Category Archives: Tech

Flickr’s Uploads from everyone from The Future

I like using RSS, I have Miniflux running in a FreeBSD Jail all the time. Lately I noticed that it’s not very handy to open up Flickr every hour to see photos by my friends, so I decided to use their RSS feed.

First of all, I’m so happy that Flickr provides an RSS feed, it’s an amazing standard and I wish more websites and services implemented it, or at least, not remove it πŸ™‚

So I go to Norayr’s Flickr page, and since Firefox removed RSS I do Ctrl-U to see the page source. I search for the term RSS and I find nothing, I search for atom and I find a link!

I copy the link and I add it to my Miniflux feeds. I hit refresh and I see the following.

Okay, so looks like those are photos… from everyone… on Flickr… from the future.

I KNOW that my time is synced, because I always have NTP running. After some digging, I figured that those posts ARE from the future. Flickr calls them “scheduled” posts.

Doing a little more digging, and I realize that I did not copy the full link with id=norayr's_id and now I’m seeing everyone’s feeds.

That’s all folks! πŸ™‚

Reply via email.

macOS to FreeBSD migration a.k.a why I left macOS

I think the title tells a lot about the story I’m going to tell you.

This is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.

Not so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.

I did not want to write this post right after the migration, I wanted to take my time, use FreeBSD daily, see if I will ever miss macOS.

Here’s a tweet of mine from 8 months ago

Let’s look at it this way. macOS is becoming less Unix-y every year, date(1) is outdated, there are 100+ Unix processes running by the time the system is booted, most of them are useless for the general user, it has no native package manager (at least MacPorts/homebrew/pkgsrc is out there) and for a power user, there is no proper documentation. Have you ever checked the FreeBSD handbook? Everything is right there!

Okay, the nice graphics part. Have you seen the latest and greatest Big Sur? It feels like eye-candy, it’s not made for power users at all, everything seems to be a distraction now, even the icons. I’m no UI guru, but bringing iOS to the desktop is not for everyone.

So I decided to move to FreeBSD. This is where many people will tell me “Okay but not everything works outside the box”, true! but which OS works outside the box these days anyway? Windows is still a nightmare, setting up macOS took me 3 days the last time, Linux takes way more if you’re building it from scratch. Setting up FreeBSD took me 3 days, however this meant that I will NOT need to change it again for a very, very, VERY long time.

Every time Apple pushed an updated, my pf.conf and automount configs got broken on macOS. They either got deleted or they moved somewhere. Well, the last 2 times it just got deleted.

On FreeBSD, I upgraded from 12.1-RELEASE to 12.2-RELEASE and nothing broke, and in case there were any changes, FreeBSD just asked me what to do about them.

Let’s come back for a second. Unix is outdated and Apple does not care about it, fancy graphics are too fancy now. Doing forensics is almost impossible. And the hardware is, well, not the best out there (have you ever disassembled a MacBook Pro? it’s takes 2 hours to change a battery while I can reassemble my Dell Latitudes and ThinkPads in 30 minutes).

So there was no reason to stay here anymore. I had to migrate. The question is: where?

Linux has systemd, not my favorite thing out there, Windows is privacy nightmare. That left me with 2 major options: Linuxes without systemd (Gentoo, in my case) or BSDs.

Since I run FreeBSD servers anyway, I just migrated to FreeBSD.

Here’s a short review about running FreeBSD on ThinkPad T480s.

  • WiFi: works. not the fastest, but fast enough.
  • Graphics: works.
  • Touchpad: works with multiple fingers AND very configurable via sysctl.
  • BT does discovery and pairs, I still have to try it with non-Apple headphones.
  • COVID-19 era: Zoom, Google Hangouts, Jitsi and all other WebRTC-based video conferencing software works via web as well.
  • Thanks to Linuxulator, I can watch Netflix as well: here’s a screenshot.

Most importantly, it’s Free and Open Source.

It’s been 1 month and 1 day since I last touched my MacBook Pro, so, what do I miss?

  • Better BT support
  • Faster WiFi

That’s it, that’s all missing on a FreeBSD laptop these days. WiFi can do 48Mbps according to ifconfig but I usually get 10-20Mbps. BT pairs with my Apple AirPods but I wish it worked till the end.

Having a nice workstation/laptop is not an easy thing, using macOS means living by Apple rules, Windows is the same for Microsoft. The BSDs gave me the power to be as free as possible πŸ™‚

During the next weeks I’ll try to blog about the actual setup.

P.S. dear Apple employee, in case you’re reading this, please tell your management to update their BSD Unix layer. Some of us still care, some of us are not just Docker people, some of us are not just “modern” web developers. Thanks in advance.

That’s all folks! πŸ™‚

Reply via email.

Signal-cli with scli on FreeBSD

So couple of days ago I migrated from macOS on Macbook Pro to FreeBSD on ThinkPad T480s.

Unfortunately, since we are in war, I do not have the time to blog about the migration, although I’m taking notes every day about every change that I do so I can blog later on πŸ™‚

However, one of the biggest concerns for me was running Signal on FreeBSD, as I understnad, Signal people are not interested in supporting the *BSDs.

As any sane person, I started searching the internet for possible solutions and turns out all I need is two pieces of software

The installation is as easy as running

pkg install signal-cli scli

Now for the simple part.

First, you need to link your phone by running

signal-cli link -n "FreeBSD"

It will give an output that says tsdevice:/?uuid=...&pub_key=....

Copy that output, and then in another terminal run

qrencode 'tsdevice:/?uuid=...&pub_key=...' -t ANSI256

You will be represented by a QR Code in the console (cool, aye?).

Using the phone app, link the device by scanning the QR Code.

To receive list of your contacts run

signal-cli -u +myphonenumber receive

Now try to run the TUI interface by running

scli

Side-note: In case you are not able to send or receive messages, you might need to do some DBUS magic.

First, find if you have DBUS running

antranigv@zvartnots:~ $ ps -x -o comm,pid | grep dbus
dbus-launch         53571
dbus-daemon         54064
dbus-daemon         54963

Then, you will need to find the DBUS_SESSION_BUS_ADDRESS environment variable, this is usually set in the DBUS child process, in our case, it’s 54963, so we can use procstat as root

root@zvartnots:~ # procstat -e 54963
  PID COMM             ENVIRONMENT                                          
54963 dbus-daemon      SHELL=/usr/local/bin/bash DBUS_STARTER_ADDRESS=unix:path=/tmp/dbus-TaY0zoKZIb,guid=4f518f874f97170e788a94fb5fa14a3c DISPLAY=:0.0 WMAKER_BIN_NAME=wmaker PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/antranigv/bin WINDOWPATH=9 MAIL=/var/mail/antranigv GTK_THEME=Adwaita:dark DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/dbus-TaY0zoKZIb,guid=4f518f874f97170e788a94fb5fa14a3c USER=antranigv DBUS_STARTER_BUS_TYPE=session MM_CHARSET=UTF-8 WRASTER_COLOR_RESOLUTION0=4 PWD=/usr/home/antranigv BLOCKSIZE=K LANG=en_US.UTF-8 LOGNAME=antranigv HOME=/home/antranigv

Okay! we have our variable!

Now, we need to set the ENV and we are done, if you use (t)csh then execute

setenv DBUS_SESSION_BUS_ADDRESS unix:path=/tmp/dbus-TaY0zoKZIb,guid=4f518f874f97170e788a94fb5fa14a3c

If you are using bash, run the following

export DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/dbus-TaY0zoKZIb,guid=4f518f874f97170e788a94fb5fa14a3c

Now, you can run scli again and it will work fine πŸ™‚

Happy Chatting!@#$%

That’s all folks! πŸ™‚

Reply via email.

Erlang dbg Intro

If there’s one programming language that changed my life, that’s Erlang. After using Erlang for couple of years, I “moved” to Elixir, which is based on Erlang’s VM.

One the most important aspects of Erlang’s VM is that it’s a “real” VM, there’s a kernel, processes, messaging facilities and many more.

Lately I’ve been debugging a huge Erlang application whose architecture I was not very familiar with and I needed to find a way to see what kind of messages are being sent and received, which Modules and Functions are being called and what are they returning.

So I wanted to write a small How-To for me and you, in case we need it again in the future.

Okay, for this example I’ll be using Elixir TCP Server, a simple TCP server that gets data and sends it back to its origin.

First, let’s clone the repo.

antranigv@zvartnots:prj $ git clone https://github.com/SonaTigranyan/ElixirTcpServer

Okay, now let’s run the server

antranigv@zvartnots:ElixirTcpServer $ iex -S mix
Erlang/OTP 23 [erts-11.0] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]

Compiling 3 files (.ex)
Generated tcp_server app
Interactive Elixir (1.10.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)>

Good! By default, the TCP server listens on port 9000, as specified in the Application Tree.

Okay, we can send data now πŸ™‚

antranigv@zvartnots:ElixirTcpServer $ echo test | nc localhost 9000
test

Or in an interactive way!

antranigv@zvartnots:ElixirTcpServer $ nc localhost 9000
First mesage!
First mesage!
Good TCP server!
Good TCP server!
bye
antranigv@zvartnots:ElixirTcpServer $

Good! As you can see the connection is closed when the server gets bye.

Okay, say we want to trace the do_send function, observe what does it get and return.

iex(2)> :dbg.start()
{:ok, #PID<0.191.0>}
iex(3)> :dbg.tracer()
{:ok, #PID<0.191.0>}
iex(4)> :dbg.tpl(TcpServer, :do_send, [{:_, [], [{:return_trace}]}])
{:ok, [{:matched, :nonode@nohost, 1}, {:saved, 1}]}
iex(5)> :dbg.p(:new_processes, :c)
{:ok, [{:matched, :nonode@nohost, 0}]}
iex(6)>
(<0.198.0>) call 'Elixir.TcpServer':do_send(#Port<0.545>,"Message from client!\n")

Okay, first we start the dbg facility, and then we start a tracing server on the local node.

After that, we use function tpl to specify which local calls we want to trace.

And in the end we use the p function to start tracing the calls (c) of all new_processes πŸ™‚

Now, when the do_send function is called, we see what it gets.

And when we send bye, we see the following:

(<0.198.0>) returned from 'Elixir.TcpServer':do_send/2 -> ok

And all of this is happening when the software system is running. In production, we can do the same, by either attaching to the node or connecting to it!

That’s all folks! πŸ™‚

Reply via email.

autofs on macOS Catalina

One of the nice things (that used to be) about macOS is how much unix is underneath, but this has been less true each year.

Like any normal human being, I do my development on a real Unix system, FreeBSD. I ended up using FreeBSD VMs that have NFS exports, and I mount those on my macOS. However, there have been issues with Catalina, here’s the main problem:

mount | grep 'map auto_nfs_antranigv'  | wc -l
18

So for some reason in Catalina you can’t do nested mounts, because auto_nfs_antranigv was mounted in /Users/antranigv/nfs, which is inside /Users (also autofs’ed) it was duplicating and ended up eating a lot of CPU πŸ™‚

Here’s the proper way of doing it

First, in /etc/auto_master add the following:

/System/Volumes/Data/netmount		auto_nfs_user

(you might want to change user to your username)

Then, create the following file β†’ /etc/auto_nfs_user

Finally you can set your mounts, for example:

someoneelsecomputer	-fstype=nfs	cloudserver:/usr/home/sysadmin/cloud

here’s a complete example:

antranigv@zvartnots:~ $ cat /etc/auto_master
#
# Automounter master map
#
+auto_master			# Use directory service
#/net				-hosts		-nobrowse,hidefromfinder,nosuid
/home				auto_home	-nobrowse,hidefromfinder
/System/Volumes/Data/nfs	auto_nfs_antranigv
/Network/Servers		-fstab
/-				-static
antranigv@zvartnots:~ $ cat /etc/auto_nfs_antranigv
illuria-dev	-fstype=nfs illuria-dev:/usr/home/antranigv/illuria
devbsd-src	-fstype=nfs devbsd00:/usr/src

Now I’m happy! πŸ™‚

Reply via email.

VNET Jail HowTo

So Dan has been tweeting that there’s no good example to get started with VNET Jails with jail.conf, I thought it’s time to write one.

In this example I’ve used FreeBSD 12.1-RELEASE

root@jail-host:~ # freebsd-version
12.1-RELEASE
root@jail-host:~ # uname -a
FreeBSD jail-host 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC  amd64
root@jail-host:~ #

First thing first, let’s setup a bridge on our host

root@jail-host:~ # sysrc cloned_interfaces="bridge0"
cloned_interfaces:  -> bridge0
root@jail-host:~ # sysrc ifconfig_bridge0="inet 10.0.0.1 netmask 0xffffff00 descr jails-bridge"
ifconfig_bridge0:  -> inet 10.0.0.1 netmask 0xffffff00 descr jails-bridge

Start the bridge0 interface without restarting the other interfaces

root@jail-host:~ # service netif start bridge0

Good! let’s setup a ZFS dataset for Jails πŸ˜‰

root@jail-host:~ # zfs create -o mountpoint=/usr/local/jails zroot/jails

Good! now let’s fetch the base.txz file. I will be using my closest mirror, you should use yours.

root@jail-host:~ # mkdir /usr/local/jails/.dist-files
root@jail-host:~ # fetch -o /usr/local/jails/.dist-files/FreeBSD-12.1-RELEASE-base.txz http://mirror.yandex.ru/freebsd/releases/amd64/12.1-RELEASE/base.txz

Perfect!

Now, we will extract the base into the jail.

root@jail-host:~ # zfs create zroot/jails/www
root@jail-host:~ # tar xf /usr/local/jails/.dist-files/FreeBSD-12.1-RELEASE-base.txz -C /usr/local/jails/www/

Nicely done! Now let’s setup our /etc/jail.conf πŸ™‚

Here’s my configuration.

# vim: set syntax=sh:
exec.stop  = "/bin/sh /etc/rc.shutdown";
exec.clean;
allow.raw_sockets;
allow.mount.tmpfs;
mount.devfs;


www {
    $id     = "10";
    $ipaddr = "10.0.0.${id}";
    $mask   = "255.255.255.0";
    $gw     = "10.0.0.1";
    vnet;
    vnet.interface = "epair${id}b";

    exec.prestart   = "ifconfig epair${id} create up";
    exec.prestart  += "ifconfig epair${id}a up descr vnet-${name}";
    exec.prestart  += "ifconfig bridge0 addm epair${id}a up";

    exec.start      = "/sbin/ifconfig lo0 127.0.0.1 up";
    exec.start     += "/sbin/ifconfig epair${id}b ${ipaddr} netmask ${mask} up";
    exec.start     += "/sbin/route add default ${gw}";
    exec.start     += "/bin/sh /etc/rc";

    exec.prestop    = "ifconfig epair${id}b -vnet ${name}";

    exec.poststop   = "ifconfig bridge0 deletem epair${id}a";
    exec.poststop  += "ifconfig epair${id}a destroy";

    host.hostname = "${name}.jail-host";
    path = "/usr/local/jails/${name}";
    exec.consolelog = "/var/log/jail-${name}.log";
    persist;
}

Now let’s start our Jail!

root@jail-host:~ # service jail enable
jail enabled in /etc/rc.conf
root@jail-host:~ # service jail start www
Starting jails: www.
root@jail-host:~ # jls
   JID  IP Address      Hostname                      Path
     1                  www.jail-host                 /usr/local/jails/www

Let’s check the networking πŸ™‚

root@jail-host:~ # ping -c 1 10.0.0.10
PING 10.0.0.10 (10.0.0.10): 56 data bytes
64 bytes from 10.0.0.10: icmp_seq=0 ttl=64 time=0.164 ms

--- 10.0.0.10 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.164/0.164/0.164/0.000 ms

We can do the same from the jail.

root@jail-host:~ # jexec www
root@www:/ # ping -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.087 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.087/0.087/0.087/0.000 ms

We can also stop all the jails.

root@jail-host:~ # service jail stop
Stopping jails: www.

Okay! Couple of notes πŸ™‚

You can have jail.conf at /etc/jail.conf or /etc/something.jail.conf. The problem with the latter is that if you have jail_enable="YES" in rc.conf without defining jail_list then it will run only the jails in /etc/jail.conf

There are more ways to configure VNET Jails, either with jib or jng, an example is here.

Ideally, it would be nice to have /etc/jail.d/myjail.conf, and I wrote a patch for that (D24570), if you are a FreeBSD developer, please have a look πŸ™‚

Reply via email.

FreeBSD Root-on-ZFS Migration

My home server (running this blog) got old, it has only 2G of RAM and a very old hard drive.

I usually like to use laptops as home server, they get the job done! I know I can’t have fancy things like RAID1, but I usually keep my backups on a separate disk/machine anyway.

So, I got my Dell Latitude E5470 next to my 11 years old Dell Inspiron to start the migration process.

Here’s a simple how-to guide for migrating a FreeBSD system from one machine to another.

Snapshotting The Pool

Okay, on the old host let snapshot the pool.

zfs snap -r zroot@migrate

Let’s save that snapshot in a file.

zfs send -R zroot@migrate | gzip > /usr/local/zroot.zfs.gz

This might take a while, grab some coffee πŸ™‚

Now let’s save the ZFS Boot Environment (bootfs) property

# zpool get bootfs zroot
NAME PROPERTY VALUE SOURCE
zroot bootfs zroot/ROOT/default local

Perfect! now let’s go to the new host! πŸ™‚

Installing FreeBSD

Well, this is simple πŸ™‚ first, install FreeBSD on the new machine. DON’T forget to use ZFS! πŸ™‚

The reason why we are doing this so the FreeBSD installer will handle all the boot loader installation process. If you know how to do this manually, then be my guest (and blog about it).

β€œReset” ZFS

Okay, now let’s β€œreset” that pool

zpool destroy zroot
zpool create -R /mnt zroot /dev/ada0p3 # please check the partition index thought
zpool export zroot # so we can import again with -N
zpool import -N -R /mnt zroot

Restore Old Snapshot

Here we go.

ssh antranigv@pingvinashen "gzcat /usr/local/zroot.zfs.gz" | zfs receive -v -u -F zroot

Aaand we wait again.

So, check you restored all the datasets with zfs list -r zroot

Set the bootfs property.

zpool set bootfs=zroot/ROOT/default zroot

Fingers Crossed and reboot

well, now it’s the time.

shutdown -r now

Done

Hope this helps πŸ™‚

Reply via email.

Setting route interface in FreeBSD

I usually blog for myself, so I don’t forget stuff when I need them πŸ˜›

I’m usually connected via WiFi to a network, however, FreeBSD’s WiFi drivers are not very… good. I mean they do work and do essential stuff, but it’s slow πŸ™‚ anyways.

That’s why I’m always connected to the network using a wire as well.

The problem that I always encounter and want to solve is to change the default route’s interface after wiring up πŸ™‚

Here’s how you can do that.

# netstat -4rn | grep default
default            10.10.200.254      UGS       wlan0
# route change default 10.10.200.254 -ifp em0
change net default: gateway 10.10.200.254 fib 0
# netstat -4rn | grep default
default            10.10.200.254      UGS         em0

and so on…

Reply via email.

FreeBSD USB Disk and ZVOL Encryption with GELI

Disk encryption is becoming more important in our day to day life, specially when you have access to some corporate servers or “top secret” files.

I love FreeBSD, it’s simple, rock-solid, easy to use, the handbook is amazing! It also has the option to encrypt the disks during installation. I use FreeBSD everywhere (and TrueOS on my laptop), but disk encryption takes a lot of power, so I chose instead of doing full disk encryption in my laptop, I’ll just have a small media like a USB drive or ZFS ZVOL and encrypt that.

Here’s how to do so πŸ™‚

If you compiled your own kernel ensure it contains these options

options GEOM_ELI
device crypto

Now, make sure crypto and geom_eli is loaded and add these lines to /boot/loader.conf:

crypto_load=YES
geom_eli_load=YES

Let’s move on.

Now, we need the partition that we are going to encrypt it.
In case it’s a USB drive that you want to encrypt, here’s what to do. First, plug-in the USB drive into your computer. Now, let’s check it’s GEOM class name.

# geom disk list
Geom name: ada0
Providers:
1. Name: ada0
   Mediasize: 480103981056 (447G)
   Sectorsize: 512
   Mode: r1w1e2
   descr: SanDisk Ultra II 480GB
   lunid: 5001b444a4a40542
   ident: 162265428493
   rotationrate: 0
   fwsectors: 63
   fwheads: 16

Geom name: da0
Providers:
1. Name: da0
   Mediasize: 4004511744 (3.7G)
   Sectorsize: 512
   Mode: r0w0e0
   descr: SanDisk Cruzer Fit
   lunname: SanDisk Cruzer Fit      4C532000030211123165
   lunid: SanDisk Cruzer Fit      4C532000030211123165
   ident: 4C532000030211123165
   rotationrate: unknown
   fwsectors: 63
   fwheads: 255

Destroy and Create New Partitions

Okay, as we can see it’s da0. First, let’s destroy it and make a new partition on it! (Make sure you backup your data in case you have any important files).

# gpart destroy -F da0
da0 destroyed
# gpart create -s GPT da0
da0 created
# gpart add -t freebsd-ufs -i 1 da0
da0p1 added

In my case, I didn’t want to use a USB drive, I wanted to have an encrypted ZVOL, here’s how to do that as well.
First, create a ZVOL

# zfs create -V 1G zroot/private

Okay, so, in case of a USB drive, we have a partition waiting for us, in case of ZVOL, we have 1GB volume.

Let’s encrypt those!

Initiating Encryption

There are multiple ways to encrypt a disk, check geli(8) for detailed info. Here I’ll show you two options.

  • Encrypting with a master key that is protected with a passphrase.
  • Encrypting with a passphrase only.

For the first option first, generate a key!

# dd if=/dev/random of=/root/master.key bs=64 count=1

Now we initialize the provider which needs to be encrypted.

# geli init -s 4096 -K /root/master.key /dev/da0p1

or in case of ZVOL

# geli init -s 4096 -K /root/master.key /dev/zvol/zroot/private

You’ll be asked to enter your passphrase, twice.

For the second option, it’s exactly the same command without -K /root/master.key. So for the ZVOL it would be

# geli init -s 4096 /dev/zvol/zroot/private

Attaching Encrypted Disks

Now we can attach the provider with the generated key or without it, here’s an example.

# geli attach -k /root/master.key /dev/da0p1

You will be asked for your passphrase.
Or without the key, only the passphrase, here’s an example.

# geli attach /dev/zvol/zroot/private

This creates a new device with .eli extention:

# ls /dev/zvol/zroot/private
private.eli%    private%

Create New File System

First, let’s randomize whatever is on the device and then format it with UFS file system.

# dd if=/dev/random of=/dev/zvol/zroot/private.eli bs=1m
# newfs /dev/zvol/zroot/private.eli

Mount and Use

# mount /dev/zvol/zroot/private.eli /mnt/private
# echo 'some data' > /mnt/private/mytopsecretdata

Detaching Encrypted Volume

# umount /mnt/private
# geli detach /dev/zvol/zroot/private.eli

That’s all folks! πŸ™‚

Reply via email.