Single board computer
POPULARITY
3 episodes with beaglebone
2 episodes with beaglebone
This week's EYE ON NPI will stick by your side like a faithful hound- it's the BeagleBoard.org BeaglePlay® Single Board Computer (https://www.digikey.com/en/product-highlight/b/beagleboard/beagleplay). Single Board Computers (SBCs) are like tiny computers that are less powerful than desktops but much better at booting quickly and interfacing with hardware. They also tend to run Linux or BSD because it's easier to get those OS's ported to new chipsets than convincing Apple or Microsoft! This new generation of SBC from BeagleBoard builds on their prior success with the BeagleBoard (https://www.digikey.com/short/1cmb3dtf) and BeagleBone (https://www.digikey.com/short/c52dpz47) by adding a ton more interfaces and connectors so many projects can be built with no soldering. Here's a bullet list to get us started: AM6254 SoC processor 16 GB eMMC storage 2 GB DDR4 memory Supports expansion with OLDI, 4-lane CSI, and QWIIC connectors CSI for compatibility with the BeagleBone AI-654, Raspberry Pi Zero W, and compute modules Full-size HDMI connector Small size: 8 cm x 8 cm USB Type-C® with 5 V @ 3 A input connector mikroBUS connector RJ45 Ethernet connector for Gigabit Ethernet Wi-Fi 2.4 GHz and 5 GHz capabilities BLE and SubG MicroSD slot USB Type-A connector at 480 Mbit Grove connector The main processor is the TI Sitara AM6254 (https://www.digikey.com/short/507rmwr2) with quad-core 64-bit A53 and a Cortex M4 coprocessor. This chip is paired with 2 GB of DDR4 RAM and 16 GB of eMMC storage for a powerful AI-ready chipset that has tons of onboard graphics support such as 1080P HDMI and 4 lanes of OLDI/LVDS. This chip has 9x UARTS, 5x SPIs, 6x I2C's, 3x PWM modules, 3x quad encoders, and 3x CAN-FD, and of course some GPIO. Note there's no ADC or DAC - you'd use SPI to connect those externally. Note this board doesn't have a 2x20 header like a Raspberry Pi, or even the dual header strips from the BeagleBone - but in exchange it stuffs a ton of hardware support directly onto the PCB. For example, if you'd like to add a camera, there's an onboard 22-pin 0.5mm pitch CSI FPC connector that is compatible with the Pi Zero camera cables (https://www.adafruit.com/product/5211) - use that adapter to interface with any low cost Pi Camera modules or compatibles. For video output, a vertical full-sized HDMI port will connect to any monitor or display. In fact we plugged in our desktop monitor and powered the Play with a USB wall adapter, and it immediately came up with an X desktop display. Mouse and keyboard can be added via the USB 2.0 socket, a mini hub will allow multiple devices since there's only one type A port. The BeaglePlay does a great job of including everything you may want to expand your Raspberry Pi with. For example, there's a BQ32002 Real Time Clock (https://www.digikey.com/short/p0h10jbq) with a CR1220 coin cell holder right on board - normally that would have to be included as a separate module. A microSD card slot can be used for storing large amounts of data: unlike most SBCs, there's onboard 16GB eMMC so you don't have to juggle SD cards to install the OS. There's also a ton of expansion ports! For I2C, the onboard QWICC (https://www.sparkfun.com/qwiic) JST SH connector lets you use the hundreds of SparkFun sensors as well as any Adafruit Stemma QT (https://learn.adafruit.com/introducing-adafruit-stemma-qt/what-is-stemma) devices. For UART/PWM/ADC/I2C/GPIO you can use the onboard Grove connector. Finally, for networking either to the Internet or to a sensor network, there's Gigabit Ethernet, WiFi 2.4G and 5G, BLE and Sub-G networking. Yeah that's a lot! It's almost all provided by the onboard TI SimpleLink CC1352P7 (https://www.ti.com/product/CC1352P7) which boasts support for 6LoWPAN, Amazon Sidewalk, Bluetooth 5.2 Low Energy, IEEE 802.15.4, MIOTY, Proprietary 2.4 GHz, Thread, Wi-SUN NWP, Wireless M-Bus (T, S, C, N mode), Zigbee. Note LoRa is not in there, so if you need LoRa that would be added with a separate module. There's also an RJ-11 with Single-Pair Ethernet (https://blog.adafruit.com/2020/08/27/eye-on-npi-harting-single-pair-ethernet-eyeonnpi-digikey-ethernet-digikey-harting-adafruit/) which makes this a good fit to connect to industrial robotics or automation. All this hardware is available at a great price of under $100 at Digi-Key, we already picked one up and we're going to try and get Blinka working on it (https://github.com/adafruit/Adafruit_Blinka) so that all of our CircuitPython libraries will 'just run' in CPython. Especially given the ready-to-run Stemma QT / Qwiic port on the side, this is an excellent board for a powerful but solder-free configurable SBC. Digi-Key has tons of BeaglePlay's stock for immediate shipment, so order today (https://www.digikey.com/short/jpztmq3w) and you will be playing with your new BeaglePlay by tomorrow afternoon.
This week's EYE ON NPI can handles whatever the weather throws at it - with the Stewart IP67 Rated USB Type-A Cable Assemblies (https://www.digikey.com/en/product-highlight/s/stewart-connector/ip67-rated-usb-type-a-cable-assemblies). I absolutely adore using common, off-the-shelf connectors and hardware - like a Raspberry Pi or Arduino - for hardware designs. But, of course, most hardware you buy is not weather-proofed by default because it's expensive and restrictive. So instead, often times the final integration step is where durability is added by the designers. That's where these cables come in. Instead of re-designing or re-building your existing cable connectors to use specialized weatherproof contacts, here we are supporting the common USB type A cables that are used everywhere for connecting accessories to your single-board computer. Now you can tuck away the Raspberry Pi or BeagleBone you've got in any enclosure you fancy. The Stewart IP67 cables come in a few different flavors, so you'll want to mix and match the right kinds to get the ends and threading right. For example, there's USB 2 (https://www.digikey.com/en/products/detail/stewart-connector/67U2AC-006-K/14300409) and USB 3 (https://www.digikey.com/en/products/detail/stewart-connector/67U3AA-006-K/14300411), USB Type A plug (https://www.digikey.com/en/products/detail/stewart-connector/67U2AD-006-K/14300402) and Type A socket (https://www.digikey.com/en/products/detail/stewart-connector/67U2BD-006-K/14300407), and you can get them with cut ends or connector ends. These cables come with an environmental rating (e.g. weather/waterproofing rating) so you know exactly what kind of use cases they are safe for - otherwise known as an IP rating (https://www.iec.ch/ip-ratings) IP67 means that the connector, once properly installed is completely dust-tight (that's the 6, maximum rating possible) and protected against rain, jets of water, and even temporary water immersion. That's the 7 part in IP67. It's not meant for being dunked in water for extended periods of time - like in a pool or aquarium - you'll need IP68 for that. Of course, the higher the rating the more expensive the connectors. Compare the rating to every day electronics which naturally have an IP rating of maybe IP30, with only the most basic dust prevention and no water protection. Check out all the Stewart IP67 USB cable assemblies (https://www.digikey.com/en/product-highlight/s/stewart-connector/ip67-rated-usb-type-a-cable-assemblies) to make your own plug-and-play secure USB system with all off-the shelf hardware - it'll make weatherproofing your design easy! And they're all in stock right now at Digi-Key for immediate shipment (https://www.digikey.com/short/7r5t1m7d) - order today and you'll be ready to ruggedize by tomorrow morning.
Jason Kridner has 30 years of experience in the embedded systems industry. As a 28-year veteran of Texas Instruments DSP and processor businesses, founder of the BeagleBoard.org project, and invited speaker at numerous industry events, Jason knows what it takes to build an embedded system from concept to volume production.BUILD YOUR HARDWARE PROJECT WITH BEAGLEBOARDLearn more about the Beagleboard and kickstart your open source hardware journey!NEED TO BUILD A CUSTOM EMBEDDED SYSTEM? Whether you are a big business or a startup needing a custom embedded system hire the expert Jason Kridner to bring your hardware idea to life using Beagleboard computers.CONNECT WITH JASON KRIDNER:Connect with Jason Kridner on LinkedInConnect with Jason Kridner on Twitter
This week in the Lobby, we have one of the original leaders of the single-board computer (SBC) industry, Jason Kridner of BeagleBoard.org, whose BeagleBone line of open-source SBCs is manufactured by Texas Instruments in partnership with Digi-Key and Newark element14. In this episode, Jason and Dave get into the importance of rapid prototyping for embedded systems in an era where time-to-market trumps all. Core to this episode is the democratization of working with neural networks through SBCs like BeagleBoard AI. How will the industry change as access to developing machine learning algorithms becomes more common? And how responsible are developers for bias in AI, anyway? Tune in for a great conversation about hardware, ethics, and embedded prototyping!
Joel Sherrill (JoelSherrill) spoke with us about choosing embedded operating systems and why open source RTEMS (RTEMS_OAR) is a good choice. Embedded #307: Big While Loop: Chris and Elecia talk about when and where they’d use RTOSs Embedded #93: Delicious Gumbo: Joel gave an introduction to the RTEMS RTOS Joel works at OAR Corp (oarcorp.com) on RTEMS (rtems.org). RTEMS runs on many development boards including the BeagleBone, Raspberry Pi, and two FPGA boards: ARM ZYNQ-7000 and the Arty Board. Joel recommends the operating systems book by Alan Burns and Andy Wellens. It comes in many flavors and editions including Real Time Systems and Programming Languages: Ada 95, Real-Time Java and Real-Time C/POSIX (3rd Edition). NASA Core Flight System (https://cfs.gsfc.nasa.gov/) Experimental Physics and Industrial Control System (EPICS) (https://epics-controls.org/)
Avengers infinity war kontra Stanley Kubrick? Allt är möjligt i sveriges nördigaste podcast: Avengers infinity war - Fredrik ser till slut Jocke är inne i en Kubrickperiod Powertoys kommer tillbaka! Att byta touchplatta i en Thinkpad 440S - inte för de svagsinta Telephant 250-kronorskameran från Kina lever! Downlink Jocke bygger temperatursensor på Raspberry Pi iPhone X gate - hur mycket kostar det i självrisk att reparera en iPhone X via sin hemförsäkring? Samsung först med inbyggd Apple tv-applikation i smart tv … och en liten bugg i Linuxkärnan Länkar Väg 74 John Gruber Senaste Roderick on the line - med ljudeffekter?! Podcast chapters Avengers infinity war Avengers endgame Batman v Superman Iron man 3 Barry Lyndon Stanley Kubrick Powertoys kommer tillbaka! Gamla Powertoys Plus!-paketet för Windows 95 Active desktop ALPS-tangentbordsswitchar Nya Windowsterminalen Telephant ONVIF Downlink Netnewswire Keso Grafana Raspberry pi AM2302 Adafruit - på Github Beaglebone black SNMP Verges Oneplus 7 pro-recension Fredrik på Göteborgsvarvet 2019 En bugg i Linuxkärnan Två nördar - en podcast. Fredrik Björeman och Joacim Melin diskuterar allt som gör livet värt att leva. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-167-en-helt-vanlig-dag-i-hulkens-liv.html.
Catch up on the past week of hacks with Hackaday Editors Elliot Williams and Mike Szczys. "AI on the Edge" is the buzzword of choice lately, with hardware offerings from BeagleBone and Google to satiate your thirst. We take on spotty data from Tesla, driving around on four bouncy-houses, reverse engineering a keytar, unearthing a gem of a dinosaur computer, and MIPI DSI display hacking. There are tips for getting better at commenting code, and making your computer do your algebra homework. Show notes at https://hackaday.com/?p=348778
FreeBSD 11.2 has been released, setting up an MTA behind Tor, running pfsense on DigitalOcean, one year of C, using OpenBGPD to announce VM networks, the power to serve, and a BSDCan trip report. ##Headlines FreeBSD 11.2-RELEASE Available FreeBSD 11.2 was released today (June 27th) and is ready for download Highlights: OpenSSH has been updated to version 7.5p1. OpenSSL has been updated to version 1.0.2o. The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0. The libarchive(3) library has been updated to version 3.3.2. The libxo(3) library has been updated to version 0.9.0. Major Device driver updates to: cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6 ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags New drivers: + drm-next-kmod driver supporting integrated Intel graphics with the i915 driver. mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters smartpqi(4) – HP Gen10 Smart Array Controller Family The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller. The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem. The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’ The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4). The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface. The dwatch(1) utility has been introduced The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. The etdump(1) utility has been added, which is used to view El Torito boot catalog information. The linux(4) ABI compatibility layer has been updated to include support for musl consumers. The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior Support for virtio_console(4) has been added to bhyve(4). The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior. In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on: Amazon EC2 Google Compute Engine Hashicorp/Atlas Vagrant Microsoft Azure In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for: GUMSTIX BANANAPI BEAGLEBONE CUBIEBOARD CUBIEBOARD2 CUBOX-HUMMINGBOARD RASPBERRY PI 2 PANDABOARD WANDBOARD Full Release Notes ###Setting up an MTA Behind Tor This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4). Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new. The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD. Requirements: A fully Tor-ified network HardenedBSD as the operating system A server (or VM) running HardenedBSD behind the fully Tor-ified network. /usr/ports is empty Or is already pre-populated with the HardenedBSD Ports tree Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats. Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours. On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports. Steps Installation Generating Cryptographic Key Material Tor Configuration OpenSMTPD Configuration Dovecot Configuration Testing your configuration Optional: Webmail Access iXsystems https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec https://www.ixsystems.com/blog/self-2018-recap/ ###Running pfSense on a Digital Ocean Droplet I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy for a pfSense setup on a decent hardware. I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why. . Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom. Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome): There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more. One note though, before we wrap up: You have two ways to initiate the initial setup wizard of the web-configurator: Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses. or Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup. Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do . I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS. Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO. Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now. ##News Roundup One year of C It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective. In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad. Here are all the github projects I wrote in C: sokol: a slowly growing set of platform-abstraction headers sokol-samples - examples for Sokol chips - 8-bit chip emulators chips-test - tests and examples for the chip- emulators, including some complete home computer emulators (minus sound) All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language. So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add). Here’s a few things I learned: Pick the right language for a problem C is a perfect match for WebAssembly C99 is a huge improvement over C89 The dangers of pointers and explicit memory management are overrated Less Boilerplate Code Less Language Feature ‘Anxiety’ Conclusion All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course ;) There simply isn’t much to discuss about a language that can be learned in an afternoon. I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction). ###Configuring OpenBGPD to announce VM’s virtual networks We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines. My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge. I’ve installed openbgpd on both hosts and configured it like this: vmhost: /usr/local/etc/bgpd.conf AS 65002 router-id 192.168.87.48 fib-update no network 10.0.1.1/24 neighbor 192.168.87.41 { descr "desktop" remote-as 65001 } Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box: desktop: /usr/local/etc/bgpd.conf AS 65001 router-id 192.168.87.41 fib-update yes neighbor 192.168.87.48 { descr "vmhost" remote-as 65002 } It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled: /etc/rc.conf.local openbgpdenable="YES" Conclusion As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking. As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax. Digital Ocean ###The Power to Serve All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form. I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice: Rent some cloud based services or DIY (Do IT Yourself) on premise Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business. One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker. FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me. If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function. FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all. June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD. ###Dave’s BSDCan trip report So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part. Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018. This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA. Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress. Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule! The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead. The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it. With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom. I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”. The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie! After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems. I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year! Regards, Dave (aka m0nkey) Thanks to Dave for sharing his experiences with us and our viewers ##Beastie Bits Robert Watson (from 2008) on how much FreeBSD is in Mac OS X Why Intel Skylake CPUs are sometimes 50% slower than older CPUs Kristaps Dzonsons is looking for somebody to maintain this as mentioned at this link camcontrol(8) saves the day again! Formatting floppy disks in a USB floppy disk drive 32+ great indie games now playable on OpenBSD -current; 7 currently on sale! Warsaw BSD User Group. June 27 2018 18:30-21:00, Wheel Systems Office, Aleje Jerozolimskie 178, Warsaw Tarsnap ##Feedback/Questions Ron - Adding a disk to ZFS Marshall - zfs question Thomas - Allan, the myth perpetuator Ross - ZFS IO stats per dataset Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
In which we interview a unicorn, FreeNAS 11.0 is out, show you how to run Nextcloud in a FreeBSD jail, and talk about the connection between oil changes and software patches. This episode was brought to you by Headlines FreeNAS 11.0 is Now Here (http://www.freenas.org/blog/freenas-11-0/) The FreeNAS blog informs us: After several FreeNAS Release Candidates, FreeNAS 11.0 was released today. This version brings new virtualization and object storage features to the World's Most Popular Open Source Storage Operating System. FreeNAS 11.0 adds bhyve virtual machines to its popular SAN/NAS, jails, and plugins, letting you use host web-scale VMs on your FreeNAS box. It also gives users S3-compatible object storage services, which turns your FreeNAS box into an S3-compatible server, letting you avoid reliance on the cloud. FreeNAS 11.0 also introduces the beta version of a new administration GUI. The new GUI is based on the popular Angular framework and the FreeNAS team expects the GUI to be themeable and feature complete by 11.1. The new GUI follows the same flow as the existing GUI, but looks better. For now, the FreeNAS team has released it in beta form to get input from the FreeNAS community. The new GUI, as well as the classic GUI, are selectable from the login screen. Also new in FreeNAS 11 is an Alert Service page which configures the system to send critical alerts from FreeNAS to other applications and services such as Slack, PagerDuty, AWS, Hipchat, InfluxDB, Mattermost, OpsGenie, and VictorOps. FreeNAS 11.0 has an improved Services menu that adds the ability to manage which services and applications are started at boot. The FreeNAS community is large and vibrant. We invite you to join us on the FreeNAS forum (https://forums.freenas.org/index.php) and the #freenas IRC channel on Freenode. To download FreeNAS and sign-up for the FreeNAS Newsletter, visit freenas.org/download (http://www.freenas.org/download/). Building an IPsec Gateway With OpenBSD (https://www.exoscale.ch/syslog/2017/06/26/building-an-ipsec-gateway-with-openbsd/) Pierre-Yves Ritschard wrote the following blog article: With private networks just released on Exoscale, there are now more options to implement secure access to Exoscale cloud infrastructure. While we still recommend the bastion approach, as detailed in this article (https://www.exoscale.ch/syslog/2016/01/15/secure-your-cloud-computing-architecture-with-a-bastion/), there are applications or systems which do not lend themselves well to working this way. In these cases, the next best thing is building IPsec gateways. IPsec is a protocol which works directly at layer 3. It uses its configuration to determine which network flows should be sent encrypted on the wire. Once IPsec is correctly configured, selected network flows are transparently encrypted and applications do not need to modify anything to benefit from secured traffic. In addition to encryption, IPSec also authenticates the end points, so you can be sure you are exchanging packets with a trusted host For the purposes of this article we will work under the following assumptions: We want a host to network setup, providing access to cloud-hosted infrastructure from a desktop environment. Only stock tooling should be used on desktop environment, no additional VPN client should be needed. In this case, to ensure no additional software is needed on the client, we will configure an L2TP/IPsec gateway. This article will use OpenBSD as the operating system to implement the gateway. While this choice may sound surprising, OpenBSD excels at building gateways of all sorts thanks to its simple configuration formats and inclusion of all necessary software and documentation to do so in the base system. The tutorial assumes you have setup a local network between the hosts in the cloud, and walks through the configuration of an OpenBSD host as a IPsec gateway On the OpenBSD host, all necessary software is already installed. We will configure the system, as well as pf, npppd, and ipsec + Configure L2TP + Configure IPsec + Configure NAT + Enabled services: ipsec isakmpd npppd The tutorial then walks through configuring a OS X client, but other desktops will be very similar *** Running Nextcloud in a jail on FreeBSD (https://ramsdenj.com/2017/06/05/nextcloud-in-a-jail-on-freebsd.html) I recently setup Nextcloud 12 inside a FreeBSD jail in order to allow me access to files i might need while at University. I figured this would be a optimal solution for files that I might need access to unexpectedly, on computers where I am not in complete control. My Nextcloud instance is externally accessible, and yet if someone were to get inside my Jail, I could rest easy knowing they still didn't have access to the rest of my host server. I chronicled the setup process including jail setup using iocage, https with Lets Encrypt, and full setup of the web stack. Nextcloud has a variety of features such as calendar synchronization, email, collaborative editing, and even video conferencing. I haven't had time to play with all these different offerings and have only utilized the file synchronization, but even if file sync is not needed, Nextcloud has many offerings that make it worth setting up. MariaDB, PHP 7.0, and Apache 2.4 To manage my jails I'm using iocage. In terms of jail managers it's a fairly new player in the game of jail management and is being very actively developed. It just had a full rewrite in Python, and while the code in the background might be different, the actual user interface has stayed the same. Iocage makes use of ZFS clones in order to create “base jails”, which allow for sharing of one set of system packages between multiple jails, reducing the amount of resources necessary. Alternatively, jails can be completely independent from each other; however, using a base jail makes it easier to update multiple jails as well. + pkg install iocage + sysrc iocageenable=YES + iocage fetch -r 11.0-RELEASE + iocage create tag="stratus" jailzfs=on vnet=off boot=on ip4_addr="sge0|172.20.0.100/32" -r 11.0-RELEASE + iocage start stratus + iocage console stratus I have chosen to provide storage to the Nextcloud Jail by mounting a dataset over NFS on my host box. This means my server can focus on serving Nextcloud and my storage box can focus on housing the data. The Nextcloud Jail is not even aware of this since the NFS Mount is simply mounted by the host server into the jail. The other benefit of this is the Nextcloud jail doesn't need to be able to see my storage server, nor the ability to mount the NFS share itself. Using a separate server for storage isn't necessary and if the storage for my Nextcloud server was being stored on the same server I would have created a ZFS dataset on the host and mounted it into the jail. Next I set up a dataset for the database and delegated it into the jail. Using a separate dataset allows me to specify certain properties that are better for a database, it also makes migration easier in case I ever need to move or backup the database. With most of the requirements in place it was time to start setting up Nextcloud. The requirements for Nextcloud include your basic web stack of a web server, database, and PHP. Also covers the setup of acme.sh for LetsEncrypt. This is now available as a package, and doesn't need to be manually fetched Install a few more packages, and do a bit of configuration, and you have a NextCloud server *** Historical: My first OpenBSD Hackathon (http://bad.network/historical-my-first-openbsd-hackathon.html) This is a blog post by our friend, and OpenBSD developer: Peter Hessler This is a story about encouragement. Every time I use the word "I", you should think "I as in me, not I as in the author". In 2003, I was invited to my first OpenBSD Hackathon. Way before I was into networking, I was porting software to my favourite OS. Specifically, I was porting games. On the first night most of the hackathon attendees end up at the bar for food and beer, and I'm sitting next to Theo de Raadt, the founder of OpenBSD. At some point during the evening, he's telling me about all of these "crazy" ideas he has about randomizing libraries, and protections that can be done in ld.so. (ld.so is the part of the OS that loads the libraries your program needs. It's, uh, kinda important.) Theo is encouraging me to help implement some of these ideas! At some point I tell Theo "I'm just a porter, I don't know C." Theo responds with "It isn't hard, I'll have Dale (Rahn) show you how ld.so works, and you can do it." I was hoping that all of this would be forgotten by the next day, but sure enough Dale comes by. "Hey, are you Peter? Theo wanted me to show you how ld.so works" Dale spends an hour or two showing me how it works, the code structure, and how to recover in case of failure. At first I had lots of failures. Then more failures. And even more failures. Once, I broke my machine so badly I had to reinstall it. I learned a lot about how an OS works during this. But, I eventually started doing changes without it breaking. And some even did what I wanted! By the end of the hackathon I had came up with a useful patch, that was committed as part of a larger change. I was a nobody. With some encouragement, enough liquid courage to override my imposter syndrome, and a few hours of mentoring, I'm now doing big projects. The next time you're sitting at a table with someone new to your field, ask yourself: how can you encourage them? You just might make the world better. Thank you Dale. And thank you Theo. Everyone has to start somewhere. One of the things that sets the BSDs apart from certain other open source operating systems, is the welcoming community, and the tradition of mentorship. Sure, someone else in the OpenBSD project could have done the bits that Peter did, likely a lot more quickly, but then OpenBSD wouldn't have gained a new committer. So, if you are interested in working on one of the BSDs, reach out, and we'll try to help you find a mentor. What part of the system do you want to work on? *** Interview - Dan McDonald - allcoms@gmail.com (mailto:allcoms@gmail.com) (danboid) News Roundup FreeBSD 11.1-RC1 Available (https://lists.freebsd.org/pipermail/freebsd-stable/2017-July/087340.html) 11.1-RC1 Installation images are available for: amd64, i386 powerpc, powerpc64 sparc64 armv6 BANANAPI, BEAGLEBONE, CUBIEBOARD, CUBIEBOARD2, CUBOX-HUMMINGBOARD, GUMSTIX, RPI-B, RPI2, PANDABOARD, WANDBOARD aarch64 (aka arm64), including the RPI3, Pine64, OverDrive 1000, and Cavium Server A summary of changes since BETA3 includes: Several build toolchain related fixes. A use-after-free in RPC client code has been corrected. The ntpd(8) leap-seconds file has been updated. Various VM subsystem fixes. The '_' character is now allowed in newfs(8) labels. A potential sleep while holding a mutex has been corrected in the sa(4) driver. A memory leak in an ioctl handler has been fixed in the ses(4) driver. Virtual Machine Disk Images are available for the amd64 and i386 architectures. Amazon EC2 AMI Images of FreeBSD/amd64 EC2 AMIs are available The freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases. Systems running earlier FreeBSD releases can upgrade as follows: freebsd-update upgrade -r 11.1-RC1 During this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically performed merging was done correctly. freebsd-update install The system must be rebooted with the newly installed kernel before continuing. shutdown -r now After rebooting, freebsd-update needs to be run again to install the new userland components: freebsd-update install It is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example, FreeBSD 10.x. Alternatively, the user can install misc/compat10x and other compatibility libraries, afterwards the system must be rebooted into the new userland: shutdown -r now Finally, after rebooting, freebsd-update needs to be run again to remove stale files: freebsd-update install Oil changes, safety recalls, and software patches (http://www.daemonology.net/blog/2017-06-14-oil-changes-safety-recalls-software-patches.html) Every few months I get an email from my local mechanic reminding me that it's time to get my car's oil changed. I generally ignore these emails; it costs time and money to get this done (I'm sure I could do it myself, but the time it would cost is worth more than the money it would save) and I drive little enough — about 2000 km/year — that I'm not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. From what I've seen, I don't think I'm alone in taking a somewhat lackadaisical approach to routine oil changes. On the other hand, there's another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there's a safety recall you don't have to pay for the replacement or fix — the cost is covered by the manufacturer. I started thinking about this distinction — and more specifically the difference in user behaviour — in the aftermath of the "WannaCry" malware. While WannaCry attracted widespread attention for its "ransomware" nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying — and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn't access patient records. Think about it: If the NHS couldn't access patient records due to WannaCry, it suggests WannaCry infiltrated systems used to access patient records — meaning that someone else exploiting the same vulnerabilities could have accessed those records. The SMB subsystem in Windows was not merely broken; until patches were applied, it was actively unsafe. I imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls — unless you're certain that you're not affected, take care of them as a matter of urgency — but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It's easy to say that such users are wrong; but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems. There are a few factors which I think are major contributors to this problem. First, the number of updates: When critical patches occur frequently enough to become routine, alarm fatigue sets in and people cease to give the attention updates deserve, even if on a conscious level they still recognize the importance of applying updates. Colin also talks about his time as the FreeBSD Security Officer, and the problems in ensuring the patches are correct and do not break the system when installed He also points out the problem of systems like Windows Update, the combines optional updates, and things like its license checking tool, in the same interface that delivers important updates. Or my recent machines, that gets constant popups about how some security updates will not be delivered because my processor is too new. My bank sends me special offers in the mail but phones if my credit card usage trips fraud alarms; this is the sort of distinction in intrusiveness we should see for different types of software updates Finally, I think there is a problem with the mental model most people have of computer security. Movies portray attackers as geniuses who can break into any system in minutes; journalists routinely warn people that "nobody is safe"; and insurance companies offer insurance against "cyberattacks" in much the same way as they offer insurance against tornados. Faced with this wall of misinformation, it's not surprising that people get confused between 400 pound hackers sitting on beds and actual advanced persistent threats. Yes, if the NSA wants to break into your computer, they can probably do it — but most attackers are not the NSA, just like most burglars are not Ethan Hunt. You lock your front door, not because you think it will protect you from the most determined thieves, but because it's an easy step which dramatically reduces your risk from opportunistic attack; but users don't see applying security updates as the equivalent of locking their front door when they leave home. SKIP grep, use AWK (http://blog.jpalardy.com/posts/skip-grep-use-awk/) This is a tip from Jonathan Palardy in a series of blog posts about awk. It is especially helpful for people who write a lot of shell scripts or are using a lot of pipes with awk and grep. Over the years, I've seen many people use this pattern (filter-map): $ [data is generated] | grep something | awk '{print $2}' but it can be shortened to: $ [data is generated] | awk '/something/ {print $2}' AWK can take a regular expression (the part between the slashes) and matches that to the input. Anything that matches is being passed to the print $2 action (to print the second column). Why would I do this? I can think of 4 reasons: *it's shorter to type *it spawns one less process *awk uses modern (read “Perl”) regular expressions, by default – like grep -E *it's ready to “augment” with more awk How about matching the inverse (search for patterns that do NOT match)? But “grep -v” is OK… Many people have pointed out that “grep -v” can be done more concisely with: $ [data is generated] | awk '! /something/' See if you have such combinations of grep piped to awk and fix those in your shell scripts. It saves you one process and makes your scripts much more readable. Also, check out the other intro links on the blog if you are new to awk. *** vim Adventures (https://vim-adventures.com) This website, created by Doron Linder, will playfully teach you how to use vim. Hit any key to get started and follow the instructions on the playing field by moving the cursor around. There is also a menu in the bottom left corner to save your game. Try it out, increase your vim-fu, and learn how to use a powerful text editor more efficiently. *** Beastie Bits Slides from PkgSrcCon (http://pkgsrc.org/pkgsrcCon/2017/talks.html) OpenBSD's doas adds systemd compat shim (http://marc.info/?l=openbsd-tech&m=149902196520920&w=2) Deadlock Empire -- “Each challenge below is a computer program of two or more threads. You take the role of the Scheduler - and a cunning one! Your objective is to exploit flaws in the programs to make them crash or otherwise malfunction.” (https://deadlockempire.github.io/) EuroBSDcon 2017 Travel Grant Application Now Open (https://www.freebsdfoundation.org/blog/eurobsdcon-2017-travel-grant-application-now-open/) Registration for vBSDCon is open (http://www.vbsdcon.com/) - Registration is only $100 if you register before July 31. Discount hotel rooms arranged at the Hyatt for only $100/night while supplies last. BSD Taiwan call for papers opens, closes July 31st (https://bsdtw.org/)Windows Application Versand *** Feedback/Questions Joseph - Server Monitoring (http://dpaste.com/2AM6C2H#wrap) Paulo - Updating Jails (http://dpaste.com/1Z4FBE2#wrap) Kevin - openvpn server (http://dpaste.com/2MNM9GJ#wrap) Todd - several questions (http://dpaste.com/17BVBJ3#wrap) ***
This week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS. This episode was brought to you by Headlines EuroBSDcon 2017 - Talks & Schedule published (https://2017.eurobsdcon.org/2017/05/26/talks-schedule-published/) The EuroBSDcon website was updated with the tutorial and talk schedule for the upcoming September conference in Paris, France. Tutorials on the 1st day: Kirk McKusick - An Introduction to the FreeBSD Open-Source Operating System, George Neville-Neil - DTrace for Developers, Taylor R Campbell - How to untangle your threads from a giant lock in a multiprocessor system Tutorials on the 2nd day: Kirk continues his Introduction lecture, Michael Lucas - Core concepts of ZFS (half day), Benedict Reuschling - Managing BSD systems with Ansible (half day), Peter Hessler - BGP for developers and sysadmins Talks include 3 keynotes (2 on the first day, beginning and end), another one at the end of the second day by Brendan Gregg Good mixture of talks of the various BSD projects Also, a good amount of new names and faces Check out the full talk schedule (https://2017.eurobsdcon.org/talks-schedule/). Registration is not open yet, but will be soon. *** OpenBSD on the Xiaomi Mi Air 12.5" (https://jcs.org/2017/05/22/xiaomiair) The Xiaomi Mi Air 12.5" (https://xiaomi-mi.com/notebooks/xiaomi-mi-notebook-air-125-silver/) is a basic fanless 12.5" Ultrabook with good build quality and decent hardware specs, especially for the money: while it can usually be had for about $600, I got mine for $489 shipped to the US during a sale about a month ago. Xiaomi offers this laptop in silver and gold. They also make a 13" version but it comes with an NVidia graphics chip. Since these laptops are only sold in China, they come with a Chinese language version of Windows 10 and only one or two distributors that carry them ship to the US. Unfortunately that also means they come with practically no warranty or support. Hardware > The Mi Air 12.5" has a fanless, 6th generation (Skylake) Intel Core m3 processor, 4Gb of soldered-on RAM, and a 128Gb SATA SSD (more on that later). It has a small footprint of 11.5" wide, 8" deep, and 0.5" thick, and weighs 2.3 pounds. > A single USB-C port on the right-hand side is used to charge the laptop and provide USB connectivity. A USB-C ethernet adapter I tried worked fine in OpenBSD. Whether intentional or not, a particular design touch I appreciated was that the USB-C port is placed directly to the right of the power button on the keyboard, so you don't have to look or feel around for the port when plugging in the power cable. > A single USB 3 type-A port is also available on the right side next to the USB-C port. A full-size HDMI port and a headphone jack are on the left-hand side. It has a soldered-on Intel 8260 wireless adapter and Bluetooth. The webcam in the screen bezel attaches internally over USB. > The chassis is all aluminum and has sufficient rigidity in the keyboard area. The 12.5" 1920x1080 glossy IPS screen has a fairly small bezel and while its hinge is properly weighted to allow opening the lid with one hand (if you care about that kind of thing), the screen does have a bit of top-end wobble when open, especially when typing on another laptop on the same desk. > The keyboard has a roomy layout and a nice clicky tactile with good travel. It is backlit, but with only one backlight level. When enabled via Fn+F10 (which is handled by the EC, so no OpenBSD support required), it will automatically shut off after not typing for a short while, automatically turning back once a key is pressed. Upgrades > An interesting feature of the Mi Air is that it comes with a 128Gb SATA SSD but also includes an open PCI-e slot ready to accept an NVMe SSD. > I upgraded mine with a Samsung PM961 256Gb NVMe SSD (left), and while it is possible to run with both drives in at the same time, I removed the Samsung CM871a 128Gb SATA (right) drive to save power. > The bottom case can be removed by removing the seven visible screws, in addition to the one under the foot in the middle back of the case, which just pries off. A spudger tool is needed to release all of the plastic attachment clips along the entire edge of the bottom cover. > Unfortunately this upgrade proved to be quite time consuming due to the combination of the limited UEFI firmware on the Mi Air and a bug in OpenBSD. A Detour into UEFI Firmware Variables > Unlike a traditional BIOS where one can boot into a menu and configure the boot order as well as enabling and disabling options such as "USB Hard Drive", the InsydeH2O UEFI firmware on the Xiaomi Air only provides the ability to adjust the boot order of existing devices. Any change or addition of boot devices must be done from the operating system, which is not possible under OpenBSD. > I booted to a USB key with OpenBSD on it and manually partitioned the new NVME SSD, then rsynced all of the data over from the old drive, but the laptop would not boot to the new NVME drive, instead showing an error message that there was no bootable OS. > Eventually I figured out that the GPT table that OpenBSD created on the NVMe disk was wrong due to a [one-off bug in the nvme driver](https://github.com/openbsd/src/commit/dc8298f669ea2d7e18c8a8efea509eed200cb989) which was causing the GPT table to be one sector too large, causing the backup GPT table to be written in the wrong location (and other utilities under Linux to write it over the OpenBSD area). I'm guessing the UEFI firmware would fail to read the bad GPT table on the disk that the boot variable pointed to, then declare that disk as missing, and then remove any variables that pointed to that disk. OpenBSD Support > The Mi Air's soldered-on Intel 8260 wireless adapter is supported by OpenBSD's iwm driver, including 802.11n support. The Intel sound chip is recognized by the azalia driver. > The Synaptics touchpad is connected via I2C, but is not yet supported. I am actively hacking on my dwiic driver to make this work and the touchpad will hopefully operate as a Windows Precision Touchpad via imt so I don't have to write an entirely new Synaptics driver. > Unfortunately since OpenBSD's inteldrm support that is ported from Linux is lagging quite a bit behind, there is no kernel support for Skylake and Kaby Lake video chips. Xorg works at 1920x1080 through efifb so the machine is at least usable, but X is not very fast and there is a noticeable delay when doing certain redrawing operations in xterm. Screen backlight can be adjusted through my OpenBSD port of intel_backlight. Since there is no hardware graphics support, this also means that suspend and resume do not work because nothing is available to re-POST the video after resume. Having to use efifb also makes it impossible to adjust the screen gamma, so for me, I can't use redshift for comfortable night-time hacking. Flaws > Especially taking into account the cheap price of the laptop, it's hard to find faults with the design. One minor gripe is that the edges of the case along the bottom are quite sharp, so when carrying the closed laptop, it can feel uncomfortable in one's hands. > While all of those things could be overlooked, unfortunately there is also a critical flaw in the rollover support in the keyboard/EC on the laptop. When typing certain combinations of keys quickly, such as holding Shift and typing "NULL", one's fingers may actually hold down the Shift, N, and U keys at the same time for a very brief moment before releasing N. Normally the keyboard/EC would recognize U being pressed after N is already down and send an interrupt for the U key. Unfortunately on this laptop, particular combinations of three keys do not interrupt for the third key at all until the second key is lifted, usually causing the third key not to register at all if typed quickly. I've been able to reproduce this problem in OpenBSD, Linux, and Windows, with the combinations of at least Shift+N+U and Shift+D+F. Holding Shift and typing the two characters in sequence quickly enough will usually fail to register the final character. Trying the combinations without Shift, using Control or Alt instead of Shift, or other character pairs does not trigger the problem. This might be a problem in the firmware on the Embedded Controller, or a defect in the keyboard circuitry itself. As I mentioned at the beginning, getting technical support for this machine is difficult because it's only sold in China. Docker on OpenBSD 6.1-current (https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110) Dave Voutila writes: So here's the thing. I'm normally a macOS user…all my hardware was designed in Cupertino, built in China. But I'm restless and have been toying with trying to switch my daily machine over to a non-macOS system sort of just for fun. I find Linux messy, FreeBSD not as Apple-laptop-friendly as it should be, and Windows a non-starter. Luckily, I found a friend in Puffy. Switching some of my Apple machines over to dual-boot OpenBSD left a gaping hole in my workflow. Luckily, all the hard work the OpenBSD team has done over the last year seems to have plugged it nicely! OpenBSD's hypervisor support officially made it into the 6.1 release, but after some experimentation it was rather time consuming and too fragile to get a Linux guest up and running (i.e. basically the per-requisite for Docker). Others had reported some success starting with QEMU and doing lots of tinkering, but after a wasted evening I figured I'd grab the latest OpenBSD snapshot and try what the openbsd-misc list suggested was improved Linux support in active development. 10 (11) Steps to docker are provided Step 0 — Install the latest OpenBSD 6.1 snapshot (-current) Step 1 — Configure VMM/VMD Step 2 — Grab an Alpine Linux ISO Step 3 — Make a new virtual disk image Step 4 — Boot Alpine's ISO Step 5 — Inhale that fresh Alpine air Step 6 — Boot Alpine for Reals Step 7 — Install Docker Step 8 — Make a User Step 9 — Ditch the Serial Console Step 10 — Test out your Docker instance I haven't done it yet, but I plan on installing docker-compose via Python's pip package manager. I prefer defining containers in the compose files. PostgreSQL + ZFS Best Practices and Standard Procedures (https://people.freebsd.org/~seanc/postgresql/scale15x-2017-postgresql_zfs_best_practices.pdf) Slides from Sean Chittenden's talk about PostgreSQL and ZFS at Scale 15x this spring Slides start with a good overview of Postgres and ZFS, and how to use them together To start, it walks through the basics of how PostgreSQL interacts with the filesystem (any filesystem) Then it shows the steps to take a good backup of PostgreSQL, then how to do it even better with ZFS Then an intro to ZFS, and how Copy-on-Write changes host PostgreSQL interacts with the filesystem Overview of how ZFS works ZFS Tuning tips: Compression, Recordsize, atime, when to use mostly ARC vs sharedbuffer, plus pgrepack Followed by a discussion of the reliability of SSDs, and their Bit Error Rate (BER) A good SSD has a 4%/year chance of returning the wrong data. A cheap SSD 34% If you put 20 SSDs in a database server, that means 58% (Good SSDs) to 99.975% (Lowest quality commercially viable SSD) chance of an error per year Luckily, ZFS can detect and correct these errors This applies to all storage, not just SSDs, every device fails More Advice: Use quotas and reservations to avoid running out of space Schedule Periodic Scrubs One dataset per database Backups: Live demo of rm -rf'ing the database and getting it back Using clones to test upgrades on real data Naming Conventions: Use a short prefix not on the root filesystem (e.g. /db) Encode the PostgreSQL major version into the dataset name Give each PostgreSQL cluster its own dataset (e.g. pgdb01) Optional but recommended: one database per cluster Optional but recommended: one app per database Optional but recommended: encode environment into DB name Optional but recommended: encode environment into DB username using ZFS Replication Check out the full detailed PDF and implement a similar setup for your database needs *** News Roundup TrueOS Evolving Its "Stable" Release Cycle (https://www.trueos.org/blog/housekeeping-update-infrastructure-trueos-changes/) TrueOS is reformulating its Stable branch based on feedback from users. The goal is to have a “release” of the stable branch every 6 months, for those who do not want to live on the edge with the rapid updates of the full rolling release Most of the TrueOS developers work for iX Systems in their Tennessee office. Last month, the Tennessee office was moved to a different location across town. As part of the move, we need to move all our servers. We're still getting some of the infrastructure sorted before moving the servers, so please bear with us as we continue this process. As we've continued working on TrueOS, we've heard a significant portion of the community asking for a more stable “STABLE” release of TrueOS, maybe something akin to an old PC-BSD version release. In order to meet that need, we're redefining the TrueOS STABLE branch a bit. STABLE releases are now expected to follow a six month schedule, with more testing and lots of polish between releases. This gives users the option to step back a little from the “cutting edge” of development, but still enjoy many of the benefits of the “rolling release” style and the useful elements of FreeBSD Current. Critical updates like emergency patches and utility bug fixes are still expected to be pushed to STABLE on a case-by-case basis, but again with more testing and polish. This also applies to version updates of the Lumina and SysAdm projects. New, released work from those projects will be tested and added to STABLE outside the 6 month window as well. The UNSTABLE branch continues to be our experimental “cutting edge” track, and users who want to follow along with our development and help us or FreeBSD test new features are still encouraged to follow the UNSTABLE track by checking that setting in their TrueOS Update Manager. With boot environments, it will be easy to switch back and forth, so you can have the best of both worlds. Use the latest bleeding edge features, but knowing you can fall back to the stable branch with just a reboot As TrueOS evolves, it is becoming clearer that one role of the system is to function as a “test platform” for FreeBSD. In order to better serve this role, TrueOS will support both OpenRC and the FreeBSD RC init systems, giving users the choice to use either system. While the full functionality isn't quite ready for the next STABLE update, it is planned for addition after the last bit of work and testing is complete. Stay tuned for an upcoming blog post with all the details of this change, along with instructions how to switch between RC and OpenRC. This is the most important change for me. I used TrueOS as an easy way to run the latest version of -CURRENT on my laptop, to use it as a user, but also to do development. When TrueOS deviates from FreeBSD too much, it lessens the power of my expertise, and complicates development and debugging. Being able to switch back to RC, even if it takes another minute to boot, will bring TrueOS back to being FreeBSD + GUI and more by default, instead of a science project. We need both of those things, so having the option, while more work for the TrueOS team, I think will be better for the entire community *** Logical Domains on SunFire T2000 with OpenBSD/sparc64 (http://www.h-i-r.net/2017/05/logical-domains-on-sunfire-t2000-with.html) A couple of years ago, I picked up a Sun Fire T2000. This is a 2U rack mount server. Mine came with four 146GB SAS drives, a 32-core UltraSPARC T1 CPU and 32GB of RAM. Sun Microsystems incorporated Logical Domains (LDOMs) on this class of hardware. You don't often need 32 threads and 32GB of RAM in a single server. LDOMs are a kind of virtualization technology that's a bit closer to bare metal than vmm, Hyper-V, VirtualBox or even Xen. It works a bit like Xen, though. You can allocate processor, memory, storage and other resources to virtual servers on-board, with a blend of firmware that supports the hardware allocation, and some software in userland (on the so-called primary or control domain, similar to Xen DomU) to control it. LDOMs are similar to what IBM calls Logical Partitions (LPARs) on its Mainframe and POWER series computers. My day job from 2006-2010 involved working with both of these virtualization technologies, and I've kind of missed it. While upgrading OpenBSD to 6.1 on my T2000, I decided to delve into LDOM support under OpenBSD. This was pretty easy to do, but let's walk through it Resources: The ldomctl(8) man page (http://man.openbsd.org/OpenBSD-current/man8/sparc64/ldomctl.8) tedu@'s write-up on Flak (for a different class of server) (http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120) A Google+ post by bmercer@ (https://plus.google.com/101694200911870273983/posts/jWh4rMKVq97) Once you get comfortable with the fact that there's a little-tiny computer (the ALOM) powered by VXWorks inside that's acting as the management system and console (there's no screen or keyboard/mouse input), Installing OpenBSD on the base server is pretty straightforward. The serial console is an RJ-45 jack, and, yes, the ubiquitous blue-colored serial console cables you find for certain kinds of popular routers will work fine. OpenBSD installs quite easily, with the same installer you find on amd64 and i386. I chose to install to /dev/sd0, the first SAS drive only, leaving the others unused. It's possible to set them up in a hardware RAID configuration using tools available only under Solaris, or use softraid(4) on OpenBSD, but I didn't do this. I set up the primary LDOM to use the first ethernet port, em0. I decided I wanted to bridge the logical domains to the second ethernet port. You could also use a bridge and vether interface, with pf and dhcpd to create a NAT environment, similar to how I networked the vmm(4) systems. Create an LDOM configuration file. You can put this anywhere that's convenient. All of this stuff was in a "vm" subdirectory of my home. I called it ldom.conf: domain primary { vcpu 8 memory 8G } domain puffy { vcpu 8 memory 4G vdisk "/home/axon/vm/ldom1" vnet } Make as many disk images as you want, and make as many additional domain clauses as you wish. Be mindful of system resources. I couldn't actually allocate a full 32GB of RAM across all the LDOMs I eventually provisioned seven LDOMs (in addition to the primary) on the T2000, each with 3GB of RAM and 4 vcpu cores. If you get creative with use of network interfaces, virtual ethernet, bridges and pf rules, you can run a pretty complex environment on a single chassis, with services that are only exposed to other VMs, a DMZ segment, and the internal LAN. A nice tutorial, and an interesting look at an alternative platform that was ahead of its time *** documentation is thoroughly hard (http://www.tedunangst.com/flak/post/documentation-is-thoroughly-hard) Ted Unangst has a new post this week about documentation: Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control A fine example is the old OpenBSD install instructions. Once you've installed OpenBSD once or twice, the process is quite simple, but you'd never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you've already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask. Part of the problem is how the information is organized. Theoretically it makes sense to list supported hardware before instructions. After all, you can't install anything if it's not supported, right? I'm sure that was considered when the device list was originally inserted above the install instructions. But as a practical matter, consulting a device list is neither the easiest nor fastest way to determine what actually works. In the FreeBSD docs tree, we have been doing a facelift project, trying to add ‘quick start' sections to each chapter to let you get to the more important information first. It is also helpful to move data in the forms of lists and tables to appendices or similar, where they can easily be references, but are not blocking your way to the information you are actually hunting for An example of nerdview signage (http://languagelog.ldc.upenn.edu/nll/?p=29866). “They have in effect provided a sign that will tell you exactly what the question is provided you can already supply the answer.” That is, the logical minds of technical people often decide to order information in an order that makes sense to them, rather than in the order that will be most useful to the reader In the end, I think “copy diskimage to USB and follow prompts” is all the instructions one should need, but it's hard to overcome the unease of actually making the jump. What if somebody is confused or uncertain? Why is this paragraph more redundant than that paragraph? (And if we delete both, are we cutting too much?) Sometimes we don't need to delete the information. Just hide it. The instructions to upgrade to 4.8 and upgrade to 5.8 are very similar, with a few differences because every release is a little bit different. The pages look very different, however, because the not at all recommended kernel free procedure, which takes up half the page, has been hidden from view behind some javascript and only expanded on demand. A casual browser will find the page and figure the upgrade process will be easy, as opposed to some long ordeal. This is important as well, it was my original motivation for working on the FreeBSD Handbook's ZFS chapter. The very first section of the chapter was the custom kernel configuration required to run ZFS on i386. That scared many users away. I moved that to the very end, and started with why you might want to use ZFS. Much more approachable. Sometimes it's just a tiny detail that's overspecified. The apmd manual used to explain exactly which CPU idle time thresholds were used to adjust frequency. Those parameters, and the algorithm itself, were adjusted occasionally in response to user feedback, but sometimes the man page lagged behind. The numbers are of no use to a user. They're not adjustable without recompiling. Knowing that the frequency would be reduced at 85% idle vs 90% idle doesn't really offer much guidance as to whether to enable auto scaling or not. Deleting this detail ensured the man page was always correct and spares the user the cognitive load of trying to solve an unnecessary math problem. For fun: For another humorous example, it was recently observed that the deja-dup package provides man page translations for Australia, Canada, and Great Britain. I checked, the pages are in fact not quite identical. Some contain typo fixes that didn't propagate to other translations. Project idea: attempt to identify which country has the most users, or most fastidious users, by bug fixes to localized man pages. lldb on BeagleBone Black (https://lists.freebsd.org/pipermail/freebsd-arm/2017-May/016260.html) I reliably managed to build (lldb + clang/lld) from the svn trunk of LLVM 5.0.0 on my Beaglebone Black running the latest snapshot (May 20th) of FreeBSD 12.0-CURRENT, and the lldb is working very well, and this includes single stepping and ncurses-GUI mode, while single stepping with the latest lldb 4.0.1 from the ports does not work. In order to reliably build LLVM 5.0.0 (svn), I set up a 1 GB swap partition for the BBB on a NFSv4 share on a FreeBSD fileserver in my network - I put a howto of the procedure on my BLog: https://obsigna.net/?p=659 The prerequesites on the Beaglebone are: ``` pkg install tmux pkg install cmake pkg install python pkg install libxml2 pkg install swig30 pkg install ninja pkg install subversion ``` On the FreeBSD fileserver: ``` /pathtothe/bbb_share svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm cd llvm/tools svn co http://llvm.org/svn/llvm-project/cfe/trunk clang svn co http://llvm.org/svn/llvm-project/lld/trunk lld svn co http://llvm.org/svn/llvm-project/lldb/trunk lldb ``` + On the Beaglebone Black: # mount_nfs -o noatime,readahead=4,intr,soft,nfsv4 server:/path_to_the/bbb_share /mnt # cd /mnt # mkdir build # cmake -DLLVM_TARGETS_TO_BUILD="ARM" -DCMAKE_BUILD_TYPE="MinSizeRel" -DLLVM_PARALLEL_COMPILE_JOBS="1" -DLLVM_PARALLEL_LINK_JOBS="1" -G Ninja .. I execute the actual build command from within a tmux session, so I may disconnect during the quite long (40 h) build: ``` tmux new "ninja lldb install" ``` When debugging in GUI mode using the newly build lldb 5.0.0-svn, I see only a minor issue, namely UTF8 strings are not displayed correctly. This happens in the ncurses-GUI only, and this is an ARM issue, since it does not occur on x86 machines. Perhaps this might be related to the signed/unsigned char mismatch between ARM and x86. Beastie Bits Triangle BSD Meetup on June 27th (https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/) Support for Controller Area Networks (CAN) in NetBSD (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20170521_0113.html) Notes from Monday's meeting (http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-May/014104.html) RunBSD - A site about the BSD family of operating systems (http://runbsd.info/) BSDCam(bridge) 2017 Travel Grant Application Now Open (https://www.freebsdfoundation.org/blog/bsdcam-2017-travel-grant-application-now-open/) New BSDMag has been released (https://bsdmag.org/download/nearly-online-zpool-switching-two-freebsd-machines/) *** Feedback/Questions Philipp - A show about byhve (http://dpaste.com/390F9JN#wrap) Jake - byhve Support on AMD (http://dpaste.com/0DYG5BD#wrap) CY - Pledge and Capsicum (http://dpaste.com/1YVBT12#wrap) CY - OpenSSL relicense Issue (http://dpaste.com/3RSYV23#wrap) Andy - Laptops (http://dpaste.com/0MM09EX#wrap) ***
Doug Crompton, WA3DSP’s, interest in ham radio began as a kid in Pennsylvania in the ‘60s. Doug’s careful attention to detail and documentation of his projects make him an Elmer’s Elmer. Doug joins Eric, 4Z1UG, in this QSO Today about boat anchors restoration, Allstar linking using the Raspberry Pi, and WSPRnet.
BeagleBone's Jason Kridner (@Jadon) returns to tell us about his new book. Jason co-authored a new book: BeagleBone Cookbook: Software and Hardware Problems and Solutions (or at O'Reilly). His older book is Bad to the Bone: Crafting Electronics Systems with Beaglebone and BeagleBone Black. Previous Embedded.fm episode 60: Fun Things You Can Make out of Beagles BeagleBoard.org's Google Summer of Code page (including BeagleSat and underwater drones!) Some information about putting Xenomai on a BeagleBone Black for real time response. Chris mentioned Brillo, an alternative Google supported OS that isn't on the BBB. Project Ara: an open source smartphone Ardupilot: Autonomous drone piloting. Dronecode: Drones in Linux OpenROV: Underwater vehicles Mars lander Beagle 2 (the Apollo 11 Lunar Module was the Eagle despite some comical confusion). [UPDATE: Listener Mark Stevens pointed out that the Apollo 10 Lunar Module was named Snoopy who was a beagle.] TI's E2E Forums BeagleBone Green
02:32 - Julian Cheal Introduction Twitter GitHub Blog 02:49 - Julian’s Background with Robots and Drones Arduino AR.Drone 03:32 - NodeCopter Events 04:31 - Traveling with Robots 05:35 - Julian’s Collection and Projects Julian Cheal: Dancing with Robots Raspberry Pi BeagleBone 07:46 - Giving Demos 09:12 - What Makes Robots? Sinon.JS MQTT Protocol 10:21 - Where is IoT (Internet of Things) Heading? Security 13:11 - Programming Languages NodeBots 14:15 - Tools and Protocols The MIDI Protocol Spark Core voodoospark 17:31 - Programming Challenges Around Hardware Hacking Artoo celluloid 18:49 - Barrier to Entry 20:41 - Getting Kids Started Kids Ruby Arduino Starter Kit 22:09 - Wearables EL Wire (Electroluminescent Wire) 23:18 - LEGO Robotics Mindstorms LabVIEW National Instruments 25:01 - Issues with Hardware Hacking 28:22 - Rubyists and Hardware Julian Cheal: Dancing with Robots JRuby Rubinius 29:45 - Interfacing with Humans iBeacon OpenCV 33:27 - [Kickstarter] CHIP - The World's First Nine Dollar Computer 34:01 - Connectivity Sphero Carin Meier: The Joy of Flying Robots with Clojure @ OSCON 2013 36:55 - More Interesting Projects Aaron Patterson: Using chicken scheme to read sausagebox values Oscilloscope Picks Jacob Kaplan-Moss Keynote @ Pycon 2015 (Jessica) Kobo Aura H20 (Avdi) Liz Abinante: Unicorns Are People, Too (Re-Thinking Soft and Hard Skills) @ Madison+ Ruby 2014 (Coraline) littleBits (Julian) Jewelbots (Julian) Ruby Rogues Episode #156: Hardware Hacking with Julia Grace (Julian) The End of Mr. Y by Scarlett Thomas (Julian)
02:32 - Julian Cheal Introduction Twitter GitHub Blog 02:49 - Julian’s Background with Robots and Drones Arduino AR.Drone 03:32 - NodeCopter Events 04:31 - Traveling with Robots 05:35 - Julian’s Collection and Projects Julian Cheal: Dancing with Robots Raspberry Pi BeagleBone 07:46 - Giving Demos 09:12 - What Makes Robots? Sinon.JS MQTT Protocol 10:21 - Where is IoT (Internet of Things) Heading? Security 13:11 - Programming Languages NodeBots 14:15 - Tools and Protocols The MIDI Protocol Spark Core voodoospark 17:31 - Programming Challenges Around Hardware Hacking Artoo celluloid 18:49 - Barrier to Entry 20:41 - Getting Kids Started Kids Ruby Arduino Starter Kit 22:09 - Wearables EL Wire (Electroluminescent Wire) 23:18 - LEGO Robotics Mindstorms LabVIEW National Instruments 25:01 - Issues with Hardware Hacking 28:22 - Rubyists and Hardware Julian Cheal: Dancing with Robots JRuby Rubinius 29:45 - Interfacing with Humans iBeacon OpenCV 33:27 - [Kickstarter] CHIP - The World's First Nine Dollar Computer 34:01 - Connectivity Sphero Carin Meier: The Joy of Flying Robots with Clojure @ OSCON 2013 36:55 - More Interesting Projects Aaron Patterson: Using chicken scheme to read sausagebox values Oscilloscope Picks Jacob Kaplan-Moss Keynote @ Pycon 2015 (Jessica) Kobo Aura H20 (Avdi) Liz Abinante: Unicorns Are People, Too (Re-Thinking Soft and Hard Skills) @ Madison+ Ruby 2014 (Coraline) littleBits (Julian) Jewelbots (Julian) Ruby Rogues Episode #156: Hardware Hacking with Julia Grace (Julian) The End of Mr. Y by Scarlett Thomas (Julian)
02:32 - Julian Cheal Introduction Twitter GitHub Blog 02:49 - Julian’s Background with Robots and Drones Arduino AR.Drone 03:32 - NodeCopter Events 04:31 - Traveling with Robots 05:35 - Julian’s Collection and Projects Julian Cheal: Dancing with Robots Raspberry Pi BeagleBone 07:46 - Giving Demos 09:12 - What Makes Robots? Sinon.JS MQTT Protocol 10:21 - Where is IoT (Internet of Things) Heading? Security 13:11 - Programming Languages NodeBots 14:15 - Tools and Protocols The MIDI Protocol Spark Core voodoospark 17:31 - Programming Challenges Around Hardware Hacking Artoo celluloid 18:49 - Barrier to Entry 20:41 - Getting Kids Started Kids Ruby Arduino Starter Kit 22:09 - Wearables EL Wire (Electroluminescent Wire) 23:18 - LEGO Robotics Mindstorms LabVIEW National Instruments 25:01 - Issues with Hardware Hacking 28:22 - Rubyists and Hardware Julian Cheal: Dancing with Robots JRuby Rubinius 29:45 - Interfacing with Humans iBeacon OpenCV 33:27 - [Kickstarter] CHIP - The World's First Nine Dollar Computer 34:01 - Connectivity Sphero Carin Meier: The Joy of Flying Robots with Clojure @ OSCON 2013 36:55 - More Interesting Projects Aaron Patterson: Using chicken scheme to read sausagebox values Oscilloscope Picks Jacob Kaplan-Moss Keynote @ Pycon 2015 (Jessica) Kobo Aura H20 (Avdi) Liz Abinante: Unicorns Are People, Too (Re-Thinking Soft and Hard Skills) @ Madison+ Ruby 2014 (Coraline) littleBits (Julian) Jewelbots (Julian) Ruby Rogues Episode #156: Hardware Hacking with Julia Grace (Julian) The End of Mr. Y by Scarlett Thomas (Julian)
Coming up this time on the show, we'll be talking to Sean Bruno. He's been using poudriere and QEMU to cross compile binary packages, and has some interesting stories to tell about it. We've also got answers to viewer-submitted questions and all this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines AsiaBSDCon 2015 schedule (http://2015.asiabsdcon.org/timetable.html.en) Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up This year's conference will be between 12-15 March at the Tokyo University of Science in Japan The first and second days are for tutorials, as well as the developer summit and vendor summit Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again Not counting the ones that have yet to be revealed (as of the day we're recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD Summaries of all the presentations are on the timetable page if you scroll down a bit *** FreeBSD foundation updates and more (https://www.freebsdfoundation.org/press/2015febupdate.pdf) The FreeBSD foundation (http://www.bsdnow.tv/episodes/2015_02_04-from_the_foundation_1) has posted a number of things this week, the first of which is their February 2015 status update It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform There's a FOSDEM recap and another update of their fundraising goal for 2015 They also have two new blog posts: a trip report from SCALE13x (http://freebsdfoundation.blogspot.com/2015/02/scale-13x-trip-report-michael-dexter.html) and a featured "FreeBSD in the trenches (http://freebsdfoundation.blogspot.com/2015/02/freebsd-from-trenches-zfs-and-how-to.html)" article about how a small typo caused a lot of ZFS chaos in the cluster "Then panic ensued. The machine didn't panic -- I did." *** OpenBSD improves browser security (https://www.marc.info/?l=openbsd-misc&m=142523501726732&w=2) No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser Ted Unangst writes in to the OpenBSD misc list to introduce a new project he's working on, simply titled "improving browser security" He gives some background on the W^X memory protection (https://en.wikipedia.org/wiki/W%5EX) in the base system, but also mentions that some applications in ports don't adhere to it For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT (https://en.wikipedia.org/wiki/Just-in-time_compilation) engine) needs to be fixed to use it "A system that is 'all W^X except where it's not' is the same as a system that's not W^X. We've worked hard to provide a secure foundation for programs; we'd like to see them take advantage of it." The work is being supported by the OpenBSD foundation (http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2), and we'll keep you updated on this undertaking as more news about it is released There's also some discussion on Hacker News (https://news.ycombinator.com/item?id=9128360) and Undeadly (http://undeadly.org/cgi?action=article&sid=20150303075848&mode=expanded) about it *** NetBSD at Open Source Conference 2015 Tokyo (https://mail-index.netbsd.org/netbsd-advocacy/2015/02/28/msg000680.html) The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo There's even a spreadsheet (https://docs.google.com/spreadsheets/d/1DTJbESfnOUgOiVkFG8vsrxTq6oCGRpf8PkRcMkhWYWQ/edit#gid=0) of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around) If you just can't get enough strange devices running BSD, check the mailing list post for lots of pictures Their next target is, as you might guess, AsiaBSDCon 2015 - maybe we'll run into them *** Interview - Sean Bruno - sbruno@freebsd.org (mailto:sbruno@freebsd.org) / @franknbeans (https://twitter.com/franknbeans) Cross-compiling packages with poudriere (http://www.bsdnow.tv/tutorials/poudriere) and QEMU News Roundup The Crypto Bone (http://crypto-bone.com/what.html) The Crypto Bone is a new device (http://www.crypto-bone.com/) that's aimed at making encryption and secure communications easier (http://crypto-bone.com/cbb-usersview.html) and more accessible Under the hood, it's actually just a Beaglebone (http://beagleboard.org/bone) board, running stock OpenBSD with a few extra packages It includes a web interface (http://crypto-bone.com/release/root/var/www/apache/html/) for configuring keys and secure tunnels The source code (http://crypto-bone.com/release/root/) is freely available for anyone interested in hacking on it (or auditing the crypto), and there's a technical overview (http://crypto-bone.com/cbb-technicalview.html) of how everything works on their site If you don't want to teach your mom how to use PGP, buy her one of these(?) *** BSD in the 2015 Google Summer of Code (https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/about_page) For those who don't know, GSoC is a way for students to get paid to work on a coding project for an open source organization Good news: both FreeBSD and OpenBSD were accepted (https://www.google-melange.com/gsoc/org/list/public/google/gsoc2015) for the 2015 event FreeBSD has a wiki page (https://wiki.freebsd.org/SummerOfCodeIdeas) of ideas for people to work on OpenBSD also has an ideas page (http://www.openbsdfoundation.org/gsoc2015.html) where you can see some of the initial things that might be interesting If you're a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it Who knows, you may even end up on the show (http://www.bsdnow.tv/episodes/2015_01_07-system_disaster) if you work on a cool project GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you'd like to hack on *** pfSense 2.3 roadmap (https://blog.pfsense.org/?p=1588) The pfSense team has posted a new blog entry, detailing some of their plans for future versions PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions PBIs are scheduled to be replaced with native pkgng packages Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely Their ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution *** PCBSD 10.1.2 security features (http://blog.pcbsd.org/2015/03/a-look-at-the-upcoming-features-for-10-1-2/) PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post A new "personacrypt" utility is introduced, which allows for easy encryption and management of external drives for your home directory Going along with this, it also has a "stealth mode" that allows for one-time temporary home directories (but it doesn't self-destruct, don't worry) The LibreSSL integration also continues, and now packages will be built with it by default If you're using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update They've also been working on introducing some new options to enable tunneling your traffic through Tor There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity Look forward to Kris wearing a Tor shirt (https://www.torproject.org/getinvolved/tshirt.html) in future episodes *** Feedback/Questions Antonio writes in (http://slexy.org/view/s2ofBPRT5n) Chris writes in (http://slexy.org/view/s26LsYcoJF) Van writes in (http://slexy.org/view/s28Rho0jvL) Stu writes in (http://slexy.org/view/s21AkGbniU) *** Mailing List Gold H (https://lists.freebsd.org/pipermail/freebsd-ports/2015-February/098183.html) Pay up, mister Free (https://lists.freebsd.org/pipermail/freebsd-chat/2015-February/007024.html) Heritage protected (https://www.mail-archive.com/tech%40openbsd.org/msg22663.html) Blind leading the blind (https://lists.freebsd.org/pipermail/freebsd-questions/2015-February/264466.html) What are the chances (https://lists.freebsd.org/pipermail/svn-src-head/2015-February/068682.html) ***
![DEF CON 22 [Materials] Speeches from the Hacker Convention.](https://ivyfm.s3.amazonaws.com/i320/597383.jpg)
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Datko-Reed/DEFCON-22-Josh-Datko-Teddy-Reed-NSA-Playset-DIY-Hardware-Implant-over-l2c-UPDATED.pdf NSA Playset: DIY WAGONBED Hardware Implant over I2C Josh Datko FOUNDER, CRYPTOTRONIX, LLC Teddy Reed SECURITY ENGINEER In this talk we present an open source hardware version of the NSA's hardware trojan codenamed WAGONBED. From the leaked NSA ANT catalog, WAGONBED is described as a malicious hardware device that is connected to a server's I2C bus. Other exploits, like IRONCHEF, install a software exploit that exfiltrate data to the WAGONBED device. Once implanted, the WAGONBED device is connected to a GSM module to produce the NSA's dubbed CROSSBEAM attack. We present CHUCKWAGON, an open source hardware device that attaches to the I2C bus. With the CHUCKWAGON adapter, we show how to attach an embedded device, like a BeagleBone, to create your own hardware implant. We show how to add a GSM module to CHUCKWAGON to provide the hardware for the CROSSBEAM exploit. We improve the WAGONBED implant concept by using a Trusted Platform Module (TPM) to protect data collection from the target. The talk will demonstrate how these features can be used for good, and evil! Josh Datko is the founder of Cryptotronix, an open source hardware company that designs and manufactures security devices for makers. After graduating from the U.S. Naval Academy, Josh served on a submarine where he was the radio communication officer and manager of the key management program. While an embedded software engineer for a defense contractor, he was recalled back to active duty for a brief tour in Afghanistan. In June, he completed his Master's of Computer Science from Drexel University with a focus on systems, security, and privacy. He founded Cryptotronix in 2013. Twitter: jbdatko Teddy Reed is a security engineer obsessed with network analysis and developing infrastructure security protections. He has held several R&D positions within US laboratories with focuses on enterprise security defense, system assessments, and system and hardware emulation.
Jason Kridner (@Jadon) joined us to talk about the BeagleBone Black... and other things. Some good books for Beagle : Bad to the Bone: Crafting Electronics Systems with Beaglebone and BeagleBone Black(co-authored by Jason) Getting Started with BeagleBone: Linux-Powered Electronic Projects With Python and JavaScript Programming the BeagleBone Black: Getting Started with JavaScript and BoneScript More comprehensive list of BeagleBone resources BotSpeak - A programming language for internet endpoints To contact Jason about ordering a bunch of units for your OEM use, see his contact info on BeagleBoard.org's About page.
On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's 2013 fundraising results (http://freebsdfoundation.blogspot.com/2014/01/freebsd-foundation-announces-2013.html) The FreeBSD foundation finally counted all the money they made in 2013 $768,562 from 1659 donors Nice little blog post from the team with a giant beastie picture "We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon." A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) *** OpenSSH 6.5 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/032152.html) We mentioned the CFT last week, and it's finally here (https://news.ycombinator.com/item?id=7154925)! New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it) Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login (http://slexy.org/view/s2rI13v8F4) lol~ New bcrypt private key type, 500,000,000 times harder to brute force Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one Portable version already in (https://svnweb.freebsd.org/base?view=revision&revision=261320) FreeBSD -CURRENT, and ports (https://svnweb.freebsd.org/ports?view=revision&sortby=date&revision=342618) Lots more bugfixes and features, see the full release note or our interview (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) with Damien Work has already started on 6.6, which can be used without OpenSSL (https://twitter.com/msfriedl/status/427902493176377344)! *** Crazed Ferrets in a Berkeley Shower (http://blather.michaelwlucas.com/archives/1942) In 2000, MWL (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) wrote an essay for linux.com about why he uses the BSD license: "It's actually stood up fairly well to the test of time, but it's fourteen years old now." This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman (http://gcc.gnu.org/ml/gcc/2014-01/msg00247.html) Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL Check out the full post if you're one of those people that gets into license arguments The takeaway is "BSD is about making the world a better place. For everyone." *** OpenBSD on BeagleBone Black (http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black) Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi A blog post about installing OpenBSD on a BBB from.. our guest for today! He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black" It goes through the whole process, details different storage options and some workarounds Could be a really fun weekend project if you're interested in small or embedded devices *** Interview - Ted Unangst - tedu@openbsd.org (mailto:tedu@openbsd.org) / @tedunangst (https://twitter.com/tedunangst) OpenBSD's signify (http://www.tedunangst.com/flak/post/signify) infrastructure, ZFS on OpenBSD Tutorial Running an NTP server (http://www.bsdnow.tv/tutorials/ntpd) News Roundup Getting started with FreeBSD (http://smyck.net/2014/02/01/getting-started-with-freebsd/) A new video and blog series about starting out with FreeBSD The author has been a fan since the 90s and has installed it on every server he's worked with He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users The first video is the installation, then he goes on to packages and other topics - 4 videos so far *** More OpenBSD hackathon reports (http://undeadly.org/cgi?action=article&sid=20140204080515) As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work This summary goes into detail about all the stuff he got done there *** X11 in a jail (https://svnweb.freebsd.org/base?view=revision&revision=261266) We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can! A new tunable option will let jails access /dev/kmem and similar device nodes Along with a change to DRM, this allows full X11 in a jail Be sure to check out our jail tutorial and jailed VNC tutorial (http://www.bsdnow.tv/tutorials) for ideas *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/whoami-im-pc-bsd-10-0-weekly-feature-digest-15/) 10.0 "Joule Edition" finally released (http://blog.pcbsd.org/2014/01/pc-bsd-10-0-release-is-now-available/)! AMD graphics are now officially supported GNOME3, MATE and Cinnamon desktops are available Grub updates and fixes PCBSD also got a mention in eweek (http://www.eweek.com/enterprise-apps/slideshows/freebsd-open-source-os-comes-to-the-pc-bsd-desktop.html) *** Feedback/Questions Justin writes in (http://slexy.org/view/s21VnbKZsH) Daniel writes in (http://slexy.org/view/s2nD7RF6bo) Martin writes in (http://slexy.org/view/s2jwRrj7UV) Alex writes in (http://slexy.org/view/s201koMD2c) - unofficial FreeBSD RPI Images (http://people.freebsd.org/~gjb/RPI/) James writes in (http://slexy.org/view/s2AntZmtRU) John writes in (http://slexy.org/view/s20bGjMsIQ) ***
Embedded Linux Conference Europe (ELC-E) 2012 wrapped up last week in Barcelona. By far, the most popular embedded platform of choice for demonstrations was BeagleBone. Here are four examples that include links to the slides taken from the eLinux wiki ELC-E presentation page. Videos of the presentations should be available from Free Electrons soon.Matt Ranostay opened up the presentations with "Beaglebone: The Perfect Telemetry Platform?" where he explored various telemetry applications such as weather stations, radiation monitors, earthquake detection mesh networks, home security systems and entropy pool generation. He discussed sharing data with tools like COSM and the hardware and software he developed for his own Geiger Cape plug-in board. Alan Ott of Signal 11 Software followed up with an excellent overview of "Wireless Networking with IEEE 802.15.4 and 6LoWPAN". Alan discussed the power consumption of various wireless communications technologies, security and much more, including what is supported in Linux. Alan wrapped up with a demo using BeagleBone and an ultrasonic range finder. Dave Anders snapped a picture of the Altoids-tin encased demo. Matt Porter of Texas Instruments stepped away from sensors and controls bringing back the Commodore 64 demoscene with "What's Old Is New: A 6502-based Remote Processor". While this might seem like a bit of a throw-back, many modern issues and solutions were explored to give us this taste of the past, including the Linux remoteproc/virtio interfaces to remote processors, the AM335x PRUSS processor that is extremely adept at bit-banging and the Fritzing design tool. Matt has also shared a picture of his wiring handy-work.Finally, Koen Kooi of CircuitCo presented on one of the fundamental BeagleBone challenges, "Supporting 200 Different Expansionboards: The Broken Promise of Devicetree". If you frequent #beagle, you probably already know that Koen isn't easy to please and so the title shouldn't be much of a surprise. You might then be surprised to note on the first slide where "broken" has been scratched out! We certainly aren't there yet, but the device tree maintainers and AM335x kernel developers are starting to address the unique opportunities around BeagleBone cape expansion boards in the mainline Linux kernel, making a reality out of the dream of supporting hundreds of boards with a single kernel distributed ahead of the add-ons!The continued enthusiasm of the embedded Linux community is just one element of what makes BeagleBoard.org successful, but it probably makes me happier than any other. With many of these developers moving the state of the Linux kernel ahead and even looking at sharing their hardware ideas in the BeagleBone Cape Plug-in Board Design Contest, I see a bright future where the largest collaborative software project of all time fully embraces the hardware and maker communities such that we can build a world where individuals and even children can reproduce electronics and computers down to the circuit level, not simply build on black magic.
© 2020-2025 Ivy Podcast Discovery LLC
