingly frustrated with how frequently mainstream Linux distributions change the way they handle core systems: boot processes, network management, firewalls, and so on. It feels like I'm constantly relearning how to accomplish the same tasks in countless different ways, and frankly, I'm tired of it.

I’ve come to appreciate the value of working with a cohesive operating system—one where technical decisions are made thoughtfully and not simply to reinvent the wheel.

With that in mind, here’s my question: How often does NetBSD introduce breaking changes to the system? Stability is crucial for my professional work, and I believe NetBSD might be the right choice. I’d love to hear your opinions.

I’ve said it here before, and I’ll say it again: I love Perl. I’ve used so many languages over the years, but writing Perl code feels natural. It feels like an extension of my brain. It’s expressiveness, data structures, and near limitless flexibility meant I reached for it whenever I had a problem to solve (it’s probably why I had fun with Ruby too, but that’s a separate discussion).

I’m also keenly aware that I live in the Real World™, and that much (if not most) of the tooling I use is written in Python (and Go). I’d dabbled in it before, but this is the first time I’ve committed to building some personal and work projects in it to get a feel for what makes it tick.

A few things that have surprised me:

• Variables can’t be more local in scope than a function, which is terrifying. The pushback here is that The Python Way prefers concise functions anyway, so this shouldn’t be an issue. I like being able to scope to a block in Perl though (or in basically every other language).

• The OOP features are nice. I got used to Moose, and I tend to write procedural stuff with data structures in lieu of OOP, but it’s there and simple if I need it.

• dict() isn’t a complete replacement for a Perl %hash, but it gets the job done. Quick string manipulation on the other hand: Python is still far inferor. And speaking of which…

• Strings are immutable. That threw me for a loop the first time.

• I’m used to Text::Template, but I’ll admit Jinja is quite nice.

• It’s true, the examples in the Python documentation really do reference Monty Python all the time. This is delightful, and I’m all for it. #lifeofbrian

• I kept hearing that There’s More Than One Way To Do It in Perl, but that it wasn’t the case with Python. Until I started looking at file systems, and there are dozens of ways to do things.

• Python 3.15 will be moving to UTF-8 by default, which is awesome. Perl should do the same.

• pip, easy_install, whatever, it all sucks. Package management in Perl and Ruby weren’t fun either, but I guess it’s the devil you know. I cheated and used pkgsrc like I do for Perl and TeX, not that you read that.

• I miss sigals. You didn’t need syntax highlighting when you could literally tell at a glance the difference between a $scalar, @array, %hash, and &method, or even @scope in Ruby.

• When typing quit in interactive mode, Python tells me that I need to type quit(). This is an interesting philosophical difference; Perl would just quit because it understands and acts upon intent, rather than pretending not to.

• Nevermind, Python 3.13 doesn’t do that anymore!

• Meaningful whitespace doesn’t bother me. I always indented my code correctly in Perl, so all Python does is remove boilerplate and reduce the amount of vertical scrolling I have to do. Dare I say, I think it looks beautiful.

It’s been a lot of fun! I moved away from professional development years ago, but there’s an itch that only writing code can scratch. I should probably blog about some of it.

By Ruben Schade in Sydney, 2024-12-10.

Abigail—who has an awesome site, and who encourages you to have your own space as well—emailed asking what database system we used to organise stuff, as I described in my ill-advised MAC address filtering post:

Clara and I maintain a personal DB which includes all sorts of data, from budgets to media collections. One of the tables tracks our assets, including serial numbers, dates of purchase, warranty information, hostnames, ZFS pools, and… MAC addresses.

I’ll admit we’re doing nothing special, it’s literally a PostgreSQL database hosted on a NetBSD box at home, with pgAdmin as the frontend on our machines (thanks to Adam@ for maintaining). Until this year it was a MariaDB/MySQL server, and long before that it was a SQLite3 file sync’d with Dropbox. That last one still makes me nervous thinking about even now.

I’ve always had a database of some sort to organise my life. I was a DBA briefly, and while it’s ridiculous overkill for what we use it for, it does come with some nice benefits:

• We don’t have to worry about syncing or backups, because the database is always consistent, current, and replicated. We’re rarely editing something at the same time anyway, but having that safeguard is nice.

• Like our Minecraft server and other hosted stuff, it’s accessible everywhere over the same Wireguard VPN, which keeps things simple. Well, “simple”. I can tinker on the phone on a crowded train, or a laptop.

• It’s easy to script against, which is how I maintain the MAC address filters I discussed. It’s our “source of truth” for things.

• It’s also a useful testbed for learning, because I teach myself things by designing, tinkering, an upgrading over-engineered stuff for home. Labs are always more useful if you have real data and use cases, rather than synthetic tests.

• In a pinch I can drop to psql(1) and just run rote raw commands that I want.

I can’t say I can recommend this to everyone; it’s a bit silly. Actually scratch that, it’s more than a bit silly. But if you’re weird like me, go for it!

By Ruben Schade in Sydney, 2024-12-08.

In my continuing quest to implement All The XML Things, this morning I implemented a lexicon.pls file. Specifically, a Pronunciation Lexicon file, as recommended by the W3C. From the introduction:

The Pronunciation Lexicon Specification (PLS) is designed to enable interoperable specification of pronunciation information for both Automatic Speech Recognition (ASR) and Text-To-Speech (TTS) engines. The language is intended to be easy to use by developers while supporting the accurate specification of pronunciation information for international use.

The format is fairly simple. There’s some basic boilerplate for the XML file, where you define the language, namespace, schema, and your chosen phonetic alphabet:

<lexicon version="1.0" 
    xml:lang="en-AU"
    xmlns="http://www.w3.org/2005/01/pronunciation-lexicon"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.w3.org/2005/01/pronunciation-lexicon
        http://www.w3.org/TR/2007/CR-pronunciation-lexicon-20071212/pls.xsd"
    alphabet="ipa">

And then there’s the <lexeme> pronunciation itself. The spec defines what each of these elements mean, but this gives an example of their use:

<lexeme>
    <grapheme>NetBSD</grapheme>
    <alias>Net B S D</alias>
    <phoneme><![CDATA[nɛt biː ɛs diː]]></phoneme>
    <example>Ruben loves NetBSD on his laptops.</example>
</lexeme>

Here we can see a <grapheme> term defined, an <alias> used to indicate the pronunciation using other terms, a <phoneme> using the International Phonetic Alphabet we defined above in the alphabet attribute, and an <example>. Not all of these are mandatory, and you might not need to use CDATA for your elements, but I did just in case.

Here’s another example with the correct pronunciation of OpenZFS:

<lexeme xml:id="openzfs">
    <grapheme>OpenZFS</grapheme>
    <alias>Open Z F S</alias>
    <phoneme><![CDATA[ˈəʊpᵊn zɛd ɛf ɛs]]></phoneme>
    <example>Ruben trusts OpenZFS with his data.</example>
</lexeme>

Then you can link to the resulting file in your website <head>:

<link rel="lexicon" type="application/pls+xml" 
    href="https://rubenerd.com/xml/lexicon.pls"
    title="Pronounciation Lexicon" />

I also updated my nginx mime.types file to recognise pls as an XML file.

My plan is to include a bunch of the jargon, acronyms, and other abbreviations I write about on this blog there. I already (ab)use XSLT to view my Omake, Blogroll, and RSS feeds, so maybe I’ll do one of those too.

My IPA is a bit rusty, so I might be refining these. But I think I got them right, and used tools like toPhonetics to give me hints. Let me know if you see any obvious issues.

I expect modern software packages that can detect and use these files is vanishingly small. But if even one person with a screen reader or other similar tool is helped out by my inclusion of this, it was worth it.

By Ruben Schade in Sydney, 2024-11-27.

I asked on Mastodon, but posting here as well. What 10G Ethernet cards are people using on NetBSD thesedays? Are there any in particular you would recommend?

I just buy used Intel X550 cards for FreeBSD and Penguins, but I’ve never messed with 10G on NetBSD. Ideally it would also work in 2.5/5 mode as well. This is for a new homelab cluster and some experiments I hope to do.

Feel free to reply to the Mastodon thread, or send me an email. Thank you!

By Ruben Schade in Sydney, 2024-11-21.

NetBSD is an open-source, Unix-like operating system known for its portability, lightweight design, and robustness across a wide array of hardware platforms. Initially released in 1993, NetBSD was one of the first open-source operating systems based on the Berkeley Software Distribution (BSD) lineage, alongside FreeBSD and OpenBSD. NetBSD’s development has been led by a collaborative community and is particularly recognized for its “clean” and well-documented codebase, a factor that has made it a popular choice among users interested in systems programming and cross-platform compatibility.

↫ André Machado

I’m not really sure what to make of this article, since it mostly reads like an advertisement for NetBSD, but considering NetBSD is one of the lesser-talked about variants of an operating system family that already sadly plays second fiddle to the Linux behemoth, I don’t think giving it some additional attention is really hurting anybody. The article is still gives a solid overview of the history and strengths of NetBSD, which makes it a good introduction.

I have personally never tried NetBSD, but it’s on my list of systems to try out on my PA-RISC workstation since from what I’ve heard it’s the only BSD which can possibly load up X11 on the Visualize FX10pro graphics card it has (OpenBSD can only boot to a console on this GPU). While I could probably coax some cobbled-together Linux installation into booting X11 on it, where’s the fun in that?

Do any of you lovely readers use NetBSD for anything? FreeBSD and even OpenBSD are quite well represented as general purpose operating systems in the kinds of circles we all frequent, but I rarely hear about people using NetBSD other than explicitly because it supports some outdated, arcane architecture in 2024.

I can't understand what "-f" option to find command on NetBSD mean.

Manual: https://man.netbsd.org/find.1 says

-f Specifies a file hierarchy for find to traverse. File hierarchies may also be specified as the operands immediately following the options.

Usage:

find [-H | -L | -P] [-dEhsXx] -f file [file ...] [expression]

find [-H | -L | -P] [-dEhsXx] file [file ...] [expression]

I would expect the two following calls to be equivalent:

home# find ./ -name "*c"
./1.c

home# find -f ./ -name "*c"
find: unknown option -- n
find: unknown option -- a
find: unknown option -- m
find: unknown option -- e
./
./1.c
find: *c: No such file or directory

Instead to make second equivalent I have to run

home# find -f ./ -- -name "*c"
./1.c

Am I missing something?

I have a very old AirPort Extreme, the A1408. Is it possible to install Linux on it, using the AirPort functionally as a hard disk, and then boot from that? I have also heard that AirPorts run NetBSD. Can you boot into that and run commands?

I have not been at EuroBSDCon for a while, unfortunately! My last EuroBSDCon was EuroBSDcon 2017 in Paris, France (and I have also blogged about it)!

I was very excited to come back to EuroBSDCon. Meet again in person with people. Talk in the "hall track"... and, why not!, have some fun and do some shenanigans in the nights! :)

And... definitely it was very nice, instructive and fun!

I have not fully unpacked the bag but it's time to share some notes!

Friday (20/09): arriving in Dublin

I arrived in Dublin on Friday afternoon. After some sightseeing on foot I got lost in the paintings of the National Gallery of Ireland.

I then spent the rest of the evening and night in Porterhouse Temple Bar. I had a tasty soup and garlic bread and several delicious craft beers!

Saturday (21/09): 1st day of conference talks and social event

My hotel was a 40 minutes walk from University College Dublin (UCD). I arrived a bit early for the registration. I then met some other NetBSD folks that I had missed in person since 2018 and met new ones.

View from O'Reilly Hall, University College Dublin.

After the Opening Session that welcomed us, the conference started with the opening keynote Evidence based Policy formation in the EU what Evidence are we Presenting to the EU? by Tom Smyth. Tom Smyth shared his experience on evidence based policy formation in the European Union from a point of a relatively small ISP. EU is open to feedback and as a BSD community we can shape and influence policies.

Flipping Bits: Memory Errors in the Machine, Taylor R Campbell

Taylor talked about bit flips, the memory errors in the machine.

Memory errors caught in the act: corruption of a filename in Riastradh's local machine.

He started sharing a catch of bit flip in a filename corruption on his local machine in NetBSD src repository. A bit flipped and that resulted from external/gpl3/gdb/dist/gdb/testsuite/gdb.linespec/cpls.cc to e\370ternal/gpl3/gdb/dist/gdb/testsuite/gdb.linespec/cpls.cc (In ASCII lower case x is \170 that is 01111000 in binary, while \370 is 11111000, the most significant bit got flipped!).

He also opened several PRs - due to several experienced kernel panics mostly in ZFS - before he realized that it was bad RAM.

As part of the talk a lot of fundamentals concepts and theory behind Error Detection And Correction (EDAC), causes of memory errors, where memory errors can happen, error severity and error persistence were shared.

Taylor then talked and digged in ACPI Platform Error Interface (APEI) that is the standard interface in ACPI that abstract EDAC device registers.

In NetBSD APEI is supported by the apei(4) driver.

The apei(4) driver also exposes a sysctl interface to APEI EINJ (Error INJection) that permit to also inject errors. Using such interface Riastradh live demoed that and trigger a memory error that was corrected and reported by apei(4)!

Riastradh live demoing a memory error using APEI EINJ via apei(4).

The talk was great and super-interesting. Memory errors are also pretty common. Taylor also shared a lot of anecdotes and that make his talk even more fun and interesting!

An introduction to GPIO in RPi3B+ and NetBSD, building a wind-speed logger as an application, Dr. Nicola Mingotti

Dr. Nicola Mingotti talk was a great introduction (and more) to Generalized Pin Input Output (GPIO)!

He started really from the start by populating a uSD card and installing and configuring NetBSD on a Raspberry Pi 3 Model B+.

He then introduced GPIO, how the RPi3B+ pin maps to the GPIO number and then we were ready to get our hands on GPIO!

As first exercises he showed how to set a PIN state (on/off) and read a PIN state via gpioctl(8). This can be used respectively to turn a LED on/off and to read the state of a switch.

The second series of exercises looked on how fast gpioctl can be. This is limited for several applications and so Nicola introduced how to write and read pin states in C via ioctl(2). This is much faster and with that we can go from switches to square waves!

To avoid bit-banging and polling respectively gpiopwm(4) and gpioirq(4) can be used. Nicola shared several applications of them, like blinking LED and loopback. (Another possible application, left as an exercise to the reader is the "daemon toggler". The "daemon toggler" starts/stops a daemon (e.g. ntpd(8)) based on the state of a physical switch!)

He then shared a much bigger application a Wind-Speed Logger (AKA WSL). This was used by Nicola in order to evaluate if wind turbines could be installed or not. He also shared how he adjusted an RPi case and built housing for it (the RPi will be outside, needs to cool off so needs some ventilation but at the same time the housing should block rain!)

Nicola showing the sensor used to build the Wind-Speed Logger (WSL).

He concluded the talk on why he used NetBSD.

The talk was really educational. Nicola did a great job in summarizing and providing a lot of references. If you are more interested I suggest to catch up with the video recordings, slides and try to do the exercises in it!

"Hall track" and preparing for the social event

After Nicola's talk I have spent some time in the "hall track" talking with other people and missed a couple of talks (recording should be available so I will hopefully catch up!).

I have then attended Stefano Marinelli's talk Why (and how) we're migrating many of our servers from Linux to the BSDs.

Stefano shared his more than 2 decades old experience with BSD systems and how he made his passion his profession.

He shared his philosophy, experience with clients and why it is important to focus on solving problems.

During the talk he shared also several interesting stories with clients. In one of them to avoid possible bias on BSD systems he migrated client hosts without informing them. A client called alarmed because he noticed a massive performance boost!

His talk was inspiring and you can find more in his I Solve Problems blog post.

After Stefano's talk we gathered to join the social event and took a DART train (Dublin Area Rapid Transit).

Social event: BrewDog Dublin Outpost

The social event was in BrewDog Dublin Outpost.

We were in an area dedicated to EuroBSDCon participants so that we can eat, drink and talk. There was a buffet and we received tickets to grab beers.

Several folks gifted me an handful and I have definitely had a pretty ample beer tasting experience too! :)

I also had a Vegan Spicy Meaty pizza: a pizza with seitan, mushrooms, chilli flakes, fresh red chilli, tomatoes and vegan mozzarella. My italian-pizza-side is usally pretty orthodox and I usually go for a pizza marinara! :) But overall that was actually pretty nice and I really appreciated the topping!

I have staid with a couple of folks until the closure. With Christoph Badura (<bad@>) we walked in the desperate search of grabbing some more food. However, at the end we ended up in The Temple Bar Pub for "only another beer"! We met with some friendly Swedish and Swiss tourists and we started talking about BSD systems at 2:00 AM! The weather was pretty nice (it was always pretty cloudy but there was no rain for the entire conference) and we decided to continue walking back to our hotels. At the end we have walked for a bit less than 9 kilometers from Temple Bar to nearly Booterstown! That was a great walk though and definitely we had no traces of hangovers in the morning! :)

Sunday (22/09): 2nd day of conference talks

I wake up a bit late on Sunday and arrived in UCD at around 12:00 and staid until lunch in the "hall track".

For lunch the vegetarian dish was a vegetarian curry, pretty tasty!

On Sunday we had a longer lunch break also to take a family photo.

EuroBSDCon 2024 family picture. You can find more EuroBSDCon photographs taken by Ollivier Robert at EuroBSDCon 2024 - Dublin, Ireland album.

After lunch I have attended FreeBSD at 30 Years: Its Secrets to Success by Kirk McKusick. In this talk Kirk looked back at 30 years of FreeBSD history (and also more for BSD years!) and what made its success. He talked about a lot of different topics, including leadership, development, importance of adopting ideas and codes from NetBSD and OpenBSD, communication, documentation and project culture. He also shared several interesting statistics and demographic about FreeBSD.

I have then attended Confidential Computing with OpenBSD by Hans-Jörg Höxer. Hans-Jörg introduced concepts about confidential computing, the threat model that it cover and then digged in AMD Secure Encrypted Virtualization (SEV) and how he is using that in OpenBSD vmm(4).

Then I have attended Building an open native FreeBSD CI system from scratch with lua, C, jails & zfs by Dave Cottlehuber. In this talk Dave shared the design and implementation of a Continuous Integration (CI) system focused on FreeBSD technologies but that can be ported also to other BSDs.

The final talk I have attended was SIMD-enhanced libc string functions: how it's done by Robert Clausecker and Getz Mikalsen. In this talk Robert shared how several libc string functions were reimplemented in other to use SIMD techniques on amd64 and arm64. Getz worked on porting such work on arm64 as part of Google Summer of Code 2024 and he shared his work and challenges in porting that. The talk was interesting and micro-benchmarking showed performance increase by factor of 5 on average!

Then I have joined the Closing Session.

There was a wrap up of the conference and some stats about it.

And *drumrolls* the next EuroBSDCon location was announced! EuroBSDCon 2025 will be in Zagreb, Croatia!

After the Closing Session with other NetBSD folks we met again for one last dinner. We met with Andy Doran (<ad@>) and we had some junk food and several beers.

Conclusion

I had not traveled a lot in the last years and I have missed several EuroBSDCon-s and I really regret that! EuroBSDCon 2024 was great: very interesting talks, friendly folks and it was some time that I did not had so much fun!

Dublin was also really nice. All the locals were also very friendly. I hope to come back to both Dublin and Ireland to do some much more sightseeing in a more relaxed pace. Enjoy food, beers, drinks and more. Talk with locals.

I would like to thanks a lot to all the EuroBSDCon organizers for the amazing conference!

I also would like to thanks The NetBSD Foundation that funded my EuroBSDCon registration.

If you have never been to EuroBSDCon and you are curious about BSDs... I strongly suggest to attend either as participant or speaker! Folks are super-friendly, there are a lot of interesting tutorials and talks and I'm pretty sure you will have fun too!

And... if you are still reading until here... thank you too! :)

This report was written by Emmanuel Nyarko as part of Google Summer of Code 2024.

Alternate Queuing has been of great need in the high Performance Computing space since the continuous records of unfair disruption in network quality due to the buffer bloat problem. The buffer bloat problem still persists and not completely gone but modern active queue managements have been introduced to improve the performance of networks.

ALTQ was refactored to basically improve maintainability. Duplicates were handled, some compile time errors were fixed and also performance has been improved too.

This improves the quality of developer experience on maintaining the ALTQ codebase.

The Controlled Delay (CoDel) active queue management has also been integrated into the netbsd codebase. This introduces improvements made in the area of quality of service in the netbsd operating system. CoDel was a research led collaborative work by Van Jacobness and Kathleen Nichols which was developed to manage queues under control of the minimum delay experienced by packets in the running buffer window.

As it stands now, ALTQ in NetBSD is integrated in PF packet filter. I am currently working to integrate it in the NPF packet filter. The code in NetBSD is on the constant pursuit to produce clean and maintainable code.

I'll also be working to improve quality of service in NetBSD through quality and collaborative research driven by randomness in results. As a research computer scientist, I will be working to propose new active queue managements for the NetBSD operating system to completely defeat the long lasting buffer bloat problem.

More details of the work can be found in my Google Summer of Code 2024 work submission.

I am trying to install, for the first time, NetBSD-10.0-amd64 on HP EliteBook 8570w. After choosing "Install BSD" option installer goes to the booting mode and gets interrupted with an error:

502c0
Stopped in pid 294.294 (init) at            netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x183
panic() at netbsd:panic+0x3c
cnopen() at netbsd:cnopen+0x104
cdev_open() at netbsd:cdev_open+0x12a
spec_open() at netbsd:spec_open+0x1e0
VOP_OPEN() at netbsd:VOP_OPEN+0x3e
vn_open() at netbsd:vn_open+0x2ec
do_open() at netbsd:do_open+0xc3
do_sys_openat() at netbsd:do_sys_openat+0x74
sys_open() at netbsd:sys_open+0x24
syscall() at netbsd:syscall+0x1fc
--- syscall (number 5) ---
netbsd:syscall+0x1fc
ds            8
es            2
fs            180
gs            4a80
rdi           0
rsi           ffffffff81d88000
rsi           ffffbe8345a54ad0
rbx           0
rdx           1
rcx           ffffffffffffff
rax           800000000000000
r8            0
r9            0
r10           ffffffff818450e0      x86_mem
r11           fffffffe
r12           ffffffff8139af6f      ostype+0x13aa
r13           ffffbe8345a54b18
r14           104
r15           ffff8046d2cbdbc0
rip           ffffffff80235385      breakpoint+0x5
cs            8
rflags        202
rsp           ffffbe8345a54ad0
ss            10
netbsd:breakpoint +0x5: leave

If I continue the system precedes to reboot.

I'm not familiar with bsd tools so please tell me if I left important information.

Notice

I installed FreeBSD and Arch Linux on the same machine and it worked fine.

After several sessions with intense Google searching and trying several angles with ChatGPT, I seem to be at a dead-end, my problem arises when I try to build OpenSSL from source, it seems that the build process wants to link with libcrypto.so located in /lib, but the system supplied version of OpenSSL is ancient, so this fails miserably, since OpenSSL now includes functionality not present in my version of libcrypto.so, specifically QUIC, its failing on safe_muldiv_uint64_t. It seems like a catch-22, and I have absolutely no idea how to break out of this.

Some of the suggestions I have found involved building OpenSSL in a chroot jail, but I think it seems a little excessive?

So I guess my question is: How do I build OpenSSL without linking with /lib/libcrypto.so, but linking with the version of libcrypto from the source package?

Output:

${LDCMD:-cc} -pthread -Wa,--noexecstack -O2 -O3 -pipe -I/usr/include -I/usr/pkg/include  -L/usr/local/lib -L/usr/pkg/gcc7/lib/gcc/x86_64--netbsd/7.5.0 -Wl,-R/usr/pkg/gcc7/lib/gcc/x86_64--netbsd/7.5.0 -Wl,-zrelro -L/usr/lib -Wl,-R/usr/lib -L/usr/pkg/lib -Wl,-R/usr/pkg/lib \
        -o fuzz/quic-srtm-test \
        fuzz/quic-srtm-test-bin-fuzz_rand.o \
        fuzz/quic-srtm-test-bin-quic-srtm.o \
        fuzz/quic-srtm-test-bin-test-corpus.o \
        libssl.a libcrypto.a -pthread
...
apps/libapps.a -lssl -lcrypto -pthread
./libssl.so: undefined reference to safe_muldiv_uint64_t
./libssl.so: undefined reference to safe_mul_uint64_t

-L/usr/lib is specified in the above command executed by the Makefile, and that folder contains libcrypto.o and libssl.o from the system supplied version of OpenSSL,

For certain use cases, it’s advisable to set up a read-only root file system, which ensures better reliability in case of system issues. Think of scenarios like a router (critical for network access) or a caching reverse-proxy, such as the one described in my series “Make your own CDN“.

While FreeBSD natively supports this configuration and some Linux distributions offer custom solutions (e.g., Alpine Linux), NetBSD stands out as an excellent choice for such devices. It supports nearly all embedded devices, is lightweight, and its stability minimizes the need for frequent updates.

↫ Stefano Marinelli

Exactly what it says on the tin. Friend of the website (a new term I just made up and will use from here on out for some people) Stefano Marinelli, fresh from his series about making your own CDN using the various BSDs, explains how to set up a NetBSD system with a read-only root filesystem for the special use cases where this makes sense.

After covering setting up your own CDN with both FreeBSD and OpenBSD, it’s now time to learn how to set up your own CDN wit NetBSD.

This article is a spin-off from a previous post on how to create a self-hosted CDN, but this time we’ll focus on using NetBSD. NetBSD is a lightweight, stable, and secure operating system that supports a wide range of hardware, making it an excellent choice for a caching reverse proxy. Devices that other operating systems may soon abandon, such as early Raspberry Pi models or i386 architecture, are still fully supported by NetBSD and will continue to be so. Additionally, NetBSD is an outstanding platform for virtualization (using Xen or qemu/nvmm) and deserves more attention than it currently receives.

↫ Stefano Marinelli

All the same from my previous post still applies, and it’s a great thing that Marinelli covers all three of the major BSDs (so far). If you want to run your own CDN on BSD, you can now make a pretty informed decision on which BSD best suits your needs.

This is a new installation for a wordpress site that hasn't launched yet.

The memcached process is always at near 100% of cpu usage:

load averages:  1.93,  1.78,  1.83;               up 3+22:29:29                                                                                      21:49:18
31 processes: 28 sleeping, 3 on CPU
CPU states: 59.1% user,  0.0% nice,  4.0% system,  0.0% interrupt, 36.8% idle
Memory: 2069M Act, 1014M Inact, 44K Wired, 175M Exec, 2447M File, 54M Free
Swap: 512M Total, 512M Free / Pools: 279M Used / Network: 23K In, 1K Out

  PID USERNAME PRI NICE   SIZE   RES STATE       TIME   WCPU    CPU COMMAND
 5770 memcache  25    0    70M 3112K CPU/0      19:11 94.58% 94.58% memcached

And memcached-tool /var/run/memcached/memcached_0.sock stats reports

#/var/run/memcached/memcached_0.sock Field         Value
              accepting_conns             1
                    auth_cmds             0
                  auth_errors             0
                        bytes             0
                   bytes_read            21
                bytes_written          4435
                   cas_badval             0
                     cas_hits             0
                   cas_misses             0
                    cmd_flush             0
                      cmd_get             0
                     cmd_meta             0
                      cmd_set             0
                    cmd_touch             0
                  conn_yields             0
        connection_structures             2
        crawler_items_checked             0
            crawler_reclaimed             0
             curr_connections             1
                   curr_items             0
                    decr_hits             0
                  decr_misses             0
                  delete_hits             0
                delete_misses             0
              direct_reclaims             0
               evicted_active             0
            evicted_unfetched             0
                    evictions             0
            expired_unfetched             0
                  get_expired             0
                  get_flushed             0
                     get_hits             0
                   get_misses             0
                   hash_bytes        524288
            hash_is_expanding             0
             hash_power_level            16
                    incr_hits             0
                  incr_misses             0
                     libevent 2.1.12-stable
               limit_maxbytes      67108864
          listen_disabled_num             0
             log_watcher_sent             0
          log_watcher_skipped             0
                 log_watchers             0
           log_worker_dropped             0
           log_worker_written             0
            lru_bumps_dropped             0
          lru_crawler_running             0
           lru_crawler_starts             6
       lru_maintainer_juggles     103444004
            lrutail_reflocked             0
                 malloc_fails             0
              max_connections          1024
                moves_to_cold             0
                moves_to_warm             0
             moves_within_lru             0
                          pid          5770
                 pointer_size            64
               read_buf_bytes         98304
          read_buf_bytes_free         32768
               read_buf_count             6
                 read_buf_oom             0
                    reclaimed             0
         rejected_connections             0
                 reserved_fds            20
           response_obj_bytes         49152
           response_obj_count             1
             response_obj_oom             0
         round_robin_fallback             0
                rusage_system      1.053032
                  rusage_user   1136.463840
        slab_global_page_pool             0
   slab_reassign_busy_deletes             0
     slab_reassign_busy_items             0
  slab_reassign_chunk_rescues             0
slab_reassign_evictions_nomem             0
 slab_reassign_inline_reclaim             0
        slab_reassign_rescues             0
        slab_reassign_running             0
                  slabs_moved             0
              store_no_memory             0
              store_too_large             0
                      threads             4
                         time    1724186947
   time_in_listen_disabled_us             0
            total_connections             4
                  total_items             0
                   touch_hits             0
                 touch_misses             0
          unexpected_napi_ids             0
                       uptime          1177
                      version        1.6.23

Memcached is configure to start with:

# grep memcach /etc/rc.conf
memcached=YES
memcached_jobs="job0"
memcached_job0_args="-a 660 -s /var/run/memcached/memcached_0.sock -m 64 -c 1024"

What might be wrong?

After years of inactivity, the Kyua project has graduated as an open source citizen and has a new home under the FreeBSD umbrella!

But uh… wait, what is Kyua and why is this exciting? To resolve confusion and celebrate this milestone, I’d like to revisit what Kyua is, how it came to be, why I stopped working on it for a while, why that was a problem for FreeBSD—and, indirectly, NetBSD—and how Kyua being free software has helped keep it alive.

As usual, partway through a couple weeks in Mallorca, we’re just getting the hang of it. After a few days of only the pool, it’s been pool mornings and beach afternoons. Every day, each kid gets more bold in both. I’ve managed to avoid getting sunburnt so far, though it’s getting harder to stay ahead of the situation. For mealtimes it’s kind of fun to be stuck in a tiny kitchen trying to cook my way out; bedtimes, down a sleepable room due to a broken air conditioner, were less so. My carcass got taken over by mosquitoes, who then rented most of it back to me. In a few days I might be ready to buy them out.

Usually here I’d consider taking a nap when the littles do. Definitely tired enough. But a little solo computer time feels more like what I’m needing: Refactoring some code, backing up some photos, updating pkgsrc stuff, writing posts on my website, that sort of thing.

For this summer vacation we’re hopping around more, which happens to simplify our transatlantic travel days. (Traditionally we’d have connecting flights before arriving anywhere.) One flight into Munich, where we stayed in the area for a few days visiting in-laws. From there a quick hop to Mallorca, the meat in our vacation sandwich. From here a quick-ish hop to Hannover for a week back in the little north-central German village where we lived out the first two years of COVID. Then we’ll drive to Frankfurt to see friends before our return flight to New York. Hopping around like this means we get to see more people and places, in exchange for which we get to find out what happens when kids try to sleep in a wider variety of environments and configurations. So far, sokay.

I wanted to clear all the newsletters items I’ve saved, so you are getting links until my inbox no longer paginates.

• Just Use Postgres for Everything.  (via)
• When web search failed me for Postgres.
• The Future of MySQL is Postgres. (target from previous link)
• From Cloud Chaos to FreeBSD Efficiency.  Or any BSD.   (via)
• Layers and Gateways, a historical view.  Railways vs networks.
• The workstation you wanted in 1990, in your pocket.
• Paul Ceruzzi has a Substack.
• pkgsrc-2024Q2 is out.
• X Window System at 40.  (via)
• Some TENEX history.
• Why shitty robots are the antidote of perfectionism, a video.  Her store has neat stuff.
• Scifiinterfaces.com.  I linked to this in 2013 but it’s still going.  (reminded via)
• Largest old computer I’ve seen a person keep yet.  (via)
• Tiny TV 2.  (via)
• UNLICENSED: Bootlegging As Creative Practice, a book.  (via)
• One Page Dungeon Reviews.  (via)

I was not able to get this done early like the last few posts, but there’s still a good range here.

• Can You Make It Bigger? – A Journey In Building Arcade Cabinets.  (via)
• Via previous story, the Picade.
• The 84 Series.  On point for current topics and period stylings.  (via)
• Bat Hauntings on Apple VR.  This, then, is the future.  (via)
• 3D Printing My Teeth.  (via)
• valve.computer.  Hardcore analog.  (via I lost it, sorry)
• Schotter – Georg Nees – Part 1.  (via)
• The Old Computer Challenge v4 (Olympics edition)
• Try out a NetBSD system in 20 seconds (amd64 & amr64).
• Things to Make and Do.

Blog System/5 hasn’t always been called this way and it hasn’t been my first experience with blogging either. In fact, today marks the 20th anniversary of this publication in its various incarnations so it’s time for a bit of reflection.

Just to set context for when 20 years ago was: Windows XP was almost 3 years old, Ubuntu had just debuted, Apple computers were still PowerPC-based, Half Life 2 was about to launch, and Slashdot was the place to be instead of the yet-to-be-created Hacker News. As for myself, I was still in college, had copious amounts of free time, and was a really active contributor to NetBSD.

On my home network, some important jobs are performed by little ARM computers.

AirPlay to sound system

The house came with a decent sound system wired in. The receiver can take 1/8” stereo input — from AirPlay, with help from a decade-old Raspberry Pi 1 Model B Rev 2.

1. Prepare disk

With a 4GB SD card, from macOS:

$ diskutil list    # inspect output
$ SDCARD=disk6
$ diskutil unmountDisk ${SDCARD}
$ links https://raspi.debian.net/tested-images/
$ DISKIMAGE=20231109_raspi_1_bookworm.img.xz
$ fetch https://raspi.debian.net/tested/${DISKIMAGE}
$ xzcat ${DISKIMAGE} \
  | sudo dd of=/dev/r${SDCARD} bs=64k oflag=sync status=progress
$ diskutil eject ${SDCARD}

2. First boot

Place the RPi somewhere convenient. Connect SD card, keyboard, HDMI, Ethernet, and power. Log in as root, no password:

# apt update
# apt -y install etckeeper
# cd /etc
# git branch -M main
# apt -y install sudo
# visudo    # for the sudo group, insert NOPASSWD: before the final ALL
# useradd -m -G sudo -s /bin/bash schmonz
# passwd schmonz
# exit

Log in as schmonz:

$ sudo passwd root
$ sudo sh -c 'echo 127.0.1.1 schleierplay >> /etc/hosts'
$ sudo hostnamectl hostname schleierplay
$ sudo ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
$ sudo etckeeper commit -m 'Set root password, hostname, and timezone.'
$ sudo apt -y install shairport-sync
$ sudo vi /etc/shairport-sync.conf
$ sudo etckeeper commit -m 'Set AirPlay name.'
$ sudo shutdown -h now

3. Deployment

Place the RPi where it’ll live. Connect audio cable, Ethernet, and power.

$ ssh-copy-id schleierplay.local

4. Usage

Make sure receiver is set to AUX input. Use AirPlay.

5. Maintenance

As with any Debian:

$ ssh schleierplay.local -t 'sudo apt update && sudo apt -y upgrade && sudo apt -y autoremove'

To back up /etc, git push it someplace trustworthy and private.

6. Wishlist

I’d rather run NetBSD, but on 10.0 with shairport-sync, I saw a lot of AirPlay Speaker Not Available: 'House' is being used by someone else (even when it wasn’t).

AirPrint to old printer

My ancient USB-only HP LaserJet P1006 remains reliable for our basic needs and we’ve still got a pile of toner cartridges. A friend recently sent me a comparatively beefy Pine A64 board.

1. Prepare disk

With a 4GB SD card, from macOS:

$ diskutil list    # inspect output
$ SDCARD=disk6
$ diskutil unmountDisk ${SDCARD}
$ links https://www.armbian.com/pine64/
$ DISKIMAGE=Armbian_24.5.1_Pine64_bookworm_current_6.6.31_minimal.img.xz
$ fetch https://dl.armbian.com/pine64/archive/${DISKIMAGE}
$ xzcat ${DISKIMAGE} \
  | sudo dd of=/dev/r${SDCARD} bs=64k oflag=sync status=progress
$ diskutil eject ${SDCARD}

2. First boot

Place the A64 somewhere convenient. Connect SD card, keyboard, HDMI, Ethernet, and power. Follow the prompts to set the root password, create a user account, and select a locale. Then continue:

# apt update
# apt -y install etckeeper
# cd /etc
# git branch -M main
# visudo    # for the sudo group, insert NOPASSWD: before the final ALL
# exit

Log in as schmonz:

$ sudo sh -c 'echo 127.0.1.1 schleierprint >> /etc/hosts'
$ sudo hostnamectl hostname schleierprint
$ sudo ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
$ sudo etckeeper commit -m 'Set root password, hostname, and timezone.'
$ sudo apt -y install hplip avahi-daemon
$ sudo usermod -a -G lpadmin schmonz
$ sudo etckeeper commit -m 'Make myself a printer admin.'
$ sudo shutdown -h now

3. Deployment

Place the A64 where it’ll live. Connect printer, Ethernet, and power.

$ ssh-copy-id schleierprint.local
$ ssh schleierprint.local
$ sudo hp-setup -i    # follow prompts, mostly defaults; name the queue 'hpljp1006'
$ sudo etckeeper commit -m 'Add initial hplip config for P1006.'
$ sudo sed -i \
  -e '/^\*ColorDevice: True$/s|True|False|' \
  -e '/^\*OpenUI \*Duplex\/Double-Sided Printing: PickOne$/,/^\*CloseUI: \*Duplex$/s|^|*% |' \
  -e '/^\*OpenUI \*ColorModel\/Output Mode: PickOne$/,/^\*CloseUI: \*ColorModel$/s|^|*% |' \
  /etc/cups/ppd/hpljp1006.ppd
$ sudo etckeeper commit -m 'Correct advertised printer capabilities.'
$ sudo sed -i \
  -e 's|^Info $|Info HP LaserJet P1006|' \
  /etc/cups/printers.conf
$ sudo lpadmin -d hpljp1006
$ sudo etckeeper commit -m 'Name printer and set it as default.'
$ sudo cupsctl --remote-any
$ sudo etckeeper commit -m 'Let local network talk to CUPS.'
$ sudo sed -i \
  -e '/^WebInterface /a PreserveJobFiles No' \
  /etc/cups/cupsd.conf
$ sudo etckeeper commit -m 'Maybe avoid some disk writes.'
$ sudo systemctl restart cups

4. Usage

On macOS, add the printer. When it autoselects “Generic PostScript Printer”, leave it (details in sidebar). Print.

On iOS, print.

On Windows, add the printer. Print.

5. Maintenance

As with any Debian:

$ ssh schleierprint.local -t 'sudo apt update && sudo apt -y upgrade && sudo apt -y autoremove'

To back up /etc, git push it someplace trustworthy and private.

6. Wishlist

I’d rather run NetBSD, but neither 10.0 nor -current brought up HDMI. I could try writing NetBSD to an SD card, mounting it from another NetBSD system, setting hostname in rc.conf, adding a non-root user, and then booting the A64 from it in order to do the rest over ssh. (Other systems that also didn’t bring up HDMI, wherefore I landed by trial and error on Armbian: FreeBSD 14, OpenBSD 7.5, Debian 12.)

AirPlay to old Sonos

Since one of my old Sonos speakers can’t be upgraded to AirPlay-compatible firmware, I’m not eager to upgrade the other. Instead, I’ve added AirConnect on the Pine A64 as an AirPlay relay.

Contents of /etc/systemd/system/airupnp.service:

[Unit]
Description=AirUPnP bridge
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/home/schmonz/bin/airupnp-linux-aarch64-static -l 1000:2000 -N '%%s' -x /home/schmonz/etc/airupnp.xml -Z
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target

Contents of /home/schmonz/etc/airupnp.xml (to omit my UPnP router from the AirPlay list):

<?xml version="1.0"?>
<airupnp>
    <device>
        <udn>uuid:1e38fc78-51f5-5f5d-9268-50c6b1dc59f8</udn>
        <name>Verizon FiOS-G1100 ManageableDevice+</name>
        <mac>bb:bb:bb:bb:bb:bb</mac>
        <enabled>0</enabled>
    </device>
</airupnp>

I’d rather install AirConnect from a system-provided package, but there isn’t one for Debian. Maybe I can puzzle out the AirConnect build system and add it to pkgsrc.

The NetBSD Project is pleased to announce NetBSD 8.3, the third and final release from the NetBSD 8 stable branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 8.2 in March 2020, as well as some enhancements backported from the development branch. It is fully compatible with NetBSD 8.0.

This also represents the end-of-life for the netbsd-8 release branch. No further security updates will happen. Users running 8.2 or an earlier release are strongly recommended to upgrade to a newer branch, preferably the recent NetBSD 10.0 release.

Pkgsrc has already desupported the netbsd-8 branch.

See the full release announcement (including download links).

My early imaginings of a collaborative Open Source successor to qmail, let me assure you, did not include going nearly four years between releases. Well, at least it hasn’t been more than four. notqmail 1.09 is here:

• qmail list announcement
• Fediverse and Twitter
• Lobste.rs, Hacker News, and Reddit
• Release notes

For decades, due to each administrator needing to patch in their particular missing bits of functionality, the qmail source code itself has effectively been a public API. Some future release of notqmail will include everything most everyone needs. On that day, we’ll freely make desirable code changes without worrying about breaking people’s patches. On that day, notqmail will have become a relatively normal software project operating under relatively normal constraints.

This is not that day. notqmail remains a uniquely challenging legacy-code rehabilitation project, and 1.09 is merely a solid, long-overdue release that includes the work of a couple dozen new contributors.

Since this release took too long, our next development cycle will be

1. Time-bounded
2. Focused on process improvements

In legacy code, every time we can turn a vicious cycle virtuous, it’s a big win. By making the code easier and safer to change, we’ll have more fun; by having more fun, we’ll make more progress; by making more progress, we’ll get more feedback; by getting more feedback, we’ll have more fun; and so on.

Have fun with notqmail 1.09! Let us know how the upgrade goes for you. (I’ll be updating the pkgsrc package soon.) And if getting involved is your kind of thing, please feel welcome to join us.

I am trying to use OpenVPN as a client under NetBSD using this command:

openvpn --client --config /etc/openvpn/config.ovpn

I am getting the following output and errors:

localhost# openvpn --client --config /etc/openvpn/openvpn.ovpn 
2024-04-26 10:29:35 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-04-26 10:29:35 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-04-26 10:29:35 OpenVPN 2.6.10 x86_64--netbsd [SSL (OpenSSL)] [LZO] [LZ4] [MH/PKTINFO] [AEAD]
2024-04-26 10:29:35 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Enter Auth Username:********
Enter Auth Password:********
2024-04-26 10:32:48 TCP/UDP: Preserving recently used remote address: [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 Socket Buffers: R=[32768->32768] S=[32768->32768]
2024-04-26 10:32:48 Attempting to establish TCP connection with [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 TCP connection established with [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 TCPv4_CLIENT link local: (not bound)
2024-04-26 10:32:48 TCPv4_CLIENT link remote: [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2024-04-26 10:32:48 TLS: Initial packet from [AF_INET]**.191.33.**:1701, sid=0006909e 9b0d208f
2024-04-26 10:32:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-26 10:32:48 VERIFY OK: depth=1, C=US, ST=New York, L=New York, O=Ubiquiti Inc., OU=UniFi_OpenVPN_CA, CN=UniFi_OpenVPN_CA
2024-04-26 10:32:48 VERIFY KU OK
2024-04-26 10:32:48 Validating certificate extended key usage
2024-04-26 10:32:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-26 10:32:48 VERIFY EKU OK
2024-04-26 10:32:48 VERIFY OK: depth=0, C=US, ST=New York, L=New York, O=Ubiquiti Inc., OU=UniFi_OpenVPN_Server, CN=UniFi_OpenVPN_Server
2024-04-26 10:33:53 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-04-26 10:33:53 [UniFi_OpenVPN_Server] Peer Connection Initiated with [AF_INET]**.191.33.**:1701
2024-04-26 10:33:53 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-26 10:33:53 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-26 10:33:53 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.7.1,route 192.168.4.0 255.255.255.0,route 192.168.2.0 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.3.0 255.255.255.0,route-gateway 192.168.7.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.7.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-04-26 10:33:53 OPTIONS IMPORT: --ifconfig/up options modified
2024-04-26 10:33:53 OPTIONS IMPORT: route options modified
2024-04-26 10:33:53 OPTIONS IMPORT: route-related options modified
2024-04-26 10:33:53 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-26 10:33:53 TUN/TAP device /dev/tun0 opened
2024-04-26 10:33:53 /sbin/ifconfig tun0 192.168.7.2 192.168.7.1 mtu 1500 netmask 255.255.255.0 up
2024-04-26 10:33:53 /sbin/route add -net 192.168.7.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.7.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net **.191.33.** 192.168.1.254 -netmask 255.255.255.255
route: writing to routing socket: File exists
add net **.191.33.**: gateway 192.168.1.254: File exists
2024-04-26 10:33:53 ERROR: OpenBSD/NetBSD route add command failed: external program exited with error status: 1
2024-04-26 10:33:53 /sbin/route add -net 0.0.0.0 192.168.7.1 -netmask 128.0.0.0
add net 0.0.0.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 128.0.0.0 192.168.7.1 -netmask 128.0.0.0
add net 128.0.0.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.4.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.4.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.2.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.2.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.1.0 192.168.7.1 -netmask 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.1.0: gateway 192.168.7.1: File exists
2024-04-26 10:33:53 ERROR: OpenBSD/NetBSD route add command failed: external program exited with error status: 1
2024-04-26 10:33:53 /sbin/route add -net 192.168.3.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.3.0: gateway 192.168.7.1
2024-04-26 10:33:53 GID set to nogroup
2024-04-26 10:33:53 UID set to nobody
2024-04-26 10:33:53 Initialization Sequence Completed
2024-04-26 10:33:53 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'
2024-04-26 10:33:53 Timers: ping 10, ping-restart 60

I have a working internet connection when running OpenVPN as a client, but I can't access any of the machines on the network **.191.33.**, I know I should be able to SSH into 192.168.1.114, but I can't reach that machine through OpenVPN, there are firewall rules in the Ubuiquity box allowing traffic from 192.168.7.* to 192.168.1.* I know this is working, its testet from Mac and PC using the OpenVPN Client, I just can't get it to work on NetBSD

This is my routing table before running OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
default            192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table when running OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
0/1                192.168.7.1        UGS         -        -      -  tun0
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
128/1              192.168.7.1        UGS         -        -      -  tun0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.2/24       192.168.7.1        UGS         -        -      -  tun0
192.168.3/24       192.168.7.1        UGS         -        -      -  tun0
192.168.4/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7.1        192.168.7.2        UH          -        -      -  tun0
192.168.7.2        tun0               UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table after stopping OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
0/1                192.168.7.1        UGS         -        -      -  tun0
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
128/1              192.168.7.1        UGS         -        -      -  tun0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.2/24       192.168.7.1        UGS         -        -      -  tun0
192.168.3/24       192.168.7.1        UGS         -        -      -  tun0
192.168.4/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7.2        tun0               UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table when i have destroyed tun0:

ifconfig tun0 destroy

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

The route to **.191.33.** is still there when stopping OpenVPN and destroying the tunnel tun0, I don't know if this is expected behaviour.

Update I have checked several computers now, and none of them have the 192.168.1/24 route, its only on the PC running NetBSD, I have tried to delete it, with no success. I have also read a lot of man pages and various other documentation, but I have not come up with anything usefull yet.

OpenVPN Config

client
dev tun
proto tcp
remote **.191.33.** 1701
resolv-retry infinite
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

persist-key
persist-tun

auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

auth SHA1
key-direction 1

reneg-sec 0

redirect-gateway def1

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

Intent

I am trying to connect to a VPN at a remote location, from home. The remote network is protected by a firewall facing the internet, all computers on the network behind the router is accessible, the 192.168.7.* network is standard Ubuiquity and used for VPN clients, I have added a firewall rule to allow traffic from 192.168.7.* to the 192.168.1.* network, this works fine from all computers I have tried it with, Mac, PC, Windows, Linux, MacOS. etc. except a PC running NetBSD.

The network configuration on the PC running NetBSD was performed during installation, and I used the auto-configuration feature, so I have not specified any networks, routes or rules at all. I am able to access the internet when using OpenVPN client, I just cannot access any of the machines on the remote network. So I guess the part I am missing is the routing from 192.168.7.* to 192.168.1.* so I will be able to access computers attached to that network