From george at ceetonetechnology.com Fri Feb 2 13:34:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 02 Feb 2018 18:34:00 +0000 Subject: [talk] script for extracting FreeBSD /etc/src.conf file Message-ID: <87756375-900d-c60c-bd3b-acc431a102c6@ceetonetechnology.com> A while back there was an freebsd-arm@ discussion about building images with the crochet tool, and including a sample src.conf file. The src.conf file provides parameters for building or updating a system from source. It allows different parts of the kernel to be removed, or added. The relevant application for crochet was in reducing the footprint of a system for embedded use, but there are obvious security benefits. It is/was also relevant for building GPL-less systems. But there's more obvious applications, like, do you really need pf, ipfw and ipf in your base system? Bluetooth on a server? freebsd-update(8) if you're following stable? However, there's no default /etc/src.conf file in FreeBSD, and maintaining one is tricky. There are unnoticed changes during releases. The best method is to extract it from the man page, IMHO. This is a script which I've toyed with for a while, and I think it's "usable" for others who want to create an appropriate /etc/src.conf file on the system the script is run. It might need more cleanup, since it's been sitting in my attic for a while. I still maybe sort out the hierarchical aspects of the src.conf, ie, if you set WITHOUT_WIRELESS it also enforces WITHOUT_WIRELESS_SUPPORT. It assumes user land and the kernel are in sync, of course. http://wiki.torbsd.org/doku.php?id=en:a_shell_script_to_convert_src.conf_5_contents_to_an_example_etc_src.conf_file I'm curious to hear if others regularly use the /etc/src.conf file when building from source. Any comments/input on it are welcome. g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From kmsujit at gmail.com Sat Feb 3 06:16:14 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sat, 3 Feb 2018 16:46:14 +0530 Subject: [talk] script for extracting FreeBSD /etc/src.conf file In-Reply-To: <87756375-900d-c60c-bd3b-acc431a102c6@ceetonetechnology.com> References: <87756375-900d-c60c-bd3b-acc431a102c6@ceetonetechnology.com> Message-ID: On Feb 3, 2018 12:05 AM, "George Rosamond" wrote: A while back there was an freebsd-arm@ discussion about building images with the crochet tool, and including a sample src.conf file. The src.conf file provides parameters for building or updating a system from source. It allows different parts of the kernel to be removed, or added. The relevant application for crochet was in reducing the footprint of a system for embedded use, but there are obvious security benefits. It is/was also relevant for building GPL-less systems. But there's more obvious applications, like, do you really need pf, ipfw and ipf in your base system? Bluetooth on a server? freebsd-update(8) if you're following stable? However, there's no default /etc/src.conf file in FreeBSD, and maintaining one is tricky. There are unnoticed changes during releases. The best method is to extract it from the man page, IMHO. This is a script which I've toyed with for a while, and I think it's "usable" for others who want to create an appropriate /etc/src.conf file on the system the script is run. It might need more cleanup, since it's been sitting in my attic for a while. I still maybe sort out the hierarchical aspects of the src.conf, ie, if you set WITHOUT_WIRELESS it also enforces WITHOUT_WIRELESS_SUPPORT. It assumes user land and the kernel are in sync, of course. http://wiki.torbsd.org/doku.php?id=en:a_shell_script_to_ convert_src.conf_5_contents_to_an_example_etc_src.conf_file I'm curious to hear if others regularly use the /etc/src.conf file when building from source. Any comments/input on it are welcome. g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 _______________________________________________ talk mailing list talk at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/talk Shouldn't there be a wiki on freebsd.org. helpful for people to start off tweaking the OS. Should be same for others too. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kmsujit at gmail.com Sun Feb 4 01:38:34 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sun, 4 Feb 2018 12:08:34 +0530 Subject: [talk] Search Engines Message-ID: I had a random thought on the search engines provided by Google/Yahoo/Bing etc. Most of them give a very good search result but the value added is in the form of other services provided by them like maps/localization etc. But is it true with an very insane topic, some of my contributions in mailing list are not there, most notable being sf-lug. I don't find any references. Why?. robot.txt blocks google. Is it just that or the search is failing because of something else. From george at ceetonetechnology.com Mon Feb 5 15:17:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 05 Feb 2018 20:17:00 +0000 Subject: [talk] NYC*BUG Upcoming Message-ID: <3b005834-a86a-0f80-accb-f5353b346601@ceetonetechnology.com> Feb 7 2018, Wednesday, 1845 Reproducible builds on NetBSD, Christos Zoulas LMHQ, 150 Broadway, 20th Floor, Manhattan I will talk about my recent work getting reproducible builds on NetBSD. The talk will be based on information that I first posted at: https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds and it will have more detailed examples of the toolchain, build, and application changes that every OS needs to make to achieve reprodicibility. I will also discuss the meaning of timestamps and other "build-specific" information that needs to become predictable for fully reproducible builds, and if it is worth faking in the first place to achieve identical built artifacts at the media level. Speaker Bio I live in New York City and work in the Finance Sector. I spend most of my free time with my kids. When they let me I try to write and fix things for NetBSD/file/tcsh/libedit/... and other pieces of code I've worked on over the years. Other Upcoming *BSD Events AsiaBSDCon in Tokyo, Japan March 8-11 BSDCan in Ottawa, Canada June 8-9 EuroBSDCon in Bucharest, Romania September 22-23 From george at ceetonetechnology.com Wed Feb 7 10:50:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 07 Feb 2018 15:50:00 +0000 Subject: [talk] NYC*BUG Tonight: Christos on Reproducible Builds Message-ID: <5638301d-6bab-c683-7a7b-2a8db628cf75@ceetonetechnology.com> Feb 7 2018, Wednesday, 1845 Reproducible builds on NetBSD, Christos Zoulas LMHQ, 150 Broadway, 20th Floor, Manhattan I will talk about my recent work getting reproducible builds on NetBSD. The talk will be based on information that I first posted at: https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds and it will have more detailed examples of the toolchain, build, and application changes that every OS needs to make to achieve reprodicibility. I will also discuss the meaning of timestamps and other "build-specific" information that needs to become predictable for fully reproducible builds, and if it is worth faking in the first place to achieve identical built artifacts at the media level. Speaker Bio I live in New York City and work in the Finance Sector. I spend most of my free time with my kids. When they let me I try to write and fix things for NetBSD/file/tcsh/libedit/... and other pieces of code I've worked on over the years. Other Upcoming *BSD Events AsiaBSDCon in Tokyo, Japan March 8-11 BSDCan in Ottawa, Canada June 8-9 EuroBSDCon in Bucharest, Romania September 22-23 From viewtiful.icchan at gmail.com Wed Feb 7 11:55:20 2018 From: viewtiful.icchan at gmail.com (Robert Menes) Date: Wed, 7 Feb 2018 11:55:20 -0500 Subject: [talk] NYC*BUG Tonight: Christos on Reproducible Builds In-Reply-To: <5638301d-6bab-c683-7a7b-2a8db628cf75@ceetonetechnology.com> References: <5638301d-6bab-c683-7a7b-2a8db628cf75@ceetonetechnology.com> Message-ID: I'll be there tonight! On Wed, Feb 7, 2018 at 10:50 AM, George Rosamond < george at ceetonetechnology.com> wrote: > Feb 7 2018, Wednesday, 1845 > Reproducible builds on NetBSD, Christos Zoulas > LMHQ, 150 Broadway, 20th Floor, Manhattan > > I will talk about my recent work getting reproducible builds on NetBSD. > The talk will be based on information that I first posted at: > > https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds > > and it will have more detailed examples of the toolchain, build, and > application changes that every OS needs to make to achieve reprodicibility. > > I will also discuss the meaning of timestamps and other "build-specific" > information that needs to become predictable for fully reproducible > builds, and if it is worth faking in the first place to achieve > identical built artifacts at the media level. > > Speaker Bio > > I live in New York City and work in the Finance Sector. I spend most of > my free time with my kids. When they let me I try to write and fix > things for NetBSD/file/tcsh/libedit/... and other pieces of code I've > worked on over the years. > > Other Upcoming *BSD Events > > AsiaBSDCon in Tokyo, Japan March 8-11 > BSDCan in Ottawa, Canada June 8-9 > EuroBSDCon in Bucharest, Romania September 22-23 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -- Nobody's ever lost in life...they're merely taking the scenic route. ============================== Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html ============================== -----BEGIN GEEK CODE BLOCK----- Version: 3.1.2 GCS/S/M/MU d- s+: a38 C++(+++) UL++++>$ P++ L+++ E+ W+ N+ o+ K++ w--- O- M !V PS+ PE Y+ PGP(+) t+ 5++ X++ R tv b+++ DI+++ D++(---) G++ e+ h- r++ y+ ------END GEEK CODE BLOCK------ -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Wed Feb 7 23:13:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 08 Feb 2018 04:13:00 +0000 Subject: [talk] meeting Message-ID: <660bdced-0348-bc9a-fb68-6f1554aa9229@ceetonetechnology.com> Christos did a great meeting about reproducible builds. Patrick streamed, and I assume the video will be available. We passed the hat for NetBSD, and collected $95, which will go to the NetBSD Foundation tomorrow. g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From bcallah at devio.us Wed Feb 7 23:18:39 2018 From: bcallah at devio.us (Brian Callahan) Date: Wed, 7 Feb 2018 23:18:39 -0500 Subject: [talk] meeting In-Reply-To: <660bdced-0348-bc9a-fb68-6f1554aa9229@ceetonetechnology.com> References: <660bdced-0348-bc9a-fb68-6f1554aa9229@ceetonetechnology.com> Message-ID: <9ac9ad80-4047-8bd6-6310-005528af0d10@devio.us> On 02/07/18 23:13, George Rosamond wrote: > Christos did a great meeting about reproducible builds. > > Patrick streamed, and I assume the video will be available. > > We passed the hat for NetBSD, and collected $95, which will go to the > NetBSD Foundation tomorrow. > > g Awesome! Glad to hear the meeting went well. I chipped in $10 to the NetBSD Foundation just now via PayPal since I couldn't make the meeting. I think it's a good practice that we should all keep in mind. ~Brian From pvarga at pvrg.net Thu Feb 8 03:40:23 2018 From: pvarga at pvrg.net (Peter Varga) Date: Thu, 08 Feb 2018 08:40:23 +0000 Subject: [talk] Reverse presentation Message-ID: <1518079223.1700821.1263706664.3E8A40A6@webmail.messagingengine.com> Greetings all: Open up the chance to more people to present one?s idea and generate more consecutive nycbug gatherings.The idea is streaming a presentation in, from remote. Over the years many nycbug attendees moved or live away yet they all made excellent presentations. So in person presentation are time and location sensitive. Let?s remove the location part. Would they like to do it again? Now even my phone can do video calls for quite long time reliably over LTE. So the source is covered. Restreaming can also be done since streaming out works already. I am quiet certain the network logistics can be figured out. The only trouble, i think, is finding the logistics for the display. Projector would work on a wall. I am willing to donate to get a projector for nycbug.org and any wall could be a display. eBay links for a quality flexible projector like device? Any thoughts yeah nay? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcevoy.pat at gmail.com Sat Feb 10 14:06:27 2018 From: mcevoy.pat at gmail.com (Patrick McEvoy) Date: Sat, 10 Feb 2018 14:06:27 -0500 Subject: [talk] Reverse presentation In-Reply-To: <1518079223.1700821.1263706664.3E8A40A6@webmail.messagingengine.com> References: <1518079223.1700821.1263706664.3E8A40A6@webmail.messagingengine.com> Message-ID: <5A7F42B3.4090402@gmail.com> Peter Varga wrote: > Greetings all: > Open up the chance to more people to present one?s idea and generate > more consecutive nycbug gatherings. > The idea is streaming a presentation in, from remote. > > Over the years many nycbug attendees moved or live away yet they all > made excellent presentations. So in person presentation are time and > location sensitive. Let?s remove the location part. Would they like to > do it again? > > Now even my phone can do video calls for quite long time reliably over > LTE. So the source is covered. Restreaming can also be done since > streaming out works already. I am quiet certain the network logistics > can be figured out. > > The only trouble, i think, is finding the logistics for the display. > Projector would work on a wall. I am willing to donate to get a > projector for nycbug.org and any wall could be a display. eBay links > for a quality flexible projector like device? > > Any thoughts yeah nay? > I am in. We could have the presenter "coming in" over Skype or any other video chat service, and I could stream that over our usual donated Scale Engine link. We have also talked about using an live IRC channel for streamers. In fact IRC may be easier for asking remote presenters questions. P From sjt.kar at gmail.com Wed Feb 14 08:09:22 2018 From: sjt.kar at gmail.com (Sujit K M) Date: Wed, 14 Feb 2018 18:39:22 +0530 Subject: [talk] Reverse presentation In-Reply-To: <5A7F42B3.4090402@gmail.com> References: <1518079223.1700821.1263706664.3E8A40A6@webmail.messagingengine.com> <5A7F42B3.4090402@gmail.com> Message-ID: On Sun, Feb 11, 2018 at 12:36 AM, Patrick McEvoy wrote: > Peter Varga wrote: >> Greetings all: >> Open up the chance to more people to present one?s idea and generate >> more consecutive nycbug gatherings. >> The idea is streaming a presentation in, from remote. >> >> Over the years many nycbug attendees moved or live away yet they all >> made excellent presentations. So in person presentation are time and >> location sensitive. Let?s remove the location part. Would they like to >> do it again? >> >> Now even my phone can do video calls for quite long time reliably over How about Reverse Presentation Fest like Hackathon? with points? over a set of voluteers who are present on that day? >> >> Any thoughts yeah nay? >> > > I am in. We could have the presenter "coming in" over Skype or any other > video chat service, and I could stream that over our usual donated Scale > Engine link. We have also talked about using an live IRC channel for > streamers. In fact IRC may be easier for asking remote presenters > questions. Is Skype Functional on BSD. From mcevoy.pat at gmail.com Wed Feb 14 19:47:53 2018 From: mcevoy.pat at gmail.com (Patrick McEvoy) Date: Wed, 14 Feb 2018 19:47:53 -0500 Subject: [talk] Reverse presentation In-Reply-To: References: <1518079223.1700821.1263706664.3E8A40A6@webmail.messagingengine.com> <5A7F42B3.4090402@gmail.com> Message-ID: <5A84D8B9.8030402@gmail.com> Sujit K M wrote: > On Sun, Feb 11, 2018 at 12:36 AM, Patrick McEvoy wrote: >> Peter Varga wrote: >>> Greetings all: >>> Open up the chance to more people to present one?s idea and generate >>> more consecutive nycbug gatherings. >>> The idea is streaming a presentation in, from remote. >>> >>> Over the years many nycbug attendees moved or live away yet they all >>> made excellent presentations. So in person presentation are time and >>> location sensitive. Let?s remove the location part. Would they like to >>> do it again? >>> >>> Now even my phone can do video calls for quite long time reliably over > > How about Reverse Presentation Fest like Hackathon? with points? over > a set of voluteers who are present on that day? -Could be a component to the ports-fest we spoke about earlier on talk@ > >>> Any thoughts yeah nay? >>> >> I am in. We could have the presenter "coming in" over Skype or any other >> video chat service, and I could stream that over our usual donated Scale >> Engine link. We have also talked about using an live IRC channel for >> streamers. In fact IRC may be easier for asking remote presenters >> questions. > Is Skype Functional on BSD. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From mcevoy.pat at gmail.com Sun Feb 18 08:23:06 2018 From: mcevoy.pat at gmail.com (Patrick McEvoy) Date: Sun, 18 Feb 2018 08:23:06 -0500 Subject: [talk] Video posted: NYCBugFeb2018: Reproducible builds on NetBSD, & OpenSSL what not to do by Christos Zoulas Message-ID: <5A897E3A.2080307@gmail.com> Hey Folks, Just posted the video for the Feb 2018 NYCBUG meeting: NYCBugFeb2018: Reproducible builds on NetBSD, & OpenSSL by Christos Zoulas URL: https://youtu.be/8t-xbg6y_vA I have been working on the steaming system and have moved to new software and projector feed capture equipment for this video. In the future I will also be upgrading the microphone as well. Enjoy. P From pete at nomadlogic.org Sun Feb 18 19:17:44 2018 From: pete at nomadlogic.org (Pete Wright) Date: Sun, 18 Feb 2018 16:17:44 -0800 Subject: [talk] FreeBSD drm-next now available on 11-STABLE Message-ID: hope this isn't considered spam - but thought this may be interesting to folks wanting to something other that CURRENT on their systems while getting accelerated graphics: https://lists.freebsd.org/pipermail/freebsd-stable/2018-February/088406.html https://www.phoronix.com/scan.php?page=news_item&px=DRM-Next-KMOD-On-FreeBSD-11 tl;dr the same linux-kpi and drm-next work thats been happening on CURRENT to enable support for i915 and radeon GPU's has been ported to 11-STABLE.? i've been dog-fooding this code on current since for ever and it's gotten quite stable.? i'd post a longer email - but i need to play minecraft on my freebsd desktop (which happens to use this same code) with my son :) -pete -- Pete Wright pete at nomadlogic.org @nomadlogicLA From scottro11 at gmail.com Sun Feb 18 19:30:11 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Sun, 18 Feb 2018 19:30:11 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: References: Message-ID: <20180219003011.GA6683@scott1.scottro.net> On Sun, Feb 18, 2018 at 04:17:44PM -0800, Pete Wright wrote: > hope this isn't considered spam - but thought this may be interesting to > folks wanting to something other that CURRENT on their systems while getting > accelerated graphics: > > https://lists.freebsd.org/pipermail/freebsd-stable/2018-February/088406.html > > https://www.phoronix.com/scan.php?page=news_item&px=DRM-Next-KMOD-On-FreeBSD-11 > > tl;dr the same linux-kpi and drm-next work thats been happening on CURRENT > to enable support for i915 and radeon GPU's has been ported to 11-STABLE.? > i've been dog-fooding this code on current since for ever and it's gotten > quite stable.? i'd post a longer email - but i need to play minecraft on my > freebsd desktop (which happens to use this same code) with my son :) So, it's working for you? Judging from forums, not yet working for everyone. Going to wait a few days before I try it. (In theory, my Yoga2 with Haswell should have been working, but doesn't, perhaps because it's HiDPI.). Thanks very much for the update. And yes, it's working quite well for me with CURRENT. I note that the Makefile, which used to say it wouldn't work with 11.x now only says it won't work with 10.x. I don't know if pkg is working, with CURRENT, I usually needed the port and also needed to have /usr/src populated. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From pete at nomadlogic.org Sun Feb 18 20:00:38 2018 From: pete at nomadlogic.org (Pete Wright) Date: Sun, 18 Feb 2018 17:00:38 -0800 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <20180219003011.GA6683@scott1.scottro.net> References: <20180219003011.GA6683@scott1.scottro.net> Message-ID: On 02/18/2018 16:30, Scott Robbins wrote: > On Sun, Feb 18, 2018 at 04:17:44PM -0800, Pete Wright wrote: >> hope this isn't considered spam - but thought this may be interesting to >> folks wanting to something other that CURRENT on their systems while getting >> accelerated graphics: >> >> https://lists.freebsd.org/pipermail/freebsd-stable/2018-February/088406.html >> >> https://www.phoronix.com/scan.php?page=news_item&px=DRM-Next-KMOD-On-FreeBSD-11 >> >> tl;dr the same linux-kpi and drm-next work thats been happening on CURRENT >> to enable support for i915 and radeon GPU's has been ported to 11-STABLE. >> i've been dog-fooding this code on current since for ever and it's gotten >> quite stable.? i'd post a longer email - but i need to play minecraft on my >> freebsd desktop (which happens to use this same code) with my son :) > So, it's working for you? Judging from forums, not yet working for > everyone. Going to wait a few days before I try it. (In theory, my Yoga2 > with Haswell should have been working, but doesn't, perhaps because it's > HiDPI.). I haven't tested yet as all my gear is running current ATM.? might convert one of my kabylake systems to 11-STABLE later if I have time tomorrow.? the code just got pushed today, so i'm not too surprised about bugs.? hopefully this will get more people testing the lkpi and drm-next code so we can get it more stable. > > Thanks very much for the update. And yes, it's working quite well for me > with CURRENT. > > I note that the Makefile, which used to say it wouldn't work with 11.x now > only says it won't work with 10.x. I don't know if pkg is working, with > CURRENT, I usually needed the port and also needed to have /usr/src > populated. > i've been using the upstream pkg's on CURRENT w/o issue for a couple months now - as long as i keep my world/userland reasonably up to date things just work.? if i test 11-STABLE i'll def only use pkg's as i think that will be closer to what general user expectations are. AFAICT there are no plans to support 10.x at this point. -pete -- Pete Wright pete at nomadlogic.org @nomadlogicLA From scottro11 at gmail.com Sun Feb 18 20:08:59 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Sun, 18 Feb 2018 20:08:59 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: References: <20180219003011.GA6683@scott1.scottro.net> Message-ID: <20180219010859.GA24618@scott1.scottro.net> On Sun, Feb 18, 2018 at 05:00:38PM -0800, Pete Wright wrote: > > > > > > I note that the Makefile, which used to say it wouldn't work with 11.x now > > only says it won't work with 10.x. I don't know if pkg is working, with > > CURRENT, I usually needed the port and also needed to have /usr/src > > populated. > > > > i've been using the upstream pkg's on CURRENT w/o issue for a couple months > now - as long as i keep my world/userland reasonably up to date things just > work.? if i test 11-STABLE i'll def only use pkg's as i think that will be > closer to what general user expectations are. > > AFAICT there are no plans to support 10.x at this point. Well, I'm selfish, so that's alright with me. :) Any laptop I have would be running 11.x if not CURRENT. Like you, I'll try in a few days. It will be nice if it works from pkg too--at one point, it worked for me in CURRENT with pkg, but after November? I think, I always had to use ports. Thanks again. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From jun at soum.co.jp Sun Feb 18 20:59:13 2018 From: jun at soum.co.jp (Jun Ebihara) Date: Mon, 19 Feb 2018 10:59:13 +0900 (JST) Subject: [talk] AsiaBSDCon2018 Message-ID: <20180219.105913.409316513631530826.jun@soum.co.jp> AsiaBSDCon 2018 information: https://wiki.netbsd.org/summits/AsiaBSDCon_2018_NetBSD_Summit/ https://wiki.netbsd.org/summits/AsiaBSDCon_2018_BSD_BoF/ I booked one room for NetBSD on Day 1 and 2. one booth for NetBSD on Day 3 and 4. any requests welcome, - meeting for developers - meeting for NetBSD users - NetBSD booth gadgets. - and more. Mar 8 Tue 8:30-22:30 : Room for NetBSD Mar 9 Fri 8:30-22:30 : Room for NetBSD Mar 10 Conference day1 : BSDResearch and NetBSD Booth Mar 11 Conference day2 : BSDResearch and NetBSD Booth Program: https://2018.asiabsdcon.org/program.html.ja Registration: https://2018.asiabsdcon.org/registration/?lang=en OpenBSD and NetBSD machines at AsiaBSDCon 2017: http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html -- Jun Ebihara From george at ceetonetechnology.com Mon Feb 19 12:54:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 19 Feb 2018 17:54:00 +0000 Subject: [talk] AsiaBSDCon2018 In-Reply-To: <20180219.105913.409316513631530826.jun@soum.co.jp> References: <20180219.105913.409316513631530826.jun@soum.co.jp> Message-ID: <5636856b-d67f-cfad-1e75-546312404115@ceetonetechnology.com> Jun Ebihara: > AsiaBSDCon 2018 information: > > https://wiki.netbsd.org/summits/AsiaBSDCon_2018_NetBSD_Summit/ > https://wiki.netbsd.org/summits/AsiaBSDCon_2018_BSD_BoF/ > > I booked > one room for NetBSD on Day 1 and 2. > one booth for NetBSD on Day 3 and 4. > > any requests welcome, > - meeting for developers > - meeting for NetBSD users > - NetBSD booth gadgets. > - and more. > > Mar 8 Tue 8:30-22:30 : Room for NetBSD > Mar 9 Fri 8:30-22:30 : Room for NetBSD > Mar 10 Conference day1 : BSDResearch and NetBSD Booth > Mar 11 Conference day2 : BSDResearch and NetBSD Booth > > Program: > https://2018.asiabsdcon.org/program.html.ja > > Registration: > https://2018.asiabsdcon.org/registration/?lang=en > > OpenBSD and NetBSD machines at AsiaBSDCon 2017: > http://mail-index.netbsd.org/netbsd-advocacy/2017/03/13/msg000729.html Thanks Jun. Consider this not just a NetBSD notification, but another *BSD notification for AsiaBSDCon all. g From jun at soum.co.jp Mon Feb 19 18:52:26 2018 From: jun at soum.co.jp (Jun Ebihara) Date: Tue, 20 Feb 2018 08:52:26 +0900 (JST) Subject: [talk] AsiaBSDCon2018 In-Reply-To: <5636856b-d67f-cfad-1e75-546312404115@ceetonetechnology.com> References: <20180219.105913.409316513631530826.jun@soum.co.jp> <5636856b-d67f-cfad-1e75-546312404115@ceetonetechnology.com> Message-ID: <20180220.085226.200657208076146048.jun@soum.co.jp> From: George Rosamond Subject: Re: [talk] AsiaBSDCon2018 Date: Mon, 19 Feb 2018 17:54:00 +0000 > Consider this not just a NetBSD notification, but another *BSD > notification for AsiaBSDCon all. Thanx, If some needs meeting room during AsiaBSDCon, I can help for room booking. If someone wants to smells like gadgets demonstration, welcome our demonstration booth to put them in, https://togetter.com/li/1084357?page=9 with little tag such as "from NYCBUG!" and more. -- Jun Ebihara From george at ceetonetechnology.com Wed Feb 21 20:32:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 22 Feb 2018 01:32:00 +0000 Subject: [talk] post from freebsd-arm@ list In-Reply-To: References: Message-ID: <7a91b62b-625c-b6ee-b0c5-0cd49cf846be@ceetonetechnology.com> This is from a thread on the FreeBSD arm@ list. I love the line about the plan to "gut GENERIC like a fish." A cause for optimism. g -------- Forwarded Message -------- Subject: Re: Custom kernel for RPi2 and 3 Date: Wed, 21 Feb 2018 15:03:27 -0700 On Wed, Feb 21, 2018 at 12:58 PM, Rodney W. Grimes < freebsd-rwg at pdx.rh.cn85.dnsmgr.net> wrote: > > Last time I tried to support the issue of people should really be > building a custom kernel and not running GENERIC I pretty much > got shot down as "this is 2018 no one should have to build a > kernel". > The current plan for 12 is that we'll gut GENERIC like a fish, at least on x86, and ship with a more minimal kernel. Everything that can be loaded as a module automatically will be loaded (there's some things that can't or could be but with a crazy amount of work, those wills till be static). The devmatch work I've done is driving it, but it isn't fully realized in -current yet since there's lots of PCI drivers that need love. For ARM specifically, we need a lot of work on the FDT side of the house to get there, and there's some issues about the best place to do the loading that might not be worked out by the branch for 12. Having a better story for embedded is needed regardless of the progress towards automatic loading. Warner _______________________________________________ freebsd-arm at freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-arm To unsubscribe, send any mail to "freebsd-arm-unsubscribe at freebsd.org" From _ at thomaslevine.com Thu Feb 22 15:17:00 2018 From: _ at thomaslevine.com (Thomas Levine) Date: Thu, 22 Feb 2018 20:17:00 +0000 Subject: [talk] Using separate users for different programs Message-ID: <20180222201701.477C07E3C5@mailuser.nyi.internal> Not trusting myself to verify the correctness and authenticity of stuff that I download from the internet, I have been running some programs as separate users with doas. For example, I have an "r" user for running R, and I have configured things so that when I type "R" I execute R as the "r" user rather than my normal "tlevine" user. This way, I can install lots and lots of R packages and not worry that one of them might accidentally delete something important belonging to tlevine. I do the same thing for a Perl program with lots of dependencies. And of course I do something like this for web applications, but with Apache. I think this makes sense for anything complicated or anything that you don't trust. Are there already tools for creating dedicated users for particular applications? It is very easy to edit doas.conf and write wrappers, but I would wrap far more programs this way if it were easy. I know of many systems that create separate environments in separate directories, such as Nix and pretty much every package manager specific to a particular programming language (npm, &c.) but none that make separate users. From justin at shiningsilence.com Thu Feb 22 17:23:08 2018 From: justin at shiningsilence.com (Justin Sherrill) Date: Thu, 22 Feb 2018 17:23:08 -0500 Subject: [talk] Using separate users for different programs In-Reply-To: <20180222201701.477C07E3C5@mailuser.nyi.internal> References: <20180222201701.477C07E3C5@mailuser.nyi.internal> Message-ID: On Thu, Feb 22, 2018 at 3:17 PM, Thomas Levine <_ at thomaslevine.com> wrote: > Are there already tools for creating dedicated users for particular > applications? It is very easy to edit doas.conf and write wrappers, > but I would wrap far more programs this way if it were easy. I realize this is not exactly an answer to the same question you are asking, but there is a section in the DragonFly documentation about running a web browser as a separate user: https://www.dragonflybsd.org/docs/docs/handbook/RunSecureBrowser/ From scottro11 at gmail.com Thu Feb 22 18:10:41 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Thu, 22 Feb 2018 18:10:41 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <20180219010859.GA24618@scott1.scottro.net> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> Message-ID: <20180222231041.GA2388@scott1.scottro.net> On Sun, Feb 18, 2018 at 08:08:59PM -0500, Scott Robbins wrote: > On Sun, Feb 18, 2018 at 05:00:38PM -0800, Pete Wright wrote: > > > > > > > > > > I note that the Makefile, which used to say it wouldn't work with 11.x now > > > only says it won't work with 10.x. I don't know if pkg is working, with > > > CURRENT, I usually needed the port and also needed to have /usr/src > > > populated. > > > Welp, just tried tonight on 11.1 and getting port marked as IGNORE. So apparently still only working on CURRENT. One could possibly edit the Makefile and get it to work, but it's more effort than I'm willing to expend right now,. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From pete at nomadlogic.org Thu Feb 22 18:34:44 2018 From: pete at nomadlogic.org (Pete Wright) Date: Thu, 22 Feb 2018 15:34:44 -0800 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <20180222231041.GA2388@scott1.scottro.net> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> <20180222231041.GA2388@scott1.scottro.net> Message-ID: <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> On 2/22/18 3:10 PM, Scott Robbins wrote: > On Sun, Feb 18, 2018 at 08:08:59PM -0500, Scott Robbins wrote: >> On Sun, Feb 18, 2018 at 05:00:38PM -0800, Pete Wright wrote: >>> >>>> I note that the Makefile, which used to say it wouldn't work with 11.x now >>>> only says it won't work with 10.x. I don't know if pkg is working, with >>>> CURRENT, I usually needed the port and also needed to have /usr/src >>>> populated. >>>> > Welp, just tried tonight on 11.1 and getting port marked as IGNORE. > > So apparently still only working on CURRENT. One could possibly edit the > Makefile and get it to work, but it's more effort than I'm willing to > expend right now,. > > oh really?? i was able to build it locally on my 11-STABLE system on monday.? i had to pull a checkout to ensure that "uname -U" is 1101510 or higher. -pete -- Pete Wright pete at nomadlogic.org 310.309.9298 From scottro11 at gmail.com Thu Feb 22 19:38:03 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Thu, 22 Feb 2018 19:38:03 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> <20180222231041.GA2388@scott1.scottro.net> <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> Message-ID: <20180223003803.GA5487@scott1.scottro.net> On Thu, Feb 22, 2018 at 03:34:44PM -0800, Pete Wright wrote: > > > On 2/22/18 3:10 PM, Scott Robbins wrote: > > On Sun, Feb 18, 2018 at 08:08:59PM -0500, Scott Robbins wrote: > >> On Sun, Feb 18, 2018 at 05:00:38PM -0800, Pete Wright wrote: > >>> > > Welp, just tried tonight on 11.1 and getting port marked as IGNORE. > > > > So apparently still only working on CURRENT. One could possibly edit the > > Makefile and get it to work, but it's more effort than I'm willing to > > expend right now,. > > > > > oh really?? i was able to build it locally on my 11-STABLE system on > monday.? i had to pull a checkout to ensure that "uname -U" is 1101510 > or higher. That may be it. I just tried after a fresh install without updating. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From scottro11 at gmail.com Thu Feb 22 19:41:22 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Thu, 22 Feb 2018 19:41:22 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <20180223003803.GA5487@scott1.scottro.net> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> <20180222231041.GA2388@scott1.scottro.net> <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> <20180223003803.GA5487@scott1.scottro.net> Message-ID: <20180223004122.GA8879@scott1.scottro.net> On Thu, Feb 22, 2018 at 07:38:03PM -0500, Scott Robbins wrote: > On Thu, Feb 22, 2018 at 03:34:44PM -0800, Pete Wright wrote: > > > > > > > oh really?? i was able to build it locally on my 11-STABLE system on > > monday.? i had to pull a checkout to ensure that "uname -U" is 1101510 > > or higher. > > That may be it. I just tried after a fresh install without updating. Meh, I see what happened. I've been mentally confusing STABLE and RELEASE. >From a series of posts on the forums, it seems it's in STABLE, but not in RELEASE and probably won't be. https://forums.freebsd.org/threads/using-drm-next-kmod-on-freebsd-11-stable.64731/ > -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From pete at nomadlogic.org Thu Feb 22 19:51:51 2018 From: pete at nomadlogic.org (Pete Wright) Date: Thu, 22 Feb 2018 16:51:51 -0800 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <20180223004122.GA8879@scott1.scottro.net> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> <20180222231041.GA2388@scott1.scottro.net> <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> <20180223003803.GA5487@scott1.scottro.net> <20180223004122.GA8879@scott1.scottro.net> Message-ID: <042050ca-038d-d144-efe7-02bc5073e2a2@nomadlogic.org> On 2/22/18 4:41 PM, Scott Robbins wrote: > On Thu, Feb 22, 2018 at 07:38:03PM -0500, Scott Robbins wrote: >> On Thu, Feb 22, 2018 at 03:34:44PM -0800, Pete Wright wrote: >>> oh really?? i was able to build it locally on my 11-STABLE system on >>> monday.? i had to pull a checkout to ensure that "uname -U" is 1101510 >>> or higher. >> That may be it. I just tried after a fresh install without updating. > Meh, I see what happened. I've been mentally confusing STABLE and RELEASE. > From a series of posts on the forums, it seems it's in STABLE, but not in > RELEASE and probably won't be. yea that would make sense.? but don't lose heart - i believe HPS is going to attempt to submit patches shortly so that this will work on 11.1-RELEASE.? the devs are also sync'ing the bits so that it'll have parity with the code in linux-4.11.? its taking a bit longer to get that merge completedue to linux changing API interfaces randomly b/w minor releases from what i've gathered, so the code currently available has parity with the 4.9 kernel. -pete -- Pete Wright pete at nomadlogic.org 310.309.9298 From scottro11 at gmail.com Thu Feb 22 20:00:46 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Thu, 22 Feb 2018 20:00:46 -0500 Subject: [talk] FreeBSD drm-next now available on 11-STABLE In-Reply-To: <042050ca-038d-d144-efe7-02bc5073e2a2@nomadlogic.org> References: <20180219003011.GA6683@scott1.scottro.net> <20180219010859.GA24618@scott1.scottro.net> <20180222231041.GA2388@scott1.scottro.net> <17b84488-6c80-3401-11cf-461176245307@nomadlogic.org> <20180223003803.GA5487@scott1.scottro.net> <20180223004122.GA8879@scott1.scottro.net> <042050ca-038d-d144-efe7-02bc5073e2a2@nomadlogic.org> Message-ID: <20180223010046.GA15214@scott1.scottro.net> On Thu, Feb 22, 2018 at 04:51:51PM -0800, Pete Wright wrote: > > > On 2/22/18 4:41 PM, Scott Robbins wrote: > >> That may be it. I just tried after a fresh install without updating. > > Meh, I see what happened. I've been mentally confusing STABLE and RELEASE. > > From a series of posts on the forums, it seems it's in STABLE, but not in > > RELEASE and probably won't be. > yea that would make sense.? but don't lose heart - i believe HPS is > going to attempt to submit patches shortly so that this will work on > 11.1-RELEASE.? the devs are also sync'ing the bits so that it'll have > parity with the code in linux-4.11.? its taking a bit longer to get that > merge completedue to linux changing API interfaces randomly b/w minor > releases from what i've gathered, so the code currently available has > parity with the 4.9 kernel. That would be nice. Thanks. I'll continue to keep an eye on it. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From sjt.kar at gmail.com Fri Feb 23 06:55:12 2018 From: sjt.kar at gmail.com (Sujit K M) Date: Fri, 23 Feb 2018 17:25:12 +0530 Subject: [talk] Using separate users for different programs In-Reply-To: <20180222201701.477C07E3C5@mailuser.nyi.internal> References: <20180222201701.477C07E3C5@mailuser.nyi.internal> Message-ID: On Fri, Feb 23, 2018 at 1:47 AM, Thomas Levine <_ at thomaslevine.com> wrote: > Not trusting myself to verify the correctness and authenticity of stuff > that I download from the internet, I have been running some programs as > separate users with doas. > > For example, I have an "r" user for running R, and I have configured > things so that when I type "R" I execute R as the "r" user rather than > my normal "tlevine" user. This way, I can install lots and lots of Not sure whether this is of help. I have worked on Multiple Websites, Which run at least the web part of it as different users. This I think is to enable security. Other part of it is that You will not be able to run the programs as another user. They will not be able to start up. Note: I mean the programs are always to be started by a given user. The logged in user generally doesnot have permissions. From okan at demirmen.com Fri Feb 23 10:05:11 2018 From: okan at demirmen.com (Okan Demirmen) Date: Fri, 23 Feb 2018 10:05:11 -0500 Subject: [talk] Using separate users for different programs In-Reply-To: <20180222201701.477C07E3C5@mailuser.nyi.internal> References: <20180222201701.477C07E3C5@mailuser.nyi.internal> Message-ID: On Thu, Feb 22, 2018 at 3:17 PM, Thomas Levine <_ at thomaslevine.com> wrote: > Not trusting myself to verify the correctness and authenticity of stuff > that I download from the internet, I have been running some programs as > separate users with doas. > > For example, I have an "r" user for running R, and I have configured > things so that when I type "R" I execute R as the "r" user rather than > my normal "tlevine" user. This way, I can install lots and lots of > R packages and not worry that one of them might accidentally delete > something important belonging to tlevine. I do the same thing for a Perl > program with lots of dependencies. And of course I do something like > this for web applications, but with Apache. I think this makes sense for > anything complicated or anything that you don't trust. > > Are there already tools for creating dedicated users for particular > applications? It is very easy to edit doas.conf and write wrappers, > but I would wrap far more programs this way if it were easy. > > I know of many systems that create separate environments in separate > directories, such as Nix and pretty much every package manager specific > to a particular programming language (npm, &c.) but none that make > separate users. You're not alone; I used to use systrace until it because unusable (and now gone). I have a couple of wrappers that just work for me. Basically for local X apps, import the relevant xauth bits, set DISPLAY and if needed, access to drm. Other stuff is of course easier and dependent on what the software needs. I don't know of tools that do this, because I do thing each app is different. Yeah, privilege separation is pretty much the well known way to go now; heck, not only traditional "services/servers", even file(1) is separated because, well, it acts on dangerous stuff. Similarly, fetching distfiles in ports uses a separate user, as does building, packaging, etc, right along with building base src even. but watch this space.... From _ at thomaslevine.com Sat Feb 24 00:18:18 2018 From: _ at thomaslevine.com (Thomas Levine) Date: Sat, 24 Feb 2018 05:18:18 +0000 Subject: [talk] Using separate users for different programs In-Reply-To: References: <20180222201701.477C07E3C5@mailuser.nyi.internal> Message-ID: <20180224051819.E48F67E12E@mailuser.nyi.internal> Then I suppose I will write my own. Maybe I'll report in a few months if I wind up using it. https://thomaslevine.com/scm/subdo From george at ceetonetechnology.com Wed Feb 28 19:26:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 01 Mar 2018 00:26:00 +0000 Subject: [talk] Open Letter from The Tor BSD Diversity Project Message-ID: <605c6a39-e8be-95fa-03e6-937111edb00b@ceetonetechnology.com> Greetings. This letter has started circulating around the community, and should be of interest to both talk@ and announce@ subscribers. Note that the two New York Internet boxes are up and running, and their two relays should be operational in the next day or two. https://torbsd.org/open-letter.html **** An Open Letter to BSD-powered Companies and Projects For three years, the Tor BSD Diversity Project (TDP) has worked to bring the BSDs into the mainstream of the privacy-enhancing technology ecosystem (PETs). We aim to expand the use of the BSDs as a platform for Tor relays, public nodes in the Tor anonymity network. Tor is a critical tool for maintaining privacy online, frequently employed by journalists, human rights workers and those residing in repressive and censored environments. Many people in the BSD community know about TDP, whether from BSD conferences or our development work, such as porting Tor Browser to OpenBSD. We are committed to extending the presence of all the BSDs into the PETs ecosystem, yet beyond our immediate circles we also believe untapped resources in the BSD community need to be enlisted. A large number of major firms employ BSD code and systems in their business. From enterprise-grade backup firms to internet service providers, the BSDs are a popular operating system option. TDP is requesting that firms which rely on the BSDs and related open-source projects run a Tor relay or bridge in their name. New York Internet, a data center firm that employs FreeBSD and already hosts the US east coast FreeBSD mirror, committed to running two high-bandwidth relays, maintained by their staff with TDP assistance. Their relays are provisioned and ?NewYorkInternet0? and ?NewYorkInternet1? should be up and running soon. We hope their example can be the first among many for BSD-based enterprises. TDP is in discussions with several other entities to run public relays, and we look forward to other announcements in the near future. This open letter also is addressed to the various BSD software projects. There are few better badges of a trusted Tor node than one provided by a BSD or derivative project. Why would a firm or project operate a Tor relay? First, running a Tor relay extends the most critical public tool for online privacy and anonymity. Tor enables journalists? leads to be anonymous and client-attorney privilege to actually be confidential. In a time when privacy in any form is under attack Tor is a lifeline for many people. Second, the majority of Tor relays run Linux. This operating system monoculture affects the overall integrity of the Tor network. It also means that the default operating system for a new generation of young hackers is Linux, and not a BSD. Ultimately, it means a smaller pool of users familiar with the BSDs. Running a Tor relay doesn?t mean a significant commitment in terms of resources and bandwidth. The relay doesn?t necessarily have to allow ?exit traffic?, which tend to be the targets for IP blacklists and DCMA complaints. It would also be helpful if your entity just ran a Tor bridge, essentially a private gateway into the Tor network for censored users. Bridge IPs are not publicly available, yet are a critical mitigation against internet censors. Finally, there is a broader advantage to BSD firms running Tor relays: an example of your commitment to a free and uncensored internet. Beyond running a relay to support the Tor network in general, there is also the possibility of making your own services available over the Tor network via a .onion address. Firms such as Facebook illustrate the advantage of explicitly offering a .onion address for their site, as it provides users additional security and privacy guarantees above and beyond those given by the public internet. Integrating Tor into your internet presence may be more work than just running a Tor node, but it also gives more weight to the idea that privacy is a feature that users need, desire and can reasonably expect. If you have further questions about running a Tor relay or bridge as an enterprise, consult our evolving FAQ, or contact us. If your entity isn?t ready to run a Tor node, but you?re interested in donating resources such as bandwidth, hardware or some type of monetary support, contact us. TDP looks forward to assisting your staff in configuring and maintaining BSD relays. TorBSD at torbsd.org (GPG Key)