System Administration

Week 10, Time Travel and Snapshots

Get in, we have to go back... to the snaphots!

In this video, we demonstrate filesystem snapshots using fss(4) on #NetBSD, ZFS on #OmniOS, and how NetApp's WAFL and macOS's Time Machine work.

https://youtu.be/zIEBnZAd5dE

#SysAdmin #SRE #DevOps

@bentsukun @netbsd Sadly not for the UltraSPARC T1000, I'm told. #NetBSD #SPARC

Saturday night.
Wife is listening to some music and singing, relaxed.
I'm writing a part of a new blog post about doing something with #NetBSD, relaxed.

Have great weekend, #BSDCafe, have a great weekend, #Fediverse!

@washbear this is all good, but I don't understand why we'd support Irix, but say hard luck if you use older #NetBSD (even the oldest supported branch such as 9 when we get to the time when 11 is branched). To be clear I am in favour of supporting both.

I will try to boot my Irix on my Indigo2 though if I can.

i've updated my mkimg-netbsd repository, it now has scripts for generating images and running little endian mips (o32, n32, and n64) and alpha versions of #netbsd in #qemu.

this adds to the already-supported powerpc, i386, amd64, armv7, and aarch64.

https://github.com/alarixnia/mkimg-netbsd

#NetBSD growing into that sixth bit
https://mastodon.social/@0xKaishakunin/114364354352389691

Celebrating NetBSD's 32nd birthday today! Marked the occasion by donating $32 to the @netbsd Foundation. So much respect for a project that truly lives up to "Of course it runs NetBSD". 💪 Consider donating too! https://www.netbsd.org/donations/
#NetBSD #RunBSD #unix #Linux #pkgsrc

Discovered today the `last(1)` command in NetBSD (also in Linux) that outputs a list of the last logins of users. Nice!

#Shell #NetBSD

@dwarmstrong Great write-up. I think #NetBSD dmesg is pretty much the cleanest out there which makes this sort of thing much easier compared to grubbing about in e.g. /dev/disk

@linux_mclinuxface I use #NetBSD from time to time. Good OS, but #Slackware is my one true love

Next #swad improvement: Make sure to #wipe #passwords from RAM directly after used. That's more of a #security precaution, because there *should* be no way how an attacker can access a running process' memory, but you never know which bugs surface 🙈.

Unexpectedly, that posed #portability issues. #C11 has #memset_s ... a pretty weird function, but suitable for wiping. It's there on #FreeBSD and on #OpenBSD. Not on #NetBSD though. But NetBSD offers the much saner #C23 function #memset_explicit. Looking at #Linux, there's neither. But there is the (non-standard!) #explicit_bzero 🤯 .. and with glibc, it requires _DEFAULT_SOURCE to be defined as soon as you compile with a C standard version given to the compiler. This function exists on some other systems as well, but there's confusion whether it should be declared in string.h or strings.h. 🤪

Here's the full set of compile-tests I'm now doing, only to find the best way to really erase memory:
https://github.com/Zirias/swad/blob/master/src/bin/swad/swad.mk#L6

And if none of these functions is found, swad uses the "hacky" way that most likely works as well: Access the normal memset function via a volatile pointer.

Mmm parallel seem to have some troubles on NetBSD. Sometimes it's just stuck, doesn't start to process the task.
For now, when BSSG will detect it's running on NetBSD, it will use the slower but more reliable sequential build process

#BSSG #NetBSD

Disable password logins on the SERVER in favour of using SSH keys for authentication. Create the necessary SSH keys on a NetBSD CLIENT that will be used to secure access to remote devices:

https://www.dwarmstrong.org/netbsd-ssh-keys/

#SSH #NetBSD #RunBSD #Encryption

Today, I implemented the #async / #await pattern (as known from #csharp and meanwhile quite some other languages) ...

... in good old #C! 😎

Well, at least sort of.

* It requires some standard library support, namely #POSIX user context switching with #getcontext and friends, which was deprecated in POSIX-1.2008. But it's still available on many systems, including #FreeBSD, #NetBSD, #Linux (with #glibc). It's NOT available e.g. on #OpenBSD, or Linux with some alternative libc.

* I can't do anything about the basic language syntax, so some boilerplate comes with using it.

* It has some overhead (room for extra stacks, even extra syscalls as getcontext unfortunately also always saves/restores the signal mask)

But then ... async/await in C! 🥳

Here are the docs:
https://zirias.github.io/poser/api/latest/class_p_s_c___async_task.html

#C #coding

I finally eliminated the need for a dedicated #thread controlling the pam helper #process in #swad. 🥳

The building block that was still missing from #poser was a way to await some async I/O task performed on the main thread from a worker thread. So I added a class to allow exactly that. The naive implementation just signals the main thread to carry out the requested task and then waits on a #semaphore for completion, which of course blocks the worker thread.

Turns out we can actually do better, reaching similar functionality like e.g. #async / #await in C#: Release the worker thread while waiting to do other jobs. The key to this is user context switching support like offered by #POSIX-1.2001 #getcontext and friends. Unfortunately it was deprecated in POSIX-1.2008 without an obvious replacement (the docs basically say "use threads", which doesn't work for my scenario), but still lots of systems provide it, e.g. #FreeBSD, #NetBSD, #Linux (with #glibc) ...

The posercore lib now offers both implementations, prefering to use user context switching if available. It comes at a price: Every thread job now needs its private stack space (I allocated 64kiB there for now), and of course the switching takes some time as well, but that's very likely better than leaving a task idle waiting. And there's a restriction, resuming must still happen on the same thread that called the "await", so if this thread is currently busy, we have to wait a little bit longer. I still think it's a very nice solution. 😎

In any case, the code for the PAM credential checker module looks much cleaner now (the await "magic" happens on line 174):
https://github.com/Zirias/swad/blob/57eefe93cdad0df55ebede4bd877d22e7be1a7f8/src/bin/swad/cred/pamchecker.c

#C #coding

Does #NetBSD support ZRAM?

The slides, the video, and the text behind my presentation at EuroBSDCon 2024 - 'Why and how we're migrating many of our servers from Linux to the BSDs.'

https://it-notes.dragas.net/2024/10/03/i-solve-problems-eurobsdcon/

#ITNotes #FreeBSD #OpenBSD #NetBSD #RunBSD #IT #SysAdmin #EuroBSDCon #EBC24 #EuroBSDCon24 #EuroBSDCon2024 #NoteHUB

In regards to DNS domains, previously when setting up Linux machines on the LAN I have just gone with whatever the installer chose as the default: "home", "lan", etc.

NetBSD amd64 installer defaults to "home" and, in reading a bit about such domains I discovered RFC 8375, which designates "'.home.arpa.'... as a special-use domain name... for non-unique use in residential home networks."

I'm using it now.

https://datatracker.ietf.org/doc/html/rfc8375

#Networking #NetBSD

For my NetBSD install I wanted to include _disk encryption_ to protect personal data in case the device is lost or stolen.

Its not really enough to simply encrypt home directories. Passphrases and sensitive data can linger and be extracted from locations such as system logs and swap memory. There is a trade-off to be made between how much to encrypt, the convenience of operating the system, and the ability for the system to boot.

This is how I do it...

https://www.dwarmstrong.org/netbsd-encrypt-install/

#NetBSD #RunBSD

About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.

I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift #PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.

Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.

arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.

@dec_hl I know.

Besides #RaspberryPiOS there's like @bunsenlabs / #BunsenLabs and me dabbling (@OS1337) tho technically they all are #i486 as they use #Linux kernels beyond the cutoff date for #i386 support.

• #NetBSD propably still supports i386 and potentially even i286...

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟰/𝟭𝟰 (Valuable News - 2025/04/14) available.

https://vermaden.wordpress.com/2025/04/14/valuable-news-2025-04-14/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟰/𝟭𝟰 (Valuable News - 2025/04/14) available.

https://vermaden.wordpress.com/2025/04/14/valuable-news-2025-04-14/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟰/𝟭𝟰 (Valuable News - 2025/04/14) available.

https://vermaden.wordpress.com/2025/04/14/valuable-news-2025-04-14/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Oops, almost forgot. My first #Linux was S.u.S.E. Linux April 1995. That was 30 years ago.

Before that, I had #NetBSD on my #Amiga 3000, but I only booted into it to play Hack.

mother electricity

#unix_surrealism #fosschild #technomage #penguin #netbsd #daemon #fish #computer

Alt...

Mage, Penguin, Daemon and Fosschild meet Mother Electricity (angel?) with a big fish.

@sborrill

Interesting, though, that #NetBSD is associated with bearded warriors and orange flags on... fire?

I thought #OpenBSD was more of the flame war operating system?

(I kid! I kid!)

@bentsukun @stefano @justine

@bsd_nl conference day at Maximus Brewery in Utrecht

A lovely day with a great beer 🍻 on the sunny terrace. 🏝️

Thanks to the organizers and speakers @kp #PF firewall and Benedict Reuschling #OpenZFS

#openbsd #freebsd #netbsd

Alt...

Bsdnl conference Opening

@stefano @justine @stablehorde_generator generated the following artist's impression of the #NetBSD posse

Alt...

Bearded warriors holding orange flags

@stefano @justine Or the #NetBSD guys are putting together a posse to convince you of the error of your ways

ostan101, saw this Linux only meme added some flavour for BSDs 😜 #RunBSD #DragonflyBSD #FreeBSD #NetBSD #OpenBSD