Free virtualization and emulation software
POPULARITY
14 episodes with QEMU
9 episodes with QEMU
4 episodes with QEMU
5 episodes with QEMU
3 episodes with QEMU
4 episodes with QEMU
2 episodes with QEMU
5 episodes with QEMU
2 episodes with QEMU
This week we dig into "Nixbook", a Linux distro designed to make old laptops into Chromebooks. Noah fell down the Nix rabbit hole, and of course we answer your questions. -- During The Show -- 00:50 Generosity Experiencing generosity A bunch of computers about to flood the market 03:50 Mike Kelly (Olympia Mike) Used laptop during Covid19 Became known for used laptops Company gifts used laptops Closing the technical divide Updates Package Confusion NixOS Olympia Mike's nixbook (https://github.com/mkellyxp/nixbook) How to help out Powerwashing 13:15 Noah's Nixbook Experience Give Noah a toy and remove distractions for 5+ hours Throw out everything you know Where NixOS fits Rollback functionality Going to drive Nixbook till hitting a roadblock Can't live in a flatpak world Ansible is the hammer that hits the most nails How long to get up and running on Nix Have to adopt the "nix way" NixOS Flakes (https://nixos-and-flakes.thiscute.world/introduction/) Nix Language (https://nix.dev/tutorials/nix-language) 31:25 News Wire Nginx 1.28.0 - unit.nginx.org (https://unit.nginx.org/news/2022/unit-1.28.0-released/) GCC 15.1 - devclass.com (https://devclass.com/2025/04/28/gnu-compiler-collection-15-1-released-cobol-support-improved-rust-compatibility-concerns/) Cosmic Alpha.7 - blog.system76.com (https://blog.system76.com/post/cosmic-alpha-7-never-been-beta) QEMU 10.0 - qemu.org (https://wiki.qemu.org/ChangeLog/10.0) Chainguard $356M Raised - bankinfosecurity.com (https://www.bankinfosecurity.com/chainguard-raises-356m-to-protect-open-source-supply-chain-a-28075) Open Source 5G/6G Software - breakingdefense.com (https://breakingdefense.com/2025/04/pentagon-seeks-open-source-software-for-5g-6g-networks/) Crux 3.8 - crux.nu (https://crux.nu/Main/ReleaseNotes3-8) Archcraft Prime ISO - wiki.archcraft.io (https://wiki.archcraft.io/news/49-news-release) 4mLinux 48.0 Stable - 4mlinux.com (https://4mlinux.com/index.php?page=home) Openmandriva 6.0 - wiki.openmandriva.org (https://wiki.openmandriva.org/en/distribution/releases/omlx60/new) Kali Linux Warning - bleepingcomputer.com (https://www.bleepingcomputer.com/news/linux/kali-linux-warns-of-update-failures-after-losing-repo-signing-key/) Attack of the Vsock - gbhackers.com (https://gbhackers.com/critical-linux-kernel-flaw/) ARES Robot Data Platform - a16z.com (https://a16z.com/ares-an-open-source-platform-for-robot-data/) Qwen3 - venturebeat.com (https://venturebeat.com/ai/alibaba-launches-open-source-qwen3-model-that-surpasses-openai-o1-and-deepseek-r1/) 33:00 Community How your self branding and its effects Noah's experience with a young man Noah's negative experience People remember how you make them feel and that reflects on communities There is what is said and what is received How to deliver messages Dinner example 41:20 OsmAnd - Richard Garmin Device Waze OsmAnd (https://osmand.net/) Fdroid OsmAnd (https://f-droid.org/packages/net.osmand.plus/) 45:28 Drive Rotation Off site backup - Kevin The back up plan you understand is the best Not doing anything un-usual A few concerns Hardware cycling HDD destruction -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/439) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
video: https://youtu.be/vRZkuFBhaAg Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, COSMIC Alpha 7 has been released. We also have some new releases for some distributions. We have Open Mandriva, also Crux, and even something for the retro computer enthusiasts out there. Humble Bundle has a lot of DOOM games available in the id & Friends bundle. All of this and so much more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and Open Source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/1e00ccfc-6284-4fcd-b917-5b48bdf77ad4.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:45 COSMIC Desktop Alpha 7 Released 09:49 OpenMandriva Lx 6.0 Released 14:54 CRUX 3.8 Released 19:19 Sandfly Security, agentless Linux security [ad] 21:02 Commodore OS Vision 3.0 Released 24:42 QEMU 10.0 Released 28:36 NVIDIA Security Flaw in Linux GPU Drivers 31:30 Discord CEO Steps Down 36:24 DOOM Games Bundle from Humble Bundle 37:42 Support the show Links: COSMIC Desktop Alpha 7 Released https://blog.system76.com/post/cosmic-alpha-7-never-been-beta (https://blog.system76.com/post/cosmic-alpha-7-never-been-beta) https://destinationlinux.net/416 (https://destinationlinux.net/416) OpenMandriva Lx 6.0 Released https://www.openmandriva.org/en/news/article/openmandriva-lx-6-0-rock-the-spring-release (https://www.openmandriva.org/en/news/article/openmandriva-lx-6-0-rock-the-spring-release) https://wiki.openmandriva.org/en/distribution/releases/omlx60/new (https://wiki.openmandriva.org/en/distribution/releases/omlx60/new) CRUX 3.8 Released https://crux.nu/Main/ReleaseNotes3-8 (https://crux.nu/Main/ReleaseNotes3-8) Sandfly Security, agentless Linux security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) https://destinationlinux.net/409 (https://destinationlinux.net/409) Commodore OS Vision 3.0 Released https://www.commodoreos.net/CommodoreOS.aspx (https://www.commodoreos.net/CommodoreOS.aspx) https://forum.commodoreos.net/viewtopic.php?p=2865&sid=0ee27f7ca5fe4ba7fa436e7f0e421668#p2865 (https://forum.commodoreos.net/viewtopic.php?p=2865&sid=0ee27f7ca5fe4ba7fa436e7f0e421668#p2865) QEMU 10.0 Released https://www.qemu.org/ (https://www.qemu.org/) https://wiki.qemu.org/ChangeLog/10.0 (https://wiki.qemu.org/ChangeLog/10.0) NVIDIA Security Flaw in Linux GPU Drivers https://nvidia.custhelp.com/app/answers/detail/a_id/5630/~/security-bulletin%3A-nvidia-gpu-display-driver---april-2025 (https://nvidia.custhelp.com/app/answers/detail/a_id/5630/~/security-bulletin%3A-nvidia-gpu-display-driver---april-2025) Discord CEO Steps Down https://www.gamingonlinux.com/2025/04/discord-ceo-steps-down-replaced-with-former-activision-blizzard-cso-as-they-work-towards-being-a-public-company/ (https://www.gamingonlinux.com/2025/04/discord-ceo-steps-down-replaced-with-former-activision-blizzard-cso-as-they-work-towards-being-a-public-company/) https://discord.com/blog/passing-the-torch (https://discord.com/blog/passing-the-torch) https://discord.com/blog/discord-appoints-new-ceo-humam-sakhnini (https://discord.com/blog/discord-appoints-new-ceo-humam-sakhnini) DOOM Games Bundle from Humble Bundle https://humblebundleinc.sjv.io/DyRXmd (https://humblebundleinc.sjv.io/DyRXmd) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)
This week Eric Hendricks joins us to help us solve problems, and bring some insight to RHEL 10 beta! -- During The Show -- 00:52 Intro Eric Hendricks ITGuyEric Red Hat Technical Marketer Fedora Podcast Host Steve's PSA - Spook (https://spook.boo/) Entities Other problems Help Steve Out - Firefox and authenticated proxy Mac OS breaking open source Gatekeeper 20:05 Threema for Messaging - Michael Technology is a tool for relationships Paid app Designed for private communication Checks a lot of boxes Network effect threematrix (https://github.com/bitbetterde/Threematrix) not updated recently Beeper 31:30 7 Inch Touch Screen Make the touch screen the primary display USB cable emulates a mouse Crash cart tech 35:07 News Wire Gnome 46.7 - gnome.org (https://discourse.gnome.org/t/gnome-46-7-released/25560) KDE Frameworks 6.9 - kde.org (https://kde.org/announcements/frameworks/6/6.9.0/) KDE Gear 24.12 - kde.org (https://kde.org/announcements/gear/24.12.0/) XFCE 4.20 - github.io (https://alexxcons.github.io/blogpost_14.html) QEMU 9.2 - qemu.org (https://wiki.qemu.org/ChangeLog/9.2) CentOS Stream 10 - centos.org (https://blog.centos.org/2024/12/introducing-centos-stream-10/) Red Hat has announced that CentOS Stream 10 is available. Kali Linux 2024.4 - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/kali-linux-20244-released-with-14-new-tools-deprecates-some-features/) Fedora Asahi 41 - forbes.com (https://www.forbes.com/sites/jasonevangelho/2024/12/17/fedora-asahi-remix-41-released-linux-on-your-apple-silicon-mac/) Fedora Asahi Remix 41 Released Pumakit - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/) Open Source Malware - helpnetsecurity.com (https://www.helpnetsecurity.com/2024/12/11/open-source-malware/) Boltz-1 - mit.edu (https://news.mit.edu/2024/researchers-introduce-boltz-1-open-source-model-predicting-biomolecular-structures-1217) 36:30 Self Hosting Hiccups SwiftFin app Jellyfin (https://jellyfin.org/) Nextcloud photo sync PhotoSync app Infuse app had to update the server side infuse plugin Immich (https://immich.app/) 47:10 RHEL 10 Public Beta Do Not install in production Relation between RHEL 10 Beta and CentOS 10 Special Interest Groups (SIGs) Get it for free with a developer account -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/420) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Eric Hendricks.
The guys are talking about VMWare moving to KVM, Ubuntu's missing kernel PPA, Microsoft's endorsement of Alma Linux, and Jonathan does a live update to Fedora 41. It goes mostly well. X has another vulnerablity, The kernel makes a minor fix, and a Valve engineer finds a massive perfomance fix in AMD drivers. For tips we have bc for a simple calulator, baobab for file usage visualization, pw-top for keeping track of Pipewire processes, and ccze for colorizing your logs. See the show notes at https://bit.ly/48ADju0 and until next time! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and Jeff Massie Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
AUDIO THIS WEEK HAD A SAMPLE RATE ISSUE. SORRY FOR IN INCONVENIENCE. -- During The Show -- 00:52 Steve's WiFi We think its fixed! Noah brought lots of gear Replaced some hardware 02:41 Recovery after power surge - David Cattle not Pets Steve's Nextcloud experience Noah's laptop approach 09:43 Communications App Upheaval - Charlie There is a war on encrypted messaging Courts are making decisions 12:45 Listener Responses To Listener (cameras in home) - Chris UniFi Wave Pico system 13:51 News Wire AlmaLinux Certification SIG - almalinux.org (https://almalinux.org/blog/2024-09-10-announcing-new-certification-sig/) Wine 9.17 - gitlab.winehq.org (https://gitlab.winehq.org/wine/wine/-/releases/wine-9.17) Samba 4.21 - samba.org (https://www.samba.org/samba/history/samba-4.21.0.html) Rust 1.81 - blog.rust-lang.org (https://blog.rust-lang.org/2024/09/05/Rust-1.81.0.html) GNU Nano 8.2 - lists.gnu.org (https://lists.gnu.org/archive/html/info-gnu/2024-09/msg00001.html) Firefox 130 - mozilla.org (https://www.mozilla.org/en-US/firefox/130.0/releasenotes/) QEMU 9.1 - qemu.org (https://www.qemu.org/2024/09/03/qemu-9-1-0/) Peropesis 2.7 - peropesis.org (https://peropesis.org) RLXOS 2.0 - rlxos.dev (https://blog.rlxos.dev/introducing-rlxos-20-sankalpa) Q4OS Released - q4os.org (https://q4os.org/blog.html) Rust Kernel Support for MIPS - phoronix.com (https://www.phoronix.com/news/Rust-Linux-Kernel-MIPS-Patches) Linux in Automotive - globenewswire.com (https://www.globenewswire.com/news-release/2024/09/10/2943456/0/en/Eclipse-Foundation-Releases-Landmark-Report-on-Open-Source-Software-in-Automotive-Design.html) MX Linux 23.4 - mxlinux.org (https://mxlinux.org/blog/mx-23-4-libretto-now-available/) Tails 6.7 - torproject.org (https://blog.torproject.org/new-release-tails-67/) EasyOS 6.3 - bkhome.org (https://www.bkhome.org/news/202409/easyos-scarthgap-series-version-63-released.html) Virtualbox 7.1 - virtualbox.org (https://www.virtualbox.org/wiki/Changelog-7.1) KDE 6.2 - kde.org (https://kde.org/announcements/plasma/6/6.1.90/) KDE Frameworks 6.6 - kde.org (https://kde.org/announcements/frameworks/6/6.6.0/) Shotcut 24.09 - shotcut.com (https://shotcut.com/blog/new-release-240913/) Ardour 8.7 - ardour.org (https://ardour.org/whatsnew.html) White House Working Group - govciomedia.com (https://govciomedia.com/feds-prioritize-open-source-software-security-initiatives/) Tidelift Study - businesswire.com (https://www.businesswire.com/news/home/20240917030299/en/Tidelift-Study-Reveals-Paid-Open-Source-Maintainers-Do-Significantly-More-Critical-Security-and-Maintenance-Work-Than-Unpaid-Maintainers) OpenSearch Foundation - techcrunch (https://techcrunch.com/2024/09/16/aws-brings-opensearch-under-the-linux-foundation-umbrella/) Hedera - cointelegraph.com (https://cointelegraph.com/news/hedera-linux-foundation-hiero-decentralized-trust) Linux 6.11 - phoronix.com (https://www.phoronix.com/news/Linux-6.11) MNT Reform Next - arstechnica.com (https://arstechnica.com/gadgets/2024/09/all-open-source-mnt-reform-laptop-is-getting-a-sequel-with-a-refined-design/) Juno Tab 3 - colocrossing.com (https://www.colocrossing.com/blog/introducing-the-juno-tab-3-a-699-linux-tablet-equipped-with-ubuntu-24-04-lts/) Oracle Weblogic Exploited - thehackernews.com (https://thehackernews.com/2024/09/new-linux-malware-campaign-exploits.html) Advanced materials AI Model - aibusiness.com (https://aibusiness.com/nlp/new-open-source-ai-model-for-advanced-material-design-unveiled) LightEval - venturebeat.com (https://venturebeat.com/ai/lighteval-hugging-faces-open-source-solution-to-ais-accountability-problem/) RHEL AI - businesswire.com (https://www.businesswire.com/news/home/20240905544240/en/Red-Hat-Enterprise-Linux-AI-Now-Generally-Available-for-Enterprise-AI-Innovation-in-Production) 17:55 Immich Developer scratches his own itch Immich better than google photos now Google data pull GitHub Script (https://gist.github.com/chabala/22ed01d7acf9ee0de9e3d867133f83fb) * 7z x *.zip Roadmap Private/Locked photos In app editing Auto stacking Funding Foodo Steve's current photo solution Immich backup methods Forground Background Manual sync button Sharing/Collaboration Infinite scrolling Social aspect Deletion issue Requires inputting the port 37:00 FCC and 900Mhz Meshtastic LoRa Chirp Spread Spectrum Only good for long range small packets of data Rx/Tx Wattage NextNav wants to buy the spectrum LoRa enables lots of possibilities Lilygo T Deck Plus (https://www.lilygo.cc/products/t-deck-plus) Rokland blog post (https://store.rokland.com/blogs/news/help-us-protect-meshtastic) Licensing the frequency stifles innovation Could hamper emergency response Having open frequencies democratizes communication LoRa FCC Guide (https://www.sunfiretesting.com/LoRa-FCC-Certification-Guide/) Opposition_Letter (https://cdn.shopify.com/s/files/1/0071/3772/files/Opposition_Letter.pdf?v=1725463027) FCC Paths to LoRa Certification FCC Part 15.247 - Digital Modulation FCC Part 15.247 - Frequency Hopping Spread-Spectrum (FHSS) FCC Part 15.249 - All Other Transmission in the 900MHz range FCC Part 15.247(b)(3) Problematic spectrum impact -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/407) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) • Ask Noah Show © CC-BY-ND 2021 •
Nvidia continues to amaze, Thunderbird is getting rusty, and Proton is about to go 9.0. Then there's a Flathub redesign, a shiny new QEMU release, and maybe the year of Linux in the car. For tips we have awk, the number and string wrangling do-all tool, more spring cleaning with dpkg, how to get tmux set up just right on a new install, and ydiff for much better diff highlighting. See the show notes at https://bit.ly/3xZHa60 and thanks for coming! Host: Jonathan Bennett Co-Hosts: Jeff Massie, Ken McDonald, and David Ruggles Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Entrons dans le marché de Rome avec Gallus, l'esclave au service de QEMU. Il nous donne un aperçu fascinant de la culture alimentaire romaine. Bien que les Romains aient une réputation de grande débauche alimentaire lors de banquets, la plupart des repas sont en fait modérés, même chez les riches. Lorsque le maître organise des banquets, les esclaves sont chargés de trouver les meilleurs produits, parfois très rares ou exotiques, pour impressionner les convives.Immersion sonore : ImportanteCivilisations anciennesProduction : Aurélien Hérault, Damien Maric, Chloé LuizardChargée de production : Agathe LedeinAuteur : Juliette CazesComédien(ne)s : Géraldine Asselin - Soleïma Arabi - Jean-Baptiste Anoumon - Mohad SanouStudio : Load StudioHabillage Sonore : Illustrason Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.Threat actors have been observed installing RMM tools as a means of maintaining persistence within a compromised organization. Hackers breached some of the systems belonging to CISA in February through some known vulnerabilities in Ivanti products.
Can we save an old Arch install? We'll attempt a live rescue, then get into our tips for keeping your old Linux install running great.
Apple has updated many of its operating systems, but there don't seem to be any security fixes. Can we be sure? We also discuss BlueNoroff hackers, Google deleting unused accounts, and new AI tools, including Grok, and how there are already scam apps pretending to offer access to it. Show Notes: Apple releases macOS Sonoma 14.1.1, iOS 17.1.1, and more—but no security updates BlueNoroff hackers backdoor Macs with new ObjCShellz malware There is no Apple Silicon iMac 27-inch coming The iMac has become a computer in search of a purpose M3 vs M3 Pro vs M3 Max: specs, features compared Inactive Google Account Policy WhatsApp Now Lets You Hide Your IP Address During Calls Developer shows progress on QEMU-based iPhone OS emulator, now running version 2.1 Apple and Google host fake xAI Grok chat-bot apps in their App Stores OpenAI announces updates to ChatGPT, including GPT-4 Turbo Brave's “Leo” is a new ‘anonymous and secure' AI chatbot Samsung's Galaxy S24 will likely include on-device generative AI called Samsung Gauss Google introduces real-time scanning on Android devices to fight malicious apps Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
First up in the news: Mint Monthly News – August, New Asahi Linux Mac GPU beats Apple, Gnome improves Epiphany, Budgie 10.8 is out, Bodhi 7.0.0 is released, QEMU 8.1 released, LibreOffice gets a new number, Linux Turns 32, Mageia 9 released, Linux Kernel 6.5 is out, and Firefox loses users In security and privacy: Nothing. We have nothing. Then in our Wanderings: Joe and Moss return to the fold, and welcome Eric Adams to join us Download
-- During The Show -- 00:58 Intro Viral videos YouTube Profiling Rich Men North of Richmond - Wikipedia (https://en.wikipedia.org/wiki/Rich_Men_North_of_Richmond) 04:17 Chat Programs, Kid access etc - Semantic Scholar Beeper Kids on platforms Affects of 'screens' Kids & Technology 12:12 Just thanks - Entransic Thanks for the show! 12:30 Soldering Iron? - Charlie Soldering irons peak Pinecil (https://pine64.com/product/pinecil-smart-mini-portable-soldering-iron/) Can take a while to get TS100 and TS101 Runs off 12v Adjustable temp 16:36 News Wire Linux Turns 32, Linux 6.5 - OMG Ubuntu (https://www.omgubuntu.co.uk/2023/08/linux-kernel-6-5-features) Bohdi Linux 9 - Bodhi Linux (https://www.bodhilinux.com/release/7-0-0/) Mageia 9 - Mageia (https://www.mageia.org/en/9/) QEMU 8.1 - Phoronix (https://www.phoronix.com/news/QEMU-8.1-Released) GNU Coreutils 9.4 - Phoronix (https://www.phoronix.com/news/GNU-Coreutils-9.4) ClamAV 1.2 - ClamAV (https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html) Firefox 117 - Mozilla (https://www.mozilla.org/en-US/firefox/117.0/releasenotes/) Card/IO - Hackaday (https://hackaday.com/2023/08/27/card-io-is-a-credit-card-sized-open-source-ecg-monitor/) Sipeed - CNX Software (https://www.cnx-software.com/2023/08/28/sipeed-unveils-risc-v-tablet-portable-linux-console-and-cluster/) Alibaba's AI Offerings - Insider Intelligence (https://www.insiderintelligence.com/content/alibaba-adopts-open-source-model-ai-offerings-intensifying-competition-china) Stable Chat - Infoq (https://www.infoq.com/news/2023/08/stable-chat/) eSentire LLM Gateway - Dark Reading (https://www.darkreading.com/dr-tech/esentire-labs-open-sources-project-to-monitor-llms) Facebook LLAMA Deceitful - Wired (https://www.wired.com/story/the-myth-of-open-source-ai/) Enterprise Not Using Commercial LLMs - Inside Big Data (https://insidebigdata.com/2023/08/23/survey-more-than-75-of-enterprises-dont-plan-to-use-commercial-llms-in-production-citing-data-privacy-as-primary-concern/) Monti Ransomware Group - Bank Info Security (https://www.bankinfosecurity.com/monti-ransomware-deploying-new-linux-encryptor-a-22904) Linux on Commodore 64 - Github (https://github.com/onnokort/semu-c64) 19:17 Caller - Ryan for Georgia OpenWRT Routers Adding router to existing network Routers do more than routing Double NAT Switching gateways Connect both routers to the modem via a switch 33:09 sharper0746 How would you self host a blog? Hugo (https://gohugo.io/) static site WikiJS (https://js.wiki/) 35:50 Self Host YouTube Tube Archivist (https://www.tubearchivist.com/) Tube Archivist GitHub (https://github.com/tubearchivist/tubearchivist) Nice WebUI Google/YouTube is entangled in everthing Google/YouTube is hard to block YouTube deletes content More private No RBAC Honorable Mentions Invidious (https://invidious.io/) Archivy (https://archivy.github.io) Archive Box (https://archivebox.io/) Searx (https://searx.github.io/searx/) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/352) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
If an IBM PC can see the light, why not a Mac? Original text by Joel Snyder, SunWorld July 1993. This review calls A/UX “complete”, but that's meaningless until another Vancouverite demonstrates that it is possible to port Doom (sans audio) to it! The moment it worked. The usual emulators won't run A/UX since it requires an MMU. You'll need Shoebill (abandoned by the developer now that he works at Apple) or QEMU's Quadra 800 emulation. Watch someone else suffer so you don't have to: netfreak walks you through installing, patching, and configuring A/UX on a Macintosh SE/30. Boy is it slow. netfreak maintains some useful A/UX resources and a knowledge base. Mr. TenFourFox/OldVCR Cameron Kaiser has documented some interesting MachTen hacks and notes. If you find MachTen crashes shortly after launch, you might have a faulty 68LC040 CPU. I hope you bought AppleCare. “[X11 performance was] … about six times faster than a Sun 3/50.” Six times as fast as slow is still slow. Macworld November 1992 reports “Even on a [Quadra] 950, please note, A/UX is slow–three times slower than Unix on a midrange Sun workstation.” A/UX Product Manager Richard Finlayson's unabridged demo of A/UX 2.0 from the April 1990 Apple VHS User Group Connection tape. Apple's self-running Macromedia Director demo of A/UX 2.0, complete with simulated Extended Keyboard II typing sounds. Spot the two errors in the simulated CommandShells. The example user might be a play on Richard Finlayson's name.
For our 200th episode, we discuss the impact of Red Hat's decision to stop publicly releasing the RHEL source code, plus we cover security updates for libX11, GNU SASL, QEMU, VLC, pngcheck, the Linux kernel and a whole lot more.
Die Kernel-Maintainer:innen schicken Linux 6.3 und 6.4-rc1 ins Rennen, während zwei CVEs geschlossen werden wollen. QEMU veröffentlicht mit 8.0 eine neue Hauptversion mit überschaubaren Änderungen. RHEL und AlmaLinux 9.2 werden veröffentlicht, parallel lässt Rocky Linux noch auf sich warten. An der Hochschule Augsburg findet der Augsburger Linux-Infotag statt, während Red Hat Summit und SUSECON in greifbare Nähe rücken. openSUSE ALP und SoftMaker Office suchen nach Feedback.
First up in the news, Linux Kernel 6.3 Officially Released, blendOS 2 supports Android, new Vivaldi out, new Opera One Dev Release, GIMP completes GTK3 rewrite, QEMU drops 32-bit, Ryzens are burning, Proton launches a password app, Jetpack Announces the end of twitter auto-sharing, and Red Hat lays of 4% due to high profits; In security and privacy, Mullvad foils a search warrant, and RTM Locker targets NAS and ESXi; Then in our Wanderings, Joe goes 3D, Moss upgrades, Bill shuffles cards, Majid has a few lightbulb moments, and Dale has entered the Void. Download
This week the EARN-IT Act is Back! For the third time Senators are trying to push through the EARN-IT Act. Steve and Noah take you through this, as well as your questions! -- During The Show -- 01:15 Steve's Home Automation Sonoff Zigbee 3 Integration issues Problem Solved! Zwave fairness Hindsight recommendations 07:50 Listener Responds about journal - Bhikhu Life O Graph (https://lifeograph.sourceforge.net/wiki/Main_Page) Jrnl (https://jrnl.sh/en/stable/) Pepys (https://lukebriggs.dev/projects/pepys/) Almanah_Diary (https://wiki.gnome.org/Apps/Almanah_Diary) Monkkee (https://monkkee.com/en) India App Ban (XDA) (https://www.xda-developers.com/all-chinese-apps-banned-india/) 10:11 Cookbook Application? - Jim Don't mind repeating questions Gourmand (https://github.com/GourmandRecipeManager/gourmand) Tandoor (https://docs.tandoor.dev/) 14:58 Which AP? - James Stick with U6 Pro U6 Lite ok U6 Long Range total rip off 16:50 News Wire Proton 8.0 Twitter (https://twitter.com/Plagman2/status/1648029861032890368) QEMU 8.0 QEMU (https://wiki.qemu.org/ChangeLog/8.0) Fedora 38 Fedora Magazine (https://fedoramagazine.org/announcing-fedora-38/) Ubuntu 23.04 Ubuntu (https://ubuntu.com/blog/ubuntu-desktop-23-04-release-roundup) Solus Rebase Solus (https://getsol.us/2023/04/18/a-new-voyage/) Tails 5.12 Tails (https://tails.boum.org/news/version_5.12/index.en.html) Blend OS v2 Blend OS (https://blendos.co/blend-os-v2/) KaOS 10 Yrs Old KaOS (https://kaosx.us/news/2023/kaos04/) Manjaro 22.1 Talos Beta News (https://betanews.com/2023/04/22/manjaro-linux-221-talos/) Linux 6.3 OMG Ubuntu (https://www.omgubuntu.co.uk/2023/04/linux-kernel-6-3-features) Linux 6.4 Security Phoronix (https://www.phoronix.com/news/Linux-6.4-CA-Enforce-MOK-Keys) Phoronix (https://www.phoronix.com/news/SELinux-No-More-Runtime-Disable) TLA+ Foundation Tech Crunch (https://techcrunch.com/2023/04/21/linux-foundation-launches-new-organization-to-maintain-tla/) Cisco Open Source Tools The Nes Stack (https://thenewstack.io/cisco-unveils-new-open-source-security-tools-at-kubecon-eu/) System76 Updates 9 To 5 Linux (https://9to5linux.com/system76-refreshes-its-serval-ws-adder-ws-and-bonobo-ws-linux-laptops) Stability AI ArsTechnica (https://arstechnica.com/information-technology/2023/04/stable-diffusion-for-language-stability-launches-open-source-ai-chatbot/) Together RedPajama Venture Beat (https://venturebeat.com/ai/redpajama-replicates-llama-to-build-open-source-state-of-the-art-llms/) Indian Gov Hack Hacker News (https://thehackernews.com/2023/04/pakistani-hackers-use-linux-malware.html) Lazarus Group & 3CX Tech News World (https://www.technewsworld.com/story/lazarus-hackers-linux-malware-linked-to-3cx-supply-chain-attack-177020.html) 19:30 Flathub Redesign Phoronix (https://www.phoronix.com/news/Redesigned-Flathub-Launches) Discovery Verified Developer Tags Flatpak Matrix Chat (https://matrix.to/#/#flatpak:matrix.org) 24:11 AtlasOS AtlasOS (https://atlasos.net/) Forced Restarts Collection of BAT scripts TRON (https://github.com/bmrf/tron/) Disables lots of security features 25:43 NextCloud Memories Photos App ok Nextcloud Memories Timeline Rewind AI Tagging Albums External Sharing Mobile Support Immich (https://github.com/immich-app/immich) Libre Photos (https://github.com/LibrePhotos/librephotos) 28:50 Earn It Act Threat to privacy is back EFF (https://www.eff.org/deeplinks/2023/04/earn-it-bill-back-again-seeking-scan-our-messages-and-photos) Section 230 recap Law Enforcement can't keep up What about tomorrow Unelected government commission Stacked with law enforcement Make "Best Practices" Apple Scanning Designed to be Vague, Broad, Sweeping Technology should empower the user Scanning circumvents encryption Apple incident Client Side Encryption Earn it act effectively bans end to end encryption 75% of flagged content not malicious 47:20 Linux Laptop Aon S1 ZDNet (https://www.zdnet.com/article/is-this-the-best-laptop-youve-never-heard-of/) System76 refreshed their line up Desktop vs Laptop vs Steam Deck 52:20 PineTap Noah Ordered the PineTab2 Drum Charts -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/334) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
Assista o vídeo completo aqui. Assine o canal Akitando no YouTube! Originalmente publicado em 01/02/2023
Xerolinux https://xerolinux.xyz I installed XeroLinux on an older I mac I had, mostly due to 2 factors, I had the hardware and A review I saw touted the MAC like interface from a modified KDE Plasma base. As a Plasma user, how could I resist. I had previously installed Fedora 36 on the MAC and was receiving random hardware issues at boot time, I wanted to see if the issue persisted on and Arch base, and since I had never used Arch, this was a perfect test case. The install: Power on the MAC and (if you have a MAC keyboard) press and hold the Option key. This presented me with 2 options, boot into fedora, or to the EFI partition on my USB with XeroLinux installer. Select the EFI USB device I was then presented with 4 menu options, XeroLinux installer, REFI boot options, MAC OS and reboot I chose to boot into the Installer In the GUI installer I was first given the options to install several fixes for virtual environments including Qemu and VMWare as well as an install option Next I was greeting (literally with a welcome screen proclaiming “Welcome Fellow Linux Nerds” ) I am at home...lol After selecting language, time zone and Keyboard layouts, The disk partitioning options are presented (and in much less confusing verbage than Fedora) and you are given choice of what swap partition type to use, No Swap, Swap no hibernate swap with hibernate and swap to file also a choice of file system, xfs, btrfs of ext4. I chose xfs the default, and since this is just a toy, not a high availability/high capacity server, there is no need for BTRFS, and if I am happy with the state of the system, I may well use it as a media server or Plex server and in that case I’ll need the larger file capacity of XFS Also available are the file system encryption check box and a manual partition options Under the user account setup, it detected and offered to set the machine name as MAcPro51, which is fine, it’ll help me id the device on my network, VS a unique name I would then have to come up with but would inevitably also contain “MAC” The page also included check boxes to validate password strength (forcing strong passwords, an auto-login option and an option to “reuse user password as root password. Obviously for SUDO purposes, this would not be recommended, but in my situation, I did chose it and the strong passwords validation The next screen verifies all the selections and when next is clicked, A pop-up wants you to confirm again that you want to make the changes selected. (insert jeopardy music while the install happens) During the install, there is a button to observe what is actually going on in the background, partitioning, file copies, compiles, etc First boot and login Well poop,I see a message in the boot screens referring to a hardware issue in CPU0 bank 8, there might be a hardware issue, it IS and older Intel MAC after all… Step one is, as always, update the system Picture 1 Click the thumbnail to see the full-sized image Yes, that is a silhouette of the MST3K guys, I’m using a 720 P TV as my monitor and watch movies when I’m in my home office. 121 packages are ready fro update including Kernel 5.19.12 (more jeopardy Music) next stop: install proprietary driver , open source drivers and non-preinstalled apps All this went very smoothly, as though the distro maintainers had put lots of work and thought into it. To say I’m impressed is an understatement so far. Also there’s a handy dandy “Post install system config button, let’s see what that does… Picture 2 Click the thumbnail to see the full-sized image Man, all kinds of goodies to play with!! With such goodies as Yakuake, Avanti browser and KDE connect preinstaled, the only thing I really needed was a decent office suite, Libre office, of course… The XeroLinux “Hello” app is quite a setup, offering all the tools you need to get up and running. With an app browser very similar to Discover, used by Fedora, finding LibreOffice was easy, tick a check box, a few dependencies needed confirmation, click install and poof, done. I was able to seamlessly browse the internet and watched a full length Jackie Chan movie on Netflix with no issues or buffering, Libre-office Calc opened in about 5 seconds, only marginally slower than my regular I7 desktop PC running Fedora 35. The hardware 2010 MACPRO5.1 with dual Intel Xeon 12 core processors running at 2.5Ghz and 32 GB ram and an ATI Radeon HD 5770 I bought the MAC at a local college surplus auction with no hard drive, and installed a 500GB “spinning rust” hard drive I happened to have laying around. As older hardware, it’s still fairly quiet and crash free, so far. With a modest up time of 5 days. Picture 3 Click the thumbnail to see the full-sized image Picture 4 Click the thumbnail to see the full-sized image
A high-profile Linux kernel network flaw, we put JFS on a death watch, and break down the controversial Firefox update this week.
A high-profile Linux kernel network flaw, we put JFS on a death watch, and break down the controversial Firefox update this week.
Episode 382 avec David et Sébastien S.. Sommaire : • A comme Apple (00:02:05) : Le processeur A16 Bionic aurait été castré ? Le processeur A16 de l'iphone 14 pro aurait été amputé de pas mal de fonctionnalités avancées. (source) • C comme Cambridge Analytica (00:08:02) : Quand Meta paye pour enterrer le scandale. Meta débourse $725m pour clôturer la plainte Cambridge Analytica. (source, source) • H comme Huawei (00:15:39) : Huawei se prépare à la technologie < 7nm. Huawei prépare des scanners EUV pour produire des puces à technologie < 7nm. (source) • I comme iPhone (00:18:40) : Quand on emule iPhone OS 1.0. Un développeur réussi à faire tourner iOS 1.0 sur QEMU. (source, source) • L comme LastPass (00:27:11) : Finalement les coffre-forts de mots de passe ont été volés. LastPass finit par admettre que les coffres-forts de mots de passe ont bien été volés. (source, source) • S comme Stockholm (00:39:13) : Quand les citoyens prennent le relai. Un app créé par la ville de Stockholm est redéveloppée en open source. (source, source) • T comme Twitter (00:46:38) : 400 Millions de comptes utilisateurs auraient été volés. Un hacker prétend avoir volé les données personnelles de 400 millions d'utilisateurs de Twitter. (source) • Z comme Zero-Day (00:55:30) : Quand on découvre une faille dans Linux. Une faille Zero Day découverte dans le . (source)
Episode 382 avec David et Sébastien S..Sommaire :• A comme Apple (00:02:05) : Le processeur A16 Bionic aurait été castré ? Le processeur A16 de l'iphone 14 pro aurait été amputé de pas mal de fonctionnalités avancées. (source) • C comme Cambridge Analytica (00:08:02) : Quand Meta paye pour enterrer le scandale. Meta débourse $725m pour clôturer la plainte Cambridge Analytica. (source, source) • H comme Huawei (00:15:39) : Huawei se prépare à la technologie < 7nm. Huawei prépare des scanners EUV pour produire des puces à technologie < 7nm. (source) • I comme iPhone (00:18:40) : Quand on emule iPhone OS 1.0. Un développeur réussi à faire tourner iOS 1.0 sur QEMU. (source, source) • L comme LastPass (00:27:11) : Finalement les coffre-forts de mots de passe ont été volés. LastPass finit par admettre que les coffres-forts de mots de passe ont bien été volés. (source, source) • S comme Stockholm (00:39:13) : Quand les citoyens prennent le relai. Un app créé par la ville de Stockholm est redéveloppée en open source. (source, source) • T comme Twitter (00:46:38) : 400 Millions de comptes utilisateurs auraient été volés. Un hacker prétend avoir volé les données personnelles de 400 millions d'utilisateurs de Twitter. (source) • Z comme Zero-Day (00:55:30) : Quand on découvre une faille dans Linux. Une faille Zero Day découverte dans le . (source)
Cette semaine : Grand Mountain Adventure: Wonderlands, Duelyst II, GameStream Nvidia the end, C64 OS, iPhoneOS 1.0 dans QEMU, John Morales Presents Teddy Pendergrass – The Voice (Remixed With Philly Love), best Of Albums 2022, K-pop of 2022, John Carmack quitte Meta, Drop Sense75, Finalmouse Centerpiece, et le ML utile, par Google. Lisez plutôt Torréfaction #241 : Grand Mountain Adventure: Wonderlands, Duelyst II Open Beta, C64 OS, la fin de GameStream, plein de ziks, John Carmack quitte Meta & more ! avec sa vraie mise en page sur Geekzone. Pensez à vos rétines.
Whether images created by AI count as art, self-hosted audio streaming, a hex editor, playing Steam games from remote machines, QEMU on an iPad, and more. Discoveries Navidrome ImHex Moonlight UTM running Windows 10 on an M1 iPad Pro AI “art” Artwork generated using AI software Midjourney won a state competition Professional AI... Read More
Whether images created by AI count as art, self-hosted audio streaming, a hex editor, playing Steam games from remote machines, QEMU on an iPad, and more. Discoveries Navidrome ImHex Moonlight UTM running Windows 10 on an M1 iPad Pro AI “art” Artwork generated using AI software Midjourney won a state competition Professional AI... Read More
Plan 9: An exercise in futility It is my right to exercise my futility wherever, whenever, and with whoever I please Some ideas about Plan 9: It's like the uncanny valley of UNIX Cool, but useless Can you sum up plan 9 in layman's terms? It does everything Unix does only less reliably - Ken Thompson If you cannot imagine a use for a computer that does not involve a web browser, Plan 9 may not be for you - 9front FQA #d/0:28: null list in concatenation History and description The boys at bell labs decide UNIX wasn't good enough so they decided to build something better: a distributed multiuser operating system composed of many machines. Many of the same ideas behind UNIX were pushed to absurd extremes. The idea that "everything is a file" is made blatantly apparent to everyone and sometimes, in my opinion, can feel 'overly-abstracted'. Additionally, the concept of private namespaces makes the concept of virtual filesystems seem like 'baby's first filesystem abstraction'. Just like UNIX, 9 started as a research operating system. Both are enjoyed by hobbyists, both are interesting ways of using a computer, both have a lot of fun in store. But the systems do diverge in one major aspect: UNIX is mainstream and 9 is still a research operating system. Plan 9 is currently distributed under the MIT license. "What is plan 9?", Taken directly from intro(1): Plan 9 is a distributed computing environment assembled from separate machines acting as terminals, CPU servers, and file servers. A user works at a terminal, running a window system on a raster display. Some windows are connected to CPU servers; the intent is that heavy computing should be done in those windows but it is also possible to compute on the terminal. A separate file server provides file storage for terminals and CPU servers alike. In practice, modern 9 users just run all of these services on a single machine because maintaining many machines to achieve a single usable 'operating system' is unnecessary; the 9 user finds himself scared and alone without enough users (1 is rarely enough) to justify building a distributed environment. Use cases Intended: distributed multiuser network (ie not mainframe), later embedded since UNIX was too bad to be stopped Actual: Acting like a UNIX hipster, pretending that 9 is anything other than vaporware, imagining that you are gaining social credit by posting screenshots of abandonware on internet forums. See also: Operating System Tourism 9 in the wild Unicode is now a plague rfork 9p leveraged by microsoft to discourage end users from actually running GNU+Linux as St Ignucius intended QEMU's VirtFS various window managers for UNIX, written by people who like the ideas behind 9 but not enough to actually run 9 "cool idea, I'm adding it to Linux" private namespaces union directories see: docker Design The goal of 9 was to build a distributed operating system that expands upon Unixy ideas, not to build something that's backwards compatible. "We want to improve UNIX" is mutually exclusive to "we want to port UNIX to this wacky new kernel". UNIX programs (and behemoths like FireFox) are difficult^impossible to port to 9 because of this design decision. Distributed operating systems Since 9 was designed to be a distributed operating system, many of the internals are oriented towards networking. On a single system installation, all three of the components that make a 9 network are working together in a client-server model. The filesystem is presented as a service, the CPU is presented as a service, and the terminal is presented as a service. This type of "abstraction from the physical hardware" makes it difficult to succinctly describe and explain 9. If you think about 9 as a heterogeneous network of machines the ideas start to make sense. If you think about 9 as a self-contained single-machine operating system the ideas only become more confusing. One thing that has helped me wrap my head around the client/server idea is actually thinking less. When running a MySQL server in a LAMP stack, the database server and client are running on the same machine. When writing a program, you instruct the client to access the database located at the address localhost. Despite the design intention to run the database as a separate machine, loopback device hacks ensue. The idea of client/server permeates 9. The filesystem? Presented as a server regardless of what physical machine it's located on. The CPU? Presented as a server regardless of what physical machine it's located on. The terminal? Presented as a server regardless of the physical machine it's located on. On a single machine 9 installation, all of these servers are running locally but accessed as if they were running remotely. Insanity ensues but at least it's easier to write code for. 9p: the Plan 9 Filesystem Protocol 9p is a networking protocol that makes this client/server model possible. Internally, the filesystem is served to the client over 9p. Many applications make use of 9p, including text editors, windowing systems, plumber, etc. In UNIX, everything is a file. In 9, everything is a filesystem accessed via 9p. Private Namespaces, Union Directories The most important aspect of 9: namespaces. Namespaces have caused me much confusion until recently. In 9, each process constructs a unique view of the filesystem. The phrase that gets stuck in my head is "a private namespace is a per-process view of the filesystem". The easiest way to think about namespaces is to think about a "virtual directory". Unix has "virtual filesystems", 9 has "virtual directories". The concept of namespaces allows a user to pull resources from all over the network and present them as "a single local filesystem" with absolute disregard for where these resources are actually coming from. In order to construct a namespace, union directories are used. A union directory is a directory made of several directories bound to the same directory. This concept is similar to a bind mount on UNIX. The kernel keeps separate mount table for each process. Using namespaces, a user or admin can create more secure isolated environments (similar to a chroot). Processes and their children are grouped together so that inheritance of the namespace occurs. These process groups can be customized. The 'per-process namespace' concept can be confusing to UNIX users at first, especially when binding (ie mounting) resources. When I first started using 9 I was very confused when I bound something in one terminal, switched to another, then became disoriented as the thing I just bound seemingly stopped existing. My big example is mounting the boot partition or a filesystem over ssh: # In this window, I have bound the boot partition. # It behaves expectedly. term% 9fs 9fat term% lc /n 9/ 9fat/ other/ ssh/ term% lc /n/9fat 9bootfat 9pc64 oldplan9.ini plan9.ini 9pc efi/ pbs.bak term% # In this other window, the boot partition doesn't seem to be mounted. # This causes much confusion for the end user. term% lc /n 9/ 9fat/ other/ ssh/ term% lc /n/9fat term% Files The second most important aspect of 9: "Everything is a file" taken to absurdist absolutes. The kernel presents hardware devices as files bound to /dev. Within the namespace, devices are just files. Outside the namespace, devices are named with a leading # to help distinguish between pseudo-files and devices. These physical devices are bound to /dev/ and presented as files for easy administration, access, and programming. Presenting everything as a file accessible via 9p greatly reduces the total number of system calls. Examples of "Everything is a file": # The clipboard in 9 is called /dev/snarf # We can easily write and read from this clipboard term% cat /dev/snarf SYNOPSIS #include #include #include term% term% fortune > /dev/snarf term% cat /dev/snarf If at first you succeed, try to hide your astonishment. term% # The display in 9 is called /dev/screen # We can easily take a screenshot term% file /dev/screen /dev/screen: plan 9 image, depth 32, size 1366x768 term% cat /dev/screen | topng > screenshot.png term% file screenshot.png screenshot.png: PNG image term% Message oriented filesystem Continuing with the idea that "everything is a filesystem", processes can offer services to other processes by placing virtual files into other processes' namespaces. File I/O on this special virtual file becomes interprocess communication. This is similar to a UNIX socket but significantly less difficult to program against because all of the hard parts have been abstracted: it's just simple file I/O. Virtual filesystem (with more special files) The /proc filesystem presents processes as a files in a filesystem. This makes writing programs that manage process extremely easy by reducing the total number of system calls to simple file I/O. The /proc filesystem allows users to manage processes using standard command line utilities like cat(1) and ls(1). Linux borrowed the idea of a /proc filesystem. Unicode Although the implementation is not fully internationalized, UTF-8 is fully there. Unicode is fully backwards compatible with ASCII. Thanks to ⑨, we now have people writing exclusively with primitive hieroglyphics instead of words. Portability Just like UNIX, 9 was designed with portability in mind. 9 is written in a strange dialect of ANSI C which means it's portable. Although the system is self hosting, images are rarely built on a self hosting environment. Instead, the end user will download a generic amd64 or i386 image, cross compile for the obscure target architecture, wrap it up in an install image, then burn that image to an install disk. After installation, it is generally a good idea to recompile the entire operating system so that your copy is self-hosted. The compiler suite is quite clever in that each compiler is named according to the target architecture, the object files are named according to the target architecture, etc. The alnum prefix/extensions are also shared by the various linkers and assemblers. 0c spim little-endian MIPS 3000 family 1c 68000 Motorola MC68000 2c 68020 Motorola MC68020 5c arm little-endian ARM 6c amd64 AMD64 and compatibles (e.g., Intel EM64T) 7c arm64 ARM64 (ARMv8) 8c 386 Intel i386, i486, Pentium, etc. kc sparc Sun SPARC vc mips big-endian MIPS 3000 family Filesystems Multiple filesystems are supported, most suck. The only one the average tourist has heard of is FAT. The one I use is cwfs64x(4). cwfs is a strange filesystem. Every night, it makes a dump of the filesystem. You can access these dumps by running: 9fs dump cd /n/dump/YYYY/MMDD/ And, managing the file server (trying to uncorrupt cwfs), all while the kernel is spraying error messages term% con -C /srv/cwfs.cmd help check tag check ream check free check After my system crashes, and after consulting fs(8), the above commands seem to solve my corruption problems. Not always. But sometimes. The cache is a WORM: Write Once Read Many filesystem. Traditionally, the "fast" hard drives would be backed up to tape archives. In the modern era, we have a WORM partition. The worm partition stores data forever so it will eventually get full and need cleaning. It is possible to run without a WORM but it's a bad idea. Built in version control. Data integrity not guaranteed. Secstore stores various passwords to nvram. BIOS integrety not gauranteed. If you don't like thrashing the nvram and it's limited write ops, an partition can be created and mouted as if it were nvram. Factotum stores various passwords in memory (like ssh-agent) Known forks Dead: Plan 9 From Bell Labs (also called 'Labs 9', the original) 9atom (even the domain has expired) Akaros Harvey (attempt to port 9 to GCC/Clang) NIX jehanneOS node9 inferno (in permanent limbo) Life Support: 9front (actively developed, many QOL patches) 9legacy (patches applied to Labs9) Plan 9 From User Space (also called 'plan9port', you will be laughed at) 9front is really the only 'usable' one because the QOL modifications add important things like general stability, git client, mercurial, ssh, various emulators, audio, WiFi, and USB support. Using 9 What does the 9 experience actually look like in 2022? You put 9 in a VM, posted a screenshot, shutdown the VM, then continued using Ubuntu because you can't play video games or easily watch videos online in 9. Hardware support in 9front is expanding but still limited. Refer to the list of supported hardware. I run 9front on a Thinkpad x220 and it seems to just work. Some people run it on a Raspi but I'm not sure why. It works quite well with KVM and QEMU if you're an OS tourist. I see no reason to add a dmesg because it will either work or it won't. Available software GNU might not be UNIX but 9 isn't even trying to be UNIX-like. GUI Unlink UNIX, 9 was designed with graphics in mind. Some people have said that the 9 GUI looks similar to a smalltalk machine but I think it's just the only good stacking window manager. A three button mouse is necessary for using 9front. Shift-rightclick emulates middle click. Rio Rio is the Plan 9 windowing system. It's the successor to 8½ window manager. Rio is lightweight compared to X11 because access to graphical hardware is built into the kernel and using files+namespaces to access input devices. The most brief way of explaining rio is to think of it as a rectangle multiplexer, where each rectangle is served a file interface (9p). Although rectangles might seem counterintuitive at first, thinking less hard makes it easier to use. I still have difficulty efficiently using a mouse-centric interface after using terminal interfaces almost exclusively for many years. I dislike the windows way of using a mouse but the 9 way seems to make quite a lot of sense when I "think less hard" and allow the intuition to take control. The argument for mouse-centric computing and text editing is that it's faster. Of course, the average vim user is editing text faster than the speed of thought but most people aren't the average vim user. Instead, they only know how to use arrow keys to move a cursor. Without memorizing hundreds of vim bindings (and forgetting the names and birth dates of your family members in the process), obviously a mouse is faster. Mouse controls are confusing at first because they follow the "click and hold, hover to option, release" to select an option. They look something like follows: Right click (window management controls) New Resize Move Delete Hide Middle click (text manipulation controls) cut paste snarf (copy highlighted text) plumb (send highlighted text to process, or, more effectively: open file with appropriate program) look (search for highlighted text) send (run highlighted text as a shell command) scroll (toggle autoscroll/noautoscroll) The left click button is used to select text and windows. The concept of mouse-chording is also prominent in rio but it's even more difficult to explain without a visual demonstration. Rio and it's windows also support UNIX style keyboard shortcuts: ^-u deletes from cursor to start of line ^-w deletes word before cursor ^-h deletes the character before the cursor ^-a moves the cursor to the start of the line ^-e moves the cursor to the end of the line ^-b moves the cursor back to the prompt ^-f is the autocomplete key, functionally equivalent to tab completion ^? (DEL key) is the equivalent to ^-c on UNIX Additionally, in a text window, the arrow keys and PgUp/PgDown keys behave as expected. The home/end keys scroll the window to the top/bottom of the text buffer respectively. These text windows have a built in pager so there is no more or less command. I can't decide if I like built in paging but it's definitely a thing to think about. The colorscheme of rio is dull and pastel and this is intentional. Less vibrant color schemes seem to fade away and become less obvious. Color themes like Tango, Linux Console, Solarized, all of KDE, and WIndows XP are very obvious but not in a good way. Bright colors are subtly distracting and make it difficult to concentrate. When I'm configuring a UNIX system with dwm, I borrow Rio's color theme because it's an anti-theme. Give it time. It's charming in it's own way. Modifying the source code for rio allows for custom color themes. It's possible but you will be laughed at. Setting a wallpaper is also possible but I don't do this because my windows are always covering the dull gray background. As for X11, the equis X11 server can only be run via linux compat layers. The lack of a viable X server is yet another reason 9 has no programs. Command Line Utilities The shell on 9 is called rc(1). It's like any other shell you've used except that you expect it to be bourne-like but it isn't. Standard UNIX shell concepts like pipes, file redirects, && and ||, etc. Scripting is not POSIX-like at all so reading the man page and various scripts written in rc is the only way to learn. Other various UNIX utilities exist and function as expected (although some of the ones you would like are missing). awk, grep, sed, cat, tar, gzip, ed, etc are present. Editors There are three primary ways of editing text on 9: ed(1), sam(1), and acme(1). There is no vi aside from the MIPS emulator, there is no emacs except for a man page explaining why there is no emacs. I have primarily used acme in the past, but sam is a much better editor. sam is a lot like a graphical version of ed. I still need to learn ed because it's the standard editor. Some of the standard vi commands are available and regex works. I like sam quite a lot but it seems to corrupt files when the system crashes. acme is a window manager, file browser, terminal emulator, and email client that some people use as a text editor. The coolest part about acme is the ability to write arbitrary editor and system commands in the menu bar, highlight them, then middle click to execute those commands. (Some of the ) Supported Networking Protocols IMAP good luck NTP IRC ircrc other non-default implementations exist FTP HTTP mothra is the standard web browser. It does not support CSS or all of the HTML tags. Obviously, javascript is unsupported. abaco exists. I've used it a few times. It renders slightly better than mothra but is a pain to use. Various inferno vaporware exists but the ports don't work NetSurf has been ported to 9front by leveraging components of APE. It almost works hget, like curl SSH it only works in conjunction with the vt(1) command. sshfs sshnet for proxying traffic VNC Various torrent software (magnet links not supported) Drawterm no, good luck, you will be laughed at Of course, 9p A Security aside Various server implementations for these protocols exist but you really shouldn't use them on the WAN as they are ancient, unmaintained, unaudited, and easy to exploit. Prime example: the /g/entoomen found a path traversal vulnerability in the 9front httpd server, then leveraged that vuln to exploit a vuln in the authentication system. Not that the boys back home did anything malicious with this bug . . . but the ability to pwn a system by sending cleverly crafted GET requests should tell you enough about the current state of security in 9. Firewall no Disk Encryption unreliable Access control what? filesystem cwfs has an poorly documented special user called none that is allowed to connect to fossil, cwfs, and maybe hjfs without a password. Set the nonone option in cwfs if you are even thinking about putting 9 on the internet. Don't even think about putting 9 on the internet UNIX compat layer (ape) APE is the ANSI POSIX Emulator. It doesn't work and is almost entirely empty. Lots of tiny programs to write, not much interest in writing lots of tiny program. There is a general attitude among 9 users that "9 is unique" porting POSIX libs to 9 would ruin the appeal. I almost think I agree with this sentiment. Emulation Linux don't GameBoy GameBoyAdvance NES SNES Sega MegaDrive/Genesis c64 vmx, a PC emulator (effectively virtualization) It's slow it almost works it crashes your system cwfs gets corrupted "runs" OpenBSD, Linux, and ancient Windows with graphics support and also various emulators for obscure architectures VCS Mercurial used to come with 9front but it has been removed. CVS does exist but not in the base system. A native git implementation exists and is in the base system. It's bare bones but it mostly works. Community Maintained Software The 9front community has been collecting known programs for some time and various other community software can be found in the wiki. Both are served as a ports system, similar to a BSD style ports system. There are no binary packages. Makefiles are broken. Programming Languages mkfiles 9 ships a program called mk(1). Syntax (in the simplest ways) is identical to UNIX make(1). The Absurdities of 9 C Plan 9 C is syntactically similar to ANSI C but it varies. The stdlibs on 9 are much simpler than the POSIX monster. /* POSIX C example */ #include int main(){ printf("hello, worldn"); return 0; } /* 9 C example */ #include #include void main(){ print("hello, worldn"); exits(0); } u.h contains CPU specific instructions, libc.h contains all of the system calls, time functions, math functions, unicode functions, and print functions. In contrast to POSIX, functions in 9c return strings instead of ints. # Compiling on UNIX $ cc main.c $ ./a.out hello, world $ # Compiling on 9 % 6c main.c % 6l main.6 % 6.out hello, world % In the 9 compiler example, I'm using the amd64 compiler and linker. Notice how the 6 persists as the prefix/suffix to help developers remember which architecture this specific program is written for. Instead of unspecific object files with a .o suffix, the object file's suffix is actually representative of what types of opcodes the file contains. Similarly, after linking, the 6. prefix tells us that the binary is for an amd64 processor. And also, the simplest UNIX program with buffers: read from stdin and write directly to stdout: /* POSIX C */ #include int main(int argc, char *argv[]){ char buf[32]; size_t bufs = sizeof(char)*32; size_t nread = 0; while((nread = fread(buf, 1, bufs, stdin)) > 0){ fwrite(buf, 1, nread, stdout); } return 0; } /* Plan 9 C */ #include #include void main(int argc, char *argv[]){ char buf[32]; char bufs = sizeof(char)*32; int nread = 0; while((nread = read(0, buf, bufs)) > 0){ write(1, buf, nread); } exits(0); } In 9, stdin is file descriptor 0, stdout is 1, and stderr is 2. And, the binary sizes betwen the two. You probably recognize a.out, this one was compiled with GCC. 6.out is an amd64 Plan 9 binary compiled on 9. $ ls -sh ./*.out 4.0K ./6.out 28K ./a.out Binaries on plan 9 are statically linked. It's somewhat strange to see that a statically linked binary is smaller than a dynamically linked one. Even compiling the plan 9 source on Linux using plan9port yeilds a large binary: 40K. I have not written 9C in a long time so I cannot say much more with confidence and authority. Refer to C Programming in Plan 9 from Bell Labs for more information. The acid(1) debugger exists but it's hard to use if you're not fluent in assembly. Ancient Go Ancient Go once ran on 9. In 2022, you're better off just writing C and rc. WiFi Some wifi cards are supported on 9front. My thinkpad x220 uses the iwl drivers. The FQA is somewhat vague when it comes to actually using the drivers. Good luck :) Why isn't 9 more popular if it supposedly improves on "bad Unix ideas"? Unix is 'just good enough' 9 is not 'better enough' to beat out 'just good enough' Porting software is difficult^impossible because 9 was deliberately written to be not backwards compatible. "If you port it, they will come" 9 is uncomfortable to use if you have Unix muscle memory no modern web browser no video games (I'm pretty sure there are doom and quake source ports though) multimedia consumption is hard no GNU Why do people use 9 if it's so bad? I can't be sure about all other ~20 Plan 9 fans in the world, but for myself, it's purely out of a genuine curiosity and love for computing. My motivation for learning obscure, unnecessary, and quite frankly boring things related to computers is that it brings me some sense of satisfaction/accomplishment/enjoyment. Linux stopped being fun for me when I came to the realization that all distributions are fundamentally the same. I started exploring the BSD world only to realize that all UNIX-like operating systems are fundamentally the same. Although BSD remains a store of fun for me, I occasionally feel burned out on UNIX even if it's an abstract idea/experience/codebase I cherish. When I sit down at a computer my goal is always to discover something new, learn a new concept, explore alternative paradigms, and, most of all, to have fun in the process. For most people, 9 is a tourist experience. For me, it's the final frontier. Although I have yet to learn as much about 9 as I have about UNIX, every time I swap hard drives and boot into 9 I feel a sense of coming home. Sometimes I think I am wilfully resisting becoming a 9 expert because it will result in me struggling to find the next non-bad OS paradigm to explore. And when I think about "using a computer", what do I really do on the computer? I learn about it, learn about the software running on it, and proceed to write about it so that I can reinforce the ideas in a Feynman-esque way. I'm not really providing a real tangible value to the world because it's purely a "hey, here's the things I learned the hard way so you don't have to". Conclusion: How do I do xyz on 9? don't. search engines won't help. Man pages won't help. /sys/doc might help. Reading the source code won't help. have fun :) Or consider: term% vt -xb term% ssh user@host $ tmux a $ reset # some commands $ reset # some commands $ reset Alternatively: term% vncv host:display Further reading: 9front FQA. Very humorous, good information read the papers in /sys/doc or on cat-v.org Plan 9: Not dead, Just resting A visual demonstration of rio A visual demonstration of acme C Programming in Plan 9 from Bell Labs Plan 9 Desktop Guide. Might be useful for someone. Not too useful for me. Man pages are better. C04tl3 youtube channel. Lots of cool videos with information. Introduction to Operating System Abstractions using Plan 9 from Bell Labs SDF public Plan 9 server
Advocating for FreeBSD in 2022 and Beyond, NetBSD 9.3 released, OPNsense 22.7 available, CHERI-based computer runs KDE for the first time, Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac, and more Notes This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Advocating for FreeBSD in 2022 and Beyond (https://freebsdfoundation.org/blog/advocating-for-freebsd-in-2022-and-beyond/) NetBSD 9.3 released (http://blog.netbsd.org/tnf/entry/netbsd_9_3_released) News Roundup OPNsense 22.7 released (https://forum.opnsense.org/index.php?topic=29507.0) CHERI-based computer runs KDE for the first time (https://www.theregister.com/2022/07/26/cheri_computer_runs_kde/) Guide: Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac (https://gist.github.com/ctsrc/a1f57933a2cde9abc0f07be12889f97f) Beastie Bits • [In -current, dhclient(8) now just logs warnings and executes ifconfig(8)](http://undeadly.org/cgi?action=article;sid=20220703114819) • [Freshly installed #NetBSD 4.0.1 booting on a 80386 DX40 with 8MB of RAM in 2022](https://twitter.com/lefinnois/status/1553246084675375104) • [nerdctl](https://twitter.com/woodsb02/status/1554481441060560898?s=28&t=8K7_A1RiWnCDU_Mme4_Yqw) • [Even more Randomness](https://undeadly.org/cgi?action=article;sid=20220731110742) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
The one shared secret behind some of the world's most powerful open-source projects. Brent's Node (not ready yet... Still syncing!): 03cf7e9b79a3230749db642ad690889065ec35b9ded184266d4fce424ab75470fc
This week Camila dives into the details on some of the most prolific buzzwords flying around the cybersecurity community, plus we cover security updates for BlueZ, the Linux kernel, Intel Microcode, QEMU, Apache and more.
SUSE Enterprise is already switching to the new NVIDIA open kernel driver, a Matrix-powered Walkie-Talkie, and the details on Apple's Rosetta for Linux.
SUSE Enterprise is already switching to the new NVIDIA open kernel driver, a Matrix-powered Walkie-Talkie, and the details on Apple's Rosetta for Linux.
On this episode of This Week in Linux: Ubuntu 22.04 LTS & Ubuntu Flavours, AlmaLinux 9 Beta, Framework Laptop, TUXEDO Stellaris 15, Shuttleworth on Flatpaks in Ubuntu, KDE Gear 22.04, SDL2 Reverts Its Wayland Preference, QEMU 7.0. All that and much more on Your Weekly Source for Linux GNews! Chapters 00:00 = Welcome to TWIL […]
Has Fedora pulled ahead of Ubuntu? We take a look at the new Fedora 36 and Ubuntu 22.04 releases. Special Guest: Alex Kretzschmar.
Why Dirty Pipe is a dirty dog, the explosive adoption of Linux at AMD, and an important update on elementary OS.
Why Dirty Pipe is a dirty dog, the explosive adoption of Linux at AMD, and an important update on elementary OS.
Why Dirty Pipe is a dirty dog, the explosive adoption of Linux at AMD, and an important update on elementary OS.
A desktop from Linux past has a surprising update this week, AlmaLinux pulls ahead of the pack, and Canonical ships software for the Apple M1. Plus, the new tech in SteamOS 3 that might make it a great desktop OS.
Apple M1 Linux development reaches a key milestone and boots a usable desktop; Ubuntu reveals a new product, and the secret SUSE project that leaked this week. Plus, the essential RISC-V code landing in the Linux kernel.
On this episode of This Week in Linux, we've got a ton of news to cover with some big news from Audacity in that the project has been acquired by the Muse Group, Ubuntu 16.04 Reaches End of LIfe . . . we'll sort of. Then we'll check out some great hardware news from IBM & also from Star Labs. In App News this week, we've got new releases from MusE Digital Audio Workstation, Kdenlive 21.04, QEMU 6.0 and more. We're also going to do a follow up to some news last week related to Humble Bundle and so much more including new version of WINE and Proton and even a milestone for the Linux kernel to celebrate. All that and much more on Your Weekly Source for Linux GNews! SPONSORED BY: Digital Ocean ►► https://do.co/dln Bitwarden ►► https://bitwarden.com/dln TWITTER ►► https://twitter.com/michaeltunnell MASTODON ►► https://mastodon.social/@MichaelTunnell DLN COMMUNITY ►► https://destinationlinux.network/contact FRONT PAGE LINUX ►► https://frontpagelinux.com MERCH ►► https://dlnstore.com BECOME A PATRON ►► https://tuxdigital.com/contribute This Week in Linux is produced by the Destination Linux Network: https://destinationlinux.network SHOW NOTES ►► https://tuxdigital.com/twil150 00:00 = Welcome to TWIL 150 01:18 = Linux Kernel Reaches 1 Million+ Git Commits 03:07 = Muse Group Acquires Audacity 11:28 = Ubuntu 16.04 End of Life . . . Sort Of 17:34 = Salient OS, Nitrux, UwUntu (Lightning Round) 21:11 = Digital Ocean: VPS / App Platform ( https://do.co/dln ) 22:41 = RISC-V Giveaway: 1,000 RISC-V Dev Boards 26:07 = Kdenlive 21.04 Released 29:56 = MusE 4.0 Released (DAW) 32:17 = QEMU 6.0 Released 34:44 = Bitwarden Password Manager ( https://bitwarden.com/dln ) 37:20 = Humble Bundle Bringing Back Sliders 40:53 = IBM Develops ‘World's First' 2nm Chip 44:10 = StarBook Mk V Linux Laptop 48:54 = WINE 6.8 & Proton 6.3-3 Released 51:55 = Termite Project Ends & Suggests Alacritty 56:06 = Outro Other Videos: 7 Reasons Why Firefox Is My Favorite Web Browser: https://youtu.be/bGTBH9yr8uw How To Use Firefox's Best Feature, Multi-Account Containers: https://youtu.be/FfN5L5zAJUo 5 Reasons Why I Use KDE Plasma: https://youtu.be/b0KA6IsO1M8 6 Cool Things You Didn't Know About Linux's History: https://youtu.be/u9ZY41mNB9I Thanks For Watching! Linux #TechNews #Podcast
On this episode of This Week in Linux, we've got some interesting and somewhat Rocky news for CentOS to talk about. There's a new Flatpak App Store released this week called Souk. Linux Gaming news with Cyberpunk 2077 running on Linux thanks to Proton. We've also got many new releases this week from PAPPL 1.0, OpenRGB, Qt 6.0 toolkit, CRUX Linux, and QEMU. Then we'll round out the show with some great deals from Humble Bundle. All that and much more coming up right now on Your Weekly Source for Linux GNews! SPONSORED BY: Digital Ocean ►► https://do.co/dln Bitwarden ►► https://bitwarden.com/dln TWITTER ►► https://twitter.com/michaeltunnell MASTODON ►► https://mastodon.social/@MichaelTunnell DLN COMMUNITY ►► https://destinationlinux.network/contact FRONT PAGE LINUX ►► https://frontpagelinux.com MERCH ►► https://dlnstore.com BECOME A PATRON ►► https://tuxdigital.com/contribute This Week in Linux is a Proud Member of the Destination Linux Network! https://destinationlinux.network SHOW NOTES ►► https://tuxdigital.com/twinl126 CentOS Being Replaced by CentOS Streams Rocky Linux & Other CentOS Alternatives Souk: Independent Flatpak App Store Cyberpunk 2077 Runs on Linux PAPPL 1.0 Released OpenRGB 0.5 Released Qt 6.0 Released CRUX 3.6 Released QEMU 5.2 Released Humble Bundles: Hacking, Game Dev & Music Other Videos: 6 Cool Things You Didn't Know About Linux's History: https://youtu.be/u9ZY41mNB9I How To Use Firefox's Best Feature, Multi-Account Containers: https://youtu.be/FfN5L5zAJUo Linux Explained - How Some Distros Are Based On Other Distros: https://youtu.be/OWk3D6x64tk 7 Reasons Why Firefox Is My Favorite Web Browser: https://youtu.be/bGTBH9yr8uw Thanks For Watching! Linux #OpenSource #TechNews
Can CML support multivendor topologies? Can you use other vendor VMs with CML? These are often asked questions. In this video I'm going to show you how to run a Windows 10 Virtual Machine (VM) in Cisco CML (VIRL 2). Be warned! There are a number of steps required to make this work, but it's definitely possible. This is Part 7 of my CML (VIRL 2) series showing you how to download, install and configure Cisco VIRL 2 (CML-P). The new version of Cisco VIRL allows you to create virtual Cisco networks using just your Web browser. You don't have to use a thick client or any other software - everything is included and everything is easy to use. The new version of Cisco CML is one of your best options for CCNA, CCNP and CCIE Labs. CML has multiple advantages over other platforms such as GNS3 or EVE-NG. CML supports an HTML5 web client and contains all the Cisco IOS images. You don't have to use a thick client like you do with GNS3. You don't have to follow a convoluted process to get Cisco images working like you do with EVE-NG. You don't have to try to find images as they are all included as part of your CML subscription and by simply mapping an ISO drive to your virtual machine you can immediately start using all Cisco IOS images in your topologies. Both EVE-NG and GNS3 require that you provide your own IOS images - typically they recommend that you buy a CML subscription anyway. That means that you are already paying for CML. CML (VIRL2) is also an official Cisco product - that means that you don't have to worry about any gray legal issues with regards to running Cisco IOS images on your laptop. This is an official Cisco product that is supported by Cisco. By paying your yearly subscription fee of $199, you can use Cisco IOS images such as IOSv, IOSvL2, ASAv, NX-OSv and others without any worries. CML (VIRL 2) has everything you need to get started. Disadvantages include the requirement to license your installation. That however has been simplified dramatically from previous releases. There is also a 20 node limited in topologies. However, for most of us that is fine for a lot of labs. Is VIRL better than GNS3 or EVE-NG? In many ways it is. But, all platforms have advantages and disadvantages. If you are studying for your ccie, you many prefer gns3 or eve-ng as they don't limit the number of devices in a topology like virl does. VIRL-PE limits you to 20 devices - so your topologies cannot be massive like they could with gns3 or eve ng. However, if you are studying for your ccna or ccnp, VIRL may be more than enough. Cisco have made massive changes to their certification programs and it is fantastic to see the new version of VIRL in action. Menu: Overview: 0:01 Steps: 4:17 Download Windows VMs: 7:00 Download and install QEMU: 8:32 Unzip Windows Zip file: 12:14 QEMU command to convert vmdk to qcow2: 13:17 Increase storage space on CML (VIRL 2): 15:23 Use scp to copy qcow2 file to CML: 20:45 Node and image definitions: 24:37 Add Windows VM to CML Topology: 28:57 Start Windows lab 30:15 Ping Windows from outside: 32:38 RDP (Remote Desktop to Windows VM): 33:50 PDF: https://bit.ly/cmlwindow10vm Videos: Start here for CML information: https://youtu.be/sW5-jHLygFg Cisco Modeling Labs CML-P CML-E VIRL VIRL 2 CML Cisco Modeling Labs - Personal EVE-NG GNS3 Packet Tracer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #cml #devnet #windows10
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Updates for Dell Support Assistant https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en Critical Cisco Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex LoudMiner Comes with VM https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics https://www.sans.org/reading-room/whitepapers/legal/paper/38970
We recap our devsummit experiences at BSDCambridge, share why memcmp is more complicated than expected, explore Docker on FreeBSD, and we look at a retro terminal. This episode was brought to you by Headlines BSDCam recap (https://wiki.freebsd.org/DevSummit/201708) The 2017 Cambridge DevSummit took place from 2-4 August 2017. The event took place over three days including a formal dinner at St John's College, and was attended by 55 registered developers and guests. Prior to the start of the conference, we had a doc hacking lounge, the computer lab provided a room where we could meet and try to spend some time on documentation. Sevan walked two interested people through the process of creating a documentation patch and submitting it for the first time. In the process, found ways to improve the documentation on how to write documentation. The event is run "un-conference style" in that we brainstorm the actual session schedule on the first morning, with a focus on interactive topics that reflect the interests and exploit the knowledge of the attendees. The idea is to maximize the amount of discussion and decisions that can be made while we are all in the same room The first morning, we all gather in the slightly too small, and even more slightly under air conditioned FW11 classroom. We go around the room introducing ourselves, and listing a few topics we would be interested in discussing. Eventually the whiteboard is full of topics, with various numbers of ticks beside them to indicate the number of interested people There are breakout rooms of all sizes, so even topics with only a small group of interested folks can get a lot accomplished The most difficult is trying to schedule the sessions, as there is much overlap and people usually want to be in concurrent sessions, or someone's schedule means they won't be available that day, etc. This years working groups: Toolchain (Compilers, Linkers, External Toolchain, Static analysis and sanitizers) Virtualization (bhyve, xen, jails, docker) Transport (TCP) and Network Performance Security and mitigations (W^X, noexec stack, CFI, ASLR, KASLR, Safe Stack, etc) Testing (Status, What to test, How to test, QA for releases) Capsicum (Automation with LLVM etc, Casper, Namespacing, “Services”, capsh) Desktop / WiFi (drm-next, drivers, resume, power, installer, desktop, OOB Experience) Tracing (Blackbox, DTrace, KTR, ptrace, truss, hardware tracing) Packaging and Packaged Base (Sets, Kernels, Ports & flavours, sub-packages, privlib) Architectural Security Features (CPU Features: SGX, PXN/PAN, Pointer Authentication, AMD Memory Encryption, Libcrunch, RISC-V, CheriABI) Architectures and Embedded systems (RISC-V, ARM, ARM64, MIPS(64), SPARC64) Teaching (Audiences, Objectives, Targets, Material, future directions) Provisioning and Management Tools (CfgMgmt tools, Image building, VM/bhyve orchestration, Preconfigured VMs for testing, Wishlist) Storage (ZFS status update, ZFS encryption infrastructure, ZFS Zero Copy / Sendfile, Acceleration of checksums and raidz parity calculations, sesutil, mpsutil) And that wasn't everything. We then had a series of short talklets: Enhancing and replacing mmap() SDIO support eBPF support for FreeBSD Tracing + Virtualization Practical DMA Attack Protection On Thursday night there was a special dinner at St John's College Overall it was a great DevSummit, and I even managed to get some of the work assigned to me finished. Shortly I will commit an update to the boot loader menu that will automatically populate the kernel selection menu with the automatically detected list of installed kernels. The list is also properly refreshed when you switch boot environments. *** Hosts/BSD – for when you need to run your BSD inside a penguin (https://wiki.qemu.org/index.php/Hosts/BSD) This wiki provides details on how to run each of the various BSDs under QEMU The target audience is Linux developers looking to test their apps etc under BSD The wiki is in need of some love, there are some option questions, and it lacks some polish There are instructions on building qemu from source, but it should likely mention the qemu-devel port There should probably also be instructions on using other architectures, like ARM/MIPS etc If you have used QEMU, or would like to spend the time to learn how, please help update this wiki *** memcmp -- more complicated than you might expect (http://trust-in-soft.com/memcmp-requires-pointers-to-fully-valid-buffers/) “A suspicious pattern in open-source software” One bug recently found by John using tis-interpreter on a widely used open-source library involved the comparison of strings with memcmp. The unexpected condition was that memcmp was, in one case, called with a pointer to a buffer shorter than the length passed as third argument, breaking one of the two symmetrical pre-conditions in the function's ACSL contract A reason that may have made this use of memcmp look okay to the developer is that the buffers being passed to it always differed before the end of the buffers were reached. a memcmp implementation based on stopping as soon as a difference is found, would not have caused any out-of-bounds read access The first question raised was whether the pattern memcmp("a", "bc", 3) was problematic according to the letter of the C standard. If it was, the second question was whether the busy maintainer of one of the Open Source packages that make the Internet tick should be bothered with a bug report. I would like to be able to say that memcmp's ACSL contract was the product of careful deliberation, but unfortunately this is not the case: many standard function contracts were written quickly in order to get most of the standard library covered, and have not been tested by time. Anyway, upon proofreading the relevant clause in the C11 standard, my feeling was that the ACSL formalization was, in this particular case, right, and that it was undefined behavior to pass as memcmp argument a buffer that wasn't fully valid, even if the implementation sort-of needs to read the buffer's characters in order for the purpose of finding the first mismatch. The post then goes on to look at the memcmp code in glibc There are two distinct optimizations for long buffers, one that applies when both buffers start at the same offset modulo the word size, memcmpcommonalignment, and one that applies when they don't, memcmpnotcommonalignment. The function memcmpcommonalignment is relatively well-behaved: it reads from the two buffers aligned word by aligned word, and thus reads the entire words that contain differing bytes. If the caller passed buffers that aren't valid after the differing byte, this amounts to reading out of bounds, but this sort of out-of-bounds access is not detected by the typical MMU, which works at the scale of the page. The “notcommon_alignment” case, however, tells a different story. When passed the carefully (mis-)aligned buffers t1 and (char*)t2+1, although these buffers differ in the 8th byte, Glibc's implementation of memcmp reads 8 bytes beyond the end of t1. By making the 16th byte differ instead of the 8th one, it is also possible to make Glibc's implementation of memcmp read 16 bytes beyond the end of t1. In conclusion, yes, some implementations of memcmp will crash when invoked with buffers that aren't valid for the full length, even if they differ early. The circumstances are rare (probably the reason this bug was still there to be found in a library that had already been tested with all the available techniques) but outside the programmer's control. The pattern described in this post should be reported as a bug when found. It is interesting to read the detailed analysis of a bug in such a basic libc feature *** News Roundup Docker on FreeBSD (http://daemon-notes.com/articles/network/docker) There are two approaches to running Docker on FreeBSD. First one was created back in 2015 and it was a native port of Docker engine to FreeBSD. It was an ambitious project but nobody stepped forward to continuously port the never-ending flow of upstream code to FreeBSD. So the port still exists (sysutils/docker-freebsd) but it wasn't updated since 2015 and it is Docker v1 (it is v17 as of 2017). The other approach is to use official way of running Docker on platforms other than Linux. Well, somewhat official as Docker still does not support FreeBSD as a host officially. This is docker-machine tool which in turn will use VirtualBox to run a virtual machine with Linux and Docker engine. docker utility on the host will communicate with the engine inside VB where all the work will be done. This article describes what needs to be done to start using it. Before we begin you need VirtualBox installed. Do not skip adding /boot/loader.conf and /etc/rc.conf lines mentioned on that page. You won't need user inteface or anything, docker-machine will do all the work, just make sure VirtualBox is present and ready to be used. `pkg install docker docker-machine docker-compose' Docker will store its stuff in ~/.docker. You might not want the virtual machine image files to live in your home, in this case just create a symlink: mkdir ~/.docker ln -s /storage/docker ~/.docker/machine docker-machine create --driver virtualbox --virtualbox-memory 2048 --virtualbox-cpu-count 2 --virtualbox-disk-size 102400 --virtualbox-hostonly-cidr "10.2.1.1/24" docker1 Here's the example. We are creating machine named docker1. It is using VirtualBox driver, the vm has 2G of memory, 2 cores and 100G of disk space. docker-machine setups VirtualBox to use host-only network adapter (it will create vboxnet0 interface on the host automatically) and we are instructing it to use 10.2.1.1/24 as the address of this adapter — change it to what suits your needs or omit this flag (default is 192.168.99.1/24). And basically that is all. Check if it is running: docker-machine ls If you do open VirtualBox interface you will find a virtual machine named docker1 running. You can start/stop/whatever your machine using docker-machine utility. Here's how you can connect to the machine: docker utility by default tries to talk to Docker engine running on the same host. However with specific environment variables you can instruct it to talk to other host. docker-machine can export these variables for you. eval docker-machine env docker1 docker run hello-world There was quite a bit of discussion about docker at the FreeBSD developers summit in Cambridge during the first week of August. Two docker developers who had worked on the Mac OS X port, one of whom is an OpenBSD advocate, explained how docker has evolved, and the linux-isms have been abstracted away such that a truly native docker solution for FreeBSD can be built and maintained with a lot less headache than before I look forward to seeing if we can't make that happen *** The POSIX Shell And Utilities (http://shellhaters.org/) The POSIX Shell And Utilities Compiled for The Shell Hater's Handbook *** PostgreSQL – logging to a file (http://dan.langille.org/2017/07/31/postgresql-logging-to-a-file/) These steps were carried out on FreeBSD 11.0 with PostgreSQL 9.6 (two of my favorite tools). I like logging. I like logging PostgreSQL. With logs, you can see what happened. Without, you can only guess. Setting up logging for PostgreSQL involves several parts, each of which must be completed or else I don't get what I want. This is not a criticism of PostgreSQL. It's a feature. I am documenting this because each time I configure a new PostgreSQL instance, it takes me more than one iteration to get it working. The goal: this post lets both you and me get it right the first time. The parts include: + Telling PostgreSQL to log via syslog + Telling FreeBSD to local postgres to /var/log/postgres.log (my preference). + Telling PostgreSQL the things you want logged. + Changes to postgresql.conf The file location varies with the version installed. For PostgreSQL 9.6 on FreeBSD, the file is /var/db/postgres/data96/postgresql.conf (adjust 96 according to the version installed). I made these changes to that file. log_destination = 'syslog' log_min_messages = notice log_min_error_statement = notice log_checkpoints = on log_lock_waits = on log_timezone = 'UTC' By default, PostgreSQL logs to the local0 facility and is controlled by the syslog_facility in postgresql.conf. This will be used in syslog.conf (see the next section of this post). The above mentioned changes require a reload: service postgresql reload Changes to /etc/syslog.conf Now that we have PostgreSQL logging to syslog, we want to tell syslog where to put those messages. I changed this line in /etc/syslog.conf:*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages With .notice pulling in some local0 messages, adding local0.none to the line will free the messages up for later use in the configuration file. Otherwise, the PostgreSQL messages will be in /var/log/messages. The changed line is: `.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.none /var/log/messages Then, to get the messages into my preferred location, I added this to the file: local0.* /var/log/postgresql.log` Log file rotation For rotating my log file, I added a new file: /usr/local/etc/newsyslog.conf.d/postgresql96 /var/log/postgresql.log pgsql:wheel 640 7 * $D0 GB /var/db/postgres/data96/postmaster.pid 30 Before restarting syslog, I did this, so the destination file existed. This isn't always/strictly necessary, but because the ownership is not chown root:wheel, I do it to get that part set. touch /var/log/postgresql.log chown pgsql:wheel Restarting syslog: sudo kill -HUP `sudo cat /var/run/syslog.pid ` That's it Now you should see PostgreSQL logging in /var/log/postgresql.log. mandoc-1.14.2 released (http://undeadly.org/cgi?action=article&sid=20170729122350) i just released portable mandoc-1.14.2. It is available now from http://mandoc.bsd.lv/ (http://mandoc.bsd.lv/). ```From: Ingo Schwarze schwarze@usta.de Date: Fri, 28 Jul 2017 20:12:44 +0200 To: discuss@mandoc.bsd.lv Subject: mandoc-1.14.2 released Hi, i just released portable mandoc-1.14.2. It is available now from http://mandoc.bsd.lv/ . All downstream maintainers are encouraged to update their ports and packages from 1.14.1 to 1.14.2. Mandoc 1.14.2 is a feature release introducing: a new -Tmarkdown output mode anchors for deep linking into -Thtml manual pages a superset of the functionality of the former mdoclint(1) utility a new -Wstyle message level with several new messages automatic line breaking inside individual tbl(7) cells a rewrite of the eqn(7) lexer, and some eqn(7) rendering improvements support for many additional low-level roff(7) features and various smaller features and bug fixes. For more details, see: http://mandoc.bsd.lv/NEWS With the improved mandoc features, only twenty-five out of the ten thousand software packages in the OpenBSD ports tree still need groff to format their manual pages. Since the project has been called "mandoc" rather than "mdocml" for several years now, the website, the distribution tarball, and the source extraction directory are now also called "mandoc" rather than "mdocml". The release was tested on the following systems: + OpenBSD-current and OpenBSD-stable + NetBSD-current + illumos + Debian Linux + Void Linux x86_64 glibc and musl + Crux Linux + SunOS 5.11.2, 5.10, and 5.9 As before, catman(8) and the regression suite cannot be used on SunOS 5.10 and SunOS 5.9. A big thanks to everybody who provided patches, bug reports, feature suggestions, advice, and help with testing! Yours, Ingo``` Beastie Bits A good looking terminal emulator which mimics the old cathode display. Available in x11/cool-retro-terminal (https://github.com/Swordfish90/cool-retro-term) Milestone Complete! OpenRC conversion (https://www.trueos.org/blog/milestone-complete-openrc-conversion/) Healthy developer interaction between FreeBSD and IllumOS re: mdb (https://illumos.topicbox.com/groups/developer/discussions/T5eae6079331c4df4) Large Batch of Kernel Errata Patches Released (http://undeadly.org/cgi?action=article&sid=20170804053102) opnsense 17.7 released (https://opnsense.org/opnsense-17-7-released/) Twitter Co-Founder and CEO states “FreeBSD rules them all” (https://twitter.com/jack/status/892605692317650944) Hurry up and register for vBSDCon September 7-9 (http://www.verisign.com/en_US/internet-technology-news/verisign-events/vbsdcon/index.xhtml?dmn=vBSDcon.com) and EuroBSDCon September 21-24 (https://2017.eurobsdcon.org/) *** Feedback/Questions Dominik - Monitoring Software (http://dpaste.com/08971FQ) Darren - Wonderful Awk (http://dpaste.com/0YCS4DN) Andrew - Thanks (http://dpaste.com/0ZREKTV) Jens - Migration Questions (http://dpaste.com/1GVZNWN) ***
This week on BSD Now, we review the EuroBSDcon schedule, we explore the mysteries of Docker on OpenBSD, and show you how to run PostgreSQL on ZFS. This episode was brought to you by Headlines EuroBSDcon 2017 - Talks & Schedule published (https://2017.eurobsdcon.org/2017/05/26/talks-schedule-published/) The EuroBSDcon website was updated with the tutorial and talk schedule for the upcoming September conference in Paris, France. Tutorials on the 1st day: Kirk McKusick - An Introduction to the FreeBSD Open-Source Operating System, George Neville-Neil - DTrace for Developers, Taylor R Campbell - How to untangle your threads from a giant lock in a multiprocessor system Tutorials on the 2nd day: Kirk continues his Introduction lecture, Michael Lucas - Core concepts of ZFS (half day), Benedict Reuschling - Managing BSD systems with Ansible (half day), Peter Hessler - BGP for developers and sysadmins Talks include 3 keynotes (2 on the first day, beginning and end), another one at the end of the second day by Brendan Gregg Good mixture of talks of the various BSD projects Also, a good amount of new names and faces Check out the full talk schedule (https://2017.eurobsdcon.org/talks-schedule/). Registration is not open yet, but will be soon. *** OpenBSD on the Xiaomi Mi Air 12.5" (https://jcs.org/2017/05/22/xiaomiair) The Xiaomi Mi Air 12.5" (https://xiaomi-mi.com/notebooks/xiaomi-mi-notebook-air-125-silver/) is a basic fanless 12.5" Ultrabook with good build quality and decent hardware specs, especially for the money: while it can usually be had for about $600, I got mine for $489 shipped to the US during a sale about a month ago. Xiaomi offers this laptop in silver and gold. They also make a 13" version but it comes with an NVidia graphics chip. Since these laptops are only sold in China, they come with a Chinese language version of Windows 10 and only one or two distributors that carry them ship to the US. Unfortunately that also means they come with practically no warranty or support. Hardware > The Mi Air 12.5" has a fanless, 6th generation (Skylake) Intel Core m3 processor, 4Gb of soldered-on RAM, and a 128Gb SATA SSD (more on that later). It has a small footprint of 11.5" wide, 8" deep, and 0.5" thick, and weighs 2.3 pounds. > A single USB-C port on the right-hand side is used to charge the laptop and provide USB connectivity. A USB-C ethernet adapter I tried worked fine in OpenBSD. Whether intentional or not, a particular design touch I appreciated was that the USB-C port is placed directly to the right of the power button on the keyboard, so you don't have to look or feel around for the port when plugging in the power cable. > A single USB 3 type-A port is also available on the right side next to the USB-C port. A full-size HDMI port and a headphone jack are on the left-hand side. It has a soldered-on Intel 8260 wireless adapter and Bluetooth. The webcam in the screen bezel attaches internally over USB. > The chassis is all aluminum and has sufficient rigidity in the keyboard area. The 12.5" 1920x1080 glossy IPS screen has a fairly small bezel and while its hinge is properly weighted to allow opening the lid with one hand (if you care about that kind of thing), the screen does have a bit of top-end wobble when open, especially when typing on another laptop on the same desk. > The keyboard has a roomy layout and a nice clicky tactile with good travel. It is backlit, but with only one backlight level. When enabled via Fn+F10 (which is handled by the EC, so no OpenBSD support required), it will automatically shut off after not typing for a short while, automatically turning back once a key is pressed. Upgrades > An interesting feature of the Mi Air is that it comes with a 128Gb SATA SSD but also includes an open PCI-e slot ready to accept an NVMe SSD. > I upgraded mine with a Samsung PM961 256Gb NVMe SSD (left), and while it is possible to run with both drives in at the same time, I removed the Samsung CM871a 128Gb SATA (right) drive to save power. > The bottom case can be removed by removing the seven visible screws, in addition to the one under the foot in the middle back of the case, which just pries off. A spudger tool is needed to release all of the plastic attachment clips along the entire edge of the bottom cover. > Unfortunately this upgrade proved to be quite time consuming due to the combination of the limited UEFI firmware on the Mi Air and a bug in OpenBSD. A Detour into UEFI Firmware Variables > Unlike a traditional BIOS where one can boot into a menu and configure the boot order as well as enabling and disabling options such as "USB Hard Drive", the InsydeH2O UEFI firmware on the Xiaomi Air only provides the ability to adjust the boot order of existing devices. Any change or addition of boot devices must be done from the operating system, which is not possible under OpenBSD. > I booted to a USB key with OpenBSD on it and manually partitioned the new NVME SSD, then rsynced all of the data over from the old drive, but the laptop would not boot to the new NVME drive, instead showing an error message that there was no bootable OS. > Eventually I figured out that the GPT table that OpenBSD created on the NVMe disk was wrong due to a [one-off bug in the nvme driver](https://github.com/openbsd/src/commit/dc8298f669ea2d7e18c8a8efea509eed200cb989) which was causing the GPT table to be one sector too large, causing the backup GPT table to be written in the wrong location (and other utilities under Linux to write it over the OpenBSD area). I'm guessing the UEFI firmware would fail to read the bad GPT table on the disk that the boot variable pointed to, then declare that disk as missing, and then remove any variables that pointed to that disk. OpenBSD Support > The Mi Air's soldered-on Intel 8260 wireless adapter is supported by OpenBSD's iwm driver, including 802.11n support. The Intel sound chip is recognized by the azalia driver. > The Synaptics touchpad is connected via I2C, but is not yet supported. I am actively hacking on my dwiic driver to make this work and the touchpad will hopefully operate as a Windows Precision Touchpad via imt so I don't have to write an entirely new Synaptics driver. > Unfortunately since OpenBSD's inteldrm support that is ported from Linux is lagging quite a bit behind, there is no kernel support for Skylake and Kaby Lake video chips. Xorg works at 1920x1080 through efifb so the machine is at least usable, but X is not very fast and there is a noticeable delay when doing certain redrawing operations in xterm. Screen backlight can be adjusted through my OpenBSD port of intel_backlight. Since there is no hardware graphics support, this also means that suspend and resume do not work because nothing is available to re-POST the video after resume. Having to use efifb also makes it impossible to adjust the screen gamma, so for me, I can't use redshift for comfortable night-time hacking. Flaws > Especially taking into account the cheap price of the laptop, it's hard to find faults with the design. One minor gripe is that the edges of the case along the bottom are quite sharp, so when carrying the closed laptop, it can feel uncomfortable in one's hands. > While all of those things could be overlooked, unfortunately there is also a critical flaw in the rollover support in the keyboard/EC on the laptop. When typing certain combinations of keys quickly, such as holding Shift and typing "NULL", one's fingers may actually hold down the Shift, N, and U keys at the same time for a very brief moment before releasing N. Normally the keyboard/EC would recognize U being pressed after N is already down and send an interrupt for the U key. Unfortunately on this laptop, particular combinations of three keys do not interrupt for the third key at all until the second key is lifted, usually causing the third key not to register at all if typed quickly. I've been able to reproduce this problem in OpenBSD, Linux, and Windows, with the combinations of at least Shift+N+U and Shift+D+F. Holding Shift and typing the two characters in sequence quickly enough will usually fail to register the final character. Trying the combinations without Shift, using Control or Alt instead of Shift, or other character pairs does not trigger the problem. This might be a problem in the firmware on the Embedded Controller, or a defect in the keyboard circuitry itself. As I mentioned at the beginning, getting technical support for this machine is difficult because it's only sold in China. Docker on OpenBSD 6.1-current (https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110) Dave Voutila writes: So here's the thing. I'm normally a macOS user…all my hardware was designed in Cupertino, built in China. But I'm restless and have been toying with trying to switch my daily machine over to a non-macOS system sort of just for fun. I find Linux messy, FreeBSD not as Apple-laptop-friendly as it should be, and Windows a non-starter. Luckily, I found a friend in Puffy. Switching some of my Apple machines over to dual-boot OpenBSD left a gaping hole in my workflow. Luckily, all the hard work the OpenBSD team has done over the last year seems to have plugged it nicely! OpenBSD's hypervisor support officially made it into the 6.1 release, but after some experimentation it was rather time consuming and too fragile to get a Linux guest up and running (i.e. basically the per-requisite for Docker). Others had reported some success starting with QEMU and doing lots of tinkering, but after a wasted evening I figured I'd grab the latest OpenBSD snapshot and try what the openbsd-misc list suggested was improved Linux support in active development. 10 (11) Steps to docker are provided Step 0 — Install the latest OpenBSD 6.1 snapshot (-current) Step 1 — Configure VMM/VMD Step 2 — Grab an Alpine Linux ISO Step 3 — Make a new virtual disk image Step 4 — Boot Alpine's ISO Step 5 — Inhale that fresh Alpine air Step 6 — Boot Alpine for Reals Step 7 — Install Docker Step 8 — Make a User Step 9 — Ditch the Serial Console Step 10 — Test out your Docker instance I haven't done it yet, but I plan on installing docker-compose via Python's pip package manager. I prefer defining containers in the compose files. PostgreSQL + ZFS Best Practices and Standard Procedures (https://people.freebsd.org/~seanc/postgresql/scale15x-2017-postgresql_zfs_best_practices.pdf) Slides from Sean Chittenden's talk about PostgreSQL and ZFS at Scale 15x this spring Slides start with a good overview of Postgres and ZFS, and how to use them together To start, it walks through the basics of how PostgreSQL interacts with the filesystem (any filesystem) Then it shows the steps to take a good backup of PostgreSQL, then how to do it even better with ZFS Then an intro to ZFS, and how Copy-on-Write changes host PostgreSQL interacts with the filesystem Overview of how ZFS works ZFS Tuning tips: Compression, Recordsize, atime, when to use mostly ARC vs sharedbuffer, plus pgrepack Followed by a discussion of the reliability of SSDs, and their Bit Error Rate (BER) A good SSD has a 4%/year chance of returning the wrong data. A cheap SSD 34% If you put 20 SSDs in a database server, that means 58% (Good SSDs) to 99.975% (Lowest quality commercially viable SSD) chance of an error per year Luckily, ZFS can detect and correct these errors This applies to all storage, not just SSDs, every device fails More Advice: Use quotas and reservations to avoid running out of space Schedule Periodic Scrubs One dataset per database Backups: Live demo of rm -rf'ing the database and getting it back Using clones to test upgrades on real data Naming Conventions: Use a short prefix not on the root filesystem (e.g. /db) Encode the PostgreSQL major version into the dataset name Give each PostgreSQL cluster its own dataset (e.g. pgdb01) Optional but recommended: one database per cluster Optional but recommended: one app per database Optional but recommended: encode environment into DB name Optional but recommended: encode environment into DB username using ZFS Replication Check out the full detailed PDF and implement a similar setup for your database needs *** News Roundup TrueOS Evolving Its "Stable" Release Cycle (https://www.trueos.org/blog/housekeeping-update-infrastructure-trueos-changes/) TrueOS is reformulating its Stable branch based on feedback from users. The goal is to have a “release” of the stable branch every 6 months, for those who do not want to live on the edge with the rapid updates of the full rolling release Most of the TrueOS developers work for iX Systems in their Tennessee office. Last month, the Tennessee office was moved to a different location across town. As part of the move, we need to move all our servers. We're still getting some of the infrastructure sorted before moving the servers, so please bear with us as we continue this process. As we've continued working on TrueOS, we've heard a significant portion of the community asking for a more stable “STABLE” release of TrueOS, maybe something akin to an old PC-BSD version release. In order to meet that need, we're redefining the TrueOS STABLE branch a bit. STABLE releases are now expected to follow a six month schedule, with more testing and lots of polish between releases. This gives users the option to step back a little from the “cutting edge” of development, but still enjoy many of the benefits of the “rolling release” style and the useful elements of FreeBSD Current. Critical updates like emergency patches and utility bug fixes are still expected to be pushed to STABLE on a case-by-case basis, but again with more testing and polish. This also applies to version updates of the Lumina and SysAdm projects. New, released work from those projects will be tested and added to STABLE outside the 6 month window as well. The UNSTABLE branch continues to be our experimental “cutting edge” track, and users who want to follow along with our development and help us or FreeBSD test new features are still encouraged to follow the UNSTABLE track by checking that setting in their TrueOS Update Manager. With boot environments, it will be easy to switch back and forth, so you can have the best of both worlds. Use the latest bleeding edge features, but knowing you can fall back to the stable branch with just a reboot As TrueOS evolves, it is becoming clearer that one role of the system is to function as a “test platform” for FreeBSD. In order to better serve this role, TrueOS will support both OpenRC and the FreeBSD RC init systems, giving users the choice to use either system. While the full functionality isn't quite ready for the next STABLE update, it is planned for addition after the last bit of work and testing is complete. Stay tuned for an upcoming blog post with all the details of this change, along with instructions how to switch between RC and OpenRC. This is the most important change for me. I used TrueOS as an easy way to run the latest version of -CURRENT on my laptop, to use it as a user, but also to do development. When TrueOS deviates from FreeBSD too much, it lessens the power of my expertise, and complicates development and debugging. Being able to switch back to RC, even if it takes another minute to boot, will bring TrueOS back to being FreeBSD + GUI and more by default, instead of a science project. We need both of those things, so having the option, while more work for the TrueOS team, I think will be better for the entire community *** Logical Domains on SunFire T2000 with OpenBSD/sparc64 (http://www.h-i-r.net/2017/05/logical-domains-on-sunfire-t2000-with.html) A couple of years ago, I picked up a Sun Fire T2000. This is a 2U rack mount server. Mine came with four 146GB SAS drives, a 32-core UltraSPARC T1 CPU and 32GB of RAM. Sun Microsystems incorporated Logical Domains (LDOMs) on this class of hardware. You don't often need 32 threads and 32GB of RAM in a single server. LDOMs are a kind of virtualization technology that's a bit closer to bare metal than vmm, Hyper-V, VirtualBox or even Xen. It works a bit like Xen, though. You can allocate processor, memory, storage and other resources to virtual servers on-board, with a blend of firmware that supports the hardware allocation, and some software in userland (on the so-called primary or control domain, similar to Xen DomU) to control it. LDOMs are similar to what IBM calls Logical Partitions (LPARs) on its Mainframe and POWER series computers. My day job from 2006-2010 involved working with both of these virtualization technologies, and I've kind of missed it. While upgrading OpenBSD to 6.1 on my T2000, I decided to delve into LDOM support under OpenBSD. This was pretty easy to do, but let's walk through it Resources: The ldomctl(8) man page (http://man.openbsd.org/OpenBSD-current/man8/sparc64/ldomctl.8) tedu@'s write-up on Flak (for a different class of server) (http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120) A Google+ post by bmercer@ (https://plus.google.com/101694200911870273983/posts/jWh4rMKVq97) Once you get comfortable with the fact that there's a little-tiny computer (the ALOM) powered by VXWorks inside that's acting as the management system and console (there's no screen or keyboard/mouse input), Installing OpenBSD on the base server is pretty straightforward. The serial console is an RJ-45 jack, and, yes, the ubiquitous blue-colored serial console cables you find for certain kinds of popular routers will work fine. OpenBSD installs quite easily, with the same installer you find on amd64 and i386. I chose to install to /dev/sd0, the first SAS drive only, leaving the others unused. It's possible to set them up in a hardware RAID configuration using tools available only under Solaris, or use softraid(4) on OpenBSD, but I didn't do this. I set up the primary LDOM to use the first ethernet port, em0. I decided I wanted to bridge the logical domains to the second ethernet port. You could also use a bridge and vether interface, with pf and dhcpd to create a NAT environment, similar to how I networked the vmm(4) systems. Create an LDOM configuration file. You can put this anywhere that's convenient. All of this stuff was in a "vm" subdirectory of my home. I called it ldom.conf: domain primary { vcpu 8 memory 8G } domain puffy { vcpu 8 memory 4G vdisk "/home/axon/vm/ldom1" vnet } Make as many disk images as you want, and make as many additional domain clauses as you wish. Be mindful of system resources. I couldn't actually allocate a full 32GB of RAM across all the LDOMs I eventually provisioned seven LDOMs (in addition to the primary) on the T2000, each with 3GB of RAM and 4 vcpu cores. If you get creative with use of network interfaces, virtual ethernet, bridges and pf rules, you can run a pretty complex environment on a single chassis, with services that are only exposed to other VMs, a DMZ segment, and the internal LAN. A nice tutorial, and an interesting look at an alternative platform that was ahead of its time *** documentation is thoroughly hard (http://www.tedunangst.com/flak/post/documentation-is-thoroughly-hard) Ted Unangst has a new post this week about documentation: Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control A fine example is the old OpenBSD install instructions. Once you've installed OpenBSD once or twice, the process is quite simple, but you'd never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you've already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask. Part of the problem is how the information is organized. Theoretically it makes sense to list supported hardware before instructions. After all, you can't install anything if it's not supported, right? I'm sure that was considered when the device list was originally inserted above the install instructions. But as a practical matter, consulting a device list is neither the easiest nor fastest way to determine what actually works. In the FreeBSD docs tree, we have been doing a facelift project, trying to add ‘quick start' sections to each chapter to let you get to the more important information first. It is also helpful to move data in the forms of lists and tables to appendices or similar, where they can easily be references, but are not blocking your way to the information you are actually hunting for An example of nerdview signage (http://languagelog.ldc.upenn.edu/nll/?p=29866). “They have in effect provided a sign that will tell you exactly what the question is provided you can already supply the answer.” That is, the logical minds of technical people often decide to order information in an order that makes sense to them, rather than in the order that will be most useful to the reader In the end, I think “copy diskimage to USB and follow prompts” is all the instructions one should need, but it's hard to overcome the unease of actually making the jump. What if somebody is confused or uncertain? Why is this paragraph more redundant than that paragraph? (And if we delete both, are we cutting too much?) Sometimes we don't need to delete the information. Just hide it. The instructions to upgrade to 4.8 and upgrade to 5.8 are very similar, with a few differences because every release is a little bit different. The pages look very different, however, because the not at all recommended kernel free procedure, which takes up half the page, has been hidden from view behind some javascript and only expanded on demand. A casual browser will find the page and figure the upgrade process will be easy, as opposed to some long ordeal. This is important as well, it was my original motivation for working on the FreeBSD Handbook's ZFS chapter. The very first section of the chapter was the custom kernel configuration required to run ZFS on i386. That scared many users away. I moved that to the very end, and started with why you might want to use ZFS. Much more approachable. Sometimes it's just a tiny detail that's overspecified. The apmd manual used to explain exactly which CPU idle time thresholds were used to adjust frequency. Those parameters, and the algorithm itself, were adjusted occasionally in response to user feedback, but sometimes the man page lagged behind. The numbers are of no use to a user. They're not adjustable without recompiling. Knowing that the frequency would be reduced at 85% idle vs 90% idle doesn't really offer much guidance as to whether to enable auto scaling or not. Deleting this detail ensured the man page was always correct and spares the user the cognitive load of trying to solve an unnecessary math problem. For fun: For another humorous example, it was recently observed that the deja-dup package provides man page translations for Australia, Canada, and Great Britain. I checked, the pages are in fact not quite identical. Some contain typo fixes that didn't propagate to other translations. Project idea: attempt to identify which country has the most users, or most fastidious users, by bug fixes to localized man pages. lldb on BeagleBone Black (https://lists.freebsd.org/pipermail/freebsd-arm/2017-May/016260.html) I reliably managed to build (lldb + clang/lld) from the svn trunk of LLVM 5.0.0 on my Beaglebone Black running the latest snapshot (May 20th) of FreeBSD 12.0-CURRENT, and the lldb is working very well, and this includes single stepping and ncurses-GUI mode, while single stepping with the latest lldb 4.0.1 from the ports does not work. In order to reliably build LLVM 5.0.0 (svn), I set up a 1 GB swap partition for the BBB on a NFSv4 share on a FreeBSD fileserver in my network - I put a howto of the procedure on my BLog: https://obsigna.net/?p=659 The prerequesites on the Beaglebone are: ``` pkg install tmux pkg install cmake pkg install python pkg install libxml2 pkg install swig30 pkg install ninja pkg install subversion ``` On the FreeBSD fileserver: ``` /pathtothe/bbb_share svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm cd llvm/tools svn co http://llvm.org/svn/llvm-project/cfe/trunk clang svn co http://llvm.org/svn/llvm-project/lld/trunk lld svn co http://llvm.org/svn/llvm-project/lldb/trunk lldb ``` + On the Beaglebone Black: # mount_nfs -o noatime,readahead=4,intr,soft,nfsv4 server:/path_to_the/bbb_share /mnt # cd /mnt # mkdir build # cmake -DLLVM_TARGETS_TO_BUILD="ARM" -DCMAKE_BUILD_TYPE="MinSizeRel" -DLLVM_PARALLEL_COMPILE_JOBS="1" -DLLVM_PARALLEL_LINK_JOBS="1" -G Ninja .. I execute the actual build command from within a tmux session, so I may disconnect during the quite long (40 h) build: ``` tmux new "ninja lldb install" ``` When debugging in GUI mode using the newly build lldb 5.0.0-svn, I see only a minor issue, namely UTF8 strings are not displayed correctly. This happens in the ncurses-GUI only, and this is an ARM issue, since it does not occur on x86 machines. Perhaps this might be related to the signed/unsigned char mismatch between ARM and x86. Beastie Bits Triangle BSD Meetup on June 27th (https://www.meetup.com/Triangle-BSD-Users-Group/events/240247251/) Support for Controller Area Networks (CAN) in NetBSD (http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20170521_0113.html) Notes from Monday's meeting (http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2017-May/014104.html) RunBSD - A site about the BSD family of operating systems (http://runbsd.info/) BSDCam(bridge) 2017 Travel Grant Application Now Open (https://www.freebsdfoundation.org/blog/bsdcam-2017-travel-grant-application-now-open/) New BSDMag has been released (https://bsdmag.org/download/nearly-online-zpool-switching-two-freebsd-machines/) *** Feedback/Questions Philipp - A show about byhve (http://dpaste.com/390F9JN#wrap) Jake - byhve Support on AMD (http://dpaste.com/0DYG5BD#wrap) CY - Pledge and Capsicum (http://dpaste.com/1YVBT12#wrap) CY - OpenSSL relicense Issue (http://dpaste.com/3RSYV23#wrap) Andy - Laptops (http://dpaste.com/0MM09EX#wrap) ***
This week on BSD Now we cover the latest FreeBSD Status Report, a plan for Open Source software development, centrally managing bhyve with Ansible, libvirt, and pkg-ssh, and a whole lot more. This episode was brought to you by Headlines FreeBSD Project Status Report (January to March 2017) (https://www.freebsd.org/news/status/report-2017-01-2017-03.html) While a few of these projects indicate they are a "plan B" or an "attempt III", many are still hewing to their original plans, and all have produced impressive results. Please enjoy this vibrant collection of reports, covering the first quarter of 2017. The quarterly report opens with notes from Core, The FreeBSD Foundation, the Ports team, and Release Engineering On the project front, the Ceph on FreeBSD project had made considerable advances, and is now usable as the net/ceph-devel port via the ceph-fuse module. Eventually they hope to have a kernel RADOS block device driver, so fuse is not required CloudABI update, including news that the Bitcoin reference implementation is working on a port to CloudABI eMMC Flash and SD card updates, allowing higher speeds (max speed changes from ~40 to ~80 MB/sec). As well, the MMC Stack can now also be backed by the CAM framework. Improvements to the Linuxulator More detail on the pNFS Server plan B that we discussed in a previous week Snow B.V. is sponsoring a dutch translation of the FreeBSD Handbook using the new .po system *** A plan for open source software maintainers (http://www.daemonology.net/blog/2017-05-11-plan-for-foss-maintainers.html) Colin Percival describes in his blog “a plan for open source software maintainers”: I've been writing open source software for about 15 years now; while I'm still wet behind the ears compared to FreeBSD greybeards like Kirk McKusick and Poul-Henning Kamp, I've been around for long enough to start noticing some patterns. In particular: Free software is expensive. Software is expensive to begin with; but good quality open source software tends to be written by people who are recognized as experts in their fields (partly thanks to that very software) and can demand commensurate salaries. While that expensive developer time is donated (either by the developers themselves or by their employers), this influences what their time is used for: Individual developers like doing things which are fun or high-status, while companies usually pay developers to work specifically on the features those companies need. Maintaining existing code is important, but it is neither fun nor high-status; and it tends to get underweighted by companies as well, since maintenance is inherently unlikely to be the most urgent issue at any given time. Open source software is largely a "throw code over the fence and walk away" exercise. Over the past 15 years I've written freebsd-update, bsdiff, portsnap, scrypt, spiped, and kivaloo, and done a lot of work on the FreeBSD/EC2 platform. Of these, I know bsdiff and scrypt are very widely used and I suspect that kivaloo is not; but beyond that I have very little knowledge of how widely or where my work is being used. Anecdotally it seems that other developers are in similar positions: At conferences I've heard variations on "you're using my code? Wow, that's awesome; I had no idea" many times. I have even less knowledge of what people are doing with my work or what problems or limitations they're running into. Occasionally I get bug reports or feature requests; but I know I only hear from a very small proportion of the users of my work. I have a long list of feature ideas which are sitting in limbo simply because I don't know if anyone would ever use them — I suspect the answer is yes, but I'm not going to spend time implementing these until I have some confirmation of that. A lot of mid-size companies would like to be able to pay for support for the software they're using, but can't find anyone to provide it. For larger companies, it's often easier — they can simply hire the author of the software (and many developers who do ongoing maintenance work on open source software were in fact hired for this sort of "in-house expertise" role) — but there's very little available for a company which needs a few minutes per month of expertise. In many cases, the best support they can find is sending an email to the developer of the software they're using and not paying anything at all — we've all received "can you help me figure out how to use this" emails, and most of us are happy to help when we have time — but relying on developer generosity is not a good long-term solution. Every few months, I receive email from people asking if there's any way for them to support my open source software contributions. (Usually I encourage them to donate to the FreeBSD Foundation.) Conversely, there are developers whose work I would like to support (e.g., people working on FreeBSD wifi and video drivers), but there isn't any straightforward way to do this. Patreon has demonstrated that there are a lot of people willing to pay to support what they see as worthwhile work, even if they don't get anything directly in exchange for their patronage. It seems to me that this is a case where problems are in fact solutions to other problems. To wit: Users of open source software want to be able to get help with their use cases; developers of open source software want to know how people are using their code. Users of open source software want to support the the work they use; developers of open source software want to know which projects users care about. Users of open source software want specific improvements; developers of open source software may be interested in making those specific changes, but don't want to spend the time until they know someone would use them. Users of open source software have money; developers of open source software get day jobs writing other code because nobody is paying them to maintain their open source software. I'd like to see this situation get fixed. As I envision it, a solution would look something like a cross between Patreon and Bugzilla: Users would be able sign up to "support" projects of their choosing, with a number of dollars per month (possibly arbitrary amounts, possibly specified tiers; maybe including $0/month), and would be able to open issues. These could be private (e.g., for "technical support" requests) or public (e.g., for bugs and feature requests); users would be able to indicate their interest in public issues created by other users. Developers would get to see the open issues, along with a nominal "value" computed based on allocating the incoming dollars of "support contracts" across the issues each user has expressed an interest in, allowing them to focus on issues with higher impact. He poses three questions to users about whether or not people (users and software developers alike) would be interested in this and whether payment (giving and receiving, respectively) is interesting Check out the comments (and those on https://news.ycombinator.com/item?id=14313804 (reddit.com)) as well for some suggestions and discussion on the topic *** OpenBSD vmm hypervisor: Part 2 (http://www.h-i-r.net/2017/04/openbsd-vmm-hypervisor-part-2.html) We asked for people to write up their experience using OpenBSD's VMM. This blog post is just that This is going to be a (likely long-running, infrequently-appended) series of posts as I poke around in vmm. A few months ago, I demonstrated some basic use of the vmm hypervisor as it existed in OpenBSD 6.0-CURRENT around late October, 2016. We'll call that video Part 1. Quite a bit of development was done on vmm before 6.1-RELEASE, and it's worth noting that some new features made their way in. Work continues, of course, and I can only imagine the hypervisor technology will mature plenty for the next release. As it stands, this is the first release of OpenBSD with a native hypervisor shipped in the base install, and that's exciting news in and of itself To get our virtual machines onto the network, we have to spend some time setting up a virtual ethernet interface. We'll run a DHCP server on that, and it'll be the default route for our virtual machines. We'll keep all the VMs on a private network segment, and use NAT to allow them to get to the network. There is a way to directly bridge VMs to the network in some situations, but I won't be covering that today. Create an empty disk image for your new VM. I'd recommend 1.5GB to play with at first. You can do this without doas or root if you want your user account to be able to start the VM later. I made a "vmm" directory inside my home directory to store VM disk images in. You might have a different partition you wish to store these large files in. Boot up a brand new vm instance. You'll have to do this as root or with doas. You can download a -CURRENT install kernel/ramdisk (bsd.rd) from an OpenBSD mirror, or you can simply use the one that's on your existing system (/bsd.rd) like I'll do here. The command will start a VM named "test.vm", display the console at startup, use /bsd.rd (from our host environment) as the boot image, allocate 256MB of memory, attach the first network interface to the switch called "local" we defined earlier in /etc/vm.conf, and use the test image we just created as the first disk drive. Now that the VM disk image file has a full installation of OpenBSD on it, build a VM configuration around it by adding the below block of configuration (with modifications as needed for owner, path and lladdr) to /etc/vm.conf I've noticed that VMs with much less than 256MB of RAM allocated tend to be a little unstable for me. You'll also note that in the "interface" clause, I hard-coded the lladdr that was generated for it earlier. By specifying "disable" in vm.conf, the VM will show up in a stopped state that the owner of the VM (that's you!) can manually start without root access. Let us know how VMM works for you *** News Roundup openbsd changes of note 621 (http://www.tedunangst.com/flak/post/openbsd-changes-of-note-621) More stuff, more fun. Fix script to not perform tty operations on things that aren't ttys. Detected by pledge. Merge libdrm 2.4.79. After a forced unmount, also unmount any filesystems below that mount point. Flip previously warm pages in the buffer cache to memory above the DMA region if uvm tells us it is available. Pages are not automatically promoted to upper memory. Instead it's used as additional memory only for what the cache considers long term buffers. I/O still requires DMA memory, so writing to a buffer will pull it back down. Makefile support for systems with both gcc and clang. Make i386 and amd64 so. Take a more radical approach to disabling colours in clang. When the data buffered for write in tmux exceeds a limit, discard it and redraw. Helps when a fast process is running inside tmux running inside a slow terminal. Add a port of witness(4) lock validation tool from FreeBSD. Use it with mplock, rwlock, and mutex in the kernel. Properly save and restore FPU context in vmm. Remove KGDB. It neither compiles nor works. Add a constant time AES implementation, from BearSSL. Remove SSHv1 from ssh. and more... *** Digging into BSD's choice of Unix group for new directories and files (https://utcc.utoronto.ca/~cks/space/blog/unix/BSDDirectoryGroupChoice) I have to eat some humble pie here. In comments on my entry on an interesting chmod failure, Greg A. Woods pointed out that FreeBSD's behavior of creating everything inside a directory with the group of the directory is actually traditional BSD behavior (it dates all the way back to the 1980s), not some odd new invention by FreeBSD. As traditional behavior it makes sense that it's explicitly allowed by the standards, but I've also come to think that it makes sense in context and in general. To see this, we need some background about the problem facing BSD. In the beginning, two things were true in Unix: there was no mkdir() system call, and processes could only be in one group at a time. With processes being in only one group, the choice of the group for a newly created filesystem object was easy; it was your current group. This was felt to be sufficiently obvious behavior that the V7 creat(2) manpage doesn't even mention it. Now things get interesting. 4.1c BSD seems to be where mkdir(2) is introduced and where creat() stops being a system call and becomes an option to open(2). It's also where processes can be in multiple groups for the first time. The 4.1c BSD open(2) manpage is silent about the group of newly created files, while the mkdir(2) manpage specifically claims that new directories will have your effective group (ie, the V7 behavior). This is actually wrong. In both mkdir() in sysdirectory.c and maknode() in ufssyscalls.c, the group of the newly created object is set to the group of the parent directory. Then finally in the 4.2 BSD mkdir(2) manpage the group of the new directory is correctly documented (the 4.2 BSD open(2) manpage continues to say nothing about this). So BSD's traditional behavior was introduced at the same time as processes being in multiple groups, and we can guess that it was introduced as part of that change. When your process can only be in a single group, as in V7, it makes perfect sense to create new filesystem objects with that as their group. It's basically the same case as making new filesystem objects be owned by you; just as they get your UID, they also get your GID. When your process can be in multiple groups, things get less clear. A filesystem object can only be in one group, so which of your several groups should a new filesystem object be owned by, and how can you most conveniently change that choice? One option is to have some notion of a 'primary group' and then provide ways to shuffle around which of your groups is the primary group. Another option is the BSD choice of inheriting the group from context. By far the most common case is that you want your new files and directories to be created in the 'context', ie the group, of the surrounding directory. If you fully embrace the idea of Unix processes being in multiple groups, not just having one primary group and then some number of secondary groups, then the BSD choice makes a lot of sense. And for all of its faults, BSD tended to relatively fully embrace its changes While it leads to some odd issues, such as the one I ran into, pretty much any choice here is going to have some oddities. Centrally managed Bhyve infrastructure with Ansible, libvirt and pkg-ssh (http://www.shellguardians.com/2017/05/centrally-managed-bhyve-infrastructure.html) At work we've been using Bhyve for a while to run non-critical systems. It is a really nice and stable hypervisor even though we are using an earlier version available on FreeBSD 10.3. This means we lack Windows and VNC support among other things, but it is not a big deal. After some iterations in our internal tools, we realised that the installation process was too slow and we always repeated the same steps. Of course, any good sysadmin will scream "AUTOMATION!" and so did we. Therefore, we started looking for different ways to improve our deployments. We had a look at existing frameworks that manage Bhyve, but none of them had a feature that we find really important: having a centralized repository of VM images. For instance, SmartOS applies this method successfully by having a backend server that stores a catalog of VMs and Zones, meaning that new instances can be deployed in a minute at most. This is a game changer if you are really busy in your day-to-day operations. The following building blocks are used: The ZFS snapshot of an existing VM. This will be our VM template. A modified version of oneoff-pkg-create to package the ZFS snapshots. pkg-ssh and pkg-repo to host a local FreeBSD repo in a FreeBSD jail. libvirt to manage our Bhyve VMs. The ansible modules virt, virtnet and virtpool. Once automated, the installation process needs 2 minutes at most, compared with the 30 minutes needed to manually install VM plus allowing us to deploy many guests in parallel. NetBSD maintainer in the QEMU project (https://blog.netbsd.org/tnf/entry/netbsd_maintainer_in_the_qemu) QEMU - the FAST! processor emulator - is a generic, Open Source, machine emulator and virtualizer. It defines state of the art in modern virtualization. This software has been developed for multiplatform environments with support for NetBSD since virtually forever. It's the primary tool used by the NetBSD developers and release engineering team. It is run with continuous integration tests for daily commits and execute regression tests through the Automatic Test Framework (ATF). The QEMU developers warned the Open Source community - with version 2.9 of the emulator - that they will eventually drop support for suboptimally supported hosts if nobody will step in and take the maintainership to refresh the support. This warning was directed to major BSDs, Solaris, AIX and Haiku. Thankfully the NetBSD position has been filled - making NetBSD to restore official maintenance. Beastie Bits OpenBSD Community Goes Gold (http://undeadly.org/cgi?action=article&sid=20170510012526&mode=flat&count=0) CharmBUG's Tor Hack-a-thon has been pushed back to July due to scheduling difficulties (https://www.meetup.com/CharmBUG/events/238218840/) Direct Rendering Manager (DRM) Driver for i915, from the Linux kernel to Haiku with the help of DragonflyBSD's Linux Compatibility layer (https://www.haiku-os.org/blog/vivek/2017-05-05_[gsoc_2017]_3d_hardware_acceleration_in_haiku/) TomTom lists OpenBSD in license (https://twitter.com/bsdlme/status/863488045449977864) London Net BSD Meetup on May 22nd (https://mail-index.netbsd.org/regional-london/2017/05/02/msg000571.html) KnoxBUG meeting May 30th, 2017 - Introduction to FreeNAS (http://knoxbug.org/2017-05-30) *** Feedback/Questions Felix - Home Firewall (http://dpaste.com/35EWVGZ#wrap) David - Docker Recipes for Jails (http://dpaste.com/0H51NX2#wrap) Don - GoLang & Rust (http://dpaste.com/2VZ7S8K#wrap) George - OGG feed (http://dpaste.com/2A1FZF3#wrap) Roller - BSDCan Tips (http://dpaste.com/3D2B6J3#wrap) ***
This week on the show, we're loaded up with great stories ranging from System call fuzzing, a history of UNIX Pipes, speeding up MySQL imports and more. Stay tuned, BSDNow is coming your way right now. This episode was brought to you by Headlines System call fuzzing of OpenBSD amd64 using TriforceAFL (i.e. AFL and QEMU) (https://github.com/nccgroup/TriforceOpenBSDFuzzer) The NCCGroup did a series of fuzz testing against the OpenBSD syscall interface, during which they found a number of vulnerabilities, we covered this back in the early summer What we didn't notice, is that they also made the tools they used available. A combination of AFL (American Fuzzy Lop), QEMU, OpenBSD's FlashRD image generation tool, and the “Triforce” driver The other requirement is “a Linux box as host to run the fuzzer (other fuzzer hosts may work as well, we've only run TriforceAFL from a Linux host, specifically Debian/Ubuntu” It would be interesting to see if someone could get this to run from a BSD host It would also be interesting to run the same tests against the other BSDs *** On the Early History and Impact of Unix: the Introduction of Pipes (http://people.fas.harvard.edu/~lib113/reference/unix/unix2.html) Pipes are something we just take for granted today, but there was a time before pipes (How did anything get done?) Ronda Hauben writes up a great look back at the beginning of UNIX, and specifically at how pipes were born: One of the important developments in Unix was the introduction of pipes. Pipes had been suggested by McIlroy during the early days of creating Unix. Ritchie explains how "the idea, explained one afternoon on a blackboard, intrigued us but failed to ignite any immediate action. There were several objections to the idea as put....What a failure of imagination," he admits.(35) McIlroy concurs, describing how the initial effort to add pipes to Unix occurred about the same time in 1969 that Ritchie, Thompson and Canaday were outlining ideas for a file system. "That was when," he writes, "the simple pipeline as a way to combine programs, with data notationally propagating along a chain of (not necessarily concurrent) filters was articulated."(36) However, pipes weren't implemented in Unix until 1972. We also have a great quote from McIlroy on the day pipes were first introduced: Open Systems! Our Systems! How well those who were there remember the pipe-festooned garret where Unix took form. The excitement of creation drew people to work there amidst the whine of the computer's cool- ing fans, even though almost the same computer ac- cess, could be had from one's office or from home. Those raw quarters saw a procession of memorable events. The advent of software pipes precipitated a day-long orgy of one-liners....As people reveled in the power of functional composition in the large, which is even today unavailable to users of other systems. The paper goes on to talk about the invention of other important tools, such as “grep”, “diff” and more. Well worth your time if you want a glimpse into the history of UNIX *** Speeding up MySQL Import on FreeBSD (https://blog.feld.me/posts/2016/09/speeding-up-mysql-import-on-freebsd/) Mark Felder writes a blog post explaining how to speed up MySQL bulk data imports “I was recently tasked with rebuilding a readonly slave database server which only slaves a couple of the available databases. The backup/dump is straightforward and fast, but the restore was being excruciatingly slow. I didn't want to wait a week for this thing to finish, so I had to compile a list of optimizations that would speed up the process. This is the best way to do it on FreeBSD, assuming you're working with InnoDB. Additional optimizations may be required if you're using a different database engine.” “Please note this is assuming no other databases are running on this MySQL instance. Some of these are rather dangerous and you wouldn't want to put other live data at risk.” Most of the changes are meant to be temporary, used on a new server to import a dump of the database, then the settings are to be turned off. Specifically: sync_binlog = 0 innodbflushlogattrx_commit = 0 innodb-doublewrite = 0 He also prepends the following but of SQL before importing the data: set sqllogbin=0; set autocommit=0; set uniquechecks=0; set foreignkey_checks=0; You can also help yourself if your MySQL database lives on ZFS zfs set recordsize=16k pool/var/db/mysql zfs set redundant_metadata=most pool/var/db/mysql Remember, this tuning is ONLY for the initial import, leaving these settings on long term risks losing 5-10 seconds of your data if the server reboots unexpectedly zfs set sync=disabled pool/var/db/mysql zfs set logbias=throughput pool/var/db/mysql *** PostgreSQL and FreeBSD Quick Start (https://cwharton.com/blog/2016/10/postgresql-and-freebsd-quick-start/) There's lots of databases to choose from, but Postgres always has a special place on FreeBSD. Today we have a look at a ‘getting started' guide for those taking the plunge and using it for the first time. Naturally getting started will look familiar to many, a couple simple “pkg” and “sysrc” commands later, and you'll be set. After starting the service (With the “service” command) you'll be ready to start setting up your postgres instance. Next up you'll need to create your initial user/password combo, and a database with access granted to this particular user. If you plan to enable remote access to this DB server, you'll need to make some adjustments to one of the .conf files, allowing other IP's to connect. (If you are hosting something on the same system, this may not be needed) Now yous should be good to go! Enjoy using your brand new Postgres database. If this is your first rodeo, maybe start with something easy, like Apache or Nginx + Wordpress to try it out. *** News Roundup OpenBSD vmm hypervisor test drive (https://www.youtube.com/watch?v=KE_7E1pXy5c) As we asked for a week or two ago, someone has taken OpenBSD's vmm for a test drive, and made a video of it The command line interface for vmm, vmctl, looks quite easy to use. It takes an approach much closer to some of the bhyve management frameworks, rather than bhyve's rather confusing set of switches It also has a config file, the format of which looks very similar to what I designed for bhyveucl, and my first effort to integrate a config file into bhyve itself. The video also looks at accessing the console, configuring the networking, and doing an OpenBSD install in a fresh VM Currently vmm only supports running OpenBSD VMs *** FreeBSD Foundation October 2016 Update (https://www.freebsdfoundation.org/wp-content/uploads/2016/10/FreeBSD-Foundation-October-2016-Update.pdf) Wow, November is already upon us with the Holidays just around the corner. Before things get lost in the noise we wanted to highlight this update from the FreeBSD foundation. Before getting into the stories, they helpfully provide a list of upcoming conferences for this fall/winter, which includes a couple of USENIX gatherings, and the Developer Summit / MeetBSD next week. +The foundation gives us a quick hardware update initially, discussing some of the new ThunderX Cavium servers which are deployed (ARMv8 64Bit) and yes I'm drooling a bit. They also mention that work is ongoing for the RPi3 platform and PINE64. GNN also has an article reprinted from the FreeBSD journal, talking about the achievement of making it to 11.0 over the span of 23 years now. Of course he mentions that the foundation is open to all, and welcomes donations to continue to keep up this tradition of good work being done. Deb Goodkin gives us an update on the “Grace Hopper” convention that took place in Houston TX several weeks back. Roughly 14k women in Tech attended, which is a great turnout, and FreeBSD was well represented there. Next we have a call to potential speakers, don't forget that there are plenty of places you can help present about FreeBSD, not just at *BSD centered conferences, but the SCALES of the world as well. We wrap up with a look at EuroBSDCon 2016, quite a nice writeup, again brought to us by Deb at the foundation, and includes a list of some of those recognized for their contributions to FreeBSD. *** Adhokku – a toy PaaS powered by FreeBSD jails and Ansible (https://github.com/adhokku/adhokku) Described as a toy Platform-as-a-Service, Adhokku is an ansible based automated jail creation framework Based on the concept of Dokku, a single-host open source PaaS for Linux powered by Docker When you deploy an application using Adhokku, Adhokku creates a new jail on the remote host and provisions it from a fixed clean state using the instructions in the Jailfile in your Git repository. All jails sit behind a reverse proxy that directs traffic to one of them based on the domain name or the IP address in the HTTP request. When a new jail has been provisioned for an application, Adhokku seamlessly reconfigures the reverse proxy to send traffic to it instead of the one currently active for that application. The following instructions show how to get Adhokku and an example application running in a VM on your development machine using Vagrant. This process should require no FreeBSD-specific knowledge, through modifying the Jailfile to customize the application may. This seems like an interesting project, and it is good to see people developing workflows so users familiar with docker etc, can easily use BSD instead *** Installing OpenBSD 6.0 on your laptop is really hard (not) (http://sohcahtoa.org.uk/openbsd.html) OpenBSD on a laptop? Difficult? Not hardly. We have a great walkthrough by Keith Burnett, which demonstrates just how easy it can be to get up and running with an XFCE desktop from a fresh OpenBSD installation. For those curious,this was all done with a Thinkpad X60 and 120GB SSD and OpenBSD 6.0. He doesn't really cover the install process itself, that is well covered by the link to the OpenBSD FAQ pages. Once the system is up and running though, we start with the most important portion, getting working internet access (Via wifi) Really just a few ‘ifconfig' commands later and we are in business. Step 2 was getting the package configuration going. (I've never understood why this is still a thing, but no fret, its easy enough to do) With package repos available, now you can grab the binaries for XFCE and friends with just a few simple “pkg_add” commands Steps 4-6 are some specific bits to enable XFCE services, and some handy things such as setting doas permissions to get USB mounting working (For graphical mount/unmount) Lastly, keeping the system updated is important, so we have a nice tutorial on how to do that as well, using a handy “openup” script, which takes some of the guesswork out of it. Bonus! Steps for doing FDE as also included, which isn't for everyone, but you may want it *** Beastie Bits Pi-top with RPi-3 and FreeBSD HEAD (https://twitter.com/gvnn3/status/791475373380804608) NetBSD 7.0.2 released (http://blog.netbsd.org/tnf/entry/netbsd_7_0_1_released1) DragonflyBSD - git: kernel - Fix mmcsd read/write issues (http://lists.dragonflybsd.org/pipermail/commits/2016-October/624851.html) A char device which implements an Enigma machine (FreeBSD & Linux) (https://github.com/rafael-santiago/dev-enigma) *** Feedback/Questions Matt - System Monitoring (http://pastebin.com/ayzvCuaq) Tony - LLVM License (http://pastebin.com/r5axPSE7) Ben - Thanks (http://pastebin.com/MNxCvUtX) David - Write Cache (http://pastebin.com/RswFASqW) Charles - Fonts (http://pastebin.com/e317a32f) ***
The wait is over, 11.0 of FreeBSD has (officially) launched. We'll have coverage of this, plus a couple looks back at UNIX history, and a crowd-favorite guest today. This episode was brought to you by Headlines FreeBSD 11.0-RELEASE Now Available (https://lists.freebsd.org/pipermail/freebsd-announce/2016-October/001760.html) FreeBSD 11.0-RELEASE is now officially out. A last minute reroll to pickup OpenSSL updates and a number of other security fixes meant the release was a little behind schedule, and shipped as 11.0-RELEASE-p1, but the release is better for it Improved support for 802.11n and various wifi drivers Support for the AArch64 (arm64) architecture has been added. Native graphics support has been added to the bhyve(8) hypervisor. A new flag, “onifconsole” has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off. The xz(1) utility has been updated to support multi-threaded compression. A number of kernel panics related to VNET have been fixed The IMAGACT_BINMISC kernel configuration option has been enabled by default, which enables application execution through emulators, such as QEMU via binmiscctl(8). The GENERIC kernel configuration has been updated to include the IPSEC option by default. The kern.osrelease and kern.osreldate are now configurable jail(8) parameters A new sysctl(8), kern.racct.enable, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added. The minimum (arcmin) and maximum (arcmax) values for the ZFS adaptive replacement cache can be modified at runtime. Changes to watch out for: OpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed. By default, the ifconfig(8) utility will set the default regulatory domain to FCC on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations. An issue was discovered with Amazon® EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release. *** process listing consistency (http://www.tedunangst.com/flak/post/process-listing-consistency) Ted Unangst asks: how consistent is the output of ps(1)? If processes are starting and exiting constantly, and you run ps(1), is the output guaranteed to reflect that exact moment in time, or might it include some processes that have gone away before ps(1) exited, and include some processes that did not exist when ps(1) was started? Ted provides a little example chicken/egg program to try to create such an inconsistency, so you can test out your OS On OpenBSD ps(1) was switched away from the reading kernel memory directly, and instead uses the KERNPROCALL sysctl Thus sysctl can iterate over the entire process list, copying out information to ps(1), without blocking. If we prevent processes from forking or exiting during this time, we get a consistent snapshot. The snapshot may be stale, but it will never show us a viewpoint that never happened. So, OpenBSD will always be consistent, or will it? Is there a way to trick ps on OpenBSD? Not everything is consistent. There's a separate sysctl, KERNPROCARGV, that reads the command line arguments for a process, but it only works on one process at a time. Processes can modify their own argv at any time. A second test program changes the process title of both the chicken and the egg, and if you run ps(1), you can get back a result that never actually happened. The argv of the first program is read by ps(1), and in the meantime, it changes to a different value. The second program also changes its value, so now when ps(1) reads it, it sees the new value, not the original value from when ps(1) was started. So the output is not that consistent, but is it worth the effort to try to make it so? DragonFlyBSD - if_iwm - Add basic powermanagement support via ifconfig wlan0 powersave (http://lists.dragonflybsd.org/pipermail/commits/2016-October/624673.html) WiFi can often be one of the biggest drains on your laptop battery, so anything we can do to improve the situation should be embraced. Imre Vadász over at the DragonFly project has done that, porting over a new set of power management support from Linux to the if_iwm driver. if_iwm - Add basic powermanagement support via ifconfig wlan0 powersave. The DEVICEPOWERFLAGSCAMMSK flag was removed in the upstream iwlwifi in Linux commit ceef91c89480dd18bb3ac51e91280a233d0ca41f. Add scpsdisabled flag to struct iwmsoftc, which corresponds to mvm->psdisabled in struct iwl_mvm in Linux iwlwifi. Adds a hw.iwm.powerscheme tunable which corresponds to the powerscheme module parameter in Linux iwlwifi. Set this to 1 for completely disabling power management, 2 (default) for balanced powermanagement, and 3 for lowerpower mode (which does dtim period skipping). Imports the constants.h file from iwlwifi as ifiwmconstants.h. This doesn't allow changing the powermanagement setting while connected, also one can only choose between enabled and disabled powersaving with ifconfig (so switching between balanced and low-power mode requires rebooting to change the tunable). After any changes to powermanagement (i.e. "ifconfig wlan0 powersave" to enable powermanagement, or "ifconfig wlan0 -powersave" for disabling powermanagement), one has to disconnect and reconnect to the accespoint for the change to take effect.“ Good stuff! These positive changes need to happen more often and sooner, so we can all eek out every drop of power from our respective laptops. *** Helping out an Internet Friend…Dual boot OpenBSD (https://functionallyparanoid.com/2016/10/03/helping-out-an-internet-friend/) Dual-booting OpenBSD and Linux, via UEFI. A year ago we wouldn't be discussing this, but today we have an article where somebody has done exactly that. This Journey was undertaken by Brian Everly (Indiana Bug), partly due to a friend who wanted to dual-boot his laptop which already has an existing UEFI install on it. As a proof of concept, he began by replicating the setup in VMware with UEFI He started by throwing Ubuntu into the VM, with some special attention paid to partitioning to ensure enough room left-over for OpenBSD later. I created a 64MB EFI partition at the front of the disk. Next, I created a 20GB primary partition at the beginning of the space, mounted as the root (/) filesystem. I then added a 4096MB swap partition for Ubuntu. Finally, I used the rest of the free space to create a Reserved BIOS Boot Area FAT32 partition that was not associated with a mount point – this is where I will be installing OpenBSD. With that done, he wrapped up the Ubuntu installation and then turned over to to the OpenBSD side. Some manual partitioning was required to install to the “Reserved FAT32” partition. I mashed through the defaults in the OpenBSD installer until I got to the disk partitioning. Since I told VMWare to make my hard drive an IDE one, I knew I was playing around with wd0 and not sd0 (my USB key). I dumped into fdisk by selecting to (E)dit the partition scheme and saw my setup from Linux. First was the EFI partition (I am guessing I'll have to copy my bootx64.efi file to that at some point), second was the Linux etx4 partition, third was my Linux swap partition and fourth was a weird looking one that is the “Reserved BIOS Boot” partition. That's the one I'll fiddle with. Issuing the command “edit 3” allowed me to fiddle with that partition #3 (remember, we start counting at zero). I set it's type to “A6” (OpenBSD) and then took the defaults with the exception of naming it “OpenBSD”. A quick “write” followed by a “quit” allowed me to update my new partition and get back to the installer. Once the installation was wrapped up (OpenBSD helpfully already created the /boot/EFI partition with the correct EFI loader installed) he was able to reboot and select between the two systems at the UEFI bios screen. For kicks, he lastly went into Ubuntu and grabbed refind. Installing refind provided a fancy graphical selector between the two systems without too much trouble. Next step will be to replicate this process on his friend's laptop. Wishing you luck with that journey! Interview - Bryan Cantrill - email@email (mailto:email@email) / @twitter (https://twitter.com/user) CTO of Joyent *** News Roundup After 22 Years, 386BSD Gets An Update (https://bsd.slashdot.org/story/16/10/09/0230203/after-22-years-386bsd-gets-an-update) Slashdot brings us an interesting mention this week, specifically that after 22 years, we now have an update to 386BSD. 386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github. 386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened.” Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu. There you have it! Go grab the new hotness that is 386BSD and run it in 2016! Or perhaps you want FreeBSD 11, but to each their own. *** Progress of the OpenBSD Limited Edition Signed CD set (http://undeadly.org/cgi?action=article&sid=20160929230557&mode=expanded) An update from a story last week! We mentioned the “very” limited edition OpenBSD 6.0 signed CD sets that had gone up for Auction on Ebay. (With proceeds to support for Foundation) As of today, here's where we stand: CD set #1 (Sep 29th + 5 days) sold for $4200 (http://www.ebay.com/itm/-/331985953783) CD set #2 (Oct 4th + 3 days) sold for $3000 (http://www.ebay.com/itm/-/331990536246) CD set #3 (Oct 8th + 3 days) sold for $817 (http://www.ebay.com/itm/-/331994217419) CD set #4 (Oct 11th + 3 days) is currently up for bidding (http://www.ebay.com/itm/-/331997031152) There you have it! The 4th set is almost wrapped up bidding, and the 5th and last set is not far behind. Be sure to grab your piece of BSD history before its gone! PROTOTYPE FreeBSD Jail/ZFS based implementation of the Application Container Specification (https://github.com/3ofcoins/jetpack) “Jetpack is an experimental and incomplete implementation of the App Container Specification for FreeBSD. It uses jails as isolation mechanism, and ZFS for layered storage.” “This document uses some language used in Rocket, the reference implementation of the App Container Specification. While the documentation will be expanded in the future, currently you need to be familiar at least with Rocket's README to understand everything.” + A standard with multiple implementations, that allow substitution of components, such as FreeBSD Jails instead of docker/lxc etc, and ZFS instead of overlayfs etc, is very exciting Microsoft's Forgotten Unix-based Operating System (https://fossbytes.com/xenix-history-microsoft-unix-operating-system/) Do you remember the good old days. You know, when Microsoft was the driving force behind UNIX? Wait, what did you say you may be thinking? It's true, and lets sit back and let FossBytes tell us a tale of what once was reality. The story begins sometime in the late 70's: Turning back the pages to the late 1970's, Microsoft entered into an agreement with AT&T Corporation to license Unix from AT&T. While the company didn't sell the OS to public, it licensed it to other OEM vendors like Intel, SCO, and Tandy. As Microsoft had to face legal trouble due to “Unix” name, the company renamed it and came up with its own Unix distribution. So, AT&T licensed Unix to Redmond that was passed on to other OEMs as Xenix. It's interesting to recall a time when Microsoft enabled people to run Unix — an operating system originally designed for large and multiuser systems — on a microcomputer. Even though it came first, Unix was probably more powerful than MS-DOS. So whatever happened to this microsoft-flavored UNIX you may ask? Sadly it was ditched for DOS due to $REASONS: In early 1980's, IBM was looking for an OS to power its PC. As IBM didn't want to maintain any ties with the recently split AT&T, Xenix was automatically rejected. To fulfill, the tech giant's demand, Microsoft bought 86-DOS from Seattle Computer Products and managed to convince IBM to use it in their systems. Slowly, Microsoft started losing interest in Xenix and traded the full rights of Xenix with SCO, a Xenix partner company. The company filed bankruptcy in 2007 before taking the Xenix legacy to the 21st century in the form of Open Server, previously known as SCO Unix and SCO Open Desktop. An interesting chapter in UNIX history to be sure, and funny enough may come full-circle someday with Microsoft beginning to show interest in UNIX and BSD once again. *** Beastie Bits Ohio LinuxFest 2016 wrap-up (http://blather.michaelwlucas.com/archives/2791) Learn X in Y minutes Where X=zfs (https://learnxinyminutes.com/docs/zfs/) Add touchscreen support for the official 7" RPi touch display (https://svnweb.freebsd.org/base?view=revision&revision=306430) 64-bit U-Boot on Raspberry Pi 3 (https://kernelnomicon.org/?p=682) SNIA SDC 2016 Recap: Michael Dexter (https://www.ixsystems.com/blog/snia-sdc-2016-recap-michael-dexter/) OpenZFS: Stronger than ever (https://www.ixsystems.com/blog/openzfs-devsummit-2016/) Accurate, Traceable, and Verifiable Time Synchronization for World Financial Markets (http://nvlpubs.nist.gov/nistpubs/jres/121/jres.121.023.pdf) ON HOLY WARS AND A PLEA FOR PEACE (https://www.ietf.org/rfc/ien/ien137.txt) Feedback/Questions Morgan - Zero-Filling an VM (http://pastebin.com/CYcqmW7P) Charlie - ZFS Bit-Rot (http://pastebin.com/12mNW57h) Matias - TrueOS / Launchd (http://pastebin.com/NfYWt2cu) Dale - DO Feedback (http://pastebin.com/UvKh2WcF) James - DO / FreeBSD Locks? (http://pastebin.com/0cdMc88U) ***
This week on the show, we'll be talking to Petra about the NetBSD foundation, about how they operate and assist NetBSD behind the scenes. That plus lots of news This episode was brought to you by Headlines What is new on EC2 for FreeBSD 11.0-RELEASE (http://www.daemonology.net/blog/2016-10-03-FreeBSD-EC2-11-0-RELEASE.html) “FreeBSD 11.0-RELEASE is just around the corner, and it will be bringing a long list of new features and improvements — far too many for me to list here. I think there are some improvements in FreeBSD 11.0 which are particularly noteworthy for EC2 users.” “First, the EC2 Console Screenshot functionality now works with FreeBSD. This provides a "VGA" output as opposed to the traditional "serial port" which EC2 has exposed as "console output" for the past decade, and is useful largely because the "VGA" output becomes available immediately whereas the "serial port" output can lag by several minutes. This improvement is a simple configuration change — older releases didn't waste time writing to a non-serial console because it didn't go anywhere until Amazon added support on their side — and can be enabled on older FreeBSD releases by changing the line console="comconsole" to boot_multicons="YES" in /boot/loader.conf.” “The second notable change is support for EC2 "Enhanced Networking" using Intel 82599 hardware; on the C3, C4, R3, I2, D2, and M4 (excluding m4.16xlarge) families, this provides increased network throughput and reduced latency and jitter, since it allows FreeBSD to talk directly to the networking hardware rather than via a Xen paravirtual interface. Getting this working took much longer than I had hoped, but the final problem turned out not to be in FreeBSD at all — we were tickling an interrupt-routing bug in a version of Xen used in EC2. Unfortunately FreeBSD does not yet have support for the new "Elastic Network Adapter" enhanced networking used in P2 and X1 instance families and the m4.16xlarge instance type; I'm hoping that we'll have a driver for that before FreeBSD 11.1 arrives.” “The third notable change is an improvement in EC2 disk throughput. This comes thanks to enabling indirect segment I/Os in FreeBSD's blkfront driver; while the support was present in 10.3, I had it turned off by default due to performance anomalies on some EC2 instances. (Those EC2 performance problems have been resolved, and disk I/O performance in EC2 on FreeBSD 10.3 can now be safely improved by removing the line hw.xbd.xbdenableindirect="0" from /boot/loader.conf.)” “Finally, FreeBSD now supports all 128 CPUs in the x1.32xlarge instance type. This improvement comes thanks to two changes: The FreeBSD default kernel was modified in 2014 to support up to 256 CPUs (up from 64), but that resulted in a (fixed-size) section of preallocated memory being exhausted early in the boot process on systems with 92 or more CPUs; a few months ago I changed that value to tune automatically so that FreeBSD can now boot and not immediately panic with an out-of-the-box setup on such large systems.” “I think FreeBSD/EC2 users will be very happy with FreeBSD 11.0-RELEASE; but I'd like to end with an important reminder: No matter what you might see on FTP servers, in EC2, or available via freebsd-update, the new release has not been released until you see a GPG-signed email from the release engineer. This is not just a theoretical point: In my time as a FreeBSD developer I've seen multiple instances of last-minute release re-rolls happening due to problems being discovered very late, so the fact that you can see bits doesn't necessarily mean that they are ready to be downloaded. I hope you're looking forward to 11.0-RELEASE, but please be patient.” *** Upgrading Amazon EC2 instance from 10.3 to 11.0-PRERELEASE results in hang at boot (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213196) As if to underscore that last point, a last minute bug was found on sunday night A user reported that they used freebsd-update to upgrade an EC2 instance from 10.3 to 11.0 and it started hanging during boot After some quick investigation by Colin, the problem was reproduced Since I had done a lot of work in the loader recently, I helped Colin build a version of the loader with a lot of the debugging enabled, and some more added to try to isolate where in the loader the freeze was happening Colin and I worked late into the night, but eventually found the read from disk that was causing the hang Unlike most of the other reads, that were going into the heap, this read was into a very low memory address, right near the 640kb border. This initially distracted us from the real cause of the problem With more debugging added, it was determined that the problem was in the GELIBoot code, when reading the last sector of each partition to determine if it is encrypted. In cases where the partition is not 4k aligned, and butts up against the end of the disk, the formula used could result in a read past the end of the disk The formula rounds the last sector byte address down to the nearest factor of 4096, then reads 4096 bytes. Then that buffer is examined to determine if the partition is encrypted. If it is a 512b sector drive, the metadata will be in the last 512 bytes of that 4096 byte buffer. However, if the partition is not 4k aligned, the rounding will produce a value that is less than 4096 bytes from the end of the disk, and attempting to read 4096 bytes, will read past the end of the disk Normally this isn't that big of a problem, the BIOS will just return an error. The loader will retry up to three times, then give up and move on, continuing to boot normally. Some BIOSes are buggy, and will initiate their own retries, and the combination might result in a stall of up to 30 seconds for each attempt to read past the end of the disk But it seems that Amazon EC2 instances, (and possibly other virtual instances), will just hang in this case. This bug has existed for 6 months, but was not caught because almost all installations are 4k aligned thanks to changes made to the installer over the last few years, and most hardware continues to boot with no sign of a problem Even the EC2 snapshot images of 11.0 do not have the problem, as they use a newer disk layout that is 4k aligned by default now. The problem only seems to happen when older disk images are upgraded The fix has been committed and will be merged the the branches over the next few days An Errata notice will be issues, and the fix will be available via freebsd-update It is recommended that EC2 users, and anyone who wants to be especially cautious, wait until this errata notice goes out before attempting to upgrade from FreeBSD 10.3 to 11.0 You can determine if your partitions are 4k aligned by running ‘gpart show'. If there is free space after your last partition, you won't have any issues. *** OpenBSD 6.0 Limited Edition CD set (signed by developers) (http://undeadly.org/cgi?action=article&sid=20160929230557&mode=expanded) The first one went for .$4,200.00 (http://www.ebay.com/itm/-/331985953783) + Looking for your piece of OpenBSD history? At the recent g2k16 hackathon in Cambridge UK, 40 OpenBSD developers put pen to paper and signed 5 copies of the new 6.0 release. + Each of these will be auctioned off on ebay, with the proceeds to benefit the OpenBSD foundation. + The first auction has already ended, and CD set went for a whopping $4200! + The next set only has 2 days left, and currently stands at $3000! (http://www.ebay.com/itm/-/331990536246) + Get your bids in soon, these are VERY unique, the odds of getting the same 40 developers in a room together and signing a new .0 release may make this a once-in-a-lifetime opportunity. + Additionally, if you are just starting your OpenBSD collection, here's a nice image to make you envious: A nice collection of OpenBSD CD Sets (http://i.imgur.com/OrE0Gsa.png) [What typing ^D really does on Unix ](https://utcc.utoronto.ca/~cks/space/blog/unix/TypingEOFEffects) + How often have you used a ^D to generate an EOF? Do you really know what that does? + Chris Siebenmann has posted a look at this on his blog, which might not be what you think “Typing ^D causes the tty driver to immediately finish a read().” He continues on: Normally doing a read() from a terminal is line-buffered inside the tty driver; your program only wakes up when the tty driver sees the newline, at which point you get back the full line. (Note that this buffering is distinct from anything that your language's IO system may be doing.) Typing ^D causes the tty driver to stop waiting for a newline and immediately return from the read() with however much of the line has been accumulated to date. If you haven't typed anything on the line yet, there is nothing accumulated and the read() will return 0 bytes, which is conveniently the signal for end of file. If you have typed something the program will get it; because it doesn't have a trailing newline, the program's own line-buffering may take over and keep read()ing to get the rest of the line. (Other programs will immediately process the partial line with no buffering; cat is one example of this.) Once you've typed ^D on a partial line, that portion of the line is immutable because it's already been given to the program. Most Unixes won't let you backspace over such partial lines; effectively they become output, not input. (Note that modern shells are not good examples of this, because they don't do line-buffered input; to support command line editing, they switch terminal input into an uninterpreted mode. So they get the raw ^D and can do whatever they want with it, and they can let you edit as much of the pending line as they want.) Fascinating stuff, and interesting to see behind the curtain at exactly what's going on with your programs buffering and tty driver interaction. Interview - Petra Zeidler - spz@netbsd.org (mailto:spz@netbsd.org) NetBSD Foundation *** News Roundup Running FreeBSD in Travis-CI Thanks to KQEmu (http://erouault.blogspot.com/2016/09/running-freebsd-in-travis-ci.html) Travis-CI is the most popular testing framework on Github, but it doesn't support any of the BSDs This didn't discourage Even Rouault, who managed to run FreeBSD in KQEMU on the Linux instances provided by Travis-CI “Travis-CI has a free offer for software having public repository at GitHub. Travis-CI provides cloud instances running Linux or Mac OS X. To increase portability tests of GDAL, I wondered if it was somehow possible to run another operating system with Travis-CI, for example FreeBSD. A search lead me to this question (https://github.com/travis-ci/travis-ci/issues/1818) in their bug tracker but the outcome seems to be that it is not possible, nor in their medium or long term plans.” “One idea that came quickly to mind was to use the QEMU machine emulator that can simulate full machines, of several hardware architectures.” They found an existing image of FreeBSD 9.2 and configured the Travis job to download it and fire it up in QEMU. “Here we go: ./configure && make ! That works, but 50 minutes later (the maximum length of a Travis-CI job), our job is killed with perhaps only 10% of the GDAL code base being compiled. The reason is that we used the pure software emulation mode of QEMU that involves on-the-fly disassembling of the code to be run and re-assembling.” Travis-CI runs in Google Compute Engine, which does not allow nested virtualization, so hardware virtualization is not an option to speed up QEMU “Here comes the time for good old memories and a bit of software archeology. QEMU was started by Fabrice Bellard. If you didn't know his name yet, F. Bellard created FFMPEG and QEMU, holds a world record for the number of decimals of Pi computed on a COTS PC, has ported QEMU in JavaScript to run the Linux kernel in your browser, devised BPG, a new compression based on HEVC, etc....” “At the time where his interest was focused on QEMU, he created KQemu, a kernel module (for Linux, Windows, FreeBSD hosts), that could significantly enhance QEMU performance when the guest and hosts are x86/x86_64 and does not require (nor use) hardware virtualization instructions.” “Running it on Travis-CI was successful too, with the compilation being done in 20 minutes, so probably half of the speed of bare metal, which is good enough.” “I could also have potentially tried VirtualBox because, as mentioned above, it supports software virtualization with acceleration. But that is only for 32 bit guests (and I didn't find a ready-made FreeBSD 32bit image that you can directly ssh into). For 64 bit guests, VirtualBox require hardware virtualization to be available in the host. To the best of my knowledge, KQemu is (was) the only solution to enable acceleration of 64 bit guests without hardware requirements.” It will be interesting to see if enough people do this hack, maybe Travis-CI will consider properly supporting FreeBSD *** OpenBSD EuroBSDcon 2016 Papers are online (https://www.openbsd.org/events.html) Slides from the OpenBSD talks at EuroBSDCon are online now Landry Breuil, Building packages on exotic architectures (https://rhaalovely.net/~landry/eurobsdcon2016/) Peter Hessler, Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSD (https://www.openbsd.org/papers/eurobsdcon2016-bfd.pdf) Ingo Schwarze, Why and how you ought to keep multibyte character support simple (https://www.openbsd.org/papers/eurobsdcon2016-utf8.pdf) (roff/mm/gpresent source code (https://www.openbsd.org/papers/eurobsdcon2016-utf8.roff)) Stefan Sperling, OpenBSD meets 802.11n (https://www.openbsd.org/papers/eurobsdcon2016-openbsd-11n.pdf) Antoine Jacoutot, OpenBSD rc.d(8) (https://www.bsdfrog.org/pub/events/openbsd-rcd-EuroBSDcon2016.pdf) Marc Espie, Retrofitting privsep into dpb and pkg_add (https://www.openbsd.org/papers/eurobsdcon2016-privsep.pdf) Martin Pieuchot, Embracing the BSD routing table (https://www.openbsd.org/papers/eurobsdcon2016-embracingbsdrt.pdf) I am working to build a similar website for the FreeBSD project, but there is still a lot of work to do I also managed to find the slides from the keynotes: Opening Keynote: George Neville-Neil: Looking Backwards: The coming decades of BSD (https://papers.freebsd.org/2016/EuroBSDCon/LookingBackwards.pdf) Closing Keynote: Gert Döring: Internet Attacks, Self-Governance, and the Consequences (http://www.monobsd.com/files/16_ddos_and_consequences.pptx) *** VirtualBox Shared Folders on FreeBSD: progress report (https://kernelnomicon.org/?p=650) In the past month or so, VirtualBox in the FreeBSD ports tree got bumped to version 5, which while bringing new features, did cause a regression in Shared Folders. FreeBSD developer gonzo@ (Oleksandr Tymoshenko) has been tackling this issue in recent days and provides us with a look behind the curtain at the challenges involved. Specifically he started by implementing the various needed VOPs: “lookup, access, readdir, read, getattr, readlink, remove, rmdir, symlink, close, create, open, write.” He then continues with details about how complete this is: ““Kind of implemented” means that I was able to mount directory, traverse it, read file, calculate md5 sums and compare with host's md5sum, create/remove directories, unzip zip file, etc but I doubt it would survive stress-test. Locking is all wrong at the moment and read/write VOPs allocate buffers for every operation.” The bigger issue faced is with the rename VOP though: I hit a roadblock with rename VOP: it involves some non-trivial locking logic and also there is a problem with cached paths. VBox hypervisor operates on full paths so we cache them in vboxfs nodes, but if one of parent directories is renamed, all cached names should be modified accordingly. I am going to tackle these two problems once I have long enough stretch of time time sit and concentrate on task. + We wish him luck in getting those issues solved. I know quite a few of our users rely on shared folders as well. FreeBSD News Issue #1 (http://support.rossw.net/FreeBSD-Issue1.pdf) Issue #1 of FreeBSD News, from summer of 1997 Contains an article by Yahoo! co-founder David Filo about their early use of FreeBSD, on 100mhz Pentium machines with 64MB of ram Java Development Kit 1.0.2 ported to FreeBSD What is FreeBSD? Running the world's busiest FTP site (cdrom.com) on FreeBSD Xi Graphics announces the release of CDE Business Desktop, the first and only integrated desktop for FreeBSD, on AcceleratedX, a fully supported commercial grade X display server Get FreeBSD 2.2.2 Today! *** Beastie Bits Call for testing: newly MPSAFE nvme(4) (http://mail-index.netbsd.org/current-users/2016/09/21/msg030183.html) Thinking about starting a BUG in Indianapolis, IN USA (http://lists.dragonflybsd.org/pipermail/users/2016-September/313061.html) The cost of forsaking C: Why students still need to learn C (https://medium.com/bradfield-cs/the-cost-of-forsaking-c-113986438784#.o2m5gv8y7) OpenBSD (U)EFI bootloader howto (https://blog.jasper.la/openbsd-uefi-bootloader-howto/) Michael Lucas sets his eyes on OpenBSD's web stack for his next book (http://blather.michaelwlucas.com/archives/2780) LibreSSL 2.5.0 released (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.0-relnotes.txt) OPNsense 16.7.5 released (https://opnsense.org/opnsense-16-7-5-released/) Feedback/Questions Jonas - ZFS on DO (http://pastebin.com/XeJhK0AJ) Ricardo - OpenBSD Encrypted Disk (http://pastebin.com/Z9JRjcvb) WiskerTickle - Storage Benchmark (http://pastebin.com/XAD0UevP) Phil - Thanks (http://pastebin.com/N52JhYru) Luis - Misc Questions (http://pastebin.com/57qS0wrx) ***
© 2020-2025 Ivy Podcast Discovery LLC
