The irony isn’t lost on me that I spent a post on the weekend talking about getting rid of junk and committing to not buying more. The fact I labour over any decision to buy things thesedays means I’ve internalised it… right? Is that how it works?

Our first family i486SX ran DOS, then various versions of Windows 3.x. My parents insisted on recycling it when it kicked the bucket in the early 2000s, much to my chagrin. Fortunately I was able to salvage an old Sound Blaster 32 ISA card and a Panasonic 5.25-inch floppy drive from it back then, which both run in my Pentium 1 tower to this day.

That tower now multi-boots everything I care about from the time period, from MS-DOS 3.3 and 6.0, Windows 95, NT, BeOS, Red Hat Linux 6.3, and NetBSD, all behind a pretty PowerQuest BootMagic prompt. It’s amazing how far you can stretch two 32 GiB CompactFlash cards acting as IDE hard drives.

It works surprisingly well with that spread of systems. Being one of the last-generation AT motherboards, it still supports APM instead of ACPI, which DOS and Windows 3.x recognise and support, yet it can still run those newer OSs from the beginning of the 32-bit era with decent UDMA support and faster SDRAM.

But I’m starting to run into a few issues using DOS:

• I want to put more memory in for those newer OSs, but DOS runs into issues with more than 64 MiB.

• There isn’t a decent GPU with support stretching across all those systems. I want to play a few nostalgic 3D games in Windows 95, but good cards for that don’t support 3.x (a post about that is pending). I could piggyback an old Voodoo card, and leave 3.x and DOS using the 2D one, but have you seen the prices for those cards!? And just when I find a card that might be a candidate, I realise it doesn’t like Commander Keen 4+, a series infamous for being touchy with certain cards.

• We scoff at 200 MHz in 2022 (we did in 2012 as well), but it’s simply too fast for some DOS games and applications. Without a classic turbo switch on this box, the best I can do is use software hacks to effectively lower the clock speed. The results are mixed at best.

• Certain older utilities also don’t like the larger CF cards, even if the DOS partition size is tiny, and I’ve hidden other ones with BootMagic.

I’m starting to see a gap in my lineup of vintage tech that a dedicated machine would serve better. A 386 or 486 would free my P1 tower to be a better W95 and later machine, and would let me pick parts specific for DOS.

I love the idea of eschewing (gesundheit) conveniences like a CD-ROM, TCP/IP NICs, and Jaz drives to ferry data, much as I use my Commodore hardware. Maybe I’d cheat and get one of those USB or SD-card 3.5-inch floppy drive emulators, but it’d still be a disk-based system. I think it’d be fun.

Which leads to what computer I should refurbish or build. Ideally I’d want as small a machine as possible that I could stash under my existing monitor and connect to the VGA KVM my P1 and Commodore 128 use. Dell, Gateway 2000, and Siemens made a few slim “pizza box” machines that are closer in size to a PCjr or even a SPARCstation, but still accept ISA cards with a riser. But then, they’re getting up there in price too.

Why do I gravitate towards expensive hobbies?

By Ruben Schade in Sydney, 2022-01-24.

On my Mac OS (Moneterey 12.1) I see $NetBSD: readline.h, v 1.33 2012/05/15 which I guess is a part of libedit library. I want to use readline.h which is a part of GNU readline library. Is it possible to do that? And what steps should I implement? May be I use some incorrect terminology or misunderstand some concepts. I would appreciate your help.

I am trying to set up a NetBSD install with a static ip that is on a vlan. The router is set up to only allow other vlans to access this vlan, but not the other way around. So the NetBSD install should be able to ping the outside world and respond to pings by devices on other vlans. This is the same environment and machine and connection as Unable to reach host with static ip and gateway is vlan - Debian 10 just different os. I was able to get that machine working with the same gateway/server/netmask values. Just a quick summary...

Router configuration:

IP: 192.168.2.1
Netmask: 255.255.255.0
DHCP range: 192.168.2.2 - 192.168.2.10

This particular vlan configuration (VLAN 3):

VLAN IP: 192.168.0.1
Netmask: 255.255.255.0
DHCP range: 192.168.0.10 - 192.168.0.254

NetBSD/server configuration: Address 192.168.0.2 Netmask: 255.255.255.0 Gateway: 192.168.0.1

The man page for vlan said to do the following to set up (adapted for current set up):

ifconfig vlan3 create
ifconfig vlan3 vlan 3 vlanif bce0

But, I was not able to ping the outside world nor respond to pings from other vlans. I then tried to do:

create
vlan 3 vlanif bce0

and reboot, but that yielded the same result. I assigned 192.168.0.2 to vlan3 via ifconfig vlan3 192.168.0.2 netmask 255.255.255.0 and I got the same result.

I wasn't sure if lack of other vlans were interfering so I created ifconfig.vlan1 - ifconfig.vlan3 and then rebooted:

/etc/ifconfig.vlan1:

create
vlan 1 vlanif bce0 up

/etc/ifconfig.vlan2:

create
vlan 2 vlanif bce0 up

/etc/ifconfig.vlan3:

create
vlan 3 vlanif bce0 up

But I got the same result. I assigned vlan3 192.168.0.2, but the result was the same.

I tried creating a tap (ifconfig tap0 create) and then assigning it 192.168.0.2 then creating vlan3 (I destroyed vlan3 before hand) and then doing ifconfig vlan 3 vlanif tap up, but result was the same.

Here's a snippet of if I go back to the /etc/ifconfig.vlan1-3 files with no ip assigned to any vlan interface and tcpdump -vv -e vlan and then ping 192.168.0.2 from other vlans:

05:35:06.932765 90:a7:c1:b6:37:44 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 3, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.2 tell 192.168.0.1, length 42
05:35:07.932679 90:a7:c1:b6:37:44 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 3, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.2 tell 192.168.0.1, length 42

Here is raw tcpdump: https://web.archive.org/web/20220112142651/https://tmpfiles.org/dl/188092/tcpdumpout

I have ensured that my default route is 192.168.0.1.

I'm not sure if network interfaces are loaded in the wrong order or if there is a firewall/packet filter that's on by default that I'm not aware of, but I don't know what's wrong.

Catching up on some items I missed last week.

• Packet Scheduling with Dummnynet and FreeBSD.
• The important Unix idea of the “virtual filesystem switch”.
• A big PostgreSQL upgrade.
• Some ways to implement /dev/fd in Unix kernels.
• Video: Q&A.  About all the mostly-BSD hacking joshua stein does.
• Announcing the pkgsrc-2021Q4 branch.  (via)
• The BulkTracker Outage.
• GhostBSD 0nline Meetup, January 21st.
• Valuable News – 2022/01/10.
• LLDB FreeBSD live kernel debugging support.
• Minecraft 1.18.1 and latest MultiMC.

Hi everybody
I am using NetBSD 9.2 i386
I set up wpa_supplicant
rc.conf has dhcpcd and wpa_supplicant to YES
I have ifconfig.run0 set to hotspot and dhcp
what am I missing ? any help is much appreciated.

Does anyone here have experience running any of the 3 major BSD's on a thinkpad t420? I have a spare one that I'm considering putting netbsd on.

Can anyone think of any issues or problems when running net (or another BSD) on the T420?

I did some websearching on what webserver to use on my NetBSD machine.
What are you running?

One of my favorite youtubers did a walktrough setting up Nginx
https://youtu.be/2qhPekq0a4Y

Hello to everyone.

I'm trying to mount an UFS1 partition created within DragonFLY inside NetBSD. Below you can see how usually I mount it in DflyBsd and what error it gives when I mount it within NetBSD :

FROM DFLY :

<TOSHIBA External USB 3.0 0> at scbus9 target 0 lun 0 (pass13,sg13,da13)

# gpt show /dev/da13

start size index contents

0 1 - PMBR

1 1 - Pri GPT header

2 32 - Pri GPT table

34 2014 - Unused

2048 262144 0 GPT part - EFI System

264192 1953259520 1 GPT part - DragonFly Label64

1953523712 1423 - Unused

1953525135 32 - Sec GPT table

1953525167 1 - Sec GPT header

# mount -t ufs /dev/da13s1d /mnt/dragonfly-ufs

ok

FROM NETBSD :

localhost# dmesg | grep sd5

[ 5.077645] sd5 at scsibus5 target 0 lun 0: <TOSHIBA, External USB 3.0, 0> disk fixed

[ 5.087644] sd5: 931 GB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 1953525168 sectors

[ 8.317645] sd5: GPT GUID: 5da2a0fd-668a-11ec-9f5e-e1d55ee21f22

[ 8.327644] dk24 at sd5: "5da2a100-668a-11ec-9f5e-e1d55ee21f22", 262144 blocks at 2048, type: msdos

[ 8.327644] dk25 at sd5: "5da2a10d-668a-11ec-9f5e-e1d55ee21f22", 1953259520 blocks at 264192, type: <unknown>

mount -t ffs /dev/dk25 /mnt/toshiba931

mount_ffs: /dev/dk25 on /mnt/toshiba931: incorrect super block

I don't understand why dk25 is type "unknown" since I'm sure that it is UFS1.

Hey everyone!

I'm having trouble getting a wg interface on my NetBSD to work.

So, I think I set everything up according to this Mail:
https://mail-index.netbsd.org/current-users/2020/08/20/msg039393.html

Compiled a -CURRENT kernel (NetBSD myx.crabdance.com 9.99.93 NetBSD 9.99.93 (MYX) #1: Thu Dec 30 10:33:30 UTC 2021 [email protected]:/usr/src/sys/arch/amd64/compile/MYX amd64) including the wg pseudo-device.

Then I set up the device like this, trying to get a tunnel up to a linux wireguard box:

ifconfig wg0 create
ifconfig wg0 inet 192.168.0.102 netmask 255.255.255.0
ifconfig wg0 inet6 fdeb:4a6:eeb6:1::102 prefixlen 64
ifconfig wg0 up
wgconfig wg0 set private-key /root/wgkey
wgconfig wg0 set listen-port 45340
wgconfig wg0 add peer linuxpeer ajvowg1234567890123456789012345678901234567= --allowed-ips=192.168.0.1/32,fdeb:4a6:eeb6:1::100/128 --endpoint=1.2.3.4:45340

Now I have my device like this:

# ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
	status: active
	inet6 fe80::c838:34f1:ff28:f96d%wg0/64 flags 0 scopeid 0x6
	inet6 fdeb:4a6:eeb6:1::102/64 flags 0
	inet 192.168.0.102/24 flags 0

# wgconfig wg0
interface: wg0
	private-key: (hidden)
	listen-port: 45340
	peer: linuxpeer
		public-key: ajvowg1234567890123456789012345678901234567=
		endpoint: 1.2.3.4:45340
		preshared-key: (hidden)
		allowed-ips: 192.168.0.1/32,fdeb:4a6:eeb6:1::100/128
		latest-handshake: (never)

# route -n show
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
...
192.168.0/24       192.168.0.102      U           -        -      -  wg0
192.168.0.102      wg0                UHl         -        -      -  wg0

but I can ping neither the remote (just lists packet loss) nor myself:

# ping -c 4 -v 192.168.0.102
PING 192.168.0.102 (192.168.0.102): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

tcpdump show echo requests on wg0, but nothing else.

Did anyone get wg running? Am I missing something? Shouldn't pinging the local address work at least? I'm kinda out of ideas 😃
Appreciate any pointers, I can't find further documentation either.

This is the third post in my toolchains adventures series. Please read the introduction and the Q3 2021 report if you want to get more context about this journey.

The fourth quarter of 2021 started out in the best possible way, as I've been granted commit access to the LLVM project on October 1st.

During the first part of October, I did commit a couple of micro-optimizations to several compiler drivers along with small improvements in various places, as highlighted in the commit list at the end of this post.

At the end of the month, I attended the OpenBSD h2k21 hackathon in Gouveia, Portugal.

During the hackathon, I spent some time doing builds of LLVM from our base system to do measurements and evaluate if it could make sense to build our toolchain with ThinLTO optimizations enabled. While full LTO builds would be out of the question as our developers regularly build snapshots of the base system (and often on laptops), ThinLTO typically achieves a good compromise between optimizations and resources usage.

Unfortunately, my experiment didn't prove conclusive, and I quickly grew tired of waiting hours between each run to check the results. I used LLVM 11.1.0 at the time, and retesting more recently with LLVM 13.0.0 on a 4 CPUs virtual machine with 16GB of RAM gave similar results. Running time make -j4 in /usr/src/gnu/usr.bin/clang after applying modifications to enable building with ThinLTO resulted in a 7.3% increase in build time. Then, using the newly built ThinLTO optimized toolchain, I rebuilt an optimized LLVM again and the build was only 1.1% faster than the previous run.

Those preliminary benchmarks only measuring build time make me think there is little point in enabling ThinLTO alone at this time, and that it should be coupled with PGO (Profile-guided optimization) to be worth considering.

For the record, I used the following diff to rebuild LLVM in base:

Index: gnu/usr.bin/clang/Makefile.inc
===================================================================
RCS file: /cvs/src/gnu/usr.bin/clang/Makefile.inc,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile.inc
--- gnu/usr.bin/clang/Makefile.inc	21 Aug 2021 03:00:02 -0000	1.25
+++ gnu/usr.bin/clang/Makefile.inc	24 Oct 2021 16:18:15 -0000
@@ -46,6 +46,11 @@ CXXFLAGS+=	-fomit-frame-pointer
 NOPIE_FLAGS=	-fPIE
 .endif
 
+# ThinLTO
+.if ${MACHINE_ARCH} == "amd64"
+CXXFLAGS+=	-flto=thin
+.endif
+
 CPPFLAGS+=	-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS \
 		-D__STDC_FORMAT_MACROS

The next thing I did was checking usage of .gnu.warning.* sections in our C library. For an introduction to these sections, please refer to this article.

At the time of writing, libc functions for which we have .gnu.warning.* sections are:

.gnu.warning.strcpy:
	strcpy() is almost always misused, please use strlcpy()
.gnu.warning.stpcpy:
	stpcpy() is dangerous; do not use it
.gnu.warning.wcscat:
	wcscat() is almost always misused, please use wcslcat()
.gnu.warning.sprintf:
	sprintf() is often misused, please use snprintf()
.gnu.warning.tempnam:
	tempnam() possibly used unsafely; consider using mkstemp()
.gnu.warning.vsprintf:
	vsprintf() is often misused, please use vsnprintf()
.gnu.warning.mktemp:
	mktemp() possibly used unsafely; consider using mkstemp()
.gnu.warning.strcat:
	strcat() is almost always misused, please use strlcat()
.gnu.warning.wcscpy:
	wcscpy() is almost always misused, please use wcslcpy()
.gnu.warning.rand_r:
	rand_r() is not random, it is deterministic.
.gnu.warning.rand:
	rand() may return deterministic values, is that what you want?
.gnu.warning.getwd:
	getwd() possibly used unsafely; consider using getcwd()
.gnu.warning.random:
	random() may return deterministic values, is that what you want?
.gnu.warning.tmpnam:
	tmpnam() possibly used unsafely; consider using mkstemp()

Support for emitting linker warnings when using a symbol for which a .gnu.warning.symbol section exists is implemented in GNU linkers (ld and gold), but currently not in LLVM's LLD linker. Since we switched to LLD as the default linker on most of OpenBSD architectures, those warnings are not emitted anymore for a majority of users.

I thus sent a diff to remove mentions of ld warning messages for the mktemp(3), tmpnam(3), and tempnam(3) manual pages, but it was suggested that we should instead try to get LLD to support this feature instead. After discussing the matter with other developers during h2k21, this is indeed the consensus.

On the last day of the hackathon, I packaged elfcat, which is a neat ELF visualizer generating interactive HTML files from ELF binaries.

In November, I built gwcheck, a small tool to display .gnu.warning.* sections names in ELF objects along with their content, in order to check which other projects used them. So far, aside from OpenBSD, it turned out that FreeBSD, NetBSD, and DragonFly all use these sections in their libc, and that glibc, Newlib, diet libc, uClibc do as well. I then added a comment about my findings in the LLVM bug tracker issue about adding support in LLD to generate linker warnings when encountering them.

Regarding LLVM itself, I added support in llvm-readobj for reading ELF core notes for both OpenBSD and NetBSD. Notes generated in those core files provide additional information about the kernel state and CPU registers. These notes are described in the core(5) manual pages for each of those operating systems. Here is a link to the OpenBSD version, and here is one for the NetBSD counterpart.

I have not much to report in Pkgsrc land for this quarter, the only toolchains related commit I got the chance to make was for updating the mold linker to the 1.0.0 version.

That's all for now. I absolutely would like to continue exploring the topic, but I feel there is only so much I can do on my free time. Maybe I should start considering working in the field full-time?

LLVM commits:

• 2021-12-20 - f6ba5c4 - [llvm-readobj] Check ELFType value first when checking for OpenBSD notes
• 2021-11-29 - 878ff1f - [llvm-readobj] Add support for machine-independent NetBSD ELF core notes
• 2021-11-24 - 69deb13 - [clang][scan-build] Use cc/c++ instead of gcc/g++ on FreeBSD
• 2021-11-02 - 6503117 - [llvm-readobj] Add support for reading OpenBSD ELF core notes
• 2021-10-30 - 6ecd4a4 - [clang][scan-build] Use uname -s to detect the operating system
• 2021-10-21 - b471e25 - [clang] Support __float128 on DragonFlyBSD
• 2021-10-21 - 9635b29 - [docs] Fix broken link rendering in the LLVM Coding Standards
• 2021-10-16 - 4d7c7d8 - [docs] Mention DragonFlyBSD as a supported platform for LLVM
• 2021-10-15 - ecef035 - [Driver][NetBSD] Use Triple reference instead of ToolChain.getTriple()
• 2021-10-14 - 8ecbcd0 - [Driver][Darwin] Use T reference instead of getToolChain().getTriple()
• 2021-10-14 - f7a3214 - [Driver][WebAssembly] Use ToolChain reference instead of getToolChain()
• 2021-10-09 - 6417260 - [Driver][OpenBSD] Use ToolChain reference instead of getToolChain()
• 2021-10-08 - 1f90b36 - [Driver][NetBSD] Use ToolChain reference instead of getToolChain()
• 2021-10-06 - f0ffff4 - [CMake] Fix typo in error message for LLD in bootstrap builds

As a matter of fact, I have little time for NetBSD these days, so don't expect many new articles. Just take this as a sign of life. :-)

Of course if you think I should add some entry on something here, drop me an email and who knows - maybe I can get things rolling again here?

This is what I see

-bash-5.1$ /usr/pkg/bin/screen -S some-session -p 0 -m -d
-bash-5.1$ screen -X quit
-bash-5.1$ /usr/pkg/bin/screen -S some-session -p 0 -m -d
-bash-5.1$ screen -X quit
 No screen session found.

After the second invocation no screen session is actually started. For the sake of a simple example I am just running screen -X quit but other commands such as screen -ls show no screen sessions and I am not able to attach to any sessions (since truly none exist). Screen version 4.08.00 (GNU) 05-Feb-20

There seems to be no error whatsoever, any ideas of what could be happening here?

I have tried the same thing on MacOS 11.6 (Big Sur) with Screen version 4.00.03 (FAU) 23-Oct-06 and do not have the same error. I am not sure if this is specific to the version of Gnu Screen or the OS though?

A little short this week but the holidays are catching up to me.

• The Apple Macintosh as a User Interface Agent for Unix Systems.  (via)
• BSDCan 2022 is going to happen and maybe even in person.  The call for papers is out.
• ChiBUG is meeting this Tuesday, the 14th.
• FreeBSD 12.3 is out.
• Valuable News – 2021/12/06.
• Using FreeBSD’s pkg audit to Investigate Known Security Issues.
• LLDB FreeBSD kernel core dump support.
• FreeBSD on Slimbook — 14 months of updates.
• TrueNAS 12.0U7 is out.
• Cross-platform package building: Pkgsrc vs. Ravenports, parts one and two.
• Active Directory not-on-Windows, might be useful.
• A bit on what Unix system pre-boot environments used to look like.

Not just release announcements this week.

• NYCBUG is down today for a significant hardware move.
• FOSDEM 2022 is going to have a BSD Devroom.  It’s online, so you can submit prerecorded talks – submissions due December 31.
• Valuable News – 2021/11/29.
• GhostBSD 21.11.24 ISO is now available.
• mfs: sometimes useful?
• Exploring NetBSD’s msgs(1).  (via)
• Review: Netgate 6100.
• FreeBSD article writers needed.  I’ve linked to Klara Systems before.
• Speaking of which, UNIX Wars – The Battle for Standards.
• New Test System.  OpenBSD storage book is next apparently.
• HardenedBSD November 2021 Status Report.
• doas insults.  This is a gem.  (via)
• The previous link led me to 9front’s theo.
• Simple network dashboard with vnstat.
• The state of Steam on OpenBSD.
• Logitech MX Keys and MX Master on OpenBSD using Logi Bolt.
• OpenBSD Webzine #5.

[ About my public-facing work ]

Starting now, I’m moving my monthly posts from Patreon to my own website here. Why?

1. I prefer to own my data
2. There are many ways (Patreon merely one among them) in which people can fund my public-facing work

My corporate work focuses on learning together, experientially. My public-facing work is similar: I’m creating learning experiences, Open Source code, and combinations thereof — at present, like so:

• Packaging third-party software for a cross-platform Unix package manager
• Developing an email server
• Fixing bugs and adding features to a (mostly) static site generator
• Facilitating ensemble/mob programming sessions
• Streaming solo programming sessions
• Organizing meetups about programming and Agile

For more, see crowdfunding. I’m grateful for your support.

Experiences

Held our final Legacy Open Source Fridays ensemble session of 2021. Started back up with streaming my solo programming sessions on Twitch, mostly pkgsrc-related so far. Improving my stream a bit each time.

For Jersey City Java, experimented with having a vendor present their product: a brief introduction to the tool, followed by programming together with Pejman Ghorbanzade. Glad we tried it. If we do another vendor session sometime, this’ll be how.

Building momentum with Southern Connecticut Agile, our second meetup was an extremely well liked conversation with Esther Derby and Matthew Carlson. We’ll skip December (too much holiday stuff), though JC-JUG’s session will be of interest. I’m excited for our January SoCTAgile speaker.

Build farm

VirtualBox 6.1.30 fixed the macOS Monterey troubles I encountered last month.

Upgrading Devuan 3.1 to 4.0 was straightforward, as was updating Ubuntu aarch64 to 21.10.

After much reading and trying stuff, bringing up a 2007 MacBook (64-bit system, 32-bit EFI) with Lubuntu 21.10 was ultimately uneventful. It’s no speed demon. I doubt I’ll keep it running. But the tricks I’ve just learned should apply to my original 2006 Mac Pro, boosted many years ago with SSD and lots of RAM and needing only an OS that can be kept current. In the meantime, a cursory build of my usual packages turned up a build failure in libspf2.

pkgsrc fixes

• Doing cross-platform testing of an Ubuntu 21.10 fix for libspf2 (works nearly everywhere else, but needs more fixing on OpenBSD and Void)
• Reviewed a fix needed in my cross-platform build environment, now awaiting commit by the author
• lighttpd: upstream patch for use-after-free
• libhighlight: bump required API version to fix runtime errors seen on wiki.netbsd.org
• ikiwiki: provide pkgsrc-compatible default values for configurable paths to fix runtime errors seen on wiki.netbsd.org
• Linux with non-executable glibc (such as Ubuntu/aarch64 21.10): fall back to detecting GLIBC_VERSION another way
• qmail and djbdns: catch up to pkgsrc’s switch from RMD160 to BLAKE2s hashes
• gdk-pixbuf2: fix macOS build
• ucspi-tools: fix Linux build
• bootstrap: note that Solaris 11 works

pkgsrc updates

• mob to 2.1.0
• texttest to 4.0.8
• p5-App-Sqitch to 1.2.0
• py-approvaltests to 3.1.0
• getmail to 5.16

pkgsrc additions

• ucspi-udp
• tcpexec
• fd-proxy
• pikchr
• AusweisApp2 (to pkgsrc-wip for further attention)
• dstp (also to pkgsrc-wip)

notqmail

Legacy Open Source Fridays has produced a few pull requests which we’re still working through. I made some progress on getting Add tests for qmail-send:job_*() functions past the Solaris autobuilds.

Legacy Open Source Fridays has also produced a few people with motivation to continue programming notqmail. I had not imagined this possibility, and am gratified that it’s happened.

ikiwiki

My motivation for packaging pikchr was to be able to integrate it into ikiwiki. Ikiwiki already has a graphviz plugin which I’ve been using to generate somewhat explanatory diagrams of acceptutils — but I’m not thrilled with my diagrams, pikchr appears designed to run in precisely this kind of context, and maybe I’ll like it better. When I write the pikchr plugin for ikiwiki, it’ll be streamed (subscribe to my Twitch). In the meantime, you can watch me create the pikchr package.

Relatively quiet this week for BSD items, but it’s a holiday week in the US.

• Valuable News – 2021/11/22.
• Project Report: Add support for chdir(2) support in posix_spawn(3).
• Why V7 Unix matters so much.
• Wired XBox 360 Controller minor issue.
• Torn between getting a used thinkpad vs a new Chromebook.
• OpenZFS 3.0 Introduced at Developer Summit.
• OctoPkg: A Great GUI Package Manager In FreeBSD.  (via)
• How to Access Your Modem’s Web Interface with OPNsense.  (via)
• Where in the Stack?
• OpenBSD on the VIA Eden X2 powered HP t510 Thin Client.

This post was written by Piyush Sachdeva:

Abstract

The primary goal of the project was to extend posix_spawn(3) to include chdir(2) for the newly created child process. Two functions were supposed to be implemented, namely posix_spawn_file_actions_addchdir() and posix_spawn_file_actions_addfchdir(), to support both chdir(2) and fchdir(2) respectively. posix_spawn() is a POSIX standard method responsible for creating and executing new child processes.

Implementation

The original code can be found at my github tree.

The implementation plan was discussed and made with the guidance of both my mentors Martin Husemann and Joerg Sonnenberger. The plan was divided into three phases each corresponding to the specific part of The NetBSD code-base which is supposed to be touched:

User-Land

The following actions were performed in the user-land to set things up for the kernel-space.

• Add another member to the posix_spawn_file_actions_t struct i.e a union, which would hold the path to chdir to.
• Implement the two functions posix_spawn_file_actions_addchdir() and posix_spawn_file_actions_addfchdir(). These functions would:
  1. allocate memory for another posix_spawn_file_actions_t object in the posix_spawn_file_actions_t array.
  2. take the path/file descriptor from the user as an argument and make the relative field of the newly allocated file actions object, point to it.
• The final step was to add the prototypes for the two new functions to the `src/include/spawn.h' header file

Once the aforementioned changes were made, the only thing left to do was to make the kernel support these two new functions.

Kernel-Space

The following actions were performed inside the kernel space.

• The three functions in the `src/sys/kern_exec.c' file which correspond to the posix_spawn_file_actions were edited:
  • posix_spawn_fa_alloc() was adjusted to make sure that the path passed to posix_spawn_file_actions_addchdir() gets copied from the user-land to the kernel-space.
  • Similarly posix_spawn_fa_free() was adjusted to make sure that the memory allocated in case of FAE_CHDIR gets freed as well.
  • Finally, two new cases FAE_CHDIR & FAE_FCHDIR were added in the handle_posix_spawn_file_actions(). In each of the cases, a call to one of the two newly created functions (discussed in the next point) do_sys_chdir() and do_sys_fchdir() was made respectively.

  Note: At the time of code integration, a helper function was written by Christos Zoulas. This function aimed to reduce the amount of repeated code in both posix_spawn_fa__free() and posix_spawn_fa_alloc()

• Two new functions, similar to the already present sys_chdir() and sys_fchdir() in `src/sys/vfs_syscalls.c' were created. Namely do_sys_chdir() and do_sys_chdir were written with two specific thoughts in mind:
  • By default sys_chdir() and sys_fchdir() took syscallargs as a parameter. The purpose of the new functions was to replace this with const char * and an int type parameter respectively.
  • The do_sys_chdir() also replaced UIO_USERSPACE with UIO_SYSSPACE. This was done because the chdir path passed to this function already resided in the Kernel-space due to the change made in posix_spawn_fa_alloc().
• Finally, the prototypes for the newly written functions were added to the `src/sys/sys/vfs_syscalls.h' file and this file was also included in the 'sys/kern/kern_exec.c'.

Note: Similar to the above changes of user-land and kernel-space, a few tweaks were also made to `src/sys/compat/netbsd/netbsd32.h' and `netbsd32_execve.c'. This was required to help COMPAT_NETBSD32 deal with the new file actions member. However, these changes were made at the time of integration by Martin Husemann.

With most of addition of new features being done, all that remained was testing and documentation.

Testing & Documentation

• A total of ten new test cases have been added to the `src/tests/lib/libc/gen/posix_spawn/t_spawn.c' file.
• Three utility functions were also used to aid in testing. Out of the three, one new function was written and two existing functions (filesize() and empty_outfile()) from `t_fileactions.c' were used. To make sure that the 2 existing functions were shared between both the files i.e `t_spawn.c' and `t_fileactions.c' a new header and C file was created, namely `fa_spawn_utils.h' and `fa_spawn_utils.c'. Following this, the bodies of both the functions were moved from `t_fileactions.c' to `fa_spawn_utils.c' and their prototypes were added to the corresponding header file.
• The general approach that was taken to all test cases was to make posix_spawn() execute ``/bin/pwd'' and write the output to a file. Then read the file and do string comparison. The third function i.e. check_succes() was written for just this purpose.
• The ten test cases cover the following scenarios:
  • Absolute path test - for both chdir and fchdir.
  • Relative path test - for both chdir and fchdir.
  • Trying to open a file instead of directory - for both chdir and fchdir.
  • Invalid path/file descriptor (fd=-1) - for both chdir and fchdir.
  • Trying to open a directory without access permissions for chdir.
  • Opening a closed file descriptor for fchdir.
• The first 8 test cases had a lot of repetitive code. Therefore, at the time of integration, another function was created i.e spawn_chdir(). This function included a huge chunk of the common code and it did all the heavy lifting for those first 8 test cases.

Documentation:

In this matter, a complete man page is written which explains both posix_spawn_file_actions_addchdir() and posix_spawn_file_actions_addfchdir() in great detail. The content of the manual page is taken from the POSIX documentation provided to us by Robert Elz.

Issues

Since the project was well planned from the beginning, it resulted in few issues.

• The user-land was the most straight forward part of the project and I had no trouble sailing through it.
• Kernel space was where things got a bit complicated, as I had to add functionality to pre-existing functions.
• I was completely new to using atf(7) and groff(1). Therefore, it took me some time to understand the respective man pages and become comfortable with testing and documentation part.

Most of the issues faced were generally logistical. As it was my first time doing a kernel project, I was new to building from source, Virtual Machines and other things like SSH. But luckily, I had great help from my mentors and the entire NetBSD community.

Thanks

I would like to express my heartfelt gratitude to The NetBSD Foundation for giving me this opportunity and sponsoring the Project. This project would not have been possible without the constant support and encouragement of both my mentors Martin Husemann and Joerg Sonnenberger. My gratitude to Christos Zoulas who worked on the crucial part of integrating the code. A special mention to all of the other esteemed NetBSD developers, who have helped me navigate through the thick and thin of this project and have answered even my most trivial questions.

Note the upcoming SEMIBUG meeting.  I’ll post a reminder.

• Jenkins with FreeBSD Agents in EC2.  (via)
• Manage Kubernetes Cluster from FreeBSD with kubectl. (via)
• What if Internet stops? How to rebuild an offline federated infrastructure using OpenBSD.
• OpenBSD on Raspberry Pi 4 with Full-Disk Encryption.  (via)
• SEMIBUG is meeting November 16th, with a presentation from Deb Goodkin, head of the FreeBSD Foundation.  It’s online.
• How I ended liking GNOME.  Also, using X with the loss of one hand.
• Valuable News – 2021/11/08.
• UNIX Mouse Shootout.
• 0ad several versions behind, cant play online because of this.  Linking so I remember to play it.
• FreeBSD Documentation: Papers We Love To Read.
• go-modules.mk.
• depotdownloader issues.
• FreeBSD 12.3RC1 is out.
• OPNsense 21.7.5 released.
• OpenBSD Webzine #4.

I am pleased to announce that tcsh-6.23 is now available; this is mainly a bug fix release (after 2 years) with a couple of new features:

1. Add jobs -Z to setproctitle(3)
2. Add ln=target in LS_COLORS
3. Add a :Q modifier that preserves empty arguments

Please consult the Fixes file for a complete list of changes.

Tcsh is an enhanced version of the Berkeley C-shell that offers command line editing and completion plus many other little things that preserve the length of your fingers.

Tcsh runs on most UNIX machines, as well as Windows.

You can get tcsh from ftp://ftp.astron.com/pub/tcsh/tcsh-6.23.00.tar.gz
The latest source is on GitHub: https://github.com/tcsh-org/tcsh

RMD160 (tcsh-6.23.00.tar.gz) = 956bf3a7cf52f5e4865749d29946cf6e8d512ae3

This is a gzip (GNU zip) tar archive. If you don’t have GNU zip you can get it from ftp.gnu.org or other GNU mirrors.

I would like to thank:

• everyone who sent bug reports
• the beta team for all their help, bug fixes, and suggestions

Kind regards,
+ Kimmo

I trying to integrate application with sysrepo in NETBSD platform. Looks like sysrepo requires "pthread_mutexattr_setpshared" support.

Also, looks like NETBSD man-page lists, by default above functionality is hidden , however source code implies its not supported.

Can anyone please help me out here to confirm whether NETBSD supports pthread shared mutex between the process?

I have access to just *nix systems. Either NetBSD and/or bare Linux-based OS.

So my question comes from the fact that ADB is not widely available on all platforms, if so is very hard to install or obtain (having access to internet, get super user access, etc).

Anyways, RNDIS functionality is already offered by almost all Android devices. Allowing the phone to become a "router" will give me the option to use netcat because I can just set up a "server" and get/receive files bidirectionally, without the need of getting ADB involved.

Like this:

NetBSD
dhcpcd -n urndis0

Linux
udhcpd -i usb0

That will give me an IP within a subnet set up by Android. Something like: 192.168.32.225/24

So, essentially the phone acts as a router, giving my *nix computer an IP belonging to a subnet set up by the phone itself. I would like to just open a port on my localhost 127.0.0.1 with netcat and just transfer files.

Something like this:

On Android device:
busybox nc -v -w3 -l -p 3838

On *nix system (Linux in the example below):
nc -v -w3 **(upper higher loopdevice outside subnetted network) 127.0.0.24** 3838

And be able to access the "higher" network/loopdevice already existing within Android's own local network.

Let's assume the Android phone is another host sharing it's connection and assigning a subnet IP to my computer for that matter so my *nix box can access the internet:

My question is then: Can I use the the IP (which is within a subnet) provided by the RNDIS interface of the Android phone to access the local network of the phone itself with just standard tools in *nix?

Solution @Frédéric Loyer Thank you very much!

Wonderful, with this method there is no need for me to get adb on each computer I'm on, most of the time what I got is busybox nc and or ssh. This is perfect, with this I can even ssh into my Android without even needing an active connection on the phone itself, isn't amazing!?

Here is what I did.

# This makes my computer to request an IP to my phone.
$sudo udhcpc -i usb0

# Since I got access to busybox-only most of the time, this gives me the IP from the "router" which is the phone.

$route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.42.129  0.0.0.0         UG    0      0        0 usb0
127.0.0.1       *               255.255.255.255 UH    0      0        0 lo
192.168.42.0    *               255.255.255.0   U     0      0        0 usb0

# ifconfig output shows me the new IP assigned to usb0 on my computer.

After this is just a matter of ssh'ing onto my phone or open ports with Termux. Amazing! :)

I'm an intermediate *NIX user who has been using these OSes since 1994, but I'm not up to date.

I'm frustrated with Mint linux on my very old Dell laptop because when I open too many browser tabs it takes the whole system to such a crawl (suddenly, like a straw that breaks a camel's back) that I can't use the mouse and can't even Alt-Ctrl-F1 to get to a vtty to kill processes. I end up powerswitching the computer off.

I'm looking for an OS that keeps the essential system components running and responding even when a particular process starts grinding down into zombieland, so I could gracefully recover. I need to be able to do the following things:

• Use a wide variety of WiFi hardware (mostly USB but also built-in) on a wide variety of oddball laptop and desktop hardware.
• Read and write reliably to NTFS, hopefully with BitLocker encryption
• Read and write reliably to Ext4, hopefully including LUKS disks
• Hopefully, be able to mount and use VeraCrypt volumes
• Read and write exFAT and memory sticks in general
• Hopefully, be able to run Windows 10 in a virtual environment / Wine
• Security is important to me, but functionality comes first for this use

I'm open to any BSD, Unix or linux OS, or anything else really. I run OpenBSD on this laptop dual-boot, but it won't do all the spiffy things I need to do. This is an old Dell laptop. I'll also be running whatever new OS on an old HP laptop and a few custom-built very old desktops. I'm willing to try a few things, but want to get ideas.

This should be my "Windows replacement" OS, so as full-featured as a workstation as possible.

Are there any other linux OSes that manage system resources better so one app can't drag down the whole system?

NetBSD? FreeBSD?

Thank you! <3 <3

I did a macOS software update recently and was greeted with a Relocated Items.nosync folder on my desktop.

Inside was a PDF explaining what it was:

During the last macOS upgrade or file migration, some of your files couldn’t be moved to their new locations. This folder contains these files.

These configuration files were modified or customised by you, by another user or by an app. The modifications may be incompatible with the recent macOS upgrade. The modified files are in the Configuration folder, organised in subfolders named after their original locations.

To restore any of the custom configurations, compare your modifications with the configuration changes made during the macOS upgrade and combine them when possible.

There was only one affected file: /private/etc/shells. I’d echo’d the path of the OpenBSD portable Kornshell from pkgsrc into it so I could use it as my daily driver, because I’m a gentleman.

The notice above had me believing they’d replaced my config, but instead they’d retained my original file and put their desired changes into the relocated folder. A quick diff, which sounds more like a band name, showed:

12d11
< /opt/pkg/bin/oksh

I think I’ll be fine keeping that.

By Ruben Schade in Sydney, 2021-10-16.

Back in the fall of 2020, I was approached about adding Spleen to the NetBSD's xsrc repository. Needless to say, I wasn't difficult to convince, and imported Spleen 1.8.2 as font-spleen-misc. With this being done, [email protected] added all the required glue to hook the fonts to the build, and then changed the default CTWM configuration to do automatic font scaling based on screen size, and make Spleen the default font.

CTWM had previously been promoted as the default window manager on NetBSD, and saw several tweaks and improvements to make it look more modern, notably with a nice orange themed menu.

Below is a screenshot of CTWM with Spleen 8x16, running on my HP t510 Thin Client plugged to a 1600x900 monitor, showing JED, Lynx, xcalc and xv.

One last thing to note, there are now live images available in -current for amd64, and NetBSD 10 will be the first release to officially provide them. While NetBSD/evbarm has had live images for a long time now, their availability on amd64 is a much welcome addition, as this allows to easily test NetBSD's default CTWM configuration :-)

The most recent version is currently NetBSD-9.99.90-amd64-live.img.gz and can be downloaded here.

Once again, thanks to Nia for doing all of this!

I've been keeping myself busy since I posted the "Diving into toolchains" article at the beginning of June, so here is an update detailing what I've been up to during the past couple of months.

At the end of June, I went through the FSF copyright assignment process for both Binutils and GDB, which now allows me to contribute larger changes to these codebases. I thus updated the NetBSD system call table in GDB, and added support to readelf for reading OpenBSD ELF core notes.

In Pkgsrc land, I packaged and imported mold, a new linker that is optimized for modern multi-core machines, and updated our binutils package to the latest version.

At the end of August, I attended the OpenBSD k2k21 hackathon, and one of the goals I had was to get source-based code coverage working in LLVM. The first part of this was to find how to allow the compiler driver to link against the libclang_rt.profile library when passing the -fprofile-instr-generate and -fcoverage-mapping options to Clang. Once I figured the magic incantation, I committed my change to src and sent it upstream where it got committed and backported to the LLVM 13 branch. With this part sorted, the next step was to build and ship the library in the base system. I added build infrastructure for the library in base, and linked it to the build. It is now enabled on architectures where Clang is built.

To illustrate what we can do with the source-based code coverage, let's take the following C program:

#include <stdio.h>

int
main()
{
	printf(" >o_/   >o_/   >o_/ \n");
	return 0;

	printf("*PAN!* *PAN!* *PAN!*\n");
}

Let's build and instrument it to emit profile data:

clang -fprofile-instr-generate -fcoverage-mapping ducks.c -o ducks

And we can now run it to collect and process profile data:

LLVM_PROFILE_FILE="ducks.profraw" ./ducks
llvm-profdata merge -sparse ducks.profraw -o ducks.profdata
llvm-cov show ./ducks -instr-profile=ducks.profdata

We can see that no ducks were harmed during this experiment:

Coverage reports can also be created by llvm-cov:

llvm-cov report ./ducks -instr-profile=ducks.profdata

Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/home/f/ducks/ducks.c               2                 1    50.00%           1                 0   100.00%           6                 1    83.33%
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                               2                 1    50.00%           1                 0   100.00%           6                 1    83.33%

Using the LLVM_PROFILE_FILE environment variable, it is possible to do several runs with different options and/or input files and get a new .profraw file each time. All those files can then be merged using llvm-profdata, which is pretty useful for doing coverage reports from unit tests.

On top of the OpenBSD related changes I've been contributing upstream to LLVM, I've been continuing my experiments with the build system. I've also been reading documentation about various parts of the toolchain, sending diffs when encountering mistakes or things which could be improved.

binutils and GDB commits:

• 2021-09-11 - 98ca73a - Add support to readelf for reading OpenBSD ELF core notes
• 2021-07-14 - 77db472 - Update the NetBSD system call table to match NetBSD-current

Pkgsrc toolchains related commits:

• 2021-09-27 - 65675ea - Update to mold 0.9.6
• 2021-09-11 - 871f328 - Update to binutils 2.37
• 2021-09-11 - 53d0f2e - Update to mold 0.9.5
• 2021-07-29 - 1b5d585 - Import mold 0.9.3

LLVM commits:

• 2021-09-30 - 97a0ba4 - [clang] Update Clang version from 13 to 14 in scan-build.1
• 2021-09-30 - 01641f6 - [clang] Fix sentence in the usage section of ThinLTO docs
• 2021-09-29 - 7a7caf9 - [clang] Fix library name (libsupc++) in the admonition note
• 2021-09-28 - 5b125a4 - [CMake] Add detection for the mold linker in AddLLVM.cmake
• 2021-09-24 - 626e2a6 - [compiler-rt] Use portable "#!/usr/bin/env bash" shebang for tests
• 2021-09-24 - 4ed0531 - [docs] Document the –print-passes flag in opt
• 2021-09-23 - 7f5ca8c - [clang] Use portable "#!/usr/bin/env bash" shebang for tools and utils
• 2021-09-17 - b588f5d - [clang][scan-build] Use cc/c++ instead of gcc/g++ on OpenBSD
• 2021-09-07 - 4787ef3 - [compiler-rt] Document that builtins is known to work on OpenBSD
• 2021-09-03 - 466451c - [clang] Allow the OpenBSD driver to link the libclang_rt.profile library
• 2021-07-27 - 1862ffe - [clang] Fix a typo in the manual page: s/contraint/constraint
• 2021-07-23 - bc96aa9 - [clang] Fix typos in Options.td and regen ClangCommandLineReference.rst

This is the OpenBSD counterpart of my article about running NetBSD on the Vortex86DX CPU, and its purpose is mostly to archive a dmesg entry and various benchmarks for this machine. I should note that with only 256MB of RAM, the machine is too constrained to do kernel and libraries relinking in a timely manner, due to swapping.

For more information and background about the hardware, please refer to my other article.

Here is the result of a quick md5 -t benchmark:

MD5 time trial.  Processing 10000 10000-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 2.398437 seconds
Speed  = 41693819.766790 bytes/second

Here is the result of the sha1 -t benchmark:

SHA1 time trial.  Processing 10000 10000-byte blocks...
Digest = 74a57b897cc581defa5b3a359fa762a1b83a60e8
Time   = 5.648437 seconds
Speed  = 17704012.632167 bytes/second

For the record, LibreSSL speed benchmark results are available here.

System message buffer (dmesg output):

OpenBSD 7.0 (GENERIC) #203: Wed Sep 22 19:24:38 MDT 2021
    [email protected]:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 267927552 (255MB)
avail mem = 246661120 (235MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 10/29/10, BIOS32 rev. 0 @ 0xf0010
pcibios0 at bios0: rev 3.0 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3a80/224 (12 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x17f3 product 0x6031
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xe9400/0x200!
cpu0 at mainbus0: (uniprocessor)
cpu0: Vortex86 SoC  (586-class) 1.01 GHz, 05-02-02
cpu0: FPU,TSC,CX8
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "RDC R6021 Host" rev 0x02
vga1 at pci0 dev 3 function 0 "XGI Technology Volari Z7" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "RDC R6031 ISA" rev 0x02
vte0 at pci0 dev 8 function 0 "RDC R6040 Ethernet" rev 0x00: irq 10, address 00:1b:eb:22:16:5c
rdcphy0 at vte0 phy 1: R6040 10/100 PHY, rev. 1
ohci0 at pci0 dev 10 function 0 "RDC R6060 USB" rev 0x12: irq 11, version 1.0, legacy support
ehci0 at pci0 dev 10 function 1 "RDC R6061 USB2" rev 0x03: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "RDC EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 11 function 0 "RDC R6060 USB" rev 0x12: irq 11, version 1.0, legacy support
ehci1 at pci0 dev 11 function 1 "RDC R6061 USB2" rev 0x03: irq 11
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "RDC EHCI root hub" rev 2.00/1.00 addr 1
pciide0 at pci0 dev 12 function 0 "RDC R1011 IDE" rev 0x01: DMA (unsupported), channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "RDC OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "RDC OHCI root hub" rev 1.00/1.00 addr 1
dt: 445 probes
umass0 at uhub1 port 2 configuration 1 interface 0 "SanDisk Cruzer Switch" rev 2.00/1.27 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0: <SanDisk, Cruzer Switch, 1.27> removable serial.07815572120302108502
sd0: 7633MB, 512 bytes/sector, 15633408 sectors
uhidev0 at uhub2 port 1 configuration 1 interface 0 "Lenovo ThinkPad Compact USB Keyboard with TrackPoint" rev 2.00/3.30 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub2 port 1 configuration 1 interface 1 "Lenovo ThinkPad Compact USB Keyboard with TrackPoint" rev 2.00/3.30 addr 2
uhidev1: iclass 3/1, 22 report ids
ums0 at uhidev1 reportid 1: 5 buttons, Z and W dir
wsmouse0 at ums0 mux 0
ucc0 at uhidev1 reportid 16: 573 usages, 18 keys, array
wskbd2 at ucc0 mux 1
wskbd2: connecting to wsdisplay0
uhid0 at uhidev1 reportid 17: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 19: input=8, output=8, feature=8
uhid2 at uhidev1 reportid 21: input=2, output=0, feature=0
uhid3 at uhidev1 reportid 22: input=2, output=0, feature=0
uaudio0 at uhub2 port 2 configuration 1 interface 1 "ABC C-Media USB Audio Device" rev 1.10/1.00 addr 3
uaudio0: class v1, full-speed, sync, channels: 2 play, 1 rec, 8 ctls
audio0 at uaudio0
uhidev2 at uhub2 port 2 configuration 1 interface 3 "ABC C-Media USB Audio Device" rev 1.10/1.00 addr 3
uhidev2: iclass 3/0
ucc1 at uhidev2: 11 usages, 3 keys, enum
wskbd3 at ucc1 mux 1
wskbd3: connecting to wsdisplay0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (779fe8066eed6ce5.a) swap on sd0b dump on sd0b

There are no sensors available on this machine.

PCI device data:

# pcidump
Domain /dev/pci0:
 0:0:0: RDC R6021 Host
 0:3:0: XGI Technology Volari Z7
 0:7:0: RDC R6031 ISA
 0:8:0: RDC R6040 Ethernet
 0:10:0: RDC R6060 USB
 0:10:1: RDC R6061 USB2
 0:11:0: RDC R6060 USB
 0:11:1: RDC R6061 USB2
 0:12:0: RDC R1011 IDE

I've just installed virt-manager with pkgin on NetBSD 9.2 just because I want to emulate the virtual machines with qemu + nvmm on NetBSD 9.2. The installation of virt-manager went ok. But,when I ran it,an error came up :

netbsd-marietto# virt-manager

Traceback (most recent call last):

File "/usr/pkg/share/virt-manager/virt-manager.py", line 386, in <module>

main()

File "/usr/pkg/share/virt-manager/virt-manager.py", line 247, in main

from virtManager import cli

File "/usr/pkg/share/virt-manager/virtManager/cli.py", line 29, in <module>

import libvirt

ImportError: No module named libvirt

Googling a little bit maybe I've found the solution here :

https://www.unitedbsd.com/d/285-linux-user-and-netbsd-enthusiast-hoping-to-migrate-some-day

where "kim" said :

Looking at pkgsrc/sysutils/libvirt/PLIST it doesn't look like the package provides any Python bindings -- which is what the "ImportError: No module named libvirt" error message is about. You could try py-libvirt from pkgsrc-wip and see how that works out.

I tried to start the compilation like this :

netbsd-marietto# cd /home/mario/Desktop/pkgsrc-wip/py-libvirt
netbsd-marietto# make

but I've got this error :

make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 15: Could not find ../../wip/libvirt/buildlink3.mk
make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 16: Could not find ../../lang/python/distutils.mk
make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 17: Could not find ../../mk/bsd.pkg.mk
make: Fatal errors encountered -- cannot continue

If u want to see the content of the Makefile,it is :

gedit /home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile

#$NetBSD: Makefile,v 1.32 2018/11/30 09:59:40 adam Exp $

PKGNAME= ${PYPKGPREFIX}-${DISTNAME:S/-python//}
DISTNAME= libvirt-python-5.8.0
CATEGORIES= sysutils python
MASTER_SITES= https://libvirt.org/sources/python/

MAINTAINER= [email protected]
HOMEPAGE= https://libvirt.org/sources/python/
COMMENT= libvirt python library
LICENSE= gnu-lgpl-v2

USE_TOOLS+= pkg-config

.include "../../wip/libvirt/buildlink3.mk"
.include "../../lang/python/distutils.mk"
.include "../../mk/bsd.pkg.mk"

Can someone help me to fix the error ? very thanks.

I have a confession. As opposed to a professioion? WHOA, is that how that works? Don’t answer that.

I’ve mentioned many times how excited I was for OpenZFS in FreeBSD 13, due in no small part to its inline encryption capabilities. I’d used the closed-source equivalent on the last Solaris, and had made some proof of concepts on the -CURRENT branch, but I hadn’t used it for any real world data. I also didn’t feel as compelled to rush out and replace my GELI encrypted volumes as I first thought. It still works, and will for the foreseeable future.

A shiny new set of drives for my home server finally gave me the kick up the proverbial posterior to give it a shot with some prod data that definitely isn’t a Plex server for anime. This was my story. DUN DUN.

The existing GELI approach

We’ve always been able to encrypt ZFS on FreeBSD, albeit with an intermediate layer performing the encryption before our data hits the disk. GELI was the most recent and accepted tool to achieve this, akin to cgd on NetBSD, or LUKS on Linux. It’s proven, well tested, and secure, like my hat. Wait, what?

Here’s an example of a typical encrypted ZFS volume using GELI. We create a new GPT layout, label it (you’ll be glad you did), create a key, create a new virtual GELI encrypted block device, then build our ZFS pool on top. Note in the final step we reference the virtual encrypted device:

# _LABEL="12TB-IronWolf-SERIALNO"
# _KEY="/root/example.key"
	
# gpart -s create gpt /dev/ada5
# gpart add -t freebsd-zfs -l "$_LABEL" /dev/ada5
	
# openssl rand -hex 32 | tee "$_KEY"
# geli init -P -K "$_KEY" "/dev/gpt/$_LABEL"
# geli attach -pk "$_KEY" "/dev/gpt/$_LABEL"
	
# zpool create pool "/dev/gpt/${_LABEL}.eli"
# zfs create pool/tank

This uses a plain disk, but you could just as easily build this on top of an iSCSI mount, or a HAST volume. When you restart, you perform the geli attach then zpool import as normal.

The key here is you’re encrypting the entire partition beneath ZFS. GELI is device and file-system agnostic, and ZFS is unaware (AFAIK) that it’s operating within a virtual encrypted device. This may still be preferable in some circumstances, as we’ll get to in a moment.

OpenZFS inline encryption

By contrast, is a phrase with two words. OpenZFS’s native encryption operates at the dataset level, negating the need for a GELI device that has to be mounted separately. What’s even cooler is that all of ZFS’s data integrity, deduping, compression, exports, and other features can operate on these encrypted datasets, even if they’re not imported/mounted. Cray!

You can prepare your drive with gpart(8) and create a key as per above. After that, we create a zpool(8), which has the encryption feature available by default on FreeBSD 13:

# zpool create pool "/dev/gpt/$_LABEL"
	
# zpool get [email protected] pool
==> pool [email protected] active local

Then create a new encrypted volume. You can also verify the operation and check the encryption scheme used with zfs-get(8):

# zfs create -o encryption=on -o keyformat=hex \
	-o keylocation=file:///root/example.key pool/tank 
   
# zfs get encryption,keylocation,keyformat pool/tank
==> NAME       PROPERTY     VALUE                     SOURCE
==> pool/tank  encryption   aes-256-gcm               -
==> pool/tank  keylocation  file:///root/example.key  local
==> pool/tank  keyformat    hex

Wait, hold on, that’s it? Yes! How cool is that!?

Gotchas

I had initially assumed that using keys would result in the zfs datasets automounting when the zpool is imported, which is not the case. Even if their key is available, you must import them first before the zfs dataset is mounted and ready to use (it looks like an rc.d service was written and reviewed to facilitate doing this on boot, which I’ll need to investigate).

The easiest way to do this is with the lowercase L option in zpool(8) import, which retrieves all the keys it can before mounting your encrypted datasets:

# zpool import pool -l

Or you can load all available keys with zfs(8) load-key:

# zpool import pool
# zfs load-key -a

Refer to the linked man pages for more details. Even if you don’t need more details, and just want to marvel at what well-documented software looks like. The GNU people could learn a lesson or two (or three).

Considerations

As I eluded to above, there are a couple of caveats. GELI encrypts whatever data is handed to it, whereas OpenZFS necessarily stores metadata about the datasets in order to use them. This includes dataset and snapshot names. Bear (bare?) that in mind when you’re naming and structuring your datasets.

This is speculation on my part, but I’d also think there’d be a chance for plausible deniability in a device that’s been completely encrypted with GELI, just as any device that uses whole drive encryption. By contrast, OpenZFS dataset metadata makes it obvious that they contain encrypted data, and the scheme with which the data was encrypted. I could be wrong here though.

Overall, is an item of clothing. OpenZFS encryption makes the system administrator’s life easier, and those caveats don’t concern me for how I store my data. I’ll be using it for everything going forward.

Allan Jude and Kyle Kneisl’s FreeBSD Journal article from last year is a great resource if you’d like to learn more about the implementation of OpenZFS’s encryption system. I also found Jim Salter’s article useful in Ars Technica for learning about key management; once you block all the irrelevant autoplaying videos. #ModernWeb

DISCLAIMER: Cryptography is critical to get right, or it’s not worth doing. Always read and follow the official documentation over someone’s blog, even if the blog has a cute anime mascot and is written by someone with the best of intentions and an awesome hat.

By Ruben Schade in Sydney, 2021-09-11.

All of a sudden (read: without changing any parameters) my netbsd virtualmachine started acting oddly. The symptoms concern ssh tunneling.

From my laptop I launch:

$ ssh -L 7000:localhost:7000 [email protected] -N -v

Then, in another shell:

$ irssi -c localhost -p 7000

The ssh debug says:

debug1: Connection to port 7000 forwarding to localhost port 7000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 7000 for localhost port 7000, connect from 127.0.0.1 port 53954, nchannels 3

I tried also with localhost:80 to connect to the (remote) web server, with identical results.

The remote host runs NetBSD:

bash-4.2# uname -a
NetBSD host 5.1_STABLE NetBSD 5.1_STABLE (XEN3PAE_DOMU) #6: Fri Nov  4 16:56:31 MET 2011  [email protected]:/m/obj/m/src/sys/arch/i386/compile/XEN3PAE_DOMU i386

I am a bit lost. I tried running tcpdump on the remote host, and I spotted these 'bad chksum':

09:25:55.823849 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 67, bad cksum 0 (->3cb3)!) 127.0.0.1.54381 > 127.0.0.1.7000: P, cksum 0xfe37 (incorrect (-> 0xa801), 1622402406:1622402421(15) ack 1635127887 win 4096 <nop,nop,timestamp 5002727 5002603>

I tried restarting the ssh daemon to no avail. I haven't rebooted yet - perhaps somebody here can suggest other diagnostics. I think it might either be the virtual network card driver, or somebody rooted our ssh.

Ideas..?

I wrote a post back in May saying I wasn’t sure that UNIX won, as so many media outlets were claiming. I said I was on the fence, but that I saw Linux continue to depart from UNIX’s legacy in meaningful ways. It’s since been picked up and circulated on the usual news aggregator sites and social media, most of which have generated relevant, tactful comments that swayed my opinion and… nah, got you!

Nobody that I could see challenged the post’s premise that UNIX didn’t win (which for certain Linux and BSD folks was seen as a bad thing for the ongoing project of cross-platform compatibility and good system design, or fabulous by others who claimed it freed their systems from perceived UNIX baggage).

Great, end of the post then, time for a beer! Wait, what do you mean it’s Tuesday morning?

By Ruben Schade in Sydney, 2021-09-07.

After initial work on the wifi renewal branch went quite fast and smooth, things have slowed down a bit in the last few months.

Most of the slow down was due to me not being available for this type of work for unexpectedly long times - a problem that should be fixed now.

However, there were other obstacles and unexpected issues on the way:

• bpf taps are handled differently in the new stack and some slightly obscure site conditions of this had been overlooked in the initial conversion. To make everything work, changes to our bpf framework were needed (and have landed in -current some time ago now).
• Many wifi drivers seem to be in a, let's say, slightly fragile state. When testing the random collection of wifi hardware that I acquired during this project in -current, many drivers did not work at first try and often I was able to provoke kernel panics quickly. This is not a happy base to start converting drivers from.
• After the great success of usbnet(9) for USB ethernet drivers, core and I agreed to do the same for wifi - the result is called usbwifi(9) and makes conversion of usb drivers a lot easier than other wifi drivers. See the conversion instructions for more details. usbwifi(9) is both quite similar but also quite different to usbnet(9), mostly for two reasons: it interfaces to a totally different stack, and many usb wlan chipsets are more complex than ethernet chipsets (e.g. have support for multiple send queues with different priorities). Developing usbwifi did cost quit some time (initially unplanned), but is expected to amortize over the next few drivers and quickly end up as a net win.
• I have been hitting a bug in the urtwn(4) driver used for inial usbwifi(9) development and still not found it (as of today). It seems to hit randomly and not be caused by the usbwifi(9) conversion - a fact that I found out only recently. So for now I will put this driver aside (after spending *way* too much time on it) and instead work on other usb drivers, returning to the bug every now and then and see if I can spot it. Maybe I can borrow a USB analyzer and get more insight that way.

The current state of driver conversion and what drivers are still open are listed in the wifi driver conversion matrix.

Next steps ahead are:

• make another pass over documentation and improve things / fixup for recent changes (done before this blog post got published)
• sync the branch with HEAD and keep tracking it more closely
• convert run(4) to usbwifi
• revisit rtwn(4) and decide if/how it should be merged with urtwn(4)
• revisit iwm(4) and make it work fully
• convert all other drivers, starting with the ones I have hardware for

Currently it is not clear if this branch can be merged to HEAD before branching for netbsd-10. We will not delay the netbsd-10 branch for this.

Netatalk3 is a file server for exporting storage to Macs. Samba has long been considered its replacement, but to this day Netatalk still handles file labels and other Mac-specific metadata more reliably and with greater performance. One day I’ll properly try replicating this in Samba.

I installed it in a new FreeBSD jail:

# pkg install net/netatalk3

Then configured it largely the same as I did on FreeBSD in 2014, and on NetBSD last year. Only this time, all the Macs in the house refused to talk to it.

I tail’d /var/log/daemon.log in the jail and was inundated with afpd(8) spam:

netatalk[34758]: Restarting 'afpd' (restarts: 7)
afpd[42393]: dsi_tcp_init(*): getaddrinfo: Name does not resolve
afpd[42393]: No suitable network config for TCP socket
afpd[42393]: no suitable network address found, use "afp listen" or "afp interfaces"
afpd[42393]: main: no servers configured

I followed the error’s advice and added the IP address of the jail to the [Global] section of my /usr/local/etc/afp.conf file:

afp listen = <IP Address>

It worked, and I was able to log in, as shown in the logs:

afpd[88524]: Netatalk AFP/TCP listening on <IP Address>:548

I don’t recall ever having to add a specific interface or IP address to an afp.conf file before on a FreeBSD or NetBSD host. My hunch is it has something to do with the jail environment, and dsi_tcp_init not being able to autodetect or initialise the jail’s virtual network interface. Please correct me if you have more details!

By Ruben Schade in Sydney, 2021-08-08.