NetBSD Planet


September 09, 2024

Pullup 10 [pullup-10 #857] pullup request - procfs module
Pullup 10 [pullup-10 #856] t_siginfo: Skip unsupported sigbus_adraln test for x86
Pullup 10 [pullup-10 #855] curses(3): Check return value for fgetc(3) (CID-1617248)
Pullup 10 [pullup-10 #854] Import clang-format
Pullup 10 [pullup-10 #853] igc(4): Sync typo fixes with -current, NFC

September 08, 2024

/r/NetBSD NetBSD on the Motorola 68000?

I've seen that the m68k architecture is still supported by NetBSD. I have a few questions:

  • How usable is the port with the limited amount of RAM available to most m68k machines?
  • Does anything useful work?
  • What's the cheapest retro machine that meets the requirements (mainly including an MMU?)
  • Would running modern UNIX on such an ancient machine be a total waste of time and money?

Thanks in advance for any answers.

submitted by /u/iwhu707
[link] [comments]
/r/NetBSD Using NetBSD as a personal OS

Is there a problem to use NetBSD in my personal PC?

submitted by /u/No_Activity3000
[link] [comments]
/r/NetBSD Found on a Playstation Portable game manual (FFT: TWOFTL)
submitted by /u/1black1cat1
[link] [comments]

September 07, 2024

UnitedBSD 9p Qemu

Hello,
I have a NetBSD 10 vm on which I recompiled the kernel to allow virtio-9p.

I'm trying to do some software development for NetBSD, but from my Linux editor and decided to use 9p develop on Linux but from a terminal build and run on NetBSD.

I was able to mount the 9p share with.

mount_9p -cu /dev/vio9p0 /mnt/9p

I had to use the pass-through access mode to be able to write files from the guest, it is not secure, but for pure dev environnement, I accept that.

So I have something working, however I mounted the share inside the guest as root and because 9p does not handle permission, I cannot access the share with a normal user.

I've seen that NetBSD allows users mounts as long as the user have read access, but

mount_9p: puffs_mount: cannot open `/dev/puffs'
mount_9p: puffs_mount: mount_9p: puffs_daemon: Permission denied
Permission denied

I read that user can mount with read access to devices.
How do I give myself access ?
Is chmod in /dev/puffs "OK".
My user is in the wheel group allowing me group access, put /dev/puffs has lrwx------ access rights.

Cheers.

Ruben Schade Eight pointless facts about me

Back by popular demand! Wait, don’t interrogate that.

By Ruben Schade in Sydney, 2024-09-07.


September 06, 2024

/r/NetBSD Creating a NetBSD/amd64 AMI
submitted by /u/mariuz
[link] [comments]

September 05, 2024

Pullup 9 [pullup-9 #1885] libnv(9), npf(4): Fix NUL bounds check (PR security/58652)

September 03, 2024

OS News Make your own CDN with NetBSD

After covering setting up your own CDN with both FreeBSD and OpenBSD, it’s now time to learn how to set up your own CDN wit NetBSD.

This article is a spin-off from a previous post on how to create a self-hosted CDN, but this time we’ll focus on using NetBSD. NetBSD is a lightweight, stable, and secure operating system that supports a wide range of hardware, making it an excellent choice for a caching reverse proxy. Devices that other operating systems may soon abandon, such as early Raspberry Pi models or i386 architecture, are still fully supported by NetBSD and will continue to be so. Additionally, NetBSD is an outstanding platform for virtualization (using Xen or qemu/nvmm) and deserves more attention than it currently receives.

↫ Stefano Marinelli

All the same from my previous post still applies, and it’s a great thing that Marinelli covers all three of the major BSDs (so far). If you want to run your own CDN on BSD, you can now make a pretty informed decision on which BSD best suits your needs.

UnitedBSD kern.argmax

Could some users of the above BSDs post here what's the value for kern.argmax on their system and the OS version they are running?

Thank you!

No need to post for NetBSD.

/r/NetBSD Make Your Own CDN with NetBSD
submitted by /u/dragasit
[link] [comments]
Ruben Schade Still on an M1 MacBook Air

My primary portable machine is a first-generation M1 MacBook Air, as I’ve posted here a few times. I need to edit Microsoft Office documents for work, and I don’t want to deal with the hassle of Windows in a VM, or dedicated hardware. I’ve also been a Mac user (albeit not exclusively) for more than 20 years, and have all the usual tricks, scripts, and muscle memory one accumulates.

Apple’s software quality has famously nosedived in the last few years, with the die-hard fans its most vocal critics. UI regressions, dropped features, bad design, flaky performance, and abandonment of wonderful tools like Aperture don’t put macOS at the level of Windows, though it seems Cupertino are hell-bent at making this convergence happen.

I’m more conflicted on the hardware side. Apple’s kit is more sealed, locked down, and hostile to repair than it’s ever been; so much so that I use my 1985 Apple //e Platinum or 2001 Power Mac G4 and am shocked I’m using the same company’s kit! On notebooks we’ve gone from having user-serviceable batteries, memory, drives, and power inverters, to… none of those things. I’ve likened it to feeling like a guest in my own home, and completely at the mercy of limited warranty periods.

Which is shame, because the hardware is good. Every PC laptop I use/fix/test feels like a massive downgrade. They’re twice the weight, have half the screen resolution, get warm during extended use, have rubbish plastic construction, and aside from standouts like the ThinkPad, have mediocre keyboards. The fact PC manufacturers generally can’t match screens Apple released more than a decade ago used to be silly; now it’s just embarrassing.

Photo of the MacBook Air M1 in front of my Power Mac G4, and Dell 4100.

This MacBook Air is three years old. Work keeps offering to upgrade it for me, but I see no need. Aside from maybe some more memory, there isn’t anything better or more compelling in the newer models for my use case. I’m not left wanting with anything I do on this machine, whether it’s firing up a few VMs, editing an unholy Excel or LibreOffice sheet, writing blog posts or code, or using Ansible to install or maintain deployments for myself or customers. This machine comes out of sleep instantly, and runs all I want without breaking a sweat. From a financial, ewaste, and logistical perspective, I’ll be happy using this thing until the day macOS is no longer supported… and maybe even then, there’s Asahi Linux.

I’ve kind of reached this happy point where I have a day-to-day MacBook Air, a FreeBSD/Fedora workstation/game machine at home, a tiny Japanese Let’s Note running NetBSD as my “on call” laptop, and a mini home server cluster for odd jobs, backups, and media delivery. I hold out hope that maybe one day the upgrade for the work machine will be something like the Framework, but for all its positives, I’m not sure it’d feel like an upgrade right now.

It does make me wonder what Apple would have to release for me to want to get something new. It’s a weird way of thinking for a guy who used to obsess over MacWorld and WWDC, dreaming about the PowerBook that would be so much more epic than my lowly iBook G3. I’d love a celluar modem to stop the need to constantly tether when I’m out on the (rail)road, but that’s honestly about it.

By Ruben Schade in Sydney, 2024-09-03.


September 02, 2024

OS News What we can learn from vintage computing

Thanks to open source, no technology ever has to become obsolete, so long as a community remains to support it. You can sync Newtons and Palm Pilots with modern desktops, download web browsers for long-discontinued operating systems, or connect vintage computers like the Apple IIe to the modern internet via WiFi. Every year, new cartridges are released for old-school video game consoles like the Nintendo Entertainment System and Game Boy.

People keep old software and online platforms alive as well. The Dreamwidth team forked an old version of the early social network LiveJournal’s source code and built a community around it. The dial-up bulletin board system software WWIV is still maintained and there are plenty of BBSes still around. Teams are working to restore aspects of early online services like AOL and Prodigy. And you can still use Gopher, the hypertext protocol that was — for a brief period in the early 1990s — bigger than the web.

↫ Klint Finley

Retrocomputing is about a lot of things, and I feel like it differs per person. For me, it’s a little bit of nostalgia, but primarily it’s about learning, and experiencing hardware and software I was unable to experience when they were new, either due to high cost or just general unavailability. There’s a lot to learn from platforms that are no longer among us, and often it helps you improve your skills with the modern platforms you do still use.

The linked article is right: open source is playing such a massive role in the retrocomputing community. The number of open source projects allowing you to somehow use decades-old platforms in conjunction with modern technologies is massive, and it goes far beyond just software – projects like BlueSCSI or very niche things like usb3sun highlights there’s also hardware-based solutions for just about anything retro you want to accomplish.

And we really can’t forget NetBSD, which seems to be the go-to modern operating system for bringing new life to old and retro hardware, as it often runs on just about anything. When I got my PA-RISC workstation, the HP Visualize c3750, I couldn’t find working copies of HP-UX, so I, too, opted for NetBSD to at least be able to see if the computer was fully functional. NetBSD is now a tool in my toolbox when I’m dealing with older, unique hardware.

Retrocomputing is in a great place right now, with the exception of the ballooning prices we’re all suffering from, with even successful mainstay YouTubers like LGR lamenting the state of the market. Still, if you do get your hands on something retro – odds are there’s a whole bunch of tools ready for you to make the most of it, even today.


September 01, 2024

Ruben Schade Picking up a Power Mac G4 QuickSilver

About a week ago I noticed someone selling a working Power Mac G4 in Sydney, for local pickup only. We chatted about its condition and how best to get it from his house, and he agreed to drive to the nearest station for me. He was so nice, and it was in such great condition, I hit the Buy Now button (cough).

It turned out to be a really pleasant way to spend a Sunday. The train to his suburb took about an hour, during which time I sketched out some plans for where I’d put it, how I’d cable it into the KVM, and to reacquaint myself with the history of the machine.

Photo of the QuickSilver on our outdoor table, where the lighting is a bit more forgiving.

The QuickSilver was the second of the three generations of G4 towers Apple released, between 2001 and 2002. I fell in love from the moment I saw one at the EpiCentre in Wheelock Place in Singapore. I spent hours playing with their display units, and spreadsheeting out whether I could ever justify or afford one. Eventually I got a Power Mac G5 to replace my aging DIY Athlon XP machine, but it wasn’t the same.

The earlier Graphite and later Mirrored Drive Door models have their charms, but I think the QuickSilver is the most beautiful desktop Apple has ever made; in both form and function. The front bezel is understated and clean, and the rear didn’t need that array of awkward ventilation holes of the more powerful MDD unit. You can also see where the legendary G4 Cube got many of its design elements.

My machine is the entry-level 733 MHz G4 model, with 128 MiB of memory and a 40 GB hard drive. The GPU is a blazing GeForce2 MX with 32 MiB of video memory, attached via AGP alongside five full-length, 64-bit PCI slots. The CPU is mounted to a daughterboard, so Apple could also release dual-CPU versions. It has a DVD-R/CD-RW SuperDrive which flips down a tidy door on the front of the case, and has a bracket for an optional Zip drive.

Photo of the QuickSilver showing its open door and accessible logic board.

I previously owned a Blue and White Power Macintosh G3 which used the same logic-board-on-door design, and I remember them being such a joy to work in. This era of Apple wanted you to tinker, upgrade, and grow into your computer. It’s why I love using the Apple //e Platinum as well.

My plan is to use this machine as the ultimate Mac OS 9 box. It was the last computer line Apple sold that supported their original Macintosh OS, so it seems fitting. I’m also going to try booting NetBSD on it, in part because the PowerPC port was my first experience with BSD back in the day.

Upgrades and expansion aren’t currently on the cards, on account of buying and moving house again. But I’ll keep an eye out. In the meantime, I’m fleshing out details on the Retro Corner.

By Ruben Schade in Sydney, 2024-09-02.


August 30, 2024

UnitedBSD long double trouble
#include <math.h>

int main() {
  long double r;
  long a = 4, b = 6;
  r = atan2l(a, b);
  printf("%.20Lf\n", r);
  r = atan2(4, 6);
  printf("%.20Lf\n", r);
  r = atan2l(4, 6);
  printf("%.20Lf\n", r);
}

Above code compiled with cc -lm results on NetBSD with:
0.58800260354756750392
0.58800260354756750392
0.58800260354756755124

It is not expected behaviour.
linux gives:

0.58800260354756755124
0.58800260354756750392
0.58800260354756755124

which should be normal.

Is there any siwtch to avoid NetBSD loss of precision?

Machine is Lenovo x260 with i5.

UnitedBSD EMWM and ~/.mwmrc

I've decided to give emwm a try, not that I am using NetBSD predominantly on a desktop machine and using a mouse is more feasible. However, I cannot figure out where the default mwmrc is located. I've checked the usual spots but cant seem to find it.

I've found an example mwmrc on github and added some customisations then copied it to ~/.mwmrc but it does not seem to be reading that file. There must be another file somewhere that it's loading.

I even tried starting emwm with exec emwm -xrm "mwm*configFile: ~/.mwmrc" in my ~/.xinitrc but it still loaded up a default config.

Can someone give me some directions here?

Cheers


August 27, 2024

Pullup 9 [pullup-9 #1884] please pullup a fix for the PR 49470

August 26, 2024

Ruben Schade Researching home lab racks

Recently I’ve been looking more seriously at cases like the SilverStone CS382 for Clara’s and my homelab boxes. Currently our FreeBSD Supermicro board lives in an old Antec 300, which is great for airflow, but replacing drives is a pain. Our NetBSD install still lives in an HP MicroServer Gen 8, which is starting to show its age. And the less said about my poor Debian Xen cluster, and our smattering of single-board computers, the better.

This lead me down the rabbithole of thinking… what about rackmount server cases for them? And then… what about a rack to put them in? Before long, I had a rack diagram created in LibreOffice Calc, and was planning everything from the patch panels, to how much space a smaller UPS would take, to whether Token Ring MAUs can be mounted backwards or whether I’d need a brush panel.

But I’m getting ahead of myself. Why would someone want to bring a noisy, big box from work back home?

A StarTech rack.

There are many reasons, most of which boil down to it looking cool and generally being awesome. Yes, despite all the negative things going on in the tech space right now, I still ultimately love all the engineering and hardware that powers this stuff. A server rack at home the size of a bar fridge isn’t a necessary rite of passage, but it sure makes you feel more like a nerd, which is important. Well okay, it isn’t, but it should be.

There are practical considerations too. Homelab server racks consolidate all your comms, cables, and computers into one box. When you’ve got wires going all over a house, it’s so much nicer having them all terminate in the one place; especially if you can also locate your cable modem and services there too.

A full 42 RU data centre rack might be ridiculous (… or, would it be?), but various “half racks” exist with sizes ranging from 18 to 27 RU. A brand new rack can go for silly money, but they pop up on the second-hand market fairly frequently for peanuts, usually during office cleanouts. Install one of these at home, put all your stuff into them, done.

But this leads us to the elephant in the room, if it spent the entire time trumpeting. Rack mount server hardware, as delivered by the big OEMs and vendors, are extremely loud. They’re designed for high static pressure to keep the internals cool in a dense data centre setting, with little to no concern for the hapless engineers like me who had to service them. This might be fine if you can locate your homelab rack in a basement, or another room away from living areas, but apartment dwellers might not have that luxury.

The key here seems to be to go big. Larger 3 and 4 U rackable server chassis (chasii?) have physically larger fans which can draw through more air with less noise. I’ve been giving SilverStone a lot of free advertising here lately, but even some of their 2U boxes have support for 80 mm fans that you could source from the likes of Noctua or Arctic. Use PWM on these fans and control their power curves, and you’ll negate much of the issue.

I’m a while away from entertaining having one of these things; we haven’t even got the move sorted out yet! But a nerd can dream. Specifically about homelab server racks.

By Ruben Schade in Sydney, 2024-08-27.

Pullup pkgsrc [pullup-pkgsrc #6893] Fw: Fwd: CVS commit: pkgsrc/editors/vim-share part 2/2
Pullup pkgsrc [pullup-pkgsrc #6892] Fw: CVS commit: pkgsrc/editors/vim-share part 1/2

August 25, 2024

UnitedBSD NetBSD Wifi > LAN question

I am trying to make this happend.
That i can have a LAN <> WiFI <> WiFi <> LAN connection using my old RasberryPI running NetBSD
Hardware side iam very satified, got som excellent pointers on the chat.
But the software side and funkonality is not making any sence for me

So how do i aproach this?
As long as computer 1 and computer 2 can freely comunicate and both can reach internet through the router i am happy


August 24, 2024

Pullup pkgsrc [pullup-pkgsrc #6891] Fix AIX OBJECT_FMT (PR pkg/58591)

August 23, 2024

Ruben Schade My A-Z toolbox: aria2

I haven’t done a post series in a long time! This is the first in one I’m dubbing my A-Z Toolbox, in which I list tools I use down the alphabet for no logical reason.

The letter A has a lot of great options, from the ubiquitous awk text processor, to the ack search tool, and Thomas Habets’ arping which helps diagnose which MAC address has been assigned what IP.

But aria2 by Tatsuhiro Tsujikawa is the clear winner for me. This download tool supports HTTP, SFTP, Metalink, BitTorrent, and even classic FTP. It can also resume broken or incomplete downloads, making it indispensable when you’re on bad connections or spotty servers.

As an example of its versatility, torrents can be downloaded with a magnet link, or a torrent file:

$ aria2c https://cdn.netbsd.org/pub/NetBSD/images/10.0/NetBSD-10.0-sparc.iso.torrent

I use fetch if I’m starting out on a fresh BSD box, and wget on Linux. But I very quickly install aria2. It’s just that useful.

By Ruben Schade in Sydney, 2024-08-24.

Pullup 9 [pullup-9 #1883] ipv4: fix some behaviors when DAD is disabled

August 20, 2024

Stack Overflow memcached at 100% cpu with no work requested

This is a new installation for a wordpress site that hasn't launched yet.

The memcached process is always at near 100% of cpu usage:

load averages:  1.93,  1.78,  1.83;               up 3+22:29:29                                                                                      21:49:18
31 processes: 28 sleeping, 3 on CPU
CPU states: 59.1% user,  0.0% nice,  4.0% system,  0.0% interrupt, 36.8% idle
Memory: 2069M Act, 1014M Inact, 44K Wired, 175M Exec, 2447M File, 54M Free
Swap: 512M Total, 512M Free / Pools: 279M Used / Network: 23K In, 1K Out

  PID USERNAME PRI NICE   SIZE   RES STATE       TIME   WCPU    CPU COMMAND
 5770 memcache  25    0    70M 3112K CPU/0      19:11 94.58% 94.58% memcached

And memcached-tool /var/run/memcached/memcached_0.sock stats reports

#/var/run/memcached/memcached_0.sock Field         Value
              accepting_conns             1
                    auth_cmds             0
                  auth_errors             0
                        bytes             0
                   bytes_read            21
                bytes_written          4435
                   cas_badval             0
                     cas_hits             0
                   cas_misses             0
                    cmd_flush             0
                      cmd_get             0
                     cmd_meta             0
                      cmd_set             0
                    cmd_touch             0
                  conn_yields             0
        connection_structures             2
        crawler_items_checked             0
            crawler_reclaimed             0
             curr_connections             1
                   curr_items             0
                    decr_hits             0
                  decr_misses             0
                  delete_hits             0
                delete_misses             0
              direct_reclaims             0
               evicted_active             0
            evicted_unfetched             0
                    evictions             0
            expired_unfetched             0
                  get_expired             0
                  get_flushed             0
                     get_hits             0
                   get_misses             0
                   hash_bytes        524288
            hash_is_expanding             0
             hash_power_level            16
                    incr_hits             0
                  incr_misses             0
                     libevent 2.1.12-stable
               limit_maxbytes      67108864
          listen_disabled_num             0
             log_watcher_sent             0
          log_watcher_skipped             0
                 log_watchers             0
           log_worker_dropped             0
           log_worker_written             0
            lru_bumps_dropped             0
          lru_crawler_running             0
           lru_crawler_starts             6
       lru_maintainer_juggles     103444004
            lrutail_reflocked             0
                 malloc_fails             0
              max_connections          1024
                moves_to_cold             0
                moves_to_warm             0
             moves_within_lru             0
                          pid          5770
                 pointer_size            64
               read_buf_bytes         98304
          read_buf_bytes_free         32768
               read_buf_count             6
                 read_buf_oom             0
                    reclaimed             0
         rejected_connections             0
                 reserved_fds            20
           response_obj_bytes         49152
           response_obj_count             1
             response_obj_oom             0
         round_robin_fallback             0
                rusage_system      1.053032
                  rusage_user   1136.463840
        slab_global_page_pool             0
   slab_reassign_busy_deletes             0
     slab_reassign_busy_items             0
  slab_reassign_chunk_rescues             0
slab_reassign_evictions_nomem             0
 slab_reassign_inline_reclaim             0
        slab_reassign_rescues             0
        slab_reassign_running             0
                  slabs_moved             0
              store_no_memory             0
              store_too_large             0
                      threads             4
                         time    1724186947
   time_in_listen_disabled_us             0
            total_connections             4
                  total_items             0
                   touch_hits             0
                 touch_misses             0
          unexpected_napi_ids             0
                       uptime          1177
                      version        1.6.23

Memcached is configure to start with:

# grep memcach /etc/rc.conf
memcached=YES
memcached_jobs="job0"
memcached_job0_args="-a 660 -s /var/run/memcached/memcached_0.sock -m 64 -c 1024"

What might be wrong?


August 18, 2024

Pullup 9 [pullup-9 #1882] nfs: Clarify export semantics and security model (PR 58063)
Pullup 9 [pullup-9 #1881] [PATCH] strptime(3): Add tests and avoid arithmetic overflow (PR 58041)

August 13, 2024

NetBSD General on DaemonForums proper way making bash default
I tried to make bash the default shell
i did whereis bash
and chsh -s /usr/pkg/bash user
its not working that user cant login.
Could someone tell me what is
the proper way making bash default
on Netbsd?

August 08, 2024

Pullup pkgsrc [pullup-pkgsrc #6890] [[email protected]: CVS commit: pkgsrc/audio/opusfile/patches]
Pullup pkgsrc [pullup-pkgsrc #6889] Please update firefox115 to 115.14.0

August 02, 2024

Julio Merino Kyua graduates

After years of inactivity, the Kyua project has graduated as an open source citizen and has a new home under the FreeBSD umbrella!

But uh… wait, what is Kyua and why is this exciting? To resolve confusion and celebrate this milestone, I’d like to revisit what Kyua is, how it came to be, why I stopped working on it for a while, why that was a problem for FreeBSD—and, indirectly, NetBSD—and how Kyua being free software has helped keep it alive.


July 21, 2024

Amitai Schlair What I'm Doing Now

As usual, partway through a couple weeks in Mallorca, we’re just getting the hang of it. After a few days of only the pool, it’s been pool mornings and beach afternoons. Every day, each kid gets more bold in both. I’ve managed to avoid getting sunburnt so far, though it’s getting harder to stay ahead of the situation. For mealtimes it’s kind of fun to be stuck in a tiny kitchen trying to cook my way out; bedtimes, down a sleepable room due to a broken air conditioner, were less so. My carcass got taken over by mosquitoes, who then rented most of it back to me. In a few days I might be ready to buy them out.

Usually here I’d consider taking a nap when the littles do. Definitely tired enough. But a little solo computer time feels more like what I’m needing: Refactoring some code, backing up some photos, updating pkgsrc stuff, writing posts on my website, that sort of thing.

For this summer vacation we’re hopping around more, which happens to simplify our transatlantic travel days. (Traditionally we’d have connecting flights before arriving anywhere.) One flight into Munich, where we stayed in the area for a few days visiting in-laws. From there a quick hop to Mallorca, the meat in our vacation sandwich. From here a quick-ish hop to Hannover for a week back in the little north-central German village where we lived out the first two years of COVID. Then we’ll drive to Frankfurt to see friends before our return flight to New York. Hopping around like this means we get to see more people and places, in exchange for which we get to find out what happens when kids try to sleep in a wider variety of environments and configurations. So far, sokay.

DragonFly BSD Digest Lazy Reading for 2024/07/21

I wanted to clear all the newsletters items I’ve saved, so you are getting links until my inbox no longer paginates.


July 19, 2024

OS News Why I like NetBSD, or why portability matters

All that to say, I find that NetBSDs philosophy aligns with mine. The OS is small and cozy, and compared to many minimal Linux distributions, I found it faster to setup. Supported hardware is automatically picked up, for my Thinkpad T480s almost everything (except the trackpad issue I solved above) worked out of the box, and it comes with a minimal window manager and display manager to get you started. It is simple and minimal but with sane defaults. It is a hackable system that teaches you a ton. What more could you want?

↫ Marc Coquand

I spent quite some time using OpenBSD earlier this year, and I absolutely, positively loved it. I can’t quite put into words just how nice OpenBSD felt, how graspable the configuration files and commands were, how good and detailed the documentation, and how welcoming and warm the community was over on Mastodon, with even well-known OpenBSD developers taking time out of their day to help me out with dumb newbie questions.

The only reason I eventually went back to Fedora on my workstation was performance. OpenBSD as a desktop operating system has some performance issues, from a slow file system to user interface stutter to problematic Firefox performance, that really started to grind my gears while trying to get work done. Some of these issues stem from OpenBSD not being primarily focused on desktop use, and some of them simply stem from lack of manpower or popularity. Regardless, nobody in the OpenBSD community was at all surprised or offended by me going back to Fedora.

NetBSD seems to share a lot of the same qualities as OpenBSD, but, as the linked article notes, with a focus on different things. Like I said yesterday, I’m looking to building and testing a system entirely focused on tiled terminal emulators and TUI applications, and I’ve been pondering if OpenBSD or NetBSD would be a perfect starting point for that experiment.


July 02, 2024

The NetBSD Foundation New Security Advisory: NetBSD-SA2024-002 OpenSSH CVE-2024-6387 `regreSSHion'

June 29, 2024

DragonFly BSD Digest Lazy Reading for 2024/06/30

I was not able to get this done early like the last few posts, but there’s still a good range here.


June 10, 2024

OS News NetBSD 10 with disk encryption on UEFI, and NetBSD 10 on the Pinebook Pro

NetBSD 10 was released recently, so a lot of people are experimenting with it and writing down their thoughts. I’ve got two of those for you today, to help you in case you, too, want to install NetBSD 10 and play around with, or just use, it.

First, what if you want to install NetBSD 10 on a UEFI system, but with full disk encryption in case your device gets stolen? It turns out there are countless guides for installing with full-disk encryption on MBR-based systems, but once you use UEFI – as you should be – things get a lot more complicated. The NetBSD installer is apparently rather basic, and a better solution is to drop to a shell and install NetBSD that way instead, and even then, full disk encryption with UEFI is actually not possible, as it seems the root file system – where the operating system itself resides – cannot be encrypted.

The restriction is in the root file-system. It needs to be in plain-text and in a regular partition. It seems to me that rootfs in CGD or LVM is not well supported.

↫ vsis.online

This seems like something the NetBSD team may need to take a look at, since full disk encryption should be an easy option to choose, even, or especially in 2024, on UEFI systems. Such encryption is easily achieved on Linux or Windows systems, and it seems odd to me that NetBSD is lagging behind a bit here. In the meantime, the linked guide will be a good jumping-off point for those of you interested in going a similar route.

The second article I want to highlight concerns NetBSD 10 on the Pinebook Pro, the inexpensive ARM laptop that normally ships with Linux. It turns out there’s a NetBSD 10 image for this device, so installation is quite a bit more straightforward than the more exotic setup I mentioned earlier. It seems most of the hardware works quite well out of the box, with the inly exception being the on-board Wi-Fi, which the author addressed with a USB W-Fi dongle.

Other than that, NetBSD is running well on the Pinebook Pro for the author, which is great to read since that makes this cheap device a great starting point for people interested in running NetBSD.


June 07, 2024

Amitai Schlair Small ARMs

On my home network, some important jobs are performed by little ARM computers.

AirPlay to sound system

The house came with a decent sound system wired in. The receiver can take 1/8” stereo input — from AirPlay, with help from a decade-old Raspberry Pi 1 Model B Rev 2.

1. Prepare disk

With a 4GB SD card, from macOS:

$ diskutil list    # inspect output
$ SDCARD=disk6
$ diskutil unmountDisk ${SDCARD}
$ links https://raspi.debian.net/tested-images/
$ DISKIMAGE=20231109_raspi_1_bookworm.img.xz
$ fetch https://raspi.debian.net/tested/${DISKIMAGE}
$ xzcat ${DISKIMAGE} \
  | sudo dd of=/dev/r${SDCARD} bs=64k oflag=sync status=progress
$ diskutil eject ${SDCARD}

2. First boot

Place the RPi somewhere convenient. Connect SD card, keyboard, HDMI, Ethernet, and power. Log in as root, no password:

# apt update
# apt -y install etckeeper
# cd /etc
# git branch -M main
# apt -y install sudo
# visudo    # for the sudo group, insert NOPASSWD: before the final ALL
# useradd -m -G sudo -s /bin/bash schmonz
# passwd schmonz
# exit

Log in as schmonz:

$ sudo passwd root
$ sudo sh -c 'echo 127.0.1.1 schleierplay >> /etc/hosts'
$ sudo hostnamectl hostname schleierplay
$ sudo ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
$ sudo etckeeper commit -m 'Set root password, hostname, and timezone.'
$ sudo apt -y install shairport-sync
$ sudo vi /etc/shairport-sync.conf
$ sudo etckeeper commit -m 'Set AirPlay name.'
$ sudo shutdown -h now

3. Deployment

Raspberry Pi (with green case) _in situ_

Place the RPi where it’ll live. Connect audio cable, Ethernet, and power.

$ ssh-copy-id schleierplay.local

4. Usage

Make sure receiver is set to AUX input. Use AirPlay.

5. Maintenance

As with any Debian:

$ ssh schleierplay.local -t 'sudo apt update && sudo apt -y upgrade && sudo apt -y autoremove'

To back up /etc, git push it someplace trustworthy and private.

6. Wishlist

I’d rather run NetBSD, but on 10.0 with shairport-sync, I saw a lot of AirPlay Speaker Not Available: 'House' is being used by someone else (even when it wasn’t).


AirPrint to old printer

My ancient USB-only HP LaserJet P1006 remains reliable for our basic needs and we’ve still got a pile of toner cartridges. A friend recently sent me a comparatively beefy Pine A64 board.

1. Prepare disk

With a 4GB SD card, from macOS:

$ diskutil list    # inspect output
$ SDCARD=disk6
$ diskutil unmountDisk ${SDCARD}
$ links https://www.armbian.com/pine64/
$ DISKIMAGE=Armbian_24.5.1_Pine64_bookworm_current_6.6.31_minimal.img.xz
$ fetch https://dl.armbian.com/pine64/archive/${DISKIMAGE}
$ xzcat ${DISKIMAGE} \
  | sudo dd of=/dev/r${SDCARD} bs=64k oflag=sync status=progress
$ diskutil eject ${SDCARD}

2. First boot

Place the A64 somewhere convenient. Connect SD card, keyboard, HDMI, Ethernet, and power. Follow the prompts to set the root password, create a user account, and select a locale. Then continue:

# apt update
# apt -y install etckeeper
# cd /etc
# git branch -M main
# visudo    # for the sudo group, insert NOPASSWD: before the final ALL
# exit

Log in as schmonz:

$ sudo sh -c 'echo 127.0.1.1 schleierprint >> /etc/hosts'
$ sudo hostnamectl hostname schleierprint
$ sudo ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
$ sudo etckeeper commit -m 'Set root password, hostname, and timezone.'
$ sudo apt -y install hplip avahi-daemon
$ sudo usermod -a -G lpadmin schmonz
$ sudo etckeeper commit -m 'Make myself a printer admin.'
$ sudo shutdown -h now

3. Deployment

Pine A64 Pi (with black and white case) _in situ_

Place the A64 where it’ll live. Connect printer, Ethernet, and power.

$ ssh-copy-id schleierprint.local
$ ssh schleierprint.local
$ sudo hp-setup -i    # follow prompts, mostly defaults; name the queue 'hpljp1006'
$ sudo etckeeper commit -m 'Add initial hplip config for P1006.'
$ sudo sed -i \
  -e '/^\*ColorDevice: True$/s|True|False|' \
  -e '/^\*OpenUI \*Duplex\/Double-Sided Printing: PickOne$/,/^\*CloseUI: \*Duplex$/s|^|*% |' \
  -e '/^\*OpenUI \*ColorModel\/Output Mode: PickOne$/,/^\*CloseUI: \*ColorModel$/s|^|*% |' \
  /etc/cups/ppd/hpljp1006.ppd
$ sudo etckeeper commit -m 'Correct advertised printer capabilities.'
$ sudo sed -i \
  -e 's|^Info $|Info HP LaserJet P1006|' \
  /etc/cups/printers.conf
$ sudo lpadmin -d hpljp1006
$ sudo etckeeper commit -m 'Name printer and set it as default.'
$ sudo cupsctl --remote-any
$ sudo etckeeper commit -m 'Let local network talk to CUPS.'
$ sudo sed -i \
  -e '/^WebInterface /a PreserveJobFiles No' \
  /etc/cups/cupsd.conf
$ sudo etckeeper commit -m 'Maybe avoid some disk writes.'
$ sudo systemctl restart cups

On macOS, do not override the generic driver with “HP LaserJet P1006”. You won’t be able to print (with filter failed in the server logs), except that every “Supply Levels” check — including the ones that happen as part of every print job — will produce a piece of paper containing the single line @PJL INFO SUPPLIES.

As I understand it, some versions of CUPS have a server bug where it can’t discern whether incoming data has already been filtered for the target queue: filters converted the data (via application/vnd.cups-raster) to the printer’s native command set (whatever that might be)… but when the job got sent to the CUPS server it was tagged as application/vnd.cups-raster rather than, say, application/octet-stream.

While that discussion is over a decade old, its advice — leave the filtering to the server, and make sure clients don’t do any — has me printing from macOS, iOS, and Windows.

4. Usage

On macOS, add the printer. When it autoselects “Generic PostScript Printer”, leave it (details in sidebar). Print.

On iOS, print.

On Windows, add the printer. Print.

5. Maintenance

As with any Debian:

$ ssh schleierprint.local -t 'sudo apt update && sudo apt -y upgrade && sudo apt -y autoremove'

To back up /etc, git push it someplace trustworthy and private.

6. Wishlist

I’d rather run NetBSD, but neither 10.0 nor -current brought up HDMI. I could try writing NetBSD to an SD card, mounting it from another NetBSD system, setting hostname in rc.conf, adding a non-root user, and then booting the A64 from it in order to do the rest over ssh. (Other systems that also didn’t bring up HDMI, wherefore I landed by trial and error on Armbian: FreeBSD 14, OpenBSD 7.5, Debian 12.)


AirPlay to old Sonos

Since one of my old Sonos speakers can’t be upgraded to AirPlay-compatible firmware, I’m not eager to upgrade the other. Instead, I’ve added AirConnect on the Pine A64 as an AirPlay relay.

Contents of /etc/systemd/system/airupnp.service:

[Unit]
Description=AirUPnP bridge
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/home/schmonz/bin/airupnp-linux-aarch64-static -l 1000:2000 -N '%%s' -x /home/schmonz/etc/airupnp.xml -Z
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target

Contents of /home/schmonz/etc/airupnp.xml (to omit my UPnP router from the AirPlay list):

<?xml version="1.0"?>
<airupnp>
    <device>
        <udn>uuid:1e38fc78-51f5-5f5d-9268-50c6b1dc59f8</udn>
        <name>Verizon FiOS-G1100 ManageableDevice+</name>
        <mac>bb:bb:bb:bb:bb:bb</mac>
        <enabled>0</enabled>
    </device>
</airupnp>

I’d rather install AirConnect from a system-provided package, but there isn’t one for Debian. Maybe I can puzzle out the AirConnect build system and add it to pkgsrc.


May 30, 2024

OS News Help identify these obscure operating systems and vendors

Over on the GNU config-patches mailing list, Zack Weinberg is looking for help identifying a number of ancient operating systems and vendors.

These are probably all either vendor or OS names from the late 1980s or early 1990s. Can anyone help me fill out the following list of things that ought to appear in testsuite/config-sub.data, if I knew what to put in place of the question marks?

???-pc533 ???-pc533-???
???-sim ???-sim-???
???-ultra ???-ultra-???
???-unicom ???-unicom-???
???-acis ???-???-aos
???-triton ???-???-sysv3
???-oss ???-???-sysv3
???-storm-chaos ???-???-???

↫ Zack Weinberg

One of them has already been identified – “storm-chaos” turns out to have been added to binutils and/or maybe GCC in 2000, and after some digging around, John Marshall found what it’s referring to: chaos, a hobby operating system for x86 written in C. It has a long history, and after a period of inactivity came back in 2015 with a new website. Some new releases followed, with the last one being version 0.3.0 in 2019. It’s been silence since then.

The others are still up for grabs to be discovered. There is some talk that the pc533 one might be a misspelling of pc532, which would refer to the “NS32K-based PC532 board running NetBSD”. This is an incredibly obscure complete system built around the NS32532, of which only around 150 were built in the early ’90s. However, Weinberg is hesitant to accept this theory without more information, since there is already code to handle the pc532, and he wants to be sure before making any changes.

If there is one place on the internet outside of the GNU mailing lists that might be able to help Weinberg, it’s the OSNews audience. We have so many older people reading OSNews who have been working or otherwise active in this field for many decades, and I wouldn’t be surprised if these cryptic names make some bells ring for some of you. If one of you does e-mail a reply, be sure to mention this article – organic marketing to help keep us going!


May 09, 2024

NetBSD Package System (pkgsrc) on DaemonForums Gnumeric crashes under NetBSD evbarm
For me a big problem: Since 9.3 my NeBSD evbarm on my RaspberryPi's 4B crashes, as soon I open a .gnumeric file or enter any data into a cell. The crash produces a gnumeric.core file with size 0, there is no message in Xorg.o.log neither in messages.

This behaviour is 1005% reproducable and it happens always. However I remember older version, which ran properly. No problems under OpenBSD or FreebSD.

Any idea what going wrong here?

Regards
Berni

May 07, 2024

NetBSD Blog NetBSD 8.3 released and end of support for netbsd-8

The NetBSD Project is pleased to announce NetBSD 8.3, the third and final release from the NetBSD 8 stable branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 8.2 in March 2020, as well as some enhancements backported from the development branch. It is fully compatible with NetBSD 8.0.

This also represents the end-of-life for the netbsd-8 release branch. No further security updates will happen. Users running 8.2 or an earlier release are strongly recommended to upgrade to a newer branch, preferably the recent NetBSD 10.0 release.

Pkgsrc has already desupported the netbsd-8 branch.

See the full release announcement (including download links).

Amitai Schlair notqmail 1.09 released

notqmail logo

My early imaginings of a collaborative Open Source successor to qmail, let me assure you, did not include going nearly four years between releases. Well, at least it hasn’t been more than four. notqmail 1.09 is here:

For decades, due to each administrator needing to patch in their particular missing bits of functionality, the qmail source code itself has effectively been a public API. Some future release of notqmail will include everything most everyone needs. On that day, we’ll freely make desirable code changes without worrying about breaking people’s patches. On that day, notqmail will have become a relatively normal software project operating under relatively normal constraints.

This is not that day. notqmail remains a uniquely challenging legacy-code rehabilitation project, and 1.09 is merely a solid, long-overdue release that includes the work of a couple dozen new contributors.

Since this release took too long, our next development cycle will be

  1. Time-bounded
  2. Focused on process improvements

In legacy code, every time we can turn a vicious cycle virtuous, it’s a big win. By making the code easier and safer to change, we’ll have more fun; by having more fun, we’ll make more progress; by making more progress, we’ll get more feedback; by getting more feedback, we’ll have more fun; and so on.

Have fun with notqmail 1.09! Let us know how the upgrade goes for you. (I’ll be updating the pkgsrc package soon.) And if getting involved is your kind of thing, please feel welcome to join us.


May 05, 2024

Unix Stack Exchange Can't use OpenVPN as client on NetBSD, route add command fails

I am trying to use OpenVPN as a client under NetBSD using this command:

openvpn --client --config /etc/openvpn/config.ovpn

I am getting the following output and errors:

localhost# openvpn --client --config /etc/openvpn/openvpn.ovpn 
2024-04-26 10:29:35 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-04-26 10:29:35 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-04-26 10:29:35 OpenVPN 2.6.10 x86_64--netbsd [SSL (OpenSSL)] [LZO] [LZ4] [MH/PKTINFO] [AEAD]
2024-04-26 10:29:35 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Enter Auth Username:********
Enter Auth Password:********
2024-04-26 10:32:48 TCP/UDP: Preserving recently used remote address: [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 Socket Buffers: R=[32768->32768] S=[32768->32768]
2024-04-26 10:32:48 Attempting to establish TCP connection with [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 TCP connection established with [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 TCPv4_CLIENT link local: (not bound)
2024-04-26 10:32:48 TCPv4_CLIENT link remote: [AF_INET]**.191.33.**:1701
2024-04-26 10:32:48 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2024-04-26 10:32:48 TLS: Initial packet from [AF_INET]**.191.33.**:1701, sid=0006909e 9b0d208f
2024-04-26 10:32:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-26 10:32:48 VERIFY OK: depth=1, C=US, ST=New York, L=New York, O=Ubiquiti Inc., OU=UniFi_OpenVPN_CA, CN=UniFi_OpenVPN_CA
2024-04-26 10:32:48 VERIFY KU OK
2024-04-26 10:32:48 Validating certificate extended key usage
2024-04-26 10:32:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-26 10:32:48 VERIFY EKU OK
2024-04-26 10:32:48 VERIFY OK: depth=0, C=US, ST=New York, L=New York, O=Ubiquiti Inc., OU=UniFi_OpenVPN_Server, CN=UniFi_OpenVPN_Server
2024-04-26 10:33:53 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-04-26 10:33:53 [UniFi_OpenVPN_Server] Peer Connection Initiated with [AF_INET]**.191.33.**:1701
2024-04-26 10:33:53 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-26 10:33:53 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-26 10:33:53 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.7.1,route 192.168.4.0 255.255.255.0,route 192.168.2.0 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.3.0 255.255.255.0,route-gateway 192.168.7.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.7.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-04-26 10:33:53 OPTIONS IMPORT: --ifconfig/up options modified
2024-04-26 10:33:53 OPTIONS IMPORT: route options modified
2024-04-26 10:33:53 OPTIONS IMPORT: route-related options modified
2024-04-26 10:33:53 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-26 10:33:53 TUN/TAP device /dev/tun0 opened
2024-04-26 10:33:53 /sbin/ifconfig tun0 192.168.7.2 192.168.7.1 mtu 1500 netmask 255.255.255.0 up
2024-04-26 10:33:53 /sbin/route add -net 192.168.7.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.7.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net **.191.33.** 192.168.1.254 -netmask 255.255.255.255
route: writing to routing socket: File exists
add net **.191.33.**: gateway 192.168.1.254: File exists
2024-04-26 10:33:53 ERROR: OpenBSD/NetBSD route add command failed: external program exited with error status: 1
2024-04-26 10:33:53 /sbin/route add -net 0.0.0.0 192.168.7.1 -netmask 128.0.0.0
add net 0.0.0.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 128.0.0.0 192.168.7.1 -netmask 128.0.0.0
add net 128.0.0.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.4.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.4.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.2.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.2.0: gateway 192.168.7.1
2024-04-26 10:33:53 /sbin/route add -net 192.168.1.0 192.168.7.1 -netmask 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.1.0: gateway 192.168.7.1: File exists
2024-04-26 10:33:53 ERROR: OpenBSD/NetBSD route add command failed: external program exited with error status: 1
2024-04-26 10:33:53 /sbin/route add -net 192.168.3.0 192.168.7.1 -netmask 255.255.255.0
add net 192.168.3.0: gateway 192.168.7.1
2024-04-26 10:33:53 GID set to nogroup
2024-04-26 10:33:53 UID set to nobody
2024-04-26 10:33:53 Initialization Sequence Completed
2024-04-26 10:33:53 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'
2024-04-26 10:33:53 Timers: ping 10, ping-restart 60

I have a working internet connection when running OpenVPN as a client, but I can't access any of the machines on the network **.191.33.**, I know I should be able to SSH into 192.168.1.114, but I can't reach that machine through OpenVPN, there are firewall rules in the Ubuiquity box allowing traffic from 192.168.7.* to 192.168.1.* I know this is working, its testet from Mac and PC using the OpenVPN Client, I just can't get it to work on NetBSD

This is my routing table before running OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
default            192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table when running OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
0/1                192.168.7.1        UGS         -        -      -  tun0
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
128/1              192.168.7.1        UGS         -        -      -  tun0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.2/24       192.168.7.1        UGS         -        -      -  tun0
192.168.3/24       192.168.7.1        UGS         -        -      -  tun0
192.168.4/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7.1        192.168.7.2        UH          -        -      -  tun0
192.168.7.2        tun0               UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table after stopping OpenVPN:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
0/1                192.168.7.1        UGS         -        -      -  tun0
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
128/1              192.168.7.1        UGS         -        -      -  tun0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.2/24       192.168.7.1        UGS         -        -      -  tun0
192.168.3/24       192.168.7.1        UGS         -        -      -  tun0
192.168.4/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7/24       192.168.7.1        UGS         -        -      -  tun0
192.168.7.2        tun0               UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

This is my routing table when i have destroyed tun0:

ifconfig tun0 destroy
Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
default            192.168.1.254      UGS         -        -      -  iwn0
**.191.33.**/32    192.168.1.254      UGS         -        -      -  iwn0
127/8              127.0.0.1          UGRS        -        -  33624  lo0
127.0.0.1          lo0                UHl         -        -  33624  lo0
192.168.1/24       link#2             UC          -        -      -  iwn0
192.168.1.68       link#2             UHl         -        -      -  lo0
192.168.1.254      00:1e:80:a2:2e:ff  UHL         -        -      -  iwn0

The route to **.191.33.** is still there when stopping OpenVPN and destroying the tunnel tun0, I don't know if this is expected behaviour.

Update I have checked several computers now, and none of them have the 192.168.1/24 route, its only on the PC running NetBSD, I have tried to delete it, with no success. I have also read a lot of man pages and various other documentation, but I have not come up with anything usefull yet.

OpenVPN Config

client
dev tun
proto tcp
remote **.191.33.** 1701
resolv-retry infinite
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

persist-key
persist-tun

auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

auth SHA1
key-direction 1

reneg-sec 0

redirect-gateway def1

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

Intent

I am trying to connect to a VPN at a remote location, from home. The remote network is protected by a firewall facing the internet, all computers on the network behind the router is accessible, the 192.168.7.* network is standard Ubuiquity and used for VPN clients, I have added a firewall rule to allow traffic from 192.168.7.* to the 192.168.1.* network, this works fine from all computers I have tried it with, Mac, PC, Windows, Linux, MacOS. etc. except a PC running NetBSD.

The network configuration on the PC running NetBSD was performed during installation, and I used the auto-configuration feature, so I have not specified any networks, routes or rules at all. I am able to access the internet when using OpenVPN client, I just cannot access any of the machines on the remote network. So I guess the part I am missing is the routing from 192.168.7.* to 192.168.1.* so I will be able to access computers attached to that network


May 04, 2024

NetBSD Blog X.Org on NetBSD - the state of things

A few years ago, I wrote a "state of things" blog post about Wayland on NetBSD. It's only natural that I should do one about X11, which is used by far more people to get a graphical environment on NetBSD.

Spinning glxgears, a classic X.Org program.

There are a lot of differences from how NetBSD and the typical distributor ship X.Org. For one, we ship it as an optional monolithic package rather than separate individual packages. This means every driver is included on every system, rather than as an optional module. Sometimes, this means we need to fine-tune driver selection to ensure the correct drivers are loaded on the correct hardware, since multiple conflicting drivers can claim a video output. We also want sensible fallbacks, since if you're using a GPU from the future with an old OS version, you probably want X to seamlessly fall back to a regular framebuffer.

Secondly, the way our "xsrc" repository is set up, it's effectively functioning as a fork of X.Org that regularly pulls from upstream freedesktop.org (but does not push back). This allows X development to happen as part of NetBSD.

Thirdly, we use our own build system based purely on BSD makefiles, not X.Org's based on GNU autotools. This fits well with our build.sh cross-compilation system.

We have a number of drivers which have not made their way upstream. Perhaps the most ubiquitous of these is xf86-input-ws, a driver which came from OpenBSD, targets an API from NetBSD, and continues to be developed in both. This is a generic input driver that can support any pointing device that the kernel supports. Unlike xf86-input-mouse, it doesn't assume the device is a mouse, and can support advanced touchpad and touchscreen features. Other NetBSD exclusives include xf86-video-pnozz, xf86-video-mgx, and xf86-video-crime. While these all share the "xf86" name inherited from the historical XFree86 distribution, none of them are exclusively for x86.

There are a number of drivers that are accelerated when used in NetBSD, but the acceleration support is missing upstream. This is mostly due to the work of macallan@, who has diligently worked on drivers for accelerators found on SPARC and PowerPC hardware.

X.Org has historically supported two 2D acceleration modes, XAA and EXA. XAA seems complicated - according to the X.Org Foundation it supports accelerating "patterned fills and Bresenham lines" (eh?). XAA was removed from the X.Org server in 2012, and many old drivers were not updated to support the newer and simpler EXA model, except in NetBSD, over a time period of several years.

Did you know that Nvidia used to have an open source graphics driver? It supported 2D acceleration for a range of cards. In NetBSD, it's retained for platforms that included embedded Nvidia chips and aren't capable of (or predate, or don't want) the modern novueau driver. Six years ago, it was updated in NetBSD to support EXA acceleration.

There are a few ways our X integration could be improved. While lots of attention has been paid to the server, less has been paid to clients (programs). Did you know that X includes a text editor, and that text editor supports syntax highlighting and spell checking?

xedit, the standard editor

NetBSD includes its own command-line spell checker and associated dictionaries, spell(1), inherited from the BSD UNIX of yore. It's pretty basic, and only supports variations of English. To get spell checking to work in xedit, you need to install ispell (another command-line spell checker) from pkgsrc, install a dictionary, then set some Xresources (or create symlinks) to make sure xedit finds ispell. This could surely be streamlined by teaching xedit about spell.

We also ship every program that has been included with historical X.Org distributions. This includes well-known things like xterm, slightly less well-known things like xbiff(1), and obscurities like bitmap(1) (apparently a 1-bit-per-pixel alternative to MS Paint). A while ago, we removed some libraries which are no longer used by the modern X server, and maybe we should evaluate whether we need all of these programs too. xmh(1) is a frontend for a mail system that isn't included in base. Together, bitmap and xmh are around 300 kilobytes.

We include fonts, bitmaps and scalable, for a wide range of computing devices. In the latest versions of NetBSD, the font size will automatically scale with the screen size to support HiDPI displays as well as small mobile devices. However, we don't ship a scalable cursor theme at the moment. We're also missing high-resolution fonts for Japanese, a shame considering the popularity of NetBSD in Japan. Koruri looks interesting and is suitably small, maybe we should import it.

While we have many useful simple programs by default (a clock, a calculator, an editor, a window manager, a compositor, a terminal emulator...), we're notably missing a screen locking program for X in the default install, although we have lock(1) for the tty.

The big question - does all this have a future? The good news is that all new hardware has generic support in X. Someone writes either a modesetting kernel driver or a classical wsdisplay kernel driver and they will be automatically supported by the associated drivers in X. The bad news is that to have applications running we require access to a larger open source ecosystem, and that ecosystem has a lot of churn and is easily distracted by shiny new squirrels. The process of upstreaming stuff to X.Org is an ongoing process, but it's likely we'll run into things that will never be suitable for upstream.

Of course, on NetBSD, you also have the option of trying vanilla modular X.Org from pkgsrc, or using something else entirely.


April 23, 2024

NetBSD Blog NetBSD 9.4 released

The NetBSD Project is pleased to announce NetBSD 9.4, the fourth release from the NetBSD 9 stable branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.3 in August 2022, as well as some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0. Users running 9.3 or an earlier release are strongly recommended to upgrade.

The general NetBSD community is very excited about NetBSD 10.0, the latest NetBSD release, but if for some reason you can not (or do not want to) update to 10.0, it is strongly recommended to update to 9.4. This is especially true for users still using a NetBSD 8.x release as that old release branch will be desupported by the end of April 2024.

Full release notes, including download links


April 20, 2024

The NetBSD Foundation NetBSD 9.4 is available!

April 14, 2024

DragonFly BSD Digest Lazy Reading for 2024/04/14

If you sorta squint and tilt your head, it’s a games theme this week.

Your unrelated music for the week: New Strategies for Modern Crime Vol 1.  (via)


April 12, 2024

Stack Overflow NetBSD driver: flags always true for memory pages

I am trying to write a driver for NetBSD that will reserve 10 pages of virtual memory, then provide the first 5 pages with physical addresses. At the end, I output the page number, its physical address, and flags such as Valid, User and Modified. However, it seems to me that the flags are not working correctly, since for all pages, all flags have the same value, which is 1 (true). Please help me figure out what I'm doing wrong.

#include <sys/cdefs.h>
#include <sys/module.h>
#include <sys/param.h>
#include <sys/sysctl.h>
#include <uvm/uvm.h>

MODULE(MODULE_CLASS_MISC, driver, NULL);
#define PAGESIZE 0x1000
extern paddr_t avail_end;
vaddr_t va;
struct pglist plist;
static int lab4_modcmd(modcmd_t cmd, void* arg) {
   va = uvm_km_alloc(kernel_map, PAGESIZE*10, 0, UVM_KMF_VAONLY);
   if (va == 0) {
      return 0;
   }
   int error = uvm_pglistalloc(PAGESIZE*5, 0, avail_end, 0, 0, &plist, 5, 0);
   if (!error) printf ("LAB4 loaded\n");
   struct vm_page *page = TAILQ_FIRST(&plist);
   for(int i = 0; page; i++) {
      pd_entry_t *ppte;
      ppte = L2_BASE+pl2_i(va+PAGESIZE*i);
      paddr_t pa = VM_PAGE_TO_PHYS(page);
      printf("Page - %d\n", i+1);
      printf("Valid - %d\n", ((*ppte & PG_V) ? 1 : 0));
      printf("Used - %d\n", ((*ppte & PG_U) ? 1 : 0));
      printf("Modified - %d\n", ((*ppte & PG_M) ? 1 : 0));
      printf("Physical address - 0x%lx\n", pa);
      printf("\n");
      page = TAILQ_NEXT(page, pageq.queue);
   }
   uvm_pglistfree(&plist);
   uvm_km_free(kernel_map, va, PAGESIZE*10, UVM_KMF_VAONLY);
   return 0;
}

I tried to look for other examples where these flags are used.


April 09, 2024

Stack Overflow PyQt - Hidden widget leaves space in Window

I have the following code that produces a window with a QTableView visible. I add a QTextEdit to the right but hide it. When I run the code it looks as though space has been reserved on the right for the TextEdit even though the TableView has a setSizePolicy of Expanding. What do I need to set so that the TableView initially takes up all the space in the window, then shrinks to accommodate the TextEdit and then expands fully when the TextEdit is hidden? Thank you in advance.

import sys
from PyQt5.QtWidgets import QApplication, QGridLayout, QMainWindow, QPushButton
from PyQt5.QtWidgets import  QSizePolicy, QTableView, QTextEdit, QWidget

class MainWindow(QMainWindow):
# https://www.pythonguis.com/faq/file-image-browser-app-with-thumbnails/
    def runBtn(self):
#https://www.youtube.com/watch?v=LCJEyuCZlAY
        if self.hdn == True:
            self.text.show()
            self.hdn = False
        else:
            self.text.hide()
            self.hdn=True

    def __init__(self):            
        super().__init__()
        widget = QWidget()
        self.setCentralWidget(widget)
        self.layout = QGridLayout(widget)
        self.hdn = True

        self.Btn = QPushButton('Hide/Show',self)
        self.Btn.clicked.connect(self.runBtn)
        self.layout.addWidget(self.Btn, 0, 0, 1, 1)

        self.view = QTableView()
        self.layout.addWidget(self.view, 1, 0, 48, 50)
        self.view.setSizePolicy(QSizePolicy.Expanding, QSizePolicy.Expanding) # /73522221/

        self.text = QTextEdit()
        self.text.hide()
        self.layout.addWidget(self.text, 1, 50, 48, 2)

app = QApplication(sys.argv)
window = MainWindow()
window.show()
app.exec_()

April 02, 2024

Amitai Schlair pkgsrc on macOS: still works

A few weeks ago, Apple released new versions of Xcode and Command Line Tools. Not thinking too hard about how my pkgsrc developer environment often gets broken by OS or tool updates, I updated promptly. For one thing, I’m kinda used to it. For another, it doesn’t usually break. For a third thing, managing dependencies — anything not my code that can break my code — means responsibility for dealing with the inevitable trouble, and therefore the sooner I find it the better. (More on my approach to life with dependencies.)

A vendor-provided toolchain is a significant dependency. So I accepted the Command Line Tools update, and it commandeered my spare time for two weeks as I hurried carefully to repair one of the world’s biggest continuous-integration cauldrons on one of its most popular platforms. When I ran my usual pkg_rolling-replace -suv to rebuild anything outdated, it did not go well at all.

This article uses “we” because the continued smooth operation of pkgsrc on macOS reflects the contributions of many developers on many occasions, including this one: I happened to be first on the scene, but several of us of were discussing the problems and potential workarounds and all of “my” commits were adjusted accordingly.

Did I mention that a few weeks ago we were aiming to stabilize for yesterday’s quarterly release? Suddenly, if we didn’t scramble to straighten things out for macOS users, we’d have to manage a complicated situation for a while. But if we created a mess on other platforms by moving rashly, that’d be even worse.

The usual feedback mechanism for proposed infrastructure changes is to compare full bulk builds before and after. There was no time for that.

Happily, the conclusion of the story is boring: as always, the pkgsrc 2024Q1 stable branch supports macOS and its developer tools, including the latest releases of each. (So does -current pkgsrc, of course, if that’s your thing.)

Curious what we had to do to keep it boring? Read on.

Stricter clang defaults

Upstream Clang 16 and GCC 14 have promoted several warnings to errors by default, and Apple’s Clang 15 has followed suit. (Gentoo has very helpfully documented this for packagers.) These changes are intentional and well-intentioned, pushing maintainers to ship more reliable code. But pkgsrc’s job is to build nearly 30,000 codebases we don’t maintain. And stricter compiler defaults break a lot of builds.

As you might hope, we can make the breakage go away in one place.

In pkgsrc, packages declare which programming languages are required for their build. The compiler framework then selects package-and-platform-appropriate compilers, places them preferentially in the package’s build environment, and — crucially — intercepts compiler invocations and rewrites them for a variety of purposes.

When we look into pkgsrc’s clang logic, we find prior art for this specific class of problem. In September 2020, Xcode 12 (and its associated Command Line Tools) arrived even later in our quarterly schedule and promoted -Wimplicit-function-declaration to an error. The surgical fix: on macOS only, if invoking clang reveals the new stricter default, we pass -Wno-error=implicit-function-declaration to demote the error back to a warning.

Apple Clang 15’s new strictures aren’t observable in the same way, so we adjust our workaround: if clang doesn’t complain when we try demoting the new errors back to warnings, we pass those arguments too, via the same compiler-framework mechanism.

Missing m4 and yacc

This messy regression found only in the Command Line Tools 15.3.0.0.1.1708646388 update — not in the corresponding full Xcode 15.3 (build 15E204a) update — must have been unintended.

On macOS, some of the familiar Unix tools in /usr/bin are in fact stubs. When invoked, they either execute into the corresponding installed program (living somewhere under /Library/Developer) or prompt the user to install the Command Line Tools.

This Command Line Tools update uninstalls m4 and yacc from /Library/Developer. But since the OS-provided /usr/bin/m4 and /usr/bin/yacc stubs still exist, running m4 or yacc still does something: it pops up a window prompting you to reinstall the CLT. Unfortunately, as the latest available version doesn’t provide those tools, reinstalling is a waste of time.

As you might once again hope, we can hide the problem without personally visiting 29,000+ packages.

In pkgsrc, we also have a framework to control which non-compiler tools are invoked during builds. Packages declare which tools are required for their build. The tools framework then selects package-and-platform-appropriate incarnations of the declared tools and places them preferentially in the package’s build environment.

We just got handed a few new twists to handle in the framework, is all.

First, because this clever new CLT failure mode outfoxes our usual tool-detection mechanism, we special-case m4 and yacc detection on macOS, performing an existence check for the stubs’ targets. Then the selection mechanism’s usual fallback logic can provide them some other way. This prevents the primary source of needless CLT install popups. For non-macOS platforms, no change.

Second, because some packages might not yet be declaring all their tool dependencies, we special-case m4 and yacc handling on macOS: when they’re not declared, we place them in the build environment anyway, as no-ops. If the package build happens to invoke them, nothing happens. This prevents the secondary source of needless CLT install popups, at the risk of breaking macOS builds for packages that are missing these tool declarations and have heretofore gotten lucky; in such cases, the breakage will be obvious and the fix easy. For non-macOS platforms, no change. (At leisure, we might like to broaden this approach to help find and fix all undeclared tools on all platforms.)

Third, because the flex tool expects to invoke a GNU-compatible m4, we adjust the tools framework to infer gm4 from a flex declaration so that the framework controls which m4 gets found. This more correctly expresses our intent on all platforms, and in the macOS package build environment it restores /usr/bin/flex to a working state.

Broader xcrun search

We were already relying on xcrun for a couple of things, so when our new tool-detection special cases were sometimes getting surprising results from it, that was concerning. Turns out xcrun no longer looks solely in Apple-controlled locations, but also consults the environment’s $PATH. By invoking xcrun with an empty PATH and --no-cache, we obtain controlled, predictable tool detection.

Conclusion

Under the constraints, we changed as little as possible, as safely as possible, as similarly as possible to previous proven changes, avoiding novel constructs or any whiff of unforeseen consequences. We could not have done nearly as safe or thorough a job without good abstractions already in place. Total lines of pkgsrc infrastructure code changed: less than 100. Now that 2024Q1 is out, we have room to refactor.

These 15.3 updates also include a brand new linker. So far it hasn’t given us any trouble. If that changes, wanna guess whether we have one place to take care of it?


March 31, 2024

Frederic Cambus Toolchains adventures - Q1 2024

This is the ninth post in my toolchains adventures series. Please check the previous posts in the toolchains category for more context about this journey. There was no Q4 2023 report as there wasn't really anything worthwhile to write about.

I've been taking a break from Pkgsrc to only focus on OpenBSD at this point, for which I updated binutils to version 2.42 in the ports tree.

During this OpenBSD release cycle, the remaining parts required to get pinsyscalls(2) working have been committed, and I added support upstream for the PT_OPENBSD_SYSCALLS segment type to readelf in GNU Binutils, as well as in LLVM versions of objdump and readobj.

Lastly, I also wrote a blog post about Speedbuilding LLVM/Clang in 3 minutes on Power10.

As usual, I’ve also been busy reading different material, and adding new resources to toolchains.net.

binutils commits:

2024-02-12d86205cAdd support to readelf for the PT_OPENBSD_SYSCALLS segment type

LLVM commits

2024-02-20a8d7511[llvm-readobj] Add support for the PT_OPENBSD_SYSCALLS segment type
2024-02-201b89486[llvm-objdump] Add support for the PT_OPENBSD_SYSCALLS segment type
2024-02-1797eff26[Support/ELF] Add OpenBSD PT_OPENBSD_SYSCALLS constant
2024-02-10d2e4a72[clang] Update Clang version from 18 to 19 in scan-build.1

March 30, 2024

NetBSD Blog NetBSD 10.0 available!

The NetBSD project is pleased to announce the eighteenth major release of the NetBSD operating system NetBSD 10.0!
See the release announcement for details.

The netbsd-10 release branch is more than a year old now, so it is high time the 10.0 release makes it to the front stage. This matches the long time it took for the development branch to get ready for branching, a lot of development went into this new release.

This also caused the release announcement to be one of the longest we ever did.

If you want to try NetBSD 10.0 please check the installation notes for your architecture and download the preferred install image from the CDN or if you are using an ARM based device from the netbsd-10 builds from the bootable ARM images page.

If you have any issues with installation or run into issues with the system during use, please contact us on one of the mailing lists or file a problem report.

NetBSD Blog Statement on backdoor in xz library

Recently, a backdoor was discovered in the xz compression library. xz/liblzma are included as a part of NetBSD and used by the project for distribution of new releases and packages.

The version of xz shipped in all stable (and unstable) versions of NetBSD predates any code changes by the author of the backdoor. NetBSD is therefore safe and unaffected by the recent discoveries. It is believed that the attack only targets Linux/glibc, but checking this allowed us to rule out any other attempts at compromising the library by the author.

The version of xz shipped in pkgsrc, however, is affected. Using xz from pkgsrc is a non-default setting on NetBSD, and requires explicit opt-in. Most users of NetBSD will not install xz from pkgsrc because the version from the base system is preferred. However, users of pkgsrc on other platforms will need to take precautions.

Regardless of NetBSD being affected or not, the discovery of the backdoor is a wake-up call and further discussion will be happening internally over how to proceed.


March 28, 2024

NetBSD Installation and Upgrading on DaemonForums NetBSD on Synology 107+
Greetings to the whole group.
I am a systems enthusiast, I use linux for several years in an exclusive way.
I’m trying to learn (never ends) with a little difficulty with the English language... so you’ll forgive me if I use a translator...

I am currently working on a synology 107+ that I have been doing for many years... I have put it back doing some hardware maintenance.
the problem was triggered when I realized that the official website was no longer available firmware for my model....
searching on the internet an alternative I came to NetBSD...
I followed this quida:
https://wiki.netbsd.org/ports/sandpoint/instsynology/

but my limitations arose when I failed to boot altboot.bin via TFTP....
I hope to find among you some advice and some tips to get ahead of this issue... and clearly increase personal knowledge...
I attach a bit of info in the following post...
thanks

Giuseppe
The NetBSD Foundation NetBSD 10.0 is available!

March 19, 2024

Unix Stack Exchange NetBSD - how to display information about kernel memory in GDB?

I'm debugging the NetBSD kernel with gdb, but I would like to be able to display information about the memory region an address is in. I'm mainly interested in finding out the permissions of a page of memory, along with the size of the region it is enclosed in (if the latter part of that question makes sense).

Does the kernel have a concept of memory regions in kernel space? i.e. a contiguous block of pages (virtual addresses) reserved for a specific purpose (which is kept track of somewhere)? Or is it down to each specific module to keep track of which blocks of memory belong to a logical group?

Here's an example of what I'm looking for:

(gdb) addressinfo 0xffffffff80e1000

                Start                End    Offset    Perm     Size
    0xffffffff80e0000  0xffffffff80e2000    0x1000    r--p     0x2000   

I don't mind adding a hook to the kernel for a GDB script to output this information, if this functionality does not exist. At the minimum it would be useful to add a hook for GDB scripts to view the page permissions.