Catching up to BSD

Catching up to BSD, news about the NetBSD project, a BSD Phone, and a bunch of OpenBSD and TrueOS News.

This episode was brought to you by

href="http://www.digitalocean.com/" title="DigitalOcean"> href="http://www.tarsnap.com/bsdnow" title="Tarsnap">

Headlines

NetBSD 7.1 released

• This update represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.

• Kernel

  • compat_linux(8): Fully support sched_setaffinity and sched_getaffinity, fixing, e.g., the Intel Math Kernel Library.

• DTrace:

  • Avoid redefined symbol errors when loading the module.
  • Fix module autoload.

• IPFilter:

  • Fix matching of ICMP queries when NAT'd through IPF.
  • Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
  • ipsec(4): Fix NAT-T issue with NetBSD being the host behind NAT.

• Drivers

  • Add vioscsi driver for the Google Compute Engine disk.
  • ichsmb(4): Add support for Braswell CPU and Intel 100 Series.
  • wm(4):
  • Add C2000 KX and 2.5G support.
  • Add Wake On Lan support.
  • Fixed a lot of bugs

• Security Fixes

  • NetBSD-SA2017-001 Memory leak in the connect system call.
  • NetBSD-SA2017-002 Several vulnerabilities in ARP.

• ARM related

  • Support for Raspberry Pi Zero.
  • ODROID-C1 Ethernet now works.

Summary of the preliminary LLDB support project

• What has been done in NetBSD

  • Verified the full matrix of combinations of wait(2) and ptrace(2) in the following
  • GNU libstdc++ std::call_once bug investigation test-cases
  • Improving documentation and other minor system parts
  • Documentation of ptrace(2) and explanation how debuggers work
  • Introduction of new siginfo(2) codes for SIGTRAP
  • New ptrace(2) interfaces

• What has been done in LLDB

• Native Process NetBSD Plugin

• The MonitorCallback function

• Other LLDB code, out of the NativeProcessNetBSD Plugin

• Automated LLDB Test Results Summary

• Plan for the next milestone

  • fix conflict with system-wide py-six
  • add support for auxv read operation
  • switch resolution of pid -> path to executable from /proc to sysctl(7)
  • recognize Real-Time Signals (SIGRTMIN-SIGRTMAX)
  • upstream !NetBSDProcessPlugin code
  • switch std::call_once to llvm::call_once
  • add new ptrace(2) interface to lock and unlock threads from execution
  • switch the current PT_WATCHPOINT interface to PT_GETDBREGS and PT_SETDBREGS

Actually building a FreeBSD Phone

• There have been a number of different projects that have proposed building a FreeBSD based smart phone
• This project is a bit different, and I think that gives it a better chance to make progress
• It uses off-the-shelf parts, so while not as neatly integrated as a regular smartphone device, it makes a much better prototype, and is more readily available.
• Hardware overview: X86-based, long-lasting (user-replaceable) battery, WWAN Modem (w/LTE), 4-5" LCD Touchscreen (Preferably w/720p resolution, IPS), upgradable storage.
• Currently targeting the UDOO Ultra platform. It features Intel Pentium N3710 (2.56GHz Quad-core, HD Graphics 405 [16 EUs @ 700MHz], VT-x, AES-NI), 2x4GB DDR3L RAM, 32GB eMMC storage built-in, further expansion w/M.2 SSD & MicroSD slot, lots of connectivity onboard.
• Software: FreeBSD Hypervisor (bhyve or Xen) to run atop the hardware, hosting two separate hosts.
  • One will run an instance of pfSense, the "World's Most Popular Open Source Firewall" to handle the WWAN connection, routing, and Firewall (as well as Secure VPN if desired).
  • The other instance will run a slimmed down installation of FreeBSD. The UI will be tweaked to work best in this form factor & resources tuned for this platform. There will be a strong reliance on Google Chromium & Google's services (like Google Voice).
• The project has a detailed log, and it looks like the hardware it is based on will ship in the next few weeks, so we expect to see more activity. ***

News Roundup

NVME M.2 card road tests (Matt Dillon)

• DragonFlyBSD’s Matt Dillon has posted a rundown of the various M.2 NVMe devices he has tested
  • SAMSUNG 951
  • SAMSUNG 960 EVO
  • TOSHIBA OCZ RD400
  • INTEL 600P
  • WD BLACK 256G
  • MYDIGITALSSD
  • PLEXTOR M8Pe
• It is interesting to see the relative performance of each device, but also how they handle the workload and manage their temperature (or don’t in a few cases)
• The link provides a lot of detail about different block sizes and overall performance ***

ZREP ZFS replication and failover

• "zrep", a robust yet easy to use ZFS based replication and failover solution. It can also serve as the conduit to create a simple backup hub.
• The tool was originally written for Solaris, and is written in ksh
• However, it seems people have used it on FreeBSD and even FreeNAS by installing the ksh93 port
• Has anyone used this? How does it compare to tools like zxfer?
• There is a FreeBSD port, but it is a few versions behind, someone should update it
• We would be interested in hearing some feedback ***

Catching up on some TrueOS News

• TrueOS Security and Wikileaks revelations
• New Jail management utilities
• Ken Moore's talk about Sysadm from Linuxfest 2016
• The Basics of using ZFS with TrueOS ***

Catching up on some OpenBSD News

• OpenBSD 6.1 coming May 1
• OpenBSD Foundation 2016 Fundraising (goal: $250K actual: $573K)
• The OpenBSD Foundation 2017 Fundraising Campaign
• OpenBSD MitM attack against WPA1/WPA2
• OpenBSD vmm/vmd Update ***

Beastie Bits

• HardenedBSD News: Introducing CFI
• New version of Iocage (Python 3) on FreshPorts
• DragonFly BSD Network performance comparison as of today
• KnoxBUG recap ***

Feedback/Questions

• Noel asks about moving to bhyve/jails ***