Monthly Archives: November 2020

Valuable News – 2020/11/30

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Show diff(1) Output in Color.
https://www.moritz.systems/bsd-tips-and-tricks/show-diff-output-in-color/

FreeBSD Commands Cheat Sheet.
https://github.com/sbz/freebsd-commands

Disable ANYBODY Flag for sysctl(8) on FreeBSD.
https://alfix.gitlab.io/bsd/2020/07/10/disable-sysctl-anybody-flag.html

ArisbluBSD – Why New BSD?
https://blog.fivnex.co/

FreeBSD Fridays – Introduction to DTrace on FreeBSD.
https://www.youtube.com/watch?v=E06GVdH-LX0

Klara Systems – Best Practices for Optimizing ZFS.
https://klarasystems.com/learning/webinars/best-practices-for-optimizing-zfs1/

Terminal User Interface Audio Mixer mixertui for FreeBSD Version 1.4 Released.
https://gitlab.com/alfix/mixertui/

FreeBSD Hindered – Vocal Examination.
https://www.youtube.com/watch?v=LyB4JQbd1ZE

Install and Setup Linux Steam on GhostBSD.
https://wiki.ghostbsd.org/index.php/How_To#Installing_and_Setting_up_Linux_Steam_on_GhostBSD

Use pfSense Inside TrueNAS with PCI Passthrough.
https://www.reddit.com/r/freebsd/comments/k0pq1m/pfsense_inside_of_truenas_guide_truenas_pci/

BSD Weekly – Issue 46.
https://bsdweekly.com/issues/46

HardenedBSD 2020/11 Status Report.
https://hardenedbsd.org/article/shawn-webb/2020-11-25/hardenedbsd-november-2020-status-report

TrueNAS 12.0-U1 Scheduled for December.
https://www.ixsystems.com/blog/truenas-12-u1-is-scheduled/?hss_channel=tw-20491096

Port of ‘Last True Unix’ to x86.
https://www.nordier.com/

BSD Now 378 – Networknomicon.
https://www.bsdnow.tv/378

Mastering UNIX Pipes – Part 1.
https://www.moritz.systems/blog/mastering-unix-pipes-part-1/

Setup WireGuard on OpenBSD and Linux.
https://rakhesh.com/linux-bsd/setting-up-wireguard-on-openbsd-and-linux/

Toward Automated Tracking of OpenBSD Ports Contributions.
https://dataswamp.org/~solene/2020-11-15-openbsd-ports-ci.html

Odiff is Blazing Fast Native Image Comparison Tool.
https://github.com/dmtrKovalenko/odiff

Study of Initialization in Linux and OpenBSD.
https://www.openbsdjumpstart.org/bonus/study-of-initialization-in-openbsd-and-linux.pdf

Testing CS:GO on GhostBSD with Linux Steam.
https://www.youtube.com/watch?v=8shndoAm9P0

Unix BSD Yard – OpenBSD/FreeBSD Community Infrastructure.
https://www.binaryracks.co.uk/bsdyard/

Illumos Adds Support for China Hygon Dhyana Family 18h AMD Based Processor.
https://www.illumos.org/issues/13339

FOSDEM 2021 (Online) – BSD Devroom Call for Participation.
https://people.freebsd.org/~rodrigo/fosdem21/

Ruffle – Flash Player Emulator Written in Rust.
https://ruffle.rs/

Meet epr Terminal EPUB Reader Written in Python.
https://github.com/wustho/epr

FreeBSD Imports Kernel WireGuard Support.
https://svnweb.freebsd.org/base?view=revision&revision=368163

GhostBSD 20.11.28 Release Announcement.
https://www.ghostbsd.org/20.11.28_release_announcement

FreeBSD 13 – Fixing Installer Error – Failed to configure bootloader.
https://www.neelc.org/posts/freebsd-bootloader-uefi-manual/

I Am 80 Column Purist.
https://daniel.haxx.se/blog/2020/11/30/i-am-an-80-column-purist/

Hardware

Best SSDs – 2020/11.
https://www.anandtech.com/show/9799/best-ssds

Aurora 7 Prototype – World First 7 Screen Laptop.
https://expanscape.com/

ASRock AMD EPYC Rome Motherboard to Deep Mini ITX Format.
https://www.tomshardware.com/news/asrock-romed4id-2t-amd-epyc-mini_itx-motherboard

SanDisk Branding Ends – Western Digital is the New Name.
https://www.techpowerup.com/275202/sandisk-branding-ceases-to-exist-integrated-with-western-digital

ASRock Brings ZEN 2 NUC – 4X4 BOX-4800U Renoir Mini-PC Reviewed.
https://www.anandtech.com/show/16236/asrock-4×4-box4800u-renoir-nuc-review/

ASRock Mars 4000U Worlds Thinnest AMD Ryzen 4000 Mini PC.
https://www.cnx-software.com/2020/11/27/asrock-mars-4000u-worlds-thinnest-amd-ryzen-4000-mini-pc/

Pinebook Pro USB-C Docking Deck.
https://pine64.com/product/pinebook-pro-usb-c-docking-deck/?v=0446c16e2e66

Little Things That Made Amiga Great.
https://datagubbe.se/ltmag/

Life

How to Think for Yourself.
http://paulgraham.com/think.html

Sleep Duration is Associated with White Matter Microstructure and Cognitive Performance.
https://onlinelibrary.wiley.com/doi/10.1002/hbm.25132
https://news.ycombinator.com/item?id=25246419

Other

Introducing Another Free CA as Alternative to Let’s Encrypt.
https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

How Rainbow Tables Work.
http://kestas.kuliukas.com/RainbowTables/

PHP 8.0 Released.
https://www.php.net/releases/8.0/en.php

No Config for Old Men.
https://datagubbe.se/noconf/

History of URL.
https://blog.cloudflare.com/the-history-of-the-url/

Free Reimplementation of Google Proprietary Android User Space Apps and Libraries.
https://microg.org/

Quote of the Week

One ping to rule them all, One ping to find them, One ping to bring them all and in the darkness bind9 them.

Author:
Tim Chase
@gumnos
https://twitter.com/gumnos/status/1322544038445305859

EOF

Valuable News – 2020/11/23

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

OmniOS Community Edition r151036 Release Notes.
https://omniosce.org/releasenotes.html

Unbound DNS Blacklist.
https://vermaden.wordpress.com/2020/11/18/unbound-dns-blacklist/

OpenBSD Cheatsheet.
https://slaanesh.org/2020/11/openbsd-cheatsheet/

BSD Weekly – Issue 45.
https://bsdweekly.com/issues/45

Illumos Enabled -fstack-protector-strong by Default in Userland.
https://www.illumos.org/issues/13274

MidnightBSD 2.0 Released – FreeBSD Derived OS for Desktop Users.
https://fossbytes.com/midnightbsd-2-0-released-a-freebsd-derived-os-for-desktop-users/

Free Sudo Font for Coders.
https://www.kutilek.de/sudo-font/

Dev Fonts.
https://devfonts.gafi.dev/

Long Awaited Fix for FreeBSD VNET Bug Finally Arrived.
https://reviews.freebsd.org/D27279

FreeBSD Poudriere with Prefetching Binary Packages and Also Thin/Small Repos.
https://github.com/freebsd/poudriere/pull/797

Tribblix 0m23.3 Prerelease.
https://tribblix.blogspot.com/2020/11/changes-in-0m233-prerelease.html

Setup and Install TrueNAS CORE.
https://www.ixsystems.com/blog/how-to-install-truenas-core/

Bluetooth Audio on OpenBSD with Creative BT-W3.
https://jcs.org/2020/11/18/openbsd_btaudio

Upgrading GhostBSD 20.08.4 Base.
https://www.youtube.com/watch?v=AqcIaOLYe5o

DNS over HTTPS in Unbound.
https://blog.nlnetlabs.nl/dns-over-https-in-unbound/

Before BSD Kernel Starts – Part One on AMD64.
https://www.moritz.systems/blog/before-the-bsd-kernel-starts-part-one-on-amd64/

BSD Now 377 – Firewall Ban Sharing.
https://www.bsdnow.tv/377

Install FreeBSD on Raspberry Pi Step by Step Guide.
https://raspberrytips.com/install-freebsd-raspberry-pi/

GIMP Hit 25 Years.
https://www.gimp.org/news/2020/11/21/25-years-of-gimp/

Setup WireGuard Client with Routing Domains on OpenBSD.
https://codimd.laas.fr/s/NMc3qt5PQ#

Why I Use OpenBSD.
https://dataswamp.org/~solene/2020-11-16-why-i-use-openbsd.html

In Other BSDs for 2020/11/21.
https://www.dragonflydigest.com/2020/11/21/25168.html

Alpine Linux on FreeBSD 13-CURRENT Inside chroot(8).
https://www.youtube.com/watch?v=2JfAYnnobhM

Hardware

Intel Sleep Attack – Bootguard Vulnerability Waking from S3.
https://trmm.net/Sleep_attack/

Microsoft Pluton Processor – Security Chip Designed for Future of Windows PCs.
https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/

Gigabyte BRIX S Mini-PC with AMD Ryzen 4000U M.2 and SATA at 12x12cm Case.
https://www.techpowerup.com/274867/gigabyte-launches-brix-s-line-of-mini-pcs-powered-by-amd-ryzen-4000u-processors

Spectre and Meltdown Explained To Normal People.
https://blog.f-secure.com/spectre-meltdown-explained-to-normal-people/

PostgreSQL Benchmarks – Apple ARM M1 MacBook Pro 2020.
https://info.crunchydata.com/blog/postgresql-benchmarks-apple-arm-m1-macbook-pro-2020

Booting from Vinyl Record.
http://boginjr.com/it/sw/dev/vinyl-boot/

Life

Former FBI Agent Explains How to Read Body Language.
https://www.youtube.com/watch?v=4jwUXV4QaTw

The Few. The Tired. The Open Source Coders.
https://www.wired.com/story/open-source-coders-few-tired/

Other

Firefox 83.0 Introduces HTTPS Only Mode.
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/

TempleOS on Real Hardware ThinkPad T60 – RIP Terry Davis.
https://www.youtube.com/watch?v=ygZNVbBcJ4I

EOF

Unbound DNS Blacklist

Today I will show you how to configure unbound(8) to block spam/malicious/malware domains at DNS level.

unbound

I will use FreeBSD for that purpose but you can use any system that unbound(8) runs on.

logo-freebsd

Earlier I used generated /etc/hosts file but that was limited in several ways. The ZSH shell will autocomplete all these blocked domains to the ssh(1)/scp(1) commands (which takes needless time and shows useless completions). Subdomains are not handled. The malicious.com is blocked but ads.malicious.com is not. You need to duplicate all those domains in the /etc/hosts file.

TL;DR

Not all people have time for my long boring stories so this is meritum of this article.

# rm -rf /var/unbound
# mkdir -p /var/unbound/conf.d
# chown -R unbound:unbound /var/unbound
# service local_unbound setup
# service local_unbound enable
# service local_unbound start
# mkdir /root/bin
# cd 
# fetch -o /root/bin/unbound-blacklist-fetch.sh \
> https://raw.githubusercontent.com/vermaden/scripts/master/unbound-blacklist-fetch.sh
# chmod +x /root/bin/unbound-blacklist-fetch.sh
# /root/bin/unbound-blacklist-fetch.sh
# service local_unbound restart
# cat << BSD >> /var/cron/tabs/root
> # FETCH FRESH unbound(8) BLACKLIST
>   0 0 * * * /root/bin/unbound-blacklist-fetch.sh
> BSD

Whole Story

The unbound(8) caching DNS resolver has been added to FreeBSD base system in 2014 with 10.0-RELEASE version so being on FreeBSD you do not need to install anything. We will start with cleaning the any existing unbound(8) configuration which relies at /var/unbound. Keep in mind that /etc/unbound links to it.

# ls -l -d /etc/unbound /var/unbound
lrwxr-xr-x 1 root    wheel   14 2019.09.21 16:23 /etc/unbound -> ../var/unbound
drwxr-xr-x 3 unbound unbound  8 2020.11.17 16:48 /var/unbound

# rm -rf /var/unbound

# mkdir -p /var/unbound/conf.d

# chown -R unbound:unbound /var/unbound

The service local_unbound setup will create all needed configuration.

Just keep in mind that this process will setup all DNS servers that you have in the /etc/resolv.conf file.

You may want to put two of your favorite DNS servers before this process.

Configuration

# cat << BSD > /etc/resolv.conf
nameserver 9.9.9.9
nameserver 1.1.1.1
BSD

# service local_unbound setup
Performing initial setup.
destination: 
Extracting forwarders from /etc/resolv.conf.
/var/unbound/forward.conf created
/var/unbound/lan-zones.conf created
/var/unbound/control.conf created
/var/unbound/unbound.conf created
/etc/resolvconf.conf created
Original /etc/resolv.conf saved as /var/backups/resolv.conf.20201115.235254

# rm /var/backups/resolv.conf.20201115.235254

# find /var/unbound
/var/unbound
/var/unbound/lan-zones.conf
/var/unbound/control.conf
/var/unbound/unbound.conf
/var/unbound/forward.conf

% find /var/unbound -ls
 12685  17  drwxr-xr-x  3  unbound  unbound    8  Nov 17 16:48  /var/unbound
 13072   1  -rw-r--r--  1  root     unbound   98  Nov 17 05:00  /var/unbound/forward.conf
 12688   9  -rw-r--r--  1  root     unbound  354  Nov 15 23:56  /var/unbound/unbound.conf
 12686   1  drwxr-xr-x  2  unbound  unbound    3  Nov 16 00:23  /var/unbound/conf.d
 12158   9  -rw-r--r--  1  root     unbound  193  Nov 15 23:56  /var/unbound/control.conf
 11732   9  -rw-r--r--  1  root     unbound  189  Nov 15 23:56  /var/unbound/lan-zones.conf

# tail -n 999 /var/unbound/*
==> /var/unbound/conf.d <==
tail: /var/unbound/conf.d: Is a directory

==> /var/unbound/control.conf <==
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
remote-control:
	control-enable: yes
	control-interface: /var/run/local_unbound.ctl
	control-use-cert: no

==> /var/unbound/forward.conf <==
# Generated by resolvconf

forward-zone:
	name: "."
	forward-addr: 9.9.9.9
	forward-addr: 1.1.1.1

==> /var/unbound/lan-zones.conf <==
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
	# Unblock reverse lookups for LAN addresses
	unblock-lan-zones: yes
	insecure-lan-zones: yes

==> /var/unbound/unbound.conf <==
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
	username: unbound
	directory: /var/unbound
	chroot: /var/unbound
	pidfile: /var/run/local_unbound.pid
	auto-trust-anchor-file: /var/unbound/root.key

include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
include: /var/unbound/conf.d/*.conf

We will now enable the local_unbound service and start it. At this point without any DNS blocking configuration.

# service local_unbound enable
local_unbound enabled in /etc/rc.conf

# service local_unbound start
Starting local_unbound.

The /etc/resolv.conf will now have hour favorite DNS servers hashed/disabled and 127.0.0.1 address will be specified. You can also use sockstat(8) to check that unbound(8) is indeed listening on port 53.

# cat /etc/resolv.conf
# nameserver 9.9.9.9
# nameserver 1.1.1.1
nameserver 127.0.0.1
options edns0

% sockstat -l -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS 
unbound local-unbo 7362 5 udp4 127.0.0.1:53 *:*
unbound local-unbo 7362 6 tcp4 127.0.0.1:53 *:*

Test

After unbound(8) has been enabled it should now be visible that first DNS request should be longer and the second one and following requests should be very fast.

% time host ftp.freebsd.org
ftp.freebsd.org is an alias for ftp.geo.freebsd.org.
ftp.geo.freebsd.org has address 139.178.72.202
ftp.geo.freebsd.org has address 213.138.116.78
ftp.geo.freebsd.org has address 139.178.72.202
ftp.geo.freebsd.org has IPv6 address 2604:1380:2000:9501::15:0
ftp.geo.freebsd.org has IPv6 address 2001:41c8:112:8300::15:0
ftp.geo.freebsd.org has IPv6 address 2604:1380:2000:9501::15:0
ftp.geo.freebsd.org mail is handled by 0 .
host ftp.freebsd.org  0.00s user 0.01s system 1% cpu 0.501 total

% time host ftp.freebsd.org
ftp.freebsd.org is an alias for ftp.geo.freebsd.org.
ftp.geo.freebsd.org has address 139.178.72.202
ftp.geo.freebsd.org has address 213.138.116.78
ftp.geo.freebsd.org has address 139.178.72.202
ftp.geo.freebsd.org has IPv6 address 2604:1380:2000:9501::15:0
ftp.geo.freebsd.org has IPv6 address 2001:41c8:112:8300::15:0
ftp.geo.freebsd.org has IPv6 address 2604:1380:2000:9501::15:0
ftp.geo.freebsd.org mail is handled by 0 .
host ftp.freebsd.org  0.01s user 0.00s system 88% cpu 0.007 total

Yep. Works.

Blacklist

I have written a simple and short unbound-blacklist-fetch.sh to automate the process of generating up to date DNS blocked domains config.

It uses one unbound(8) source and several hosts(5) sources, then combines them in unbound(8) compatible format while removing the duplicated entries.

unbound-blacklist-script.256

We will now fetch it, put it under /root/bin directory (or use your favorite one), make it executable and start it.

# mkdir /root/bin

# fetch -o /root/bin/unbound-blacklist-fetch.sh \
> https://raw.githubusercontent.com/vermaden/scripts/master/unbound-blacklist-fetch.sh

# chmod +x /root/bin/unbound-blacklist-fetch.sh

# /root/bin/unbound-blacklist-fetch.sh

# ls -l /var/unbound/conf.d/blacklist.conf
-rw-r--r-- 1 root unbound 3003929 2020.11.16 00:23 /var/unbound/conf.d/blacklist.conf

# tail /var/unbound/conf.d/blacklist.conf
local-zone: "zyrtec.1.p2l.info" always_nxdomain
local-zone: "zyrtec.3.p2l.info" always_nxdomain
local-zone: "zyrtec.4.p2l.info" always_nxdomain
local-zone: "zyski-z-innowacji.pl" always_nxdomain
local-zone: "zytpirwai.net" always_nxdomain
local-zone: "zz.cqcounter.com" always_nxdomain
local-zone: "zzhc.vnet.cn" always_nxdomain
local-zone: "zzz.clickbank.net" always_nxdomain
local-zone: "zzz.onion.pet" always_nxdomain
local-zone: "zzzrtrcm2.com" always_nxdomain

The unbound(8) daemon already includes all /var/unbound/conf.d/*.conf files and we use that here.

You can change where the script generates blocked domains config under the # SETTINGS section directly in the script.

% grep -A 5 SETTINGS scripts/unbound-blacklist-fetch.sh 
# SETTINGS
FILE=/var/unbound/conf.d/blacklist.conf
TEMP=/tmp/unbound
TYPE=always_nxdomain
ECHO=0

After the /var/unbound/conf.d/blacklist.conf file is generated you can now restart the unbound(8) service.

# service local_unbound restart
Stopping local_unbound.
Waiting for PIDS: 87745.
Starting local_unbound.
Waiting for nameserver to start... good

We will also add that script to crontab(5) so it will fetch fresh information every day.

# cat << BSD >> /var/cron/tabs/root
> 
> # FETCH FRESH unbound(8) BLACKLIST
>   0 0 * * * /root/bin/unbound-blacklist-fetch.sh
> 
> BSD

# crontab -l | tail -4

# FETCH FRESH unbound(8) BLACKLIST
  0 0 * * * /root/bin/unbound-blacklist-fetch.sh

Test Blocked Domains

From 60000+ blocked domains I have chosen ad.track.us.org as target for verification.

% ping ad.track.us.org
ping: cannot resolve ad.track.us.org: Unknown host

% host ad.track.us.org
Host ad.track.us.org not found: 3(NXDOMAIN)

% dog ad.track.us.org
Status: NXDomain

% dog @1.1.1.1 ad.track.us.org
CNAME ad.track.us.org. 11m30s   "track.us.org."
    A track.us.org.     6m30s   185.59.208.177


unbound-test.256

As You can see the domain is successfully blocked.

The above blocking configuration does not mean that I will now disable the uBlock Origin plugin from Firefox but its a welcome addition to blocking unwanted information tools workshop.

UPDATE 1 – Reworked Script and Alternatives

After reading comments on Hacker News / Lobsters / Reddit I got a lot of good ideas how to improve my script even more.

Some people suggested that very similar functionality already exists in dns/void-zones-tools package on FreeBSD. One can also use get_unbound_adblock.sh script or lie-to-me solution.

There are also more sophisticated tools like Pi-hole which also include DHCP server and web interface for management and statistics. Unfortunately Pi-hole does not run on FreeBSD.

After reworking and adding additional sources to my unbound-blacklist-fetch.sh script its now twice the amount of blocked unwanted domains. In the first release about 60000 domains were blocked. Now its more then 120000.

Here is the distribution of data between various types of sources.

% wc -lc /tmp/unbound/lists-*
   54587 1059592 /tmp/unbound/lists-domains
  143553 4115745 /tmp/unbound/lists-hosts
   32867 1596409 /tmp/unbound/lists-unbound
  231007 6771746 total

Now the /var/unbound/conf.d/blacklist.conf before these changes.

% wc -l blacklist.conf
   60009 blacklist.conf

% ls -l /var/unbound/conf.d/blacklist.conf
-rw-r--r-- 1 root unbound 2907535 2020-11-20 00:00 /var/unbound/conf.d/blacklist.conf

… and after adding additional sources.

% wc -l blacklist.conf
  122190 blacklist.conf

% ls -l /var/unbound/conf.d/blacklist.conf
-rw-r--r-- 1 root unbound 6086623 2020-11-20 15:07 /var/unbound/conf.d/blacklist.conf

Here is also performance summary about which part takes what amount of time.

Combining various sources and generating the final config takes about 5 seconds.

Most of the time is spent in fetching the data from various sources.

UPDATE1.unbound.script.256

The script is already uploaded to the GitHub repo.

Just fetch it and enjoy πŸ™‚

UPDATE 2 – Huge Domains List Version

Thanks to Luca Castagnini from bsd.network who pointed me to https://oisd.nl/ site with HUGE list of domains that can/could/should be blocked I made another variant (or version) of the script unbound-blacklist-fetch-huge.sh with a total of 145 (!) various sources for domains to block.

It of course takes little longer to fetch and generate then the ‘casual’ version.

UPDATE2.unbound.time

Its little less then 2 minutes to fetch and generate new config while the longest part is the fetching of those 145 sources. Generation takes about 15 seconds.

These 145 sources provide more then a million domains to block.

% wc -l /tmp/unbound/* 
 551704 lists-domains
 439505 lists-hosts
  60835 lists-unbound
1052044 total

The script after removing duplicated entries makes little more then 480000 domains of it.

% wc -l /var/unbound/conf.d/blacklist.conf 
 484829 /var/unbound/conf.d/blacklist.conf

Unfortunately it comes at a price. In this HUGE variant with domains from 145 sources the unbound(8) server now uses about 150 MB of RAM.

% top -b -o res|grep -E 'RES|unbound'
  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C    TIME    WCPU COMMAND
75849 unbound       1  20    0   158M   149M select   4    0:03   0.00% local-unbound

I leave up to you which version to use and which sources to choose for blocking, but as my Firefox with about 20 tabs opened takes little more then 4226 MB of RAM these additional 150 MB from unbound(8) does not hurt that much πŸ™‚

% ./FIREFOX.RAM.sh
4226 MB

% cat FIREFOX.RAM.sh 
#! /bin/sh

SUM=0

top -b -o res \
  | sed 1,10d \
  | grep firefox \
  | awk '{print $7}' \
  | tr -cd '0-9\n' \
  | while read I
    do
      SUM=$(( ${SUM} + ${I} ))
      echo ${SUM}
    done | tail -1 | tr -d '\n'
echo " MB"
One more thing related to Firefox. After checking ‘free’ memory with Firefox running and after closing it the difference was about 2.6 GB which means that above script to calculate Firefox memory usage is not a lot accurate πŸ™‚
EOF

Valuable News – 2020/11/16

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Tailscale on OpenBSD.
https://rakhesh.com/linux-bsd/tailscale-on-openbsd/

OpenBSD 6.8 Upgrade.
https://puffy.nolink.ch/posts/openbsd_68/

Miniflux Server Setup on OpenBSD.
https://daulton.ca/2020/10/openbsd-miniflux-server/

Setup WireGuard Client with Routing Domains on OpenBSD.
https://codimd.laas.fr/s/NMc3qt5PQ#

Homebrew OpenBSD PCEngines Router.
https://github.com/martinbaillie/homebrew-openbsd-pcengines-router

Myriad Meanings of pwd in Unix Systems.
https://qmacro.org/2020/11/08/the-meaning-of-pwd-in-unix-systems/

Fully Functional Docker on FreeBSD Using vm-bhyve and sshfs.
https://www.youtube.com/watch?v=ZVkJZJEdZNY

VirtFS/9p Landed in FreeBSD.
https://svnweb.freebsd.org/base?view=revision&revision=366413
https://mobile.twitter.com/bsdfund/status/1312782189612859392

The pftbld is Lightweight OpenBSD Daemon to Automate pf(4) Table.
https://github.com/mpfr/pftbld

Meet amount Minimalist Semi Automatic Mounter for OpenBSD.
https://github.com/just22/amount

The dog is dig/drill Replacement with Colors Written in Rust.
https://github.com/ogham/dog

BSD Weekly – Issue 44.
https://bsdweekly.com/issues/44

Booting macOS Apple Silicon Kernel in QEMU.
https://worthdoingbadly.com/xnuqemu3/

ArisbluBSD – What is to Come?
https://blog.fivnex.co/2020/11/arisblubsd-what-is-to-come.html

OCR on FreeBSD – Tesseract It.
https://www.youtube.com/watch?v=BJwvEeXFmKk

Implement Internet Facing FreeBSD IPFW Firewall.
https://blog.socruel.nu/freebsd/how-to-implement-an-internet-facing-freebsd-ipfw-firewall.html

FreeBSD Core Team Will Officially Remove All Patent Limitations within Ports Tree.
https://svnweb.freebsd.org/ports?view=revision&revision=554970

FreeBSD Journal 2020/09-10 Available.
https://freebsdfoundation.org/past-issues/contributing-onboarding/
https://cdn.coverstand.com/33057/679582/e39f0cef5b08cad38d8bd6bb462f90d4df4e48cc.pdf

New OS108 Based on NetBSD 9.1 and XFCE Released.
https://forums.os108.org/d/32-os108-91-xfce-amd64-released

BSD Now 376 – Build Stable Packages.
https://www.bsdnow.tv/376

In Other BSDs for 2020/11/14.
https://www.dragonflydigest.com/2020/11/14/25150.html

The /bin/true Command and Copyright.
http://trillian.mit.edu/~jc/humor/ATT_Copyright_true.html

Preview of New BSD – ArisbluBSD.
https://www.youtube.com/watch?v=pFd1XwSKSkk

Pine Phone – KDE Community Edition.
https://kde.org/announcements/pinephone-plasma-mobile-edition/

Grafana Dashboard for OPNSense and Sensei.
https://github.com/b4b857f6ee/opnsense_grafana_dashboard

FreeBSD After 15 Years Will Provide audio/lame Package.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223974

MidnightBSD 2.0 Released.
https://www.midnightbsd.org/notes/

The hello – Lets Make FreeBSD for Mere Mortals.
https://medium.com/@probonopd/hello-lets-make-a-freebsd-for-mere-mortals-41b8f93ba075

Hardware

AMD Ryzen Embedded V2000 8 Core Computer with Up to 64GB RAM.
https://www.cnx-software.com/2020/11/10/amd-ryzen-embedded-v2000-8-core-computer-on-module-supports-up-to-64gb-ram/

AMD Ryzen V2000 Embedded Launched.
https://www.servethehome.com/amd-ryzen-v2000-embedded-launched/

Intel SGX Defeated Again Thanks to On Chip Power Meter.
https://arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/

Apple Silicon M1 – Ditching x86 – What to Expect.
https://www.anandtech.com/show/16226/apple-silicon-m1-a14-deep-dive/

FrankenPad Story – ThinkPad T25 with Quad Core CPU and UHD LCD Panel.
https://kitsunyan.github.io/blog/frankenpad-story.html

Meet Some Mini PCs with AMD Ryzen Embedded V2000 Chips.
https://liliputing.com/2020/11/meet-some-of-the-first-mini-pcs-with-ryzen-embedded-v2000-chips.html

ASRock 4X4 BOX-4800U Mini PC with Ryzen 4800U Review.
https://www.techpowerup.com/review/asrock-4×4-box-4800u-barebones-mini-pc-ryzen-4800u-rx-vega-8-igp/

Helios64 Product Limitation Notification.
https://blog.kobol.io/2020/11/13/helios64-2-5g-ethernet-issue/

MNT Reform – Much More Personal Computer.
https://mntre.com/media/reform_md/2020-05-08-the-much-more-personal-computer.html
https://www.crowdsupply.com/mnt/reform

IcepeakITX ELBRUS-8CB – Security Oriented Backdoor Free Mini ITX with MCST Elbrus8CB VLIW CPU.
https://www.crowdsupply.com/sra-centr8/icepeakitx-elbrus-8cb

Intel Disruption is Now Complete.
https://jamesallworth.medium.com/intels-disruption-is-now-complete-d4fa771f0f2c

Open and Private Voice Assistant.
https://mycroft.ai/

The i3 Tiling Window Manager Version 4.19 Released.
https://i3wm.org/downloads/RELEASE-NOTES-4.19.txt

Apple M1 CPU Emulating X86 is Still Faster Than ‘Native’ Intel CPU Based Mac.
https://www.macrumors.com/2020/11/15/m1-chip-emulating-x86-benchmark/

Life

Vitamin D Supplementation Improves Cognitive Function.
https://pubmed.ncbi.nlm.nih.gov/33164936/
https://news.ycombinator.com/item?id=25077519

Your Computer Is Not Yours.
https://sneak.berlin/20201112/your-computer-isnt-yours/

Less Screen Time and More Sleep Critical for Preventing Depression.
https://www.westernsydney.edu.au/newscentre/news_centre/more_news_stories/less_screen_time_and_more_sleep_critical_for_preventing_depression

Macs Are Privacy Nightmare.
https://www.osnews.com/story/132577/macs-are-a-privacy-nightmare/

New Lawsuit – Why Android Phones Exchange 260 MB a Month with Google.
https://www.theregister.com/2020/11/14/google_android_data_allowance/

Deeper Look at Apple Recent Server Outage Reveals Potential Mac Privacy Concerns.
https://9to5mac.com/2020/11/13/apple-server-outage-reveals-mac-privacy-concerns/

Other

Writing My Own Boot Loader.
https://dev.to/frosnerd/writing-my-own-boot-loader-3mld

Choose Your Browser Carefully.
https://unixsheikh.com/articles/choose-your-browser-carefully.html#privacy-compromising

Unboxing Software from 30 Years Ago.
https://twitter.com/jcs/status/1327744501553770496

The youtube-dl Repository Restored.
https://github.com/ytdl-org/youtube-dl

EOF

Valuable News – 2020/11/09

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

The zrepl 0.3.1 Released.
https://github.com/zrepl/zrepl/releases/tag/v0.3.1

FreeBSD 12.2 Available on Microsoft Azure Marketplace.
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/thefreebsdfoundation.freebsd-12_2

Application Dock Applet for MATE is Available on FreeBSD.
https://github.com/ubuntu-mate/mate-dock-applet
https://www.freshports.org/x11/mate-dock-applet/

WINE Hangover Alpha 2 Allows Windows x32/x64 Programs Run on ARM64 or POWER.
https://www.osnews.com/story/132547/hangover-alpha-2-lets-windows-x86-x64-programs-run-on-arm64-power-64-bit/
https://github.com/AndreRH/hangover/releases/tag/hangover-0.5.15

Dave Visual Guide to dwm Window Manager.
http://ratfactor.com/dwm

Build Amazing Router and Firewall with OpenBSD – Part 3 – PF Firewall.
https://unixsheikh.com/tutorials/how-to-build-an-amazing-router-and-firewall-with-openbsd-part-3-pf-the-firewall.html

FreeBSD 12.2 Review – As Good As Ever.
https://www.youtube.com/watch?v=HnGTkrwUQi0

Updated FreeBSD git FAQ Document.
https://github.com/bsdimp/freebsd-git-docs/blob/main/faq.md

Adventures in Freebernetes: Introduction.
https://productionwithscissors.run/2020/10/24/adventures-in-freebernetes-introduction/

Adventures in Freebernetes: Installing FreeBSD.
https://productionwithscissors.run/2020/10/25/adventures-in-freebernetes-installing-freebsd/

Adventures in Freebernetes: Bhyve My Guest.
https://productionwithscissors.run/2020/10/29/adventures-in-freebernetes-bhyve-my-guest/

Birth of UNIX with Brian Kernighan.
https://corecursive.com/058-brian-kernighan-unix-bell-labs/

Upgrade FreeBSD on Raspberry Pi 2 to 12.2-RELEASE.
https://stafwag.github.io/blog/blog/2020/11/01/upgrade_freebsd_on_my_rpi2/

FreeBSD pkg(8) Now Backups Libs When Removed After Upgrade with BACKUP_LIBRARIES Boolean.
https://github.com/freebsd/pkg/commit/69ac806162468f600587849add209507a46d85b2

IPv6 is Total Nightmare – This is Why.
https://teknikaldomain.me/post/ipv6-is-a-total-nightmare/

FreeBSD Remote Process Plugin is Now Default in LLDB.
https://www.moritz.systems/blog/freebsd-remote-plugin-is-now-the-default-in-lldb/

Using signal-cli with scli on FreeBSD.
https://antranigv.am/weblog_en/posts/freebsd-signal-cli-scli/

LXQT 0.15.0 Released.
https://lxqt.github.io/release/2020/04/24/lxqt-0-15-0/

BSD Now 375 – Virtually Everything.
https://www.bsdnow.tv/375

Using runit-faster on FreeBSD.
https://www.youtube.com/watch?v=wqdQxGWntnM
https://people.freebsd.org/~tobik/runit-faster.7.html

NetBSD 10 Much Faster Then NetBSD 9.
https://mail-index.netbsd.org/current-users/2020/11/07/msg039815.html
https://mail-index.netbsd.org/current-users/2020/03/03/msg037896.html

OpenBSD 6.8 and You Presentation.
https://home.nuug.no/~peter/openbsd_and_you_68/#1

In Other BSDs for 2020/11/07.
https://www.dragonflydigest.com/2020/11/07/25125.html

Join Scuttlebutt Using OpenBSD and Oasis.
https://dataswamp.org/~solene/2020-11-04-ssb-oasis.html

HardenedBSD Publishes Video Recording of Their Updates – Tor Onion Service Endpoints.
https://www.youtube.com/watch?v=VdwFxtDY8eo

FreeBSD with Multiple LTE Modems Using PPP and Multi FIB on APU3C4.
https://blog.tyk.nu/blog/freebsd-multiple-lte-modems-ppp-and-multi-fib-on-apu3c4/

Reworked and Improved network.sh Has Now Dedicated GitHub Page.
https://github.com/vermaden/network

The gnomon Adds Timestamp to Output of Any Command – For Profiling.
https://github.com/paypal/gnomon

Upgrade Python Packages After OpenBSD Upgrade.
https://www.vincentdelft.be/post/post_20201108

Updated FreeBSD Network Management with network.sh Script.
https://vermaden.wordpress.com/2018/03/24/freebsd-network-management-with-network-sh-script/

VirtualBox Disk I/O on FreeBSD.
https://euroquis.nl//freebsd/2020/11/06/virtualbox.html

OpenBSD Router Guide.
https://www.unixsheikh.com/tutorials/openbsd-router-guide/

Hardware

Librem Mini Version 2 – Mini PC with Intel Core i7-10510U Processor.
https://www.cnx-software.com/2020/11/03/librem-mini-v2-linux-mini-pc-features-intel-core-i7-10510u-comet-lake-processor/
https://shop.puri.sm/shop/librem-mini/

AMD ZEN 3 Ryzen Deep Dive Review – 5950X 5900X 5800X 5600X – Tested.
https://www.anandtech.com/show/16214/amd-zen-3-ryzen-deep-dive-review-5950x-5900x-5800x-and-5700x-tested/

Cincoze GM-1000 – Rugged GPU Focused Fanless Industrial Computer.
https://www.phoronix.com/scan.php?page=article&item=cincoze-gm-1000

AMD EPYC 7H12 Review.
https://www.servethehome.com/amd-epyc-7h12-review-the-supercomputer-epyc/

ASUS PN40 Refreshed.
https://www.fanlesstech.com/2020/11/asus-pn40-refreshed.html
https://www.asus.com/Displays-Desktops/Mini-PCs/All-series/Mini-PC-PN40

Life

40 Tweets Describing 40 Powerful Concepts for Understanding World.
https://twitter.com/G_S_Bhogal/status/1225561131122597896

Many Companies Pay Nothing in Taxes. Public Has Right to Know How They Pull it Off.
http://larrysummers.com/2020/10/22/many-companies-pay-nothing-in-taxes-the-public-has-a-right-to-know-how-they-pull-it-off/

Other

Its 2020. Why Do Printers Still Suck?
https://www.wired.com/story/why-do-printers-still-suck/

Python Overtakes Java to Become 2nd Most Popular Programming Language.
https://www.techrepublic.com/article/python-overtakes-java-to-become-the-second-most-popular-programming-language/
https://news.ycombinator.com/item?id=24997496

No More Google – PrivacyFriendly Alternatives that Do Not Track You.
https://nomoregoogle.com/

EOF

Valuable News – 2020/11/02

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

EXT4 (and FUSE) on FreeBSD.
https://euroquis.nl/freebsd/2020/10/26/fuse.html

NetBSD qat(4) Driver Ported to FreeBSD.
https://lists.freebsd.org/pipermail/freebsd-hackers/2020-October/056634.html

Request to Security Researchers from Illumos.
https://kebe.com/blog/?p=505

Build DragonflyBSD Using Clang 10 Compiler.
https://www.dragonflydigest.com/2020/10/26/25101.html

FreeBSD GNOME 3.38.
https://www.youtube.com/watch?v=bdEx81Rr5-8

OpenBSD Added AMD IOMMU and Intel VT-d Support to vmd Daemon.
https://twitter.com/OpenBSD_src/status/1320921999879729152

FreeBSD Fridays – Introduction to Bhyve.
https://www.youtube.com/watch?v=kXi1xaUqr20

FreeBSD 12.2-RELEASE Now Available.
https://www.freebsd.org/releases/12.2R/announce.html
https://www.freebsd.org/releases/12.2R/hardware.html

Ubuntu Based Linux Jail on FreeBSD 12.2-RELEASE.
https://wiki.freebsd.org/LinuxJails

BSD Weekly – Issue 43.
https://bsdweekly.com/issues/43

On Abandoning X11 Server.
https://ajaxnwnk.blogspot.com/2020/10/on-abandoning-x-server.html
https://old.reddit.com/r/wayland/comments/85q78y/why_im_not_going_to_switch_to_wayland_yet/

Boycott Wayland – It Breaks Everything.
https://gist.github.com/probonopd/9feb7c20257af5dd915e3a9f2d1f2277

Video – C Programming on MacOS System 6 – Porting OpenBSD diff(1) Tool.
https://jcs.org/2020/10/28/openbsd_diff

Upgrading from FreeBSD 12.1 to 12.2.
https://www.youtube.com/watch?v=AThaDfRWzlc

OpenVPN as Default Gateway on OpenBSD.
https://dataswamp.org/~solene/2020-10-27-openbsd-openvpn.html

BSD Now 374 – OpenBSD 25th Anniversary.
https://www.bsdnow.tv/374

awk: BEGIN.
https://jemma.dev/blog/awk-part-1

How OpenBSD-stable Packages are Built.
https://dataswamp.org/~solene/2020-10-29-official-openbsd-stable-architecture.html

Klara Systems – OpenZFS – Using zpool iostat to Monitor Pool Performance and Health.
https://klarasystems.com/articles/openzfs-using-zpool-iostat-to-monitor-pool-perfomance-and-health/

FreeBSD Essential to Bringing CHERI and ARM Morello Processor to Life.
https://freebsdfoundation.org/news-and-events/latest-news/freebsd-essential-to-bringing-cheri-and-arms-morello-processor-to-life/

Simple Solution for Outgoing Mail from FreeBSD System.
https://jpmens.net/2020/03/05/simple-solution-for-outgoing-mail-from-a-freebsd-system/

FreeBSD on Lenovo ThinkPad X270.
https://cyber.dabamos.de/unix/x270/

Dennis Ritchie Day.
https://www.oreilly.com/content/dennis-ritchie-day/

OpenBSD 6.8 Cannot Boot on Some Intel Boards.
https://www.vincentdelft.be/post/post_20201031

In Other BSDs for 2020/10/31.
https://www.dragonflydigest.com/2020/10/31/25104.html

Port of the Week – rclone.
https://dataswamp.org/~solene/2020-10-28-portoftheweek-rclone.html

Klara Systems – OpenZFS – Understanding Transparent Compression.
https://klarasystems.com/articles/openzfs1-understanding-transparent-compression/

Neighbourly Solution to X is Deprecated Conundrum.
https://www.divergent-desktop.org/blog/2020/10/29/improving-x/

HardenedBSD 2020/10 Status Report.
https://hardenedbsd.org/article/shawn-webb/2020-10-31/hardenedbsd-october-2020-status-report

FuryBSD Project is Dead.
https://www.furybsd.org/

SerenityOS 2020/10 Update.
https://www.youtube.com/watch?v=L-IFGxw-kV4

FreeBSD 12.2 Released – Supports Linux in Jail and Has Better Hardware Support.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-12.2-Released

Sheridan Computers – Upgrade FreeNAS 11.3 to TrueNAS CORE 12.0.
https://youtu.be/zDxlLwOUoUw

OpenIndiana Hipster 2020.10 Released.
https://www.openindiana.org/2020/11/01/openindiana-hipster-2020-10-is-here/
http://docs.openindiana.org/release-notes/2020.10-release-notes/

Firefox Gamepad API on FreeBSD.
https://waitman.net/Firefox-gamepad-FreeBSD.php

OmniOS v11 r151036 Release Notes.
https://github.com/omniosorg/omnios-build/blob/r151036/doc/ReleaseNotes.md

Hardware

Chuwi LarkBox Pro Mini PC Gets Faster Intel J4125 Processor.
https://www.cnx-software.com/2020/10/27/chuwi-larkbox-pro-mini-pc-gets-a-faster-celeron-j4125-processor/

AMD in $35 Billion All Stock Acquisition of Xilinx.
https://www.anandtech.com/show/16196/amd-in-35-billion-allstock-acquisition-of-xilinx

AMIGA 1000 Phoenix Enhanced Motherboard
https://www.osnews.com/story/132524/the-amiga-1000-phoenix-enhanced-motherboard/
https://retrohax.net/amiga-1000-project-phoenix-motherborad/
https://www.amigalove.com/viewtopic.php?t=476
http://amiga.resource.cx/exp/phoenix

AMD Reveals Radeon RX 6000 Series – RDNA2.
https://www.anandtech.com/show/16202/amd-reveals-the-radeon-rx-6000-series-rdna2-starts-at-the-highend-coming-november-18th

Looking Back on 35 Years as Amiga User.
https://bytecellar.com/2020/10/27/looking-back-on-35-years-as-an-amiga-user/

Rare Fanless Acer AIO.
https://www.fanlesstech.com/2020/10/rare-fanless-aio.html

Heart of RISC-V Development – Mini-ITX SiFive HiFive Unmatched.
https://www.sifive.com/blog/the-heart-of-risc-v-development-is-unmatched
https://sifive.cdn.prismic.io/sifive%2F5ec09861-351b-420c-b6e3-e2b76843044f_linley+report+-+sifive+raises+risc-v+performance.pdf

SiFive Launches Most Compelling RISC-V Mini-ITX Development Board Yet.
https://www.phoronix.com/scan.php?page=article&item=sifive-riscv-unmatched

Best Consumer Hard Drives 2020/10.
https://www.anandtech.com/show/12075/best-consumer-hdds

ARM64 Processor Marvell ThunderX3 Cancelled – Team Laid Off.
https://twitter.com/tpains/status/1322253556364140545

Researchers Extract Secret Key Used to Encrypt Intel CPU Code.
https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/

SolidRun HoneyComb LX2K.
https://shop.solid-run.com/product/SRLX216S00D00GE064H06CH/

Raspberry Pi 400 Keyboard Computer.
https://www.cnx-software.com/2020/11/02/raspberry-pi-400-keyboard-computer-features-1-8-ghz-bcm2711c0-processor/

Other

Jerome Gardou Hired Full Time to Work on ReacOS Memory Manager.
https://reactos.org/project-news/jerome-gardou-hired-full-time/

RIAA youtube-dl Takedown Ticks Off Developers and GitHub CEO.
https://torrentfreak.com/riaas-youtube-dl-takedown-ticks-of-developers-and-githubs-ceo-201027/

Facebook Seeks Shutdown of NYU Research Project Into Political Ads Targeting.
https://www.wsj.com/articles/facebook-seeks-shutdown-of-nyu-research-project-into-political-ad-targeting-11603488533

New youtube-dl 2020.11.01.1 Released.
https://youtube-dl.org/

Brutalist HTML.
https://secretgeek.github.io/html_wysiwyg/html.html

EOF