FreeBSD 13.2 on ThinkPad T14 (GEN1)

I used to run FreeBSD on older laptops – some more then a decade old – like my favorite ThinkPad W520 daily driver or ThinkPad X220 mobile companion. Today I will share with you my experiences of running latest production ready FreeBSD 13.2-RELEASE system on a quite modern ThinkPad T14 (GEN1) from 2021/2022 (depending on the source of the information) – which is quite new I would say.

… do not interpret this article wrong – The W520 and X220 (sometimes T420s) are still my daily/mobile/… drivers and my points explained in the Epitaph to Laptops article remain the same. I just had an opportunity to use ThinkPad T14 for several days so I thought it would be a good idea to check and document FreeBSD behavior on it.

In many parts this article will be a copy cat of the earlier FreeBSD 13.1 on ThinkPad W520 article – as the topic and configs are mostly the same – you have been warned 🙂

ThinkPad T14 (GEN1)

As the ThinkPad T490 was released Lenovo needed to rethink their naming convention as the next one could have been ThinkPad T4100 (like 100 is after 90) or something different as T500 was already taken by older model … their new naming scheme is not bad – definitely better then their idea of newer keyboard layout after ditching the 7-row keyboard from 2011 and earlier models.

The model I was able to test on had quad core Intel i5-10210U model CPU which is somewhere between 25-35% faster (according to benchmarks) then the Intel i7-2860QM CPU from my ThinkPad W520. Not bad – especially knowing that the time span between their releases is 9 years … but to be honest – in real usage I do not feel that 25-35% more speed.

T14 % lscpu
Architecture:            amd64
Byte Order:              Little Endian
Total CPU(s):            8
Thread(s) per core:      2
Core(s) per socket:      4
Socket(s):               1
Vendor:                  GenuineIntel
CPU family:              6
Model:                   142
Model name:              Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
Stepping:                12
L1d cache:               32K
L1i cache:               32K
L2 cache:                256K
L3 cache:                6M
Flags:                   fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
                         cflsh ds acpi mmx fxsr sse sse2 ss htt tm pbe sse3 pclmulqdq dtes64
                         monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1
                         sse4_2 x2apic movbe popcnt tsc_deadline aes xsave osxsave avx f16c rdrnd
                         fsgsbase tsc_adjust sgx bmi1 avx2 smep bmi2 erms invpcid fpcsds mpx rdseed
                         adx smap clflushopt intel_pt syscall nx pdpe1gb rdtscp lm lahf_lm lzcnt

Below you can see how ThinkPad T14 (GEN1) looks like.

To be honest I would even prefer to use ThinkPad SK-8855 USB keyboard as showed here below.

Specifications

Below You will find specs of this machine.

CPU: Intel Core i5-10210U (4C/8T) 14nm
RAM: 16 GB (2 * 8GB DDR4)
HDD0: 256GB WD Black SN750 M.2 [nvd(4)]
GFX0: Intel UHD Graphics (integrated) [graphics/drm-kmod]
SCR: 14.1 1920x1080 Touch Screen
USB: 2 x USB-A 3.0 + 1 x USB-C 3.0 [ehci(4) + xhci(4)]
AUDIO: Realtek ALC257 [snd_hda(4)]
PORTS: 1 x HDMI
SD: microSD Card Reader [sdhci(4)]
LAN: 10/100/1000 Intel I219-V Gigabit [em(4)]
WIFI: Intel Comet Lake PCH-LP CNVi WiFi 802.11ax [iwlwifi(4)]
CAM: Webcam 720p [multimedia/webcamd]

I have uploaded the https://bsd-hardware.info/ probe of that ThinkPad T14 to their database and its available – https://bsd-hardware.info/?probe=8aede62ca8 – here.

After messing with this laptop for a while I can tell you that in most areas its on par with mine ThinkPad W520 laptop. The battery time is similar (about 5 hours). The suspend/resume works when you use X11 with graphics/drm-kmod package. Even the touch screen works like a charm – the same as my other ThinkPad X220t (tablet) … and even no additional configuration was needed – I just used the configuration that I use daily on my ThinkPad W520 laptop. But … the WiFi does not work 🙂 While iwlwifi(4) properly attaches to this card the wpa_supplicant(8) is just not able to connect to the Access Point. There are at least several ways on how to Cope with WiFi Fuckup on FreeBSD – feel free to check them out. I used my favorite fallback solution – Realtek RTL8188CUS USB dongle and that one worked really well with rtwn(4) driver.

FreeBSD System Configuration

From many things that I really like about FreeBSD (more here – Quare FreeBSD? – in separate article) is that it can be entirely configured using just 3 files. This configuration already features all power management settings that I described in the The Power to Serve – FreeBSD Power Management article.

I installed FreeBSD in a pretty standard way with GELI encryption enabled and with ZFS as the filesystem. When in doubt the installation procedure is described in the FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 article.

Main FreeBSD configuration files.

• /etc/rc.conf – to system services
• /etc/sysctl.conf – for runtime parameters
• /boot/loader.conf – for parameters configurable at boot

I will also include these as their are also crucial for the configuration:

• /etc/devfs.rules – devices configuration/li>
• /etc/fstab – filesystems configuration
• /etc/ttys – terminal initialization configuration
• /etc/wpa_supplicant.conf – WiFi configuration
• /usr/local/etc/automount.conf – automount(8) configuration
• /usr/local/etc/doas.conf – doas(1) configuration
• Groups membership.

First the main /etc/rc.conf configuration file.

% cat /etc/rc.conf
# SILENCE # ------------------------------------------------------------------
  rc_startmsgs=NO

# NETWORK # ------------------------------------------------------------------
  hostname=t14.local
  background_dhclient=YES
  extra_netfs_types=NFS
  wlans_rtwn0=wlan0
  create_args_wlan0="country PL regdomain FCC4"
  ifconfig_wlan0="WPA SYNCDHCP"
  defaultroute_delay=3
  defaultroute_carrier_delay=3
  gateway_enable=YES
  harvest_mask=351
  rtsol_flags="-i"
  rtsold_flags="-a -i"

# MODULES/COMMON/BASE # ------------------------------------------------------
  kld_list="${kld_list} /boot/modules/i915kms.ko"
  kld_list="${kld_list} fusefs coretemp sem cpuctl ichsmb cuse"
  kld_list="${kld_list} libiconv cd9660_iconv msdosfs_iconv udf_iconv"

# MODULES/VIRTUALBOX # -------------------------------------------------------
  vboxnet_enable=YES
  kld_list="${kld_list} vboxdrv vboxnetadp vboxnetflt"

# POWER
  performance_cx_lowest=C1
  economy_cx_lowest=Cmax
  powerd_enable=YES
  powerd_flags="-n adaptive -a hiadaptive -b adaptive -m 800 -M 2000"

# DAEMONS | yes # ------------------------------------------------------------
  zfs_enable=YES
  xdm_enable=YES
  xdm_tty=ttyv4
  nfs_client_enable=YES
  ubuntu_enable=YES
  moused_enable=YES
  syslogd_flags='-s -s'
  sshd_enable=YES
  local_unbound_enable=YES
  webcamd_enable=YES
  rctl_enable=YES

# DAEMONS | no # -------------------------------------------------------------
  linux_enable=NO
  sendmail_enable=NONE
  sendmail_submit_enable=NO
  sendmail_outbound_enable=NO
  sendmail_msp_queue_enable=NO

# FS # -----------------------------------------------------------------------
  fsck_y_enable=YES
  clear_tmp_enable=YES
  clear_tmp_X=YES
  growfs_enable=YES

# OTHER # --------------------------------------------------------------------
  keyrate=fast
  keymap=pl.kbd
  virecover_enable=NO
  update_motd=NO
  devfs_system_ruleset=desktop
  hostid_enable=NO
  savecore_enable=NO

Now the runtime parameters /etc/sysctl.conf file.

% cat /etc/sysctl.conf
# SECURITY
  security.bsd.see_jail_proc=0
  security.bsd.unprivileged_proc_debug=0

# SECURITY/RANDOM PID
  kern.randompid=1

# ANNOYING THINGS
  vfs.usermount=1
  kern.coredump=0
  hw.syscons.bell=0
  kern.vt.enable_bell=0

# ZFS DELETE FUCKUP TRIM (DEFAULT: 64)
  vfs.zfs.vdev.trim_max_active=1

# ZFS ARC TUNING
  vfs.zfs.arc.min=134217728
  vfs.zfs.arc.max=536870912

# ZFS ARC FREE ENFORCE @ 1024 \* 1024 \* 3
  vfs.zfs.arc_free_target=3145728

# JAILS/ALLOW UPGRADES IN JAILS
  security.jail.chflags_allowed=1

# JAILS/ALLOW RAW SOCKETS
  security.jail.allow_raw_sockets=1

# DESKTOP/INTERACTIVITY
  kern.sched.preempt_thresh=224

# DESKTOP QUANTUM FOR TIMESHARE THREADS IN stathz TICKS (12) NomadBSD
  kern.sched.slice=3

# DESKTOP/IRIDIUM/CHROMIUM
  kern.ipc.shm_allow_removed=1

# SAMPLE RATE CONVERTER QUALITY (0=low .. 4=high) (1) NomadBSD
  hw.snd.feeder_rate_quality=3

# PERFORMANCE/ALL SHARED MEMORY SEGMENTS WILL BE MAPPED TO UNPAGEABLE RAM
  kern.ipc.shm_use_phys=1

# VIRTUALBOX aio(4) SETTINGS
  vfs.aio.max_buf_aio=8192
  vfs.aio.max_aio_queue_per_proc=65536
  vfs.aio.max_aio_per_proc=8192
  vfs.aio.max_aio_queue=65536

# POWER CONSUMPTION / SILENT FANS Intel 6th GEN+ / ONE LINE FOR EACH TH
# DETAILS IN THE hwpstate_intel(4) MAN PAGE
  dev.hwpstate_intel.0.epp=100
  dev.hwpstate_intel.1.epp=100
  dev.hwpstate_intel.2.epp=100
  dev.hwpstate_intel.3.epp=100
  dev.hwpstate_intel.4.epp=100
  dev.hwpstate_intel.5.epp=100
  dev.hwpstate_intel.6.epp=100
  dev.hwpstate_intel.7.epp=100

# NETWORK/DO NOT SEND RST ON SEGMENTS TO CLOSED PORTS
  net.inet.tcp.blackhole=2

# NETWORK/DO NOT SEND PORT UNREACHABLES FOR REFUSED CONNECTS
  net.inet.udp.blackhole=1

# NETWORK/LIMIT ON SYN/ACK RETRANSMISSIONS (3)
  net.inet.tcp.syncache.rexmtlimit=0

# NETWORK/USE TCP SYN COOKIES IF THE SYNCACHE OVERFLOWS (1)
  net.inet.tcp.syncookies=0

# NETWORK/ASSIGN RANDOM ip_id VALUES (0)
  net.inet.ip.random_id=1

# NETWORK/ENABLE SENDING IP REDIRECTS (1)
  net.inet.ip.redirect=0

# NETWORK/IGNORE ICMP REDIRECTS (0)
  net.inet.icmp.drop_redirect=1

# NETWORK/DROP TCP PACKETS WITH SYN+FIN SET (0)
  net.inet.tcp.drop_synfin=1

# NETWORK/RECYCLE CLOSED FIN_WAIT_2 CONNECTIONS FASTER (0)
  net.inet.tcp.fast_finwait2_recycle=1

# NETWORK/CERTAIN ICMP UNREACHABLE MESSAGES MAY ABORT CONNECTIONS IN SYN_SENT (1)
  net.inet.tcp.icmp_may_rst=0

The biggest difference for ThinkPad T14 against the ThinkPad W520 is this part below.

# POWER CONSUMPTION / SILENT FANS Intel 6th GEN+ / ONE LINE FOR EACH TH
# DETAILS IN THE hwpstate_intel(4) MAN PAGE
  dev.hwpstate_intel.0.epp=100
  dev.hwpstate_intel.1.epp=100
  dev.hwpstate_intel.2.epp=100
  dev.hwpstate_intel.3.epp=100
  dev.hwpstate_intel.4.epp=100
  dev.hwpstate_intel.5.epp=100
  dev.hwpstate_intel.6.epp=100
  dev.hwpstate_intel.7.epp=100

It was not needed/non existent on the ThinkPad W520 hardware.

Now the boot parameters /boot/loader.conf file.

% cat /boot/loader.conf
# CONSOLE COMMON
  autoboot_delay=2       # OPT. '-1' => NO WAIT | OPT. 'NO' => INFINITE WAIT
  hw.usb.no_boot_wait=1  # DO NOT WAIT FOR USB DEVICES FOR ROOT (/) FILESYSTEM
  boot_mute=YES          # LIKE '-m' IN LOADER - MUTE CONSOLE WITH FreeBSD LOGO
  loader_logo=none       # DESIRED LOGO OPTIONS: fbsdbw beastiebw beastie none
  loader_menu_frame="none"
  screen.font="6x12"

# CONSOLE RESOLUTION
  kern.vt.fb.default.mode="1920x1080"
  efi_max_resolution="1920x1080"

# WINE FIX
  machdep.max_ldt_segment=2048

# MODULES - BOOT
  aesni_load=YES
  geom_eli_load=YES
  cryptodev_load=YES
  zfs_load=YES

# drm-kmod PACKAGE - USE SEMAPHORES FOR INTER-RING SYNC
  compat.linuxkpi.semaphores=1

# drm-kmod PACKAGE - ENABLE POWER-SAVING RENDER C-STATE 6
  compat.linuxkpi.enable_rc6=7

# drm-kmod PACKAGE - ENABLE POWER-SAVING DISPLAY C-STATES
  compat.linuxkpi.enable_dc=2

# drm-kmod PACKAGE - ENABLE FRAME BUFFER COMPRESSION FOR POWER SAVINGS
  compat.linuxkpi.enable_fbc=1

# ENABLE SYNAPTICS
  hw.psm.synaptics_support=1

# DISABLE /dev/diskid/* ENTRIES FOR DISKS
  kern.geom.label.disk_ident.enable=0

# DISABLE /dev/gptid/* ENTRIES FOR DISKS
  kern.geom.label.gptid.enable=0

# TERMINAL vt(4) COLORS
  kern.vt.color.0.rgb="#000000"
  kern.vt.color.1.rgb="#dc322f"
  kern.vt.color.2.rgb="#859900"
  kern.vt.color.3.rgb="#b58900"
  kern.vt.color.4.rgb="#268bd2"
  kern.vt.color.5.rgb="#ec0048"
  kern.vt.color.6.rgb="#2aa198"
  kern.vt.color.7.rgb="#94a3a5"
  kern.vt.color.8.rgb="#586e75"
  kern.vt.color.9.rgb="#cb4b16"
  kern.vt.color.10.rgb="#859900"
  kern.vt.color.11.rgb="#b58900"
  kern.vt.color.12.rgb="#268bd2"
  kern.vt.color.13.rgb="#d33682"
  kern.vt.color.14.rgb="#2aa198"
  kern.vt.color.15.rgb="#6c71c4"

# RACCT/RCTL RESOURCE LIMITS
  kern.racct.enable=1

# DISABLE ZFS PREFETCH
  vfs.zfs.prefetch_disable=1

# POWER MGMT / POWER OFF DEVICES WITHOUT ATTACHED DRIVER
  hw.pci.do_power_nodriver=3

# POWER MANAGEMENT FOR EVERY USED AHCI CHANNEL (ahcich 0-7)
  hint.ahcich.0.pm_level=5
  hint.ahcich.1.pm_level=5
  hint.ahcich.2.pm_level=5
  hint.ahcich.3.pm_level=5
  hint.ahcich.4.pm_level=5
  hint.ahcich.5.pm_level=5
  hint.ahcich.6.pm_level=5
  hint.ahcich.7.pm_level=5

# GELI THREADS
  kern.geom.eli.threads=4

Now the mentioned /etc/devfs.rules file.

% cat /etc/devfs.rules
[desktop=10]
add path 'acd*'      mode 0660 group operator
add path 'cd*'       mode 0660 group operator
add path 'da*'       mode 0660 group operator
add path 'pass*'     mode 0660 group operator
add path 'xpt*'      mode 0660 group operator
add path 'fd*'       mode 0660 group operator
add path 'md*'       mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups
add path 'ugen*'     mode 0660 group operator
add path 'usb/*'     mode 0660 group operator
add path 'video*'    mode 0660 group operator
add path 'cuse*'     mode 0660 group operator

Filesystems and SWAP configuration.

% cat /etc/fstab
# SWAP
  /dev/gpt/swap0  none  swap  sw  0 0

# FreeBSD PSEUDO - NEEDED BY wine(1)
  procfs  /proc  procfs  rw  0 0

# Ubuntu Linux PSEUDO
  linprocfs  /compat/ubuntu/proc     linprocfs  rw,late                    0 0
  linsysfs   /compat/ubuntu/sys      linsysfs   rw,late                    0 0
  devfs      /compat/ubuntu/dev      devfs      rw,late                    0 0
  fdescfs    /compat/ubuntu/dev/fd   fdescfs    rw,late,linrdlnk           0 0
  tmpfs      /compat/ubuntu/dev/shm  tmpfs      rw,late,size=1g,mode=1777  0 0
  /home      /compat/ubuntu/home     nullfs     rw,late                    0 0
  /tmp       /compat/ubuntu/tmp      nullfs     rw,late                    0 0

Terminals configuration under /etc/ttys file. Important part is the ttyv4 entry to match the xdm_tty=ttyv4 value from /etc/rc.conf file.

% grep '^[^#]' /etc/ttys | cat
console none                            unknown off insecure
ttyv0   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv1   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv2   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv3   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv4   "/usr/libexec/getty Pc"         xterm   off secure
ttyv5   "/usr/libexec/getty Pc"         xterm   off secure
ttyv6   "/usr/libexec/getty Pc"         xterm   off secure
ttyv7   "/usr/libexec/getty Pc"         xterm   off secure
ttyv4   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
ttyu0   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu1   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu2   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu3   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
dcons   "/usr/libexec/getty std.9600"   vt100   off secure
xc0     "/usr/libexec/getty Pc"         xterm   onifconsole secure
rcons   "/usr/libexec/getty std.9600"   vt100   onifconsole secure

I kept wireless config in /etc/rc.conf file this time – it does conflicts with my own network.sh solution to connect to various both wire and wireless networks – FreeBSD Network Management with network.sh Script – described in details here.

# cat /etc/wpa_supplicant.conf
# GENERAL
eapol_version=2
ap_scan=1
fast_reauth=1

# OPEN NETWORKS
network={
  key_mgmt=NONE
  priority=0
}

# NETWORK WITH HIDDEN SSID
network={
  scan_ssid=1
  ssid="hidden-network"
  psk="12341234"
  priority=0
}

# NAMED OPEN NETWORK
network={
  ssid="Free_Internet"
  key_mgmt=NONE
  priority=0
}

# NORMAL WPA/WPA2 SECURED NETWORK
network={
  ssid="SECURED"
  psk="12345678"
}

The automount(8) config.

% cat /usr/local/etc/automount.conf
  USERUMOUNT=YES
  USER=vermaden
  FM='caja --no-desktop'
  NICENAMES=YES

The doas(1) configuration.

# cat /usr/local/etc/doas.conf
# CORE
  permit nopass keepenv root     as root
  permit nopass keepenv vermaden as root

# THE network.sh SCRIPT
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd wpa_supplicant

Groups I am member of.

% id vermaden | tr ' ' '\n' | tr ',' '\n'
uid=1000(vermaden)
gid=1000(vermaden)
groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)

I also do not rely on ‘stock’ fan speeds and set my own speeds according to CPU temperature with acpi-thinkpad-fan.sh script.

X11

While X11 did not need any custom configuration and it worked out of the box – I have done two things to make it work slightly differently.

First one is to allow CTRL+ALT+BACKSPACE fast way to restart X11.

t14 % cat /usr/local/etc/X11/xorg.conf.d/flags.conf
Section "ServerFlags"
  Option "DontZap" "off"
EndSection

The other one is to enable Tap to Click and Natural Scrolling on a Synaptics touchpad.

t14 % cat /usr/local/etc/X11/xorg.conf.d/touchpad.conf
Section "InputClass"
  Identifier "touchpad"
  MatchIsTouchpad "on"
  Driver "libinput"
  Option "Tapping" "on"
  Option "NaturalScrolling" "on"
EndSection

Comparison to ThinkPad W520

I compared the two laptops. While ThinkPad W520 is heavy and bulky the ThinkPad T14 (GEN1) is light and slim. They both have similar 5 hours battery time on FreeBSD.

You can see the screen brightness comparison between these two below.

The ThinkPad T14 (GEN1) has several flavors of the FullHD screen – check reviews and specs for details. For the record – ThinkPad W520 is on the left.

Below you will find size comparisons.

The view from the top.

View from the side.

… and from the side one over another.

Desktop Environment

Openbox

As for the ‘desktop environment’ that I use – its my custom setup with Openbox along with tools like Tint2 and Dzen2 – for the most basic setup. The screenshot is from FreeBSD 11.1 but it looks exactly the same today.

I described this setup in details in the entire FreeBSD Desktop series.

XFCE

I have also tried XFCE – I liked it especially with the Global Menu appmenu plugin. You go this way with this XFCE Cupertino Way handy guide.

GNOME

I also tried GNOME for a test – it did not suit me well so I went back to my Openbox setup – but You may find it more comfortable to use. Here is the FreeBSD GNOME 3 Fast Track article that will help you with that.

Temperatures

I used mine sensors.sh script for that – results below.

t14 # sensors.sh

            BATTERY/AC/TIME/FAN/SPEED
 ------------------------------------
             dev.acpi_ibm.0.fan_level: 1
             dev.acpi_ibm.0.fan_speed: 65535
                   dev.acpi_ibm.0.fan: 0
               dev.cpu.0.cx_supported: C1/1/1 C2/2/151 C3/3/1034
                   dev.cpu.0.cx_usage: 9.02% 35.95% 55.02% last 35us
                       dev.cpu.0.freq: 802
                       hw.acpi.acline: 0
                 hw.acpi.battery.life: 99
                 hw.acpi.battery.time: 275
                hw.acpi.cpu.cx_lowest: C8
                            powerd(8): running

                  SYSTEM/TEMPERATURES
 ------------------------------------
                dev.cpu.0.temperature: 38.0C (max: 100.0C)
                dev.cpu.1.temperature: 39.0C (max: 100.0C)
                dev.cpu.2.temperature: 39.0C (max: 100.0C)
                dev.cpu.3.temperature: 39.0C (max: 100.0C)
                dev.cpu.4.temperature: 40.0C (max: 100.0C)
                dev.cpu.5.temperature: 41.0C (max: 100.0C)
                dev.cpu.6.temperature: 38.0C (max: 100.0C)
                dev.cpu.7.temperature: 38.0C (max: 100.0C)
           dev.pchtherm.0.temperature: 46.0C
      hw.acpi.thermal.tz0.temperature: 46.1C (max: 128.1C)

                   DISKS/TEMPERATURES
 ------------------------------------
             smart.nvme0.temperature:: 44.0C

Accessories

There are some accessories that are very handy with the ThinkPad T14 laptop – I will describe them below.

Power Supply

You can use the default ThinkPad T14 power supply and you can also use any USB-C power delivery charger – that is nice addition.

Mouse Companion

After checking many mouse models – as described in the UNIX Mouse Shootout article – I finally settled with Logitech Triathlon M720 mouse. I have plugged the Lenovo USB Receiver into the back ‘powered’ USB port. While I use that mouse over the USB receiver you can also connect it using Bluetooth – also to other computers. This mouse has a special dedicated button to switch between 3 different computers. Unfortunately the copy-paste between them does not work 🙂

Battery

Some battery details below.

t14 % acpiconf -i 0
Design capacity:        50450 mWh
Last full capacity:     45760 mWh
Technology:             secondary (rechargeable)
Battery Swappable Capability:   Non-swappable
Design voltage:         11520 mV
Capacity (warn):        2288 mWh
Capacity (low):         200 mWh
Cycle Count:            204
Mesurement Accuracy:    95 %
Max Average Interval:   1000 ms
Min Average Interval:   500 ms
Low/warn granularity:   -1 mWh
Warn/full granularity:  -1 mWh
Model number:           5B10W13906
Serial number:           1071
Type:                   LiP
OEM info:               SMP
State:                  discharging
Remaining capacity:     99%
Remaining time:         4:31
Present rate:           10094 mW
Present voltage:        12681 mV

Experience

Today I ‘recognize’ three laptop keyboard layouts.

• Best in class 7-row keyboards with INS/DEL and HOME/END and PGUP/PGDN keys block on the right top side.
• Least PITA ThinkPad T14 like keyboards where PGUP/PGDN keys are in the ARROWS area and HOME/END/INS/DEL block is provided on the top right part.
• Everything else that I treat like shit.

My fingers do not remember this HOME/END/INS/DEL block that much well – but at its still several ways of magnitude better then any Macbook keyboard layout.

Summary

I will still use mine ThinkPad W520 daily – I still do not need to move to other/less old laptop.

As you can see FreeBSD works quite well with modern laptops – hope someone can find that article useful.

EOF

Print on FreeBSD

Nothing compares more to the sense of power UNIX sysadmin experiences when being able to print from a command line on its UNIX system :p

I kinda omitted this topic (printing) for quite a lot of time – when I was using FreeBSD in the corporate environment I still printed from Windows VM on a network printers. Then they forced me to use Windows anyway. At home my wife always had a printer configured (as she uses it more) and the other printer also had USB port – so you could just copy the PDF or JPG file to a USB pendrive – attach it the printer and hit print button for the selected files. No configuration needed.

I was also disappointed when I tried several years ago to configure USB printer on FreeBSD … and failed.

Recently I though that its about fucking time to dig into that topic and have at least one working printer on FreeBSD.

This guide will focus on using two printers with CUPS on FreeBSD:

• HP Color LaserJet 200 M251nw Printer (attached over TCP/IP network)
• Samsung Black/White ML-1915 Printer (local USB attached)

There will be two different prompt types used for the commands:

• starting with % for commands that can be executed as regular user or root
• starting with # for commands that must be executed as root user

The Table of Contents for this article is shown below.

• CUPS Packages and Service Configuration
• Network Printer – HP M251nw
• Try to Print Some Document
• USB Printer – Samsung ML-1915
• Choose Default Printer
• CUPS Printers Config
• Command Line Printing
• Last Chance Fancy Pants
• Summary

CUPS Packages and Service Configuration

There are only three pkg(8) packages needed for my printers – these are:

# pkg install cups cups-filters splix

We will also need to add some lines to the /etc/devfs.rules file.

These lines are important for printing with CUPS:

add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups

The rest of the config is just the rest of my desktop config and can be omitted for printing.

The entire /etc/devfs.rules file looks as follows.

% cat /etc/devfs.rules
[desktop=10]
add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups
add path 'acd*'      mode 0660 group operator
add path 'cd*'       mode 0660 group operator
add path 'da*'       mode 0660 group operator
add path 'pass*'     mode 0660 group operator
add path 'xpt*'      mode 0660 group operator
add path 'fd*'       mode 0660 group operator
add path 'md*'       mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*'     mode 0660 group operator
add path 'usb/*'     mode 0660 group operator
add path 'video*'    mode 0660 group operator
add path 'cuse*'     mode 0660 group operator

We will also need to add devfs_system_ruleset=desktop to the /etc/rc.conf file.

% grep desktop /etc/rc.conf
  devfs_system_ruleset=desktop

Now we need to restart the devfs daemon to read new config.

# service devfs restart

We can also make sure that devfs(8) know our ruleset config.

# devfs rule -s 10 show | column -t
100   path  acd*       group  operator  mode  660
200   path  cd*        group  operator  mode  660
300   path  da*        group  operator  mode  660
400   path  pass*      group  operator  mode  660
500   path  xpt*       group  operator  mode  660
600   path  fd*        group  operator  mode  660
700   path  md*        group  operator  mode  660
800   path  uscanner*  group  operator  mode  660
900   path  lpt*       group  cups      mode  660
1000  path  ulpt*      group  cups      mode  660
1100  path  unlpt*     group  cups      mode  660
1200  path  ugen*      group  operator  mode  660
1300  path  usb/*      group  operator  mode  660
1400  path  video*     group  operator  mode  660
1500  path  cuse*      group  operator  mode  660

The column(1) is not needed here – I used it only to format the output.

What amaze me to this day that column(1) command is still not available on such enterprise (and overpriced also) IBM AIX system 🙂

Here are the contents of fresh CUPS installation at /usr/local/etc/cups dir.

# tree -F --dirsfirst /usr/local/etc/cups
/usr/local/etc/cups
├── ppd/
├── ssl/
├── cups-files.conf
├── cups-files.conf.sample
├── cupsd.conf
├── cupsd.conf.sample
├── snmp.conf
└── snmp.conf.sample

3 directories, 6 files

You will need to add cupsd_enable=YES to the /etc/rc.conf file.

% grep cups /etc/rc.conf
  cupsd_enable=YES

Make sure that cupsd service is started and running.

# service cupsd start
Starting cupsd.

# service cupsd status
cupsd is running as pid 44515.

# sockstat -l4 | grep -e ADDRESS -e 631
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     cupsd      44515 6  tcp4   127.0.0.1:631         *:*

Just in case – here are the groups in which my vermaden user is:

% id | tr ',' '\n'
uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)

It was not needed to add my vermaden user to the cups group to print – but feel free to also test that if you face any problems.

Network Printer – HP M251nw

First I will go with the TCP/IP attached network printer – HP M251nw.

Before doing any steps or configuration on FreeBSD part we first need to connect that printer to the TCP/IP network. As the HP M251nw printer has WiFi – I decided to connect it to my wireless WiFi router instead of using RJ45 cable. I will not document that part as HP already provides decent guide on how to achieve that – https://youtu.be/jLDzQBAtKyQ – on YouTube service.

In my case I used the 10.0.0.9 IP address and I configured my WiFi router to always attach that MAC address to that IP address.

Next step is to open http://localhost:631/ page in your browser. You will see default CUPS web interface.

Hit the Administration tab on the top. Then click the Add Printer button in the middle of the page – you will be asked for username and password – use your username and your password here.

The HP M251nw network attached browser has already been detected by CUPS. Select it and click Continue button.

CUPS will suggest some long names and description as showed below.

… but we will use simpler and shorter name instead.

Next we need to choose which driver to use.

We will not find a HP M251nw driver on the CUPS list but there are two drivers that will work here:

• HP LaserJet Series PCL 6 CUPS (en)
• HP Color LaserJet Series PCL 6 CUPS (en)

As HP M251nw is color printer we will choose HP Color LaserJet Series PCL 6 CUPS here.

After a moment we will see a message that HP M251nw printer has been successfully added to CUPS.

You can notice that new PPD file appeared at CUPS dir named exactly like the printer name.

% ls -l /usr/local/etc/cups/ppd
total 9K
-rw-r----- 1 root cups 9721 2023-02-06 11:24 HP-M251nw.ppd
-rw-r----- 1 root cups 9736 2023-02-06 11:23 HP-M251nw.ppd.O

This is how our HP M251nw printer status page looks like.

We should now setup the default printing options. From the Administration drop down menu select Set Default Options option. The only things I selected/set that are different from the CUPS defaults are A4 paper size and 1200 DPI resolution.

Try to Print Some Document

I will now use Atril PDF viewer to test how the printing on the HP M251nw works – I used a small one page PDF file with one of my old guides – the ZFS Madness one from 2014. From the File menu select Print… option – or just hit [CTRL]+[P] shortcut.

Then select HP-M251nw printer from the list and hit the Print button below.

After some noises and time (not much later) the printer dropped a printed page. Seems to work properly.

Looks good.

Lets now add USB printer.

USB Printer – Samsung ML-1915

To get needed PPD driver for the Samsung ML-1915 printer we installed the print/splix package.

Here is the exact driver we will use.

% pkg info -l splix | grep 1915
        /usr/local/share/cups/model/samsung/ml1915.ppd

Before attaching the Samsung ML-1915 printer to your computer you may check what devices devd(8) will create.

First power on the Samsung ML-1915 printer.

Then attach the USB cable from the printer to your FreeBSD box (assuming that printer has AC power and is powered on).

You should see something similar from devd(8) daemon.

# nc -U /var/run/devd.pipe
!system=DEVFS subsystem=CDEV type=CREATE cdev=usb/0.3.0
!system=DEVFS subsystem=CDEV type=CREATE cdev=ugen0.3
!system=DEVFS subsystem=CDEV type=CREATE cdev=usb/0.3.2
!system=DEVFS subsystem=CDEV type=CREATE cdev=usb/0.3.3
!system=USB subsystem=DEVICE type=ATTACH ugen=ugen0.3 cdev=ugen0.3 vendor=0x04e8 product=0x3297 devclass=0x00 devsubclass=0x00 sernum="Z2L9BACSC00641K." release=0x0100 mode=host port=2 parent=ugen0.2
!system=USB subsystem=INTERFACE type=ATTACH ugen=ugen0.3 cdev=ugen0.3 vendor=0x04e8 product=0x3297 devclass=0x00 devsubclass=0x00 sernum="Z2L9BACSC00641K." release=0x0100 mode=host interface=0 endpoints=2 intclass=0x07 intsubclass=0x01 intprotocol=0x02
!system=DEVFS subsystem=CDEV type=CREATE cdev=ulpt0
!system=DEVFS subsystem=CDEV type=CREATE cdev=unlpt0
+ulpt0 at bus=0 hubaddr=2 port=2 devaddr=3 interface=0 ugen=ugen0.3 vendor=0x04e8 product=0x3297 devclass=0x00 devsubclass=0x00 devproto=0x00 sernum="Z2L9BACSC00641K." release=0x0100 mode=host intclass=0x07 intsubclass=0x01 intprotocol=0x02 on uhub4

These are the created devices.

% ls -ltra /dev | tail -3
lrw-rw----  1 root     operator      9 2023-02-06 11:38 ugen0.3 -> usb/0.3.0
crw-rw----  1 root     cups     2, 113 2023-02-06 11:38 ulpt0
crw-rw----  1 root     cups     2, 114 2023-02-06 11:38 unlpt0

They are created with proper cups group.

Now we will go to the CUPS web page at http://localhost:631/ again to add the Samsung ML-1915 printer.

Go again to the Administration tab and click Add Printer button.

The Samsung ML-1915 should be already detected as local printer as shown below.

Select it and hit Continue button.

As earlier we will use shorter more reasonable name.

We will then select Samsung ML-1915, 2.0.0 (en, en) driver for this printer.

… and Samsung ML-1915 black/white printer has been added.

Same as earlier the PPD file is copied to the /usr/local/etc/cups/ppd CUPS dir.

% ls -l /usr/local/etc/cups/ppd
total 14K
-rw-r----- 1 root cups  9721 2023-02-06 11:24 HP-M251nw.ppd
-rw-r----- 1 root cups  9736 2023-02-06 11:23 HP-M251nw.ppd.O
-rw-r----- 1 root cups 12391 2023-02-06 11:58 Samsung-ML-1915.ppd

You now have two printers configured in CUPS.

Choose Default Printer

I will now choose the HP M251nw printer as the default for two reasons. First – its always available as its attached over WiFi. Second – its more powerful and provides color at the same time.

To do that I went to the Printers and clicked the HP M251nw printer.

Next from the Administration drop down menu I have chosen Set As Server Default option.

From now on – if not explicitly specified – all the print jobs will land on the HP M251nw printer.

CUPS Printers Config

After our actions CUPS stored two printers configuration in its /usr/local/etc/cups/printers.conf config file.

# cat /usr/local/etc/cups/printers.conf
# Printer configuration file for CUPS v2.4.2
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
NextPrinterId 3
<DefaultPrinter HP-M251nw>
PrinterId 1
UUID urn:uuid:b760d323-5f46-36cd-4ca0-d9015c9fb7ca
Info 
Location 
MakeModel HP Color LaserJet Series PCL 6 CUPS
DeviceURI socket://10.0.0.9
State Idle
StateTime 1675683146
ConfigTime 1675679066
Type 8400972
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
Attribute marker-colors \#000000,#00FFFF,#FF00FF,#FFFF00
Attribute marker-levels 99,98,98,99
Attribute marker-names Black Cartridge HP CF210X,Cyan Cartridge HP CF211A,Magenta Cartridge HP CF213A,Yellow Cartridge HP CF212A
Attribute marker-types toner,toner,toner,toner
Attribute marker-change-time 1675683146
</DefaultPrinter>
<Printer Samsung-ML-1915>
PrinterId 2
UUID urn:uuid:4434851b-5516-3b73-702a-286dabf630b0
Info 
Location 
MakeModel Samsung ML-1915, 2.0.0
DeviceURI usb://Samsung/ML-191x%20252x%20Series?serial=Z2L9BACSC00641K.
State Idle
StateTime 1675681099
ConfigTime 1675681099
Type 12372
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
</Printer>

Command Line Printing

Besides being able to print from graphical applications that support CUPS we can also print directly from the command line if needed.

Use lpstat(1) command to see all available printers – including the default one.

% lpstat -p -d
printer HP-M251nw is idle.  enabled since Mon Feb  6 12:02:39 2023
printer Samsung-ML-1915 is idle.  enabled since Mon Feb  6 11:58:19 2023
system default destination: HP-M251nw

You can check more information about the default printer with lpoptions(1) command.

% lpoptions -l
PageSize/Media Size: Letter Legal Executive Tabloid A3 *A4 A5 B5 EnvISOB5 Env10 EnvC5 EnvDL EnvMonarch
InputSlot/Media Source: *Default Auto MultiPurpose Upper Lower LargeCapacity Manual Envelope
ColorModel/Output Mode: *RGB Gray
Resolution/Output Resolution: 150dpi 300dpi 600dpi *1200dpi
Duplex/Double-Sided Printing: *None DuplexNoTumble DuplexTumble
OptionDuplex/Duplexer: True *False

… or even more details and information when executed without arguments.

I have used tr(1) tool to make the output more readable as by default all this information is separated only by spaces.

% lpoptions | tr ' ' '\n'
copies=1
device-uri=socket://10.0.0.9
finishings=3
job-cancel-after=10800
job-hold-until=no-hold
job-priority=50
job-sheets=none,none
marker-change-time=1675681359
marker-colors=#000000,#00FFFF,#FF00FF,#FFFF00
marker-levels=99,98,98,99
marker-names='Black\
Cartridge\
HP\
CF210X,Cyan\
Cartridge\
HP\
CF211A,Magenta\
Cartridge\
HP\
CF213A,Yellow\
Cartridge\
HP\
CF212A'
marker-types=toner,toner,toner,toner
number-up=1
print-color-mode=color
printer-commands=AutoConfigure,Clean,PrintSelfTestPage
printer-info
printer-is-accepting-jobs=true
printer-is-shared=false
printer-is-temporary=false
printer-location
printer-make-and-model='HP
Color
LaserJet
Series
PCL
6
CUPS'
printer-state=3
printer-state-change-time=1675681359
printer-state-reasons=none
printer-type=10629196
printer-uri-supported=ipp://localhost/printers/HP-M251nw

We will now print the same PDF document using command line with lp(1) command.

% lp ZFS-Madness-2014.pdf
request id is HP-M251nw-02 (1 file(s))

Believe me or not – that PDF document got printed exactly the same as when invoked from Atril PDF browser.

Last Chance Fancy Pants

There is of course a chance that your printer will not be detected – or it will not print – or the driver will not attach to it properly … life happens.

What then? Fuck it. There is even more fun way to print … even without any drivers or configuration … directly with nc(1) command 🙂

First lets check of your printer listens on 9100 port – this is called HP JetDirect.

% grep 9100 /etc/services
jetdirect       9100/tcp   #HP JetDirect card
pdl-datastream  9100/tcp   #Printer PDL Data Stream
pdl-datastream  9100/udp   #Printer PDL Data Stream

% nmap -A 10.0.0.9
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-06 23:41 CET
Nmap scan report for 10.0.0.9
Host is up (0.0072s latency).
Not shown: 988 closed tcp ports (conn-refused)
PORT     STATE SERVICE        VERSION
21/tcp   open  ftp            oftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_.
|_ftp-bounce: bounce working!
| ftp-syst:
|_  SYST: .
23/tcp   open  telnet         HP LaserJet printer telnetd (busy)
80/tcp   open  soap           gSOAP 2.7
| http-server-header:
|   Virata-EmWeb/R6_2_1
|_  gSOAP/2.7
81/tcp   open  tcpwrapped
82/tcp   open  tcpwrapped
83/tcp   open  tcpwrapped
443/tcp  open  ssl/tcpwrapped
| ssl-cert: Subject: commonName=NPI04344D/organizationName=Hewlett-Packard Co.
| Not valid before: 2012-09-01T00:00:00
|_Not valid after:  2022-09-01T00:00:00
|_http-server-header: gSOAP/2.7
|_ssl-date: TLS randomness does not represent time
515/tcp  open  printer
631/tcp  open  soap           gSOAP 2.7
| http-server-header:
|   Virata-EmWeb/R6_2_1
|_  gSOAP/2.7
5222/tcp open  tcpwrapped
| xmpp-info:
|   STARTTLS Failed
|   info:
|     features:
|     auth_mechanisms:
|     xmpp:
|     unknown:
|     compression_methods:
|     errors:
|       (timeout)
|_    capabilities:
8080/tcp open  soap           gSOAP 2.7
| http-server-header:
|   Virata-EmWeb/R6_2_1
|_  gSOAP/2.7
9100/tcp open  jetdirect?
Service Info: OS: Unix; Device: printer

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.37 seconds

Lets try to connect to it with nc(1) tool.

% nc -v 10.9 9100
Connection to 10.9 9100 port [tcp/jetdirect] succeeded!

… and yes you do not have to always type that whole 10.0.0.9 address as the middle zeroes can be omitted and 10.9 will be interpretted as 10.0.0.9 address.

Something basic for a start – a plain text print.

% lsblk | nc 10.9 9100

In a moment you should have the output of lsblk(8) command printed on a page.

Lets try something more fancy like a PDF file then.

% nc 10.9 9100 < ZFS-Madness-2014.pdf

Yep. Printed. No CUPS configuration needed here.

Maybe I should start the article with that instead 🙂

Summary

Not sure what I can add here as I am definitely not printing expert.

Hope these instructions will help you to setup your printer on FreeBSD (or any other CUPS supported) system.

EOF

Keep FreeBSD Desktop Updated

While its relatively easy (or brain dead easy with GhostBSD or NomadBSD distributions) to install and configure a FreeBSD Desktop – one have to keep in mind that its also important to keep that system updated and secure.

There are many aspects about FreeBSD to keep it updates and secured.

The Table of Contents for this article is shown below:

• FreeBSD Base System
• Packages
• FreeBSD Linux Browser Installer
• WINE
• Cargo Packages
• FreeBSD Ports Tree
• Summary

Lets now discuss each section one by one.

FreeBSD Base System

First is the FreeBSD Base System which is updated by the frebsd-update(8) utility. It is not often you need to do this – from my experience its once a month need usually.

The list of needed commands are shown below.

# freebsd-version
# frebsd-update fetch
# frebsd-update install

While the freebsd-version(1) will tell you what version you are currently running the freebsd-update(8) will help you to update your FreeBSD system to have latest patches installed.

… but when to update the FreeBSD Base System anyway? Well – its quite simple – check the FreeBSD Security Advisories page – and if something posted there affects you – then you should move your ass and update it 🙂

Packages

After you have taken care of the FreeBSD Base System the next one to make sure you are not too much far behind are the FreeBSD packages.

You can of course check if any of your installed packages have any reported security holes as shown below.

# pkg audit -F
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.

The above message shows that your installed packages are safe – but its not the message you see the most of the time 🙂

Below are the commands that you would use to update your FreeBSD desktop system.

# pkg upgrade
# pkg autoremove
# pkg clean -y --all

… and yes it does include some extra steps to remove cached packages – and probably now not needed as the are already installed anyway.

I do not think that anything more should be added here – maybe a short mention about the packages branch you are using. The default one is the quarterly branch that has packages build every quarter.

Maybe its sometimes reasonable for the server like environments – but I prefer to have the latest versions of what FreeBSD maintainers do offer in their hard and often underestimated work.

This is why I always use – both on desktop and servers – the latest packages branch.

This means that packages are (re)built once a week or faster and you get what is latest and fresh.

I will not convince you what is better – you will have to decide for yourself.

FreeBSD Linux Browser Installer

The Linux Browser Installer helps a lot on FreeBSD systems. It provides browsers (via the Linux Compatibility Layer) that are not natively available on FreeBSD – but with DRM sh!t needed to access for example Netflix content.

The Linux Browser Installer is easy to install – but its also easy to update.

Below you will find commands that will keep your Linux Browser Installer updated and secure.

# git clone https://github.com/mrclksr/linux-browser-installer.git
# cd linux-browser-installer
# ./linux-browser-installer chroot upgrade

WINE

One may think that WINE is just another package and that it was already updated during the # pkg upgrade cycle – it depends – the default WINE package is for 64bit excusables … but its also possible to run (and often needed) the older 32bit executables.

The problem is that the 32bit environment has its own separate root with its own packages set.

To be honest its not a big deal – you just need to remember to update it along with other things you update periodically 🙂

Below is the command that updates the 32bit WINE binaries/packages.

% /usr/local/share/wine/pkg32.sh upgrade

One of the things you need to keep in mind that it is done by you (user) and not the root user of the machine.

Cargo Packages

While 95% of this topic is covered above – no one prevents you from using the additional Cargo packages – and I do it myself also.

Its just that some software is not yet available by the official FreeBSD packages – but its already official by using the Cargo packages.

I personally use about 10 different Cargo packages that are still not available on the FreeBSD packages.

Here are the instructions to keep these Cargo packages updated.

First and most important – you need to install the cargo-update package to be able to update installed Cargo packages.

Then you may just use the other command to have Cargo packages updated.

# cargo install cargo-update
# cargo install-update -a

FreeBSD Ports Tree

Last but not least – the FreeBSD Ports Tree – which even if you only use binary packages – can often come handy in some exceptions.

We all know the ‘default’ rule that mixing Packages and Ports is a bad idea in the FreeBSD world – and I generally agree – its a bad idea if you do not know what you are doing.

If you do know what you are doing – you may mix anything with everything – just do not spam the FreeBSD Forums for help later 🙂

The tool to update the local FreeBSD Ports Tree on your machine is still portsnap(8) and the auto argument is usually more then enough.

# portsnap auto

From the other things – you may want to setup the WRKDIRPREFIX variable to have everything built in the /usr/ports/obj directory – to have everything in one place.

# grep WRKDIRPREFIX /etc/make.conf
WRKDIRPREFIX=${PORTSDIR}/obj
# rm -rf \
    /usr/ports/obj \
    /usr/ports/distfiles

I often also clean the /usr/ports/obj and /usr/ports/distfiles directories.

Summary

Besides the things that I have wrote above I also sometimes save some binaries to the ~/scripts/bin path. There is not upgrade path for them besides manually checking the provider page.

Some examples of such software on my system are doso or cpuc ones.

As I do not have anything more to add here – please feel free to comment what is missing in keeping your workstation updated and secure.

EOF

Native Urban Terror on FreeBSD

Welcome to 2023 and let me start a first article of this new year with a … guest post by @NeoMoevius from Twitter. That is right. I did not invented it. I did not created it. I only partially wrote it – treat me as a ghost writer here. ll the thanks and welcomes goes directly to @NeoMoevius – I am just a messenger here 🙂

This post will be about playing (and first building – of course) the Urban Terror game on FreeBSD system. It is about how to build and install Urban Terror 4.3 on FreeBSD without Linux emulation or using WINE. Natively. This will be on the latest and supported FreeBSD 13.1-RELEASE system.

There are not many steps to make it happen. First – just download the official Urban Terror ZIP file.

% mkdir _UT
% cd _UT
% fetch http://cdn.urbanterror.info/urt/43/releases/zips/UrbanTerror434_full.zip
UrbanTerror434_full.zip                         3% of 1403 MB 1836 kBps 11m38s
% unzip UrbanTerror434_full.zip
% cd UrbanTerror43
% pwd
/home/vermaden/_UT/UrbanTerror43

Lets leave that alone for now 🙂

We will also need to install some dependencies.

# pkg install -y \
    devel/sdl20 \
    devel/pkgconf \
    devel/gmake \
    ftp/curl \
    graphics/sdl2_image \
    graphics/sdl2_ttf \
    audio/sdl2_mixer \
    audio/openal-soft

We will now need to download and compile source code of ioquake 3 for Urban Terror.

% mkdir _IOQ3
% cd _IOQ3
% git clone https://github.com/mickael9/ioq3.git
Cloning into 'ioq3'...
remote: Enumerating objects: 28169, done.
Receiving objects:  19% (5353/28169), 6.77 MiB | 2.24 MiB/s
% cd ioq3
% gmake
% echo ${?}
0
% cd build/release-freebsd-x86_64
% ls -l
total 2773K
drwxr-xr-x 2 vermaden vermaden       2 2023-01-20 20:11 autoupdater/
drwxr-xr-x 4 vermaden vermaden     228 2023-01-20 20:12 client/
drwxr-xr-x 2 vermaden vermaden     154 2023-01-20 20:11 ded/
drwxr-xr-x 2 vermaden vermaden     166 2023-01-20 20:12 renderergl1/
drwxr-xr-x 3 vermaden vermaden      77 2023-01-20 20:12 renderergl2/
-rwxr-xr-x 1 vermaden vermaden  862712 2023-01-20 20:12 renderer_opengl1_x86_64.so
-rwxr-xr-x 1 vermaden vermaden 1143552 2023-01-20 20:12 renderer_opengl2_x86_64.so
-rwxr-xr-x 1 vermaden vermaden 2133400 2023-01-20 20:12 urbanterror-m9.x86_64
-rwxr-xr-x 1 vermaden vermaden  970368 2023-01-20 20:11 urbanterror-server-m9.x86_64

The files that are interesting for us are listed below:

• renderer_opengl1_x86_64.so
• renderer_opengl2_x86_64.so
• urbanterror-m9.x86_64
• urbanterror-server-m9.x86_64

… and now you will need to copy these four files into the Urban Terror folder when you have uncompressed the game.

% cp \
    renderer_opengl1_x86_64.so   \
    renderer_opengl2_x86_64.so   \
    urbanterror-m9.x86_64        \
    urbanterror-server-m9.x86_64 \
    /home/vermaden/_UT/UrbanTerror43

% cd /home/vermaden/_UT/UrbanTerror43

% pwd
/home/vermaden/_UT/UrbanTerror43

% ls -l
total 8495K
drwxr-xr-x 2 vermaden vermaden      30 2023-01-20 20:19 q3ut4/
drwxr-xr-x 3 vermaden vermaden       3 2023-01-20 20:19 Quake3-UrT.app/
-rw-r--r-- 1 vermaden vermaden 1082800 2018-06-21 22:08 Quake3-UrT-Ded.exe
-rwxr-xr-x 1 vermaden vermaden  816002 2018-06-21 22:08 Quake3-UrT-Ded.i386
-rwxr-xr-x 1 vermaden vermaden  961958 2018-06-21 22:08 Quake3-UrT-Ded.x86_64
-rw-r--r-- 1 vermaden vermaden 2634689 2018-06-21 22:08 Quake3-UrT.exe
-rwxr-xr-x 1 vermaden vermaden 1702624 2018-06-21 22:08 Quake3-UrT.i386
-rwxr-xr-x 1 vermaden vermaden 1940280 2018-06-21 22:08 Quake3-UrT.x86_64
-rwxr-xr-x 1 vermaden vermaden  862712 2023-01-20 20:20 renderer_opengl1_x86_64.so
-rwxr-xr-x 1 vermaden vermaden 1143552 2023-01-20 20:20 renderer_opengl2_x86_64.so
-rwxr-xr-x 1 vermaden vermaden 2133400 2023-01-20 20:20 urbanterror-m9.x86_64
-rwxr-xr-x 1 vermaden vermaden  970368 2023-01-20 20:20 urbanterror-server-m9.x86_64

We will now try to start that Urban Terror game.

% pwd
/home/vermaden/_UT/UrbanTerror43

% ./urbanterror-m9.x86_64
ioq3-UrT m9-builds/31 freebsd-x86_64 Jan 20 2023
SSE instruction set enabled
----- FS_Startup -----
We are looking in the current search path:
/home/vermaden/.q3a/q3ut4
./q3ut4
./q3ut4/zUrT43_qvm.pk3 (4 files)
./q3ut4/zUrT43_021.pk3 (85 files)
./q3ut4/zUrT43_020.pk3 (295 files)
./q3ut4/zUrT43_019.pk3 (342 files)
./q3ut4/zUrT43_018.pk3 (801 files)
(...)

Seems to start and work properly.

Here are several shots of what I tried to play it for some single online event.

All the screens above are in the windowed more but you can switch between window and full screen with [ALT]+[ENTER] shortcut at anytime. It was just easier for me to catch several shots for this article 🙂

Seems I am definitely not the best at this game :p

The Urban Terror game run smooth on my Intel HD Graphics 3000 card.

Fortunately I did not need to switch BIOS settings to start my decade old Nvidia Quadro 2000M monster :p

Not sure what I can add here – definitely a kind thank You for @NeoMoevius for his offer of making this content available for You 🙂

Regards.

FreeBSD Cope with WiFi Fuckup

I really wanted the name of this article does not sound dramatically but I was not able to invent any other title … none the less the wireless/WiFi topic can be problematic on the FreeBSD land. Its a known feat of FreeBSD that is does its job best at the server room and that laptop/desktop based configurations tend to need some ‘love’ to be usable. The worst thing of that part is lack of WiFi kernel drivers at all or slower then possible speed like 802.11g on 802.11n capable chips – often as old as 11 years old Intel Ultimate-N 6300 450Mbps card that runs only at 802.11g speed on FreeBSD. The aim of this article is to show you the alternatives and possibilities when it comes to wireless and/or WiFi problems that you may encounter on FreeBSD UNIX system.

Replace Unsupported Hardware

Assuming your laptop came with WiFi card that is not supported at all by FreeBSD drivers – one of the options can be to replace the mSATA or M.2 card with the supported one. It may be difficult because of BIOS blacklisting/whitelisting so there is possibility that it may be needed to flash your laptop/system with a hacked BIOS that does not have this blacklisting/whitelisting and allows ALL possible chips to be installed into it. This may be sometimes not possible of course and it really PITA that some/many manufacturers create such blacklisting/whitelisting bullshit without any reasonable reason then money heist.

Tiny USB WiFi Dongle

If your WiFi card is not supported at all and its not possible to replace it with mSATA and/or M.2 WiFi chip then you may use some tiny USB WiFi dongle with – for example – Realtek RTL8188CUS chip – which is supported on FreeBSD. While the chip itself is 802.11n 150Mbps capable the FreeBSD drivers only support 802.11g mode on it – but its still better then none connectivity at all.

Such tiny USB dongle can be shown below.

The more in depth article about that Realtek RTL8188CUS chip is available here – Realtek RTL8188CUS – USB 802.11n WiFi Review – in one of my earlier articles.

Smartphone USB Tethering

One of the alternative possibilities is to use your smartphone with USB cable to provide the Internet connection. The main benefit of this approach is that you probably always have your smartphone with you anyway. The only additional needed/missing part is the USB cable (which is not that a problem anyway once you order it). This comes handy in more then one way. The first and obvious way is to just use that smartphone with USB cable attached to your FreeBSD to provide Internet connection no matter if that smartphone provides that connection using LTE/4G connection or WiFi connection to some WiFi hotspot. Another reason why this setup comes handy is when you have your WiFi chipset supported … and still are not able to connect to some WiFi hotspot. Recently I was at my buddy’s home where he had open WiFi network available. My phone connected to it without a problem but FreeBSD with 11 years old Intel 6300 card … was not able to connect to it no matter what. To be precise the wpa_supplicant(8) showed the CTRL-EVENT-CONNECTED status but the dhclient was not able to get the IP for some reason. This is where my smartphone came handy as it was able to connect to that open unencrypted network and FreeBSD used it by the USB tethering method. Below I will show you how to use the USB tethering on FreeBSD.

The first thing is to attach your smartphone by USB cable to your FreeBSD system. After you have done that you will need to configure your smartphone to enable USB tethering. Below you will find such configuration for Android smartphone.

After you have chosen these settings you wull see the ue0 device in your ifconfig(8) interfaces listing.

% ifconfig
em0: flags=8c22<broadcast,oactive,simplex,multicast> metric 0 mtu 1500
        options=481249b<rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,lro,wol_magic,vlan_hwfilter,nomap>
        ether f0:de:f1:68:bc:ab
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<performnud,ifdisabled,auto_linklocal>
lo0: flags=8049<up,loopback,running,multicast> metric 0 mtu 16384
        options=680003<rxcsum,txcsum,linkstate,rxcsum_ipv6,txcsum_ipv6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1/8
        groups: lo
        nd6 options=21<performnud,auto_linklocal>
vboxnet0: flags=8802<broadcast,simplex,multicast> metric 0 mtu 1500
        ether 0a:00:27:00:00:00
        media: Ethernet autoselect
        status: active
        nd6 options=29<performnud,ifdisabled,auto_linklocal>
ue0: flags=8802<broadcast,simplex,multicast> metric 0 mtu 1500
        ether 02:2a:71:6a:08:01
        nd6 options=29<performnud,ifdisabled,auto_linklocal>

The next (and last) step is to use dhclient(8) daemon to acquire the IP address using DHCP. Here is the command I used.

# dhclient ue0
DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 4
DHCPOFFER from 192.168.73.209
DHCPREQUEST on ue0 to 255.255.255.255 port 67
DHCPACK from 192.168.73.209
bound to 192.168.73.16 -- renewal in 1799 seconds.

You can now test your connection with ping(8) command for example.

% ping -c 1 e.pl
PING e.pl (195.46.43.240): 56 data bytes
64 bytes from 195.46.43.240: icmp_seq=0 ttl=53 time=65.638 ms

--- e.pl ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 65.638/65.638/65.638/0.000 ms

You can now see that you got the needed IP address on your ue0 interface.

% ifconfig ue0
ue0: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500
        ether 02:2a:71:6a:08:01
        inet 192.168.73.16/24 broadcast 192.168.73.255
        nd6 options=29<performnud,ifdisabled,auto_linklocal>
</performnud,ifdisabled,auto_linklocal></up,broadcast,running,simplex,multicast>

This means that your Internet connection over USB tethering is functional.

One of the additional benefits of this approach is that USB connection also provides the power to your smartphone – which means that you only need one cable for both Internet connection and power for the smartphone device.

Mobile Router with RJ45 Cable

There is also additional option available and it provides similar possibilities to USB tethering – its using some mobile wireless router what would connect to LTE/4G network or some WiFi access point and will also have RJ45 socket so you will be able to connect to it with the RJ45 port on your laptop/desktop FreeBSD system.

You can find many such devices in real cheap price such as Overmax 3G or RAVPower RP-WD03-BK to name some. They come in $15 to $30 price range which should be marked as affordable for most people. Additional bonus from these devices is that they also serve as powerbank function. Also being powered its not needed to also power them up all the time – as the often allow for whole day function on the battery itself.

The Overmax 3G device is shown below.

The RAVPower RP-WD03-BK is shown below.

Bhyve wifibox VM

There is also one additional way to get your WiFi connection – use bhyve(8) virtualization. With wifibox you will deploy Linux VM – and use Linux wireless drivers for the card that may be unsupported on FreeBSD system. It works because of bhyve(8) PCI passthrough feature. You just pass the WiFi card directly to Linux VM.

The biggest advantage of wifibox is that everything is shipped in single FreeBSD package that can be easily installed and removed. You will just have to add wifibox package with pkg(8) – the FreeBSD package manager.

It also comes with rc(8) service script that automatically starts that Linux VM upon FreeBSD boot – and stops gracefully on shutdown.

Summary

What works best? To be honest its still more convenient to use builtin WiFi chip even at slower 802.11g speeds then using any other methods described in this article. Next one is using the mobile router with RJ45 cable. The next one (and somewhat slower one) is the USB tethering method – but while slower I was able to successfully post that article using it – so its not a major drawback. At the least one is using the wifibox way. Its generally up to You – what makes less PITA for you.

I of course hope that WiFi will get some more love in the FreeBSD land and that such ‘strange’ methods would not be needed to ‘just’ connect to the Internet.

Regards.

Desktop Environments Resource Usage Comparison

Some of them use more RAM. Some less. Today in a rather simplified benchmark I will check some popular desktop environments for their RAM usage. I recently came to see some more or less old comparisons of various desktop environments RAM usage.

• 2019 – https://youtu.be/fo45bo1jvZI
• 2020 – https://youtu.be/RrvJOXypAbk
• 2022 – https://itvision.altervista.org/linux-desktop-environments-system-usage.html [edit]

They were focused on difference between XFCE and KDE/Plasma environments. I am used to idea that XFCE is smaller and lighter of the two – so it should be also lighter on resources – but these two movies state that they RAM usage is similar and sometimes even KDE/Plasma is lighter. These results seemed strange to me so I wanted to test them under latest FreeBSD 13.1-RELEASE UNIX system.

Example XFCE on FreeBSD desktop screenshot from the XFCE Cupertino Way article.

Upon some popular demand I also added GNOME (the 42 version) to the comparison.

Today we will test these desktop environments:

• XFCE (4.16)
• MATE (1.26)
• KDE/Plasma (5.24)
• Openbox (3.6)
• GNOME (42)

We all know that Openbox is just a window manager but I wanted to include it here just from comparison.

Test Environment and Process

To save time I used VirtualBox virtual machine for the purpose of these simplified benchmarks. For that purpose he created VM had:

• 1 x CPU
• 8 GB RAM
• 128 MB GPU Memory
• 30 GB Disk

After installing the vanilla FreeBSD 13.1-RELEASE I switched to the latest pkg(8) repository. Then I added needed packages:

# pkg install xorg xfce kde5 mate openbox dzen2 tint2 xbindkeys xterm geany gnome

All of the desktop environments and their dependencies were installed on that test machine. The main FreeBSD config at /etc/rc.conf file had following contents.

% cat /etc/rc.conf
hostname="freebsd"
ifconfig_em0="DHCP"
sshd_enable="YES"
moused_enable="YES"
powerd_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
dbus_enable="YES"

The only thing I added after installation was the dbus service startup. I did not changed any settings in these environments. The were compared at their default settings.

The test was rather simple and naive but these were the tasks that I done on each of them.

• Run gstat(8) command in terminal application.
• Display /etc/ in file manager with scroll to end of display of dir.
• Open /etc/ssh/moduli file in text editor with scroll to end of file.

These were different for various environments:

XFCE

• xfce4-terminal
• thunar
• mousepad

MATE

• mate-terminal
• caja
• pluma

KDE/Plasma

• konsole
• dolphin
• kate

Openbox

• xterm
• caja
• geany

GNOME

• gnome-terminal
• nautilus
• gedit

I powered off that FreeBSD machine before each test – so each test looked like:

• boot cold FreeBSD system
• login into system (in text console)
• type xinit(1) command
• do the 3 defined tasks

Each desktop environment had different ~/.xinitrc file. Below you will find their contents.

% cat ~/.xinitrc.xfce
. /usr/local/etc/xdg/xfce4/xinitrc

% cat ~/.xinitrc.mate
exec ck-launch-session mate-session

% cat ~/.xinitrc.kde
exec ck-launch-session startplasma-x11

% cat ~/.xinitrc.openbox
dzen2 &
tint2 &
xbindkeys &
exec openbox

% cat ~/.xinitrc.gnome
exec gnome-session

Each of them were started like that:

% xinit ~/.xinitrc.xfce

% xinit ~/.xinitrc.mate

% xinit ~/.xinitrc.kde

% xinit ~/.xinitrc.openbox

% xinit ~/.xinitrc.gnome

RAM Usage Results

To be honest I was surprised by the results.

Clean Text Console FreeBSD

The text console of FreeBSD 13.1-RELEASE system used about 97 MB of RAM. That result is the sum of the RES column from the top(1) command.

Below you will find the top(1) output for FreeBSD text console only system.

% top -b -o res 1000
last pid:   871;  load averages:  1.92,  0.90,  0.36; battery: 99%  up 0+00:01:09    00:34:01
28 processes:  2 running, 26 sleeping
CPU:  2.0% user,  0.0% nice,  3.7% system,  0.2% interrupt, 94.0% idle
Mem: 18M Active, 21M Inact, 138M Wired, 40K Buf, 7746M Free
ARC: 43M Total, 18M MFU, 23M MRU, 335K Header, 1556K Other
     20M Compressed, 61M Uncompressed, 3.09:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  852 vermaden      1  20    0    21M  9492K RUN      0:00   0.00% sshd
  849 root          1  33    0    21M  9300K select   0:00   0.00% sshd
  799 root          1  22    0    21M  8208K select   0:00   0.00% sshd
  817 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
  820 smmsp         1  52    0    18M  6704K pause    0:00   0.00% sendmail
  749 messagebus    1  52    0    14M  3648K select   0:00   0.00% dbus-daemon
  853 vermaden      1  20    0    13M  3256K wait     0:00   0.00% sh
  871 vermaden      1  20    0    14M  3220K RUN      0:00   0.00% top
  846 vermaden      1  52    0    13M  3208K ttyin    0:00   0.00% sh
  838 root          1  25    0    13M  3100K wait     0:00   0.00% login
  463 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  668 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  830 root          1  52    0    13M  2736K wait     0:00   0.00% sh
  402 root          1  52    0    13M  2708K select   0:00   0.00% dhclient
  399 root          1  52    0    13M  2632K select   0:00   0.00% dhclient
  802 root          1  20    0    13M  2516K nanslp   0:00   0.00% cron
  831 root          1  52    0    13M  2440K piperd   0:00   0.00% logger
  754 root          1  52    0    13M  2380K select   0:00   0.00% moused
  837 root          1  52    0    13M  2316K select   0:00   0.00% logger
  842 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  845 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  843 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  844 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  841 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  839 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  840 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  833 root          1  52    0    12M  2080K nanslp   0:00   0.00% sleep
  464 root          1  20    0    11M  1540K select   0:00   0.00% devd

XFCE

Next one is XFCE and it used about 1548 MB of RAM.

Below you will find the top(1) output for XFCE.

% top -b -o res 1000
last pid:  1076;  load averages:  0.58,  0.84,  0.51; battery: 99%  up 0+00:07:06    00:31:07
71 processes:  2 running, 69 sleeping
CPU:  7.6% user,  0.1% nice,  6.5% system,  1.1% interrupt, 84.8% idle
Mem: 292M Active, 337M Inact, 389M Wired, 56K Buf, 6897M Free
ARC: 240M Total, 98M MFU, 133M MRU, 1762K Header, 7212K Other
     194M Compressed, 461M Uncompressed, 2.37:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  945 vermaden      3  20    0   344M   251M select   0:11   0.00% Xorg
 1010 vermaden      4  20    0   311M   121M select   0:01   0.00% kgpg
 1004 vermaden      5  20    0   196M   100M select   0:04   0.00% xfwm4
 1008 vermaden      4  20    0   130M    92M select   0:01   0.00% xfdesktop
  948 vermaden      4  20    0   172M    76M select   0:04   0.00% xfce4-session
 1012 vermaden      6  40   19   160M    63M select   0:00   0.00% tumblerd
 1064 vermaden      5  21    0    89M    59M select   0:05   0.00% mousepad
 1013 vermaden      3  20    0   130M    52M select   0:00   0.00% kalendarac
 1007 vermaden      4  24    0    75M    51M select   0:04   0.00% thunar
 1006 vermaden      4  20    0    75M    48M select   0:04   0.00% xfce4-panel
 1056 vermaden      4  20    0    69M    42M select   0:01   0.00% xfce4-terminal
 1020 vermaden      4  20    0    65M    41M select   0:00   0.00% wrapper-2.0
 1021 vermaden      4  20    0    65M    41M select   0:00   0.00% wrapper-2.0
 1022 vermaden      4  20    0    52M    32M select   0:00   0.00% wrapper-2.0
 1005 vermaden      4  20    0    49M    30M select   0:02   0.00% xfsettingsd
 1019 vermaden      4  20    0    46M    30M select   0:00   0.00% wrapper-2.0
 1027 vermaden      3  40   19   256G    29M select   0:00   0.00% baloo_file
 1009 vermaden      4  20    0    46M    28M select   0:00   0.00% xfce4-power-manager
  975 polkitd       7  20    0  2125M    27M select   0:01   0.00% polkitd
 1029 vermaden      4  20    0    45M    27M select   0:00   0.00% xfce4-notifyd
  977 vermaden      5  20    0    49M    26M select   0:01   0.00% mate-screensaver
  983 root          7  20    0    64M    16M select   0:01   0.00% bsdisks
  981 vermaden      5  20    0    27M    11M select   0:00   0.00% gvfs-udisks2-volume
 1067 vermaden      5  20    0    24M    10M select   0:00   0.00% gvfsd-network
 1038 vermaden      4  20    0    27M    10M select   0:00   0.00% gvfsd-trash
 1070 vermaden      4  20    0    24M    10M select   0:00   0.00% gvfsd-dnssd
 1063 vermaden      4  20    0    24M    10M select   0:00   0.00% gvfsd-computer
  865 vermaden      1  20    0    21M  9492K RUN      0:00   0.00% sshd
 1042 vermaden      2  22    0    86M  9440K select   0:00   0.00% pulseaudio
  862 root          1  28    0    21M  9264K select   0:00   0.00% sshd
  979 vermaden      4  32    0    24M  8836K select   0:00   0.00% gvfsd
  973 vermaden      4  20    0    21M  8712K select   0:00   0.00% at-spi2-registryd
  966 vermaden      5  20    0    21M  8296K select   0:00   0.00% at-spi-bus-launcher
  972 root         16  20    0    24M  8256K select   0:00   0.00% console-kit-daemon
  815 root          1  22    0    21M  8208K select   0:00   0.00% sshd
  991 vermaden      5  20    0    21M  7948K select   0:00   0.00% gvfs-gphoto2-volume
 1044 root          4  22    0    20M  7916K select   0:00   0.00% accounts-daemon
 1040 vermaden      4  20    0    19M  7460K select   0:00   0.00% gvfsd-metadata
 1017 root          4  20    0    19M  7452K select   0:00   0.00% upowerd
  988 vermaden      5  20    0    19M  7208K select   0:00   0.00% gvfs-mtp-volume-mon
  833 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
 1066 vermaden      4  20    0    19M  7004K select   0:00   0.00% dconf-service
  969 vermaden      4  20    0    19M  6936K select   0:00   0.00% xfconfd
  998 vermaden      1  21    0    18M  6900K select   0:00   0.00% ssh-agent
  836 smmsp         1  52    0    18M  6576K pause    0:00   0.00% sendmail
  960 vermaden      1  20    0    14M  4580K select   0:01   0.00% dbus-daemon
 1003 vermaden      1  20    0    16M  4116K select   0:00   0.00% gpg-agent
  765 messagebus    1  20    0    14M  4100K select   0:00   0.00% dbus-daemon
  955 vermaden      1  23    0    15M  3912K select   0:00   0.00% dbus-launch
  967 vermaden      1  20    0    14M  3812K select   0:01   0.00% dbus-daemon
 1058 vermaden      1  20    0    14M  3772K nanslp   0:00   0.00% gstat
 1076 vermaden      1  20    0    14M  3464K RUN      0:00   0.00% top
 1057 vermaden      1  28    0    13M  3276K wait     0:00   0.00% sh
  866 vermaden      1  20    0    13M  3256K wait     0:00   0.00% sh
  941 vermaden      1  20    0    13M  3212K wait     0:00   0.00% sh
  854 root          1  20    0    13M  3136K wait     0:00   0.00% login
  944 vermaden      1  20    0    14M  3096K wait     0:00   0.00% xinit
  479 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  684 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  418 root          1   4    0    13M  2708K select   0:00   0.00% dhclient
  415 root          1  49    0    13M  2632K select   0:00   0.00% dhclient
  818 root          1  20    0    13M  2516K nanslp   0:00   0.00% cron
  770 root          1  20    0    13M  2404K select   0:00   0.00% moused
  855 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  858 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  861 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  859 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  860 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  856 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  857 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  480 root          1  20    0    11M  1540K select   0:00   0.00% devd

MATE

Next one is MATE and it used about 1361 MB of RAM.

This is first strange thing for me. Keep in mind that MATE is a fork of GNOME 2 which was expected to be heavy compared to light XFCE … at least more then a decade ago. Seems that now MATE developers are doing better job then XFCE devs 🙂

Below you will find the top(1) output for MATE.

% top -b -o res 1000
last pid:   966;  load averages:  1.75,  1.02,  0.43; battery: 99%  up 0+00:01:53    00:40:42
66 processes:  2 running, 64 sleeping
CPU: 25.7% user,  0.0% nice,  8.9% system,  0.4% interrupt, 65.0% idle
Mem: 279M Active, 269M Inact, 381M Wired, 56K Buf, 6986M Free
ARC: 230M Total, 88M MFU, 131M MRU, 1753K Header, 8250K Other
     183M Compressed, 435M Uncompressed, 2.37:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  857 vermaden      3  23    0   344M   246M select   0:08   7.96% Xorg
  922 vermaden      4  20    0   311M   122M select   0:01   0.00% kgpg
  869 vermaden      5  20    0   172M    77M select   0:01   0.00% mate-session
  913 vermaden      6  20    0    92M    68M select   0:03   0.00% caja
  961 vermaden      5  29    0    91M    59M select   0:07  15.97% pluma
  951 vermaden      5  20    0    86M    55M select   0:01   0.00% mate-terminal
  919 vermaden      3  20    0   130M    52M select   0:00   0.00% kalendarac
  911 vermaden      5  20    0    74M    49M select   0:01   0.00% mate-panel
  941 vermaden      5  20    0    70M    45M select   0:00   0.00% notification-area-a
  902 vermaden      5  20    0    70M    44M select   0:01   0.00% marco
  917 vermaden      4  20    0    66M    43M select   0:00   0.00% mate-volume-control
  899 vermaden      6  20    0    60M    38M select   0:02   0.00% mate-settings-daemo
  939 vermaden      5  20    0    60M    38M select   0:00   0.00% clock-applet
  927 vermaden      5  20    0    57M    37M select   0:00   0.00% wnck-applet
  921 vermaden      5  20    0    55M    35M select   0:00   0.00% mate-power-manager
  915 vermaden      5  20    0    50M    32M select   0:00   0.00% mate-screensaver
  864 polkitd       7  20    0  2125M    27M select   0:00   0.00% polkitd
  914 vermaden      4  20    0    44M    26M select   0:00   0.00% polkit-mate-authent
  883 root          7  52    0    64M    16M select   0:00   0.00% bsdisks
  881 vermaden      5  20    0    27M    12M select   0:00   0.00% gvfs-udisks2-volume
  962 vermaden      5  20    0    24M    11M select   0:00   0.00% gvfsd-network
  965 vermaden      4  20    0    24M    10M select   0:00   0.00% gvfsd-dnssd
  954 vermaden      4  20    0    24M    10M select   0:00   0.00% gvfsd-computer
  929 vermaden      4  20    0    26M    10M select   0:00   0.00% gvfsd-trash
  852 vermaden      1  20    0    21M  9480K RUN      0:00   0.00% sshd
  931 vermaden      2  21    0    86M  9396K select   0:00   0.00% pulseaudio
  849 root          1  30    0    21M  9300K select   0:00   0.00% sshd
  879 vermaden      4  28    0    24M  9180K select   0:00   0.00% gvfsd
  901 vermaden      4  20    0    21M  8860K select   0:00   0.00% at-spi2-registryd
  895 vermaden      5  20    0    21M  8272K select   0:00   0.00% gvfs-gphoto2-volume
  862 root         16  20    0    24M  8244K select   0:00   0.00% console-kit-daemon
  799 root          1  23    0    21M  8208K select   0:00   0.00% sshd
  875 vermaden      5  20    0    21M  8128K select   0:00   0.00% at-spi-bus-launcher
  956 vermaden      4  20    0    19M  7704K select   0:00   0.00% gvfsd-metadata
  893 vermaden      5  20    0    19M  7544K select   0:00   0.00% gvfs-mtp-volume-mon
  924 root          4  20    0    19M  7524K select   0:00   0.00% upowerd
  817 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
  897 vermaden      4  20    0    19M  6936K select   0:00   0.00% dconf-service
  820 smmsp         1  52    0    18M  6700K pause    0:00   0.00% sendmail
  912 vermaden      1  20    0    17M  4892K piperd   0:00   0.00% libgtop_server2
  873 vermaden      1  20    0    14M  4164K select   0:00   0.00% dbus-daemon
  860 vermaden      1  22    0    17M  4124K wait     0:00   0.00% ck-launch-session
  876 vermaden      1  20    0    14M  4004K select   0:01   0.00% dbus-daemon
  749 messagebus    1  20    0    14M  3984K select   0:00   0.00% dbus-daemon
  872 vermaden      1  20    0    15M  3912K select   0:00   0.00% dbus-launch
  953 vermaden      1  20    0    14M  3708K nanslp   0:00   0.00% gstat
  966 vermaden      1  20    0    14M  3392K RUN      0:00   0.00% top
  853 vermaden      1  20    0    13M  3248K wait     0:00   0.00% sh
  846 vermaden      1  21    0    13M  3212K wait     0:00   0.00% sh
  952 vermaden      1  38    0    13M  3208K wait     0:00   0.00% sh
  838 root          1  25    0    13M  3100K wait     0:00   0.00% login
  856 vermaden      1  20    0    14M  3096K wait     0:00   0.00% xinit
  463 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  668 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  402 root          1  52    0    13M  2708K select   0:00   0.00% dhclient
  399 root          1  52    0    13M  2632K select   0:00   0.00% dhclient
  802 root          1  20    0    13M  2516K nanslp   0:00   0.00% cron
  754 root          1  20    0    13M  2404K select   0:00   0.00% moused
  839 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  845 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  841 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  843 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  842 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  844 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  840 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  464 root          1  20    0    11M  1540K select   0:00   0.00% devd

KDE/Plasma

Next one is KDE/Plasma and without surprise (at least for me) it uses more RAM then other desktop environments – about 2843 MB of RAM – that is more then twice as much as MATE and almost twice as much as XFCE.

Below you will find the top(1) output for KDE/Plasma.

% top -b -o res 1000
last pid:  1075;  load averages:  2.10,  1.56,  0.79; battery: 99%  up 0+00:05:22    00:38:14
67 processes:  2 running, 65 sleeping
CPU: 30.8% user,  0.1% nice,  8.8% system,  0.2% interrupt, 60.0% idle
Mem: 530M Active, 316M Inact, 441M Wired, 56K Buf, 6633M Free
ARC: 272M Total, 119M MFU, 139M MRU, 2012K Header, 12M Other
     211M Compressed, 514M Uncompressed, 2.44:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  935 vermaden     12  21    0   588M   298M select   0:22   0.00% plasmashell
  874 vermaden      3  23    0   344M   241M select   0:15   9.96% Xorg
 1065 vermaden      7  30    0   365M   190M select   0:12  15.97% kate
  918 vermaden      5  31    0   376M   179M select   0:22  15.97% kwin_x11
 1035 vermaden      8  20    0   320M   156M select   0:03   0.00% dolphin
 1029 vermaden      3  20    0   312M   150M select   0:02   0.00% konsole
  959 vermaden      4  20    0   314M   143M select   0:01   0.00% kgpg
 1063 vermaden      5  52    0   304M   140M select   0:02   0.00% kioslave5
 1073 vermaden      4  20    0   303M   139M select   0:01   0.00% kioslave5
  916 vermaden     11  20    0   179M    84M select   0:02   0.00% kded5
  958 vermaden      3  20    0   147M    67M select   0:01   0.00% kalendarac
  944 vermaden      4  20    0   174M    63M select   0:01   0.00% DiscoverNotifier
  941 vermaden      6  20    0   130M    58M select   0:01   0.00% polkit-kde-authenti
  920 vermaden      4  20    0   131M    58M select   0:01   0.00% ksmserver
  940 vermaden      7  20    0   118M    56M select   0:01   0.00% org_kde_powerdevil
  942 vermaden      3  20    0   128M    56M select   0:01   0.00% kaccess
  922 vermaden      3  20    0   127M    55M select   0:01   0.00% kglobalaccel5
  968 vermaden      7  20    0   104M    47M select   0:01   0.00% kactivitymanagerd
  905 vermaden      3  20    0   127M    45M select   0:00   0.00% klauncher
  901 vermaden      3  26    0   113M    43M select   0:00   0.00% plasma_session
  904 vermaden      1  20    0   112M    41M select   0:00   0.00% kdeinit5
  885 vermaden      3  38    0   113M    41M select   0:00   0.00% startplasma-x11
 1041 vermaden      2  42    0    88M    37M select   0:00   0.00% kioslave5
 1069 vermaden      1  23    0   256G    37M select   0:00   0.00% kioslave5
 1039 vermaden      1  36    0   256G    37M select   0:00   0.00% kioslave5
 1027 vermaden      1  36    0   256G    36M select   0:00   0.00% kioslave5
  997 vermaden      3  28    0    86M    35M select   0:00   0.00% kioslave5
  943 vermaden      3  40   19   256G    32M select   0:00   0.00% baloo_file
  945 vermaden      4  20    0    87M    32M select   0:00   0.00% gmenudbusmenuproxy
  939 vermaden      3  20    0    83M    30M select   0:00   0.00% xembedsniproxy
  976 vermaden      3  20    0    76M    28M select   0:00   0.00% kscreen_backend_lau
  881 polkitd       7  20    0  2125M    27M select   0:00   0.00% polkitd
  926 root          7  20    0    67M    19M select   0:00   0.00% bsdisks
  966 vermaden      2  20    0    86M  9520K select   0:00   0.00% pulseaudio
  852 vermaden      1  20    0    21M  9512K RUN      0:00   0.00% sshd
  849 root          1  33    0    21M  9300K select   0:00   0.00% sshd
  879 root         16  20    0    24M  8320K select   0:00   0.00% console-kit-daemon
  799 root          1  22    0    21M  8208K select   0:00   0.00% sshd
  937 root          4  20    0    19M  7404K select   0:00   0.00% upowerd
  817 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
  982 vermaden      4  20    0    19M  6732K select   0:00   0.00% dconf-service
  820 smmsp         1  52    0    18M  6704K pause    0:00   0.00% sendmail
  749 messagebus    1  20    0    14M  4452K select   0:00   0.00% dbus-daemon
  896 vermaden      1  28    0    15M  4252K select   0:00   0.00% dbus-launch
  897 vermaden      1  20    0    14M  4164K select   0:01   0.00% dbus-daemon
  877 vermaden      1  21    0    17M  4124K wait     0:00   0.00% ck-launch-session
 1034 vermaden      1  20    0    14M  3836K nanslp   0:00   0.00% gstat
 1075 vermaden      1  20    0    14M  3392K RUN      0:00   0.00% top
  853 vermaden      1  20    0    13M  3256K wait     0:00   0.00% sh
 1032 vermaden      1  26    0    13M  3232K wait     0:00   0.00% sh
  846 vermaden      1  20    0    13M  3212K wait     0:00   0.00% sh
  838 root          1  25    0    13M  3100K wait     0:00   0.00% login
  873 vermaden      1  20    0    14M  3096K wait     0:00   0.00% xinit
  463 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  668 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  402 root          1  52    0    13M  2708K select   0:00   0.00% dhclient
  399 root          1  52    0    13M  2632K select   0:00   0.00% dhclient
  802 root          1  20    0    13M  2516K nanslp   0:00   0.00% cron
  754 root          1  20    0    13M  2404K select   0:01   0.00% moused
  842 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  845 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  843 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  844 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  841 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  839 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  840 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  464 root          1  20    0    11M  1540K select   0:00   0.00% devd

Openbox

Not really a desktop environment but just for the sake of comparison I wanted to check it. With the default ‘ugly’ settings it consumed about 614 MB or RAM.

Below you will find the top(1) output for Openbox.

% top -b -o res 1000
last pid:   991;  load averages:  0.66,  0.77,  0.43; battery: 99%  up 0+00:04:35    00:52:31
43 processes:  1 running, 41 sleeping, 1 stopped
CPU:  8.8% user,  0.0% nice,  3.8% system,  0.5% interrupt, 86.9% idle
Mem: 126M Active, 196M Inact, 391M Wired, 40K Buf, 7210M Free
ARC: 210M Total, 78M MFU, 120M MRU, 1783K Header, 10M Other
     164M Compressed, 374M Uncompressed, 2.28:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  894 vermaden      3  20    0   307M   217M select   0:02   0.00% Xorg
  942 vermaden      6  20    0   208M   112M select   0:02   0.00% caja
  981 vermaden      3  20    0   100M    60M select   0:02   0.00% geany
  897 vermaden      1  20    0    54M    25M select   0:00   0.00% openbox
  898 vermaden      1  20    0    53M    25M select   0:01   0.00% tint2
  939 vermaden      1  20    0    25M    13M select   0:00   0.00% xterm
  916 vermaden      1  20    0    25M    13M select   0:00   0.00% xterm
  986 vermaden      1  20    0    21M  9500K select   0:00   0.00% sshd
  983 root          1  28    0    21M  9360K select   0:00   0.00% sshd
  953 vermaden      4  20    0    21M  9228K select   0:00   0.00% at-spi2-registryd
  949 vermaden      5  49    0    21M  8736K select   0:00   0.00% at-spi-bus-launcher
  934 vermaden      1  20    0    20M  8608K STOP     0:00   0.00% dzen2
  799 root          1  20    0    21M  8208K select   0:00   0.00% sshd
  817 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
  955 vermaden      4  30    0    19M  6916K select   0:00   0.00% dconf-service
  820 smmsp         1  52    0    18M  6636K pause    0:00   0.00% sendmail
  946 vermaden      1  30    0    15M  4380K select   0:00   0.00% dbus-launch
  947 vermaden      1  43    0    14M  3908K select   0:00   0.00% dbus-daemon
  937 vermaden      1  20    0    14M  3760K nanslp   0:00   0.00% gstat
  950 vermaden      1  20    0    14M  3732K select   0:00   0.00% dbus-daemon
  749 messagebus    1  52    0    14M  3648K select   0:00   0.00% dbus-daemon
  991 vermaden      1  22    0    14M  3428K RUN      0:00   0.00% top
  987 vermaden      1  21    0    13M  3316K wait     0:00   0.00% sh
  918 vermaden      1  20    0    13M  3292K wait     0:00   0.00% sh
  941 vermaden      1  22    0    13M  3280K wait     0:00   0.00% sh
  982 vermaden      1  52    0    13M  3272K ttyin    0:00   0.00% sh
  846 vermaden      1  20    0    13M  3212K wait     0:00   0.00% sh
  838 root          1  26    0    13M  3100K wait     0:00   0.00% login
  893 vermaden      1  20    0    14M  3096K wait     0:00   0.00% xinit
  463 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  668 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  402 root          1   4    0    13M  2708K select   0:00   0.00% dhclient
  399 root          1  52    0    13M  2632K select   0:00   0.00% dhclient
  802 root          1  20    0    13M  2516K nanslp   0:00   0.00% cron
  754 root          1  20    0    13M  2404K select   0:00   0.00% moused
  843 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  842 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  845 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  844 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  840 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  839 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  841 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  464 root          1  20    0    11M  1540K select   0:00   0.00% devd

GNOME

GNOME with the same test procedure used 2622 MB of RAM.

Below you will find the top(1) output for GNOME.

% top -b -o res 1000
last pid:  1114;  load averages:  2.62,  1.76,  0.81; battery: 99%  up 0+00:03:38    12:44:58
91 processes:  2 running, 89 sleeping
CPU: 45.9% user,  0.0% nice,  9.1% system,  0.3% interrupt, 44.7% idle
Mem: 531M Active, 560M Inact, 2152K Laundry, 522M Wired, 56K Buf, 6295M Free
ARC: 319M Total, 151M MFU, 156M MRU, 2354K Header, 9740K Other
     266M Compressed, 640M Uncompressed, 2.41:1 Ratio
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  904 vermaden      9  23    0  2656M   379M select   0:29   9.96% gnome-shell
  855 vermaden      3  22    0   333M   238M select   0:10   6.98% Xorg
 1040 vermaden     12  20    0   349M   192M select   0:10   0.00% epiphany-search-pro
  962 vermaden      4  20    0   312M   136M select   0:01   0.00% kgpg
 1026 vermaden      8  20    0   215M   125M select   0:01   0.00% gnome-calendar
 1107 vermaden      5  20    0   187M   108M select   0:01   0.00% gnome-control-cente
  958 vermaden      7  20    0   211M    81M select   0:01   0.00% evolution-alarm-not
 1058 vermaden     15  20    0   194M    78M select   0:01   0.00% WebKitNetworkProces
 1071 vermaden      6  20    0   144M    77M select   0:03   0.00% nautilus
 1112 vermaden      5  52    0    85M    59M select   0:13  19.97% gedit
 1065 vermaden      5  20    0   114M    56M select   0:01   0.00% gnome-terminal-serv
  961 vermaden      3  20    0   132M    53M select   0:00   0.00% kalendarac
  917 vermaden      5  20    0   146M    51M select   0:00   0.00% goa-daemon
 1034 vermaden      5  20    0    70M    50M select   0:00   0.00% seahorse
  921 vermaden      7  20    0   109M    48M select   0:00   0.00% evolution-addressbo
  919 vermaden     10  20    0    81M    44M select   0:00   0.00% evolution-calendar-
  912 vermaden      5  20    0    78M    42M select   0:00   0.00% evolution-source-re
  950 vermaden      6  20    0  2134M    39M select   0:00   0.00% gjs-console
  931 vermaden      6  20    0  2134M    39M select   0:00   0.00% gjs-console
  935 vermaden      5  20    0   119M    32M select   0:00   0.00% gsd-media-keys
  939 vermaden      5  20    0    51M    30M select   0:00   0.00% gsd-xsettings
  937 vermaden      5  20    0    49M    30M select   0:00   0.00% gsd-power
  957 vermaden      3  40   19   256G    28M select   0:00   0.00% baloo_file
  907 vermaden      7  20    0    83M    28M select   0:00   0.00% gnome-shell-calenda
  947 vermaden      5  20    0    46M    28M select   0:00   0.00% gsd-keyboard
  994 vermaden      4  20    0    46M    28M select   0:00   0.00% ibus-extension-gtk3
  993 vermaden      4  20    0    46M    27M select   0:00   0.00% ibus-ui-gtk3
  893 polkitd       7  20    0  2125M    27M select   0:00   0.00% polkitd
  965 vermaden      5  20    0    48M    27M select   0:00   0.00% zeitgeist-datahub
  952 vermaden      4  24    0    49M    26M select   0:00   0.00% gsd-printer
  859 vermaden      5  20    0    49M    20M select   0:00   0.00% gnome-session-binar
  874 root          7  20    0    67M    16M select   0:00   0.00% bsdisks
  956 vermaden      4  20    0    27M    14M select   0:00   0.00% ibus-daemon
  942 vermaden      5  20    0    27M    13M select   0:00   0.00% gsd-datetime
  945 vermaden      5  20    0    26M    13M select   0:00   0.00% gsd-sound
  943 vermaden      6  20    0    25M    12M select   0:00   0.00% gsd-smartcard
  940 vermaden      4  20    0    27M    11M select   0:00   0.00% gsd-print-notificat
 1092 vermaden      4  20    0    24M    11M select   0:00   0.00% gvfsd-dnssd
 1082 vermaden      5  20    0    24M    11M select   0:00   0.00% gvfsd-network
  872 vermaden      5  20    0    27M    11M select   0:00   0.00% gvfs-udisks2-volume
 1041 vermaden      4  20    0    24M    11M select   0:00   0.00% gvfsd-trash
 1062 vermaden      4  20    0    24M    11M select   0:00   0.00% gvfsd-burn
  976 vermaden      4  20    0    25M    10M select   0:00   0.00% zeitgeist-daemon
  902 vermaden      5  20    0    23M    10M select   0:00   0.00% gnome-keyring-daemo
  894 vermaden      1  20    0    21M  9488K RUN      0:00   0.00% sshd
  944 vermaden      5  20    0    21M  9356K select   0:00   0.00% gsd-housekeeping
  887 root          1  24    0    21M  9332K select   0:00   0.00% sshd
  933 vermaden      4  20    0    21M  9252K select   0:00   0.00% at-spi2-registryd
  925 vermaden      2  21    0    86M  9216K select   0:00   0.00% pulseaudio
  870 vermaden      4  20    0    24M  8860K select   0:00   0.00% gvfsd
  934 vermaden      5  20    0    20M  8616K select   0:00   0.00% gsd-usb-protection
  891 root         16  20    0    24M  8488K select   0:00   0.00% console-kit-daemon
  811 root          1  20    0    21M  8208K select   0:00   0.00% sshd
  867 vermaden      5  20    0    21M  8128K select   0:00   0.00% at-spi-bus-launcher
  927 root          4  20    0    20M  8040K select   0:00   0.00% accounts-daemon
  941 vermaden      5  20    0    20M  7976K select   0:00   0.00% gsd-sharing
  886 vermaden      5  20    0    21M  7936K select   0:00   0.00% gvfs-gphoto2-volume
  936 vermaden      5  20    0    20M  7936K select   0:00   0.00% gsd-a11y-settings
  923 vermaden      4  20    0    19M  7716K select   0:00   0.00% gvfsd-metadata
  910 root          4  20    0    19M  7620K select   0:00   0.00% upowerd
  881 vermaden      5  20    0    19M  7220K select   0:00   0.00% gvfs-mtp-volume-mon
  938 vermaden      4  20    0    19M  7180K select   0:00   0.00% gsd-screensaver-pro
  825 root          1  20    0    18M  7140K select   0:00   0.00% sendmail
  914 vermaden      4  20    0    19M  7128K select   0:00   0.00% dconf-service
  828 smmsp         1  52    0    18M  6704K pause    0:00   0.00% sendmail
  864 vermaden      1  20    0    14M  5268K select   0:01   0.00% dbus-daemon
  753 messagebus    1  20    0    14M  4280K select   0:00   0.00% dbus-daemon
  863 vermaden      1  21    0    15M  3912K select   0:00   0.00% dbus-launch
  868 vermaden      1  20    0    14M  3812K select   0:00   0.00% dbus-daemon
 1067 vermaden      1  20    0    14M  3704K nanslp   0:00   0.00% gstat
 1114 vermaden      1  20    0    14M  3420K RUN      0:00   0.00% top
  895 vermaden      1  20    0    13M  3252K wait     0:00   0.00% sh
  851 vermaden      1  22    0    13M  3212K wait     0:00   0.00% sh
 1066 vermaden      1  26    0    13M  3208K wait     0:00   0.00% sh
  843 root          1  23    0    13M  3100K wait     0:00   0.00% login
  854 vermaden      1  20    0    14M  3096K wait     0:00   0.00% xinit
  858 vermaden      1  21    0    13M  3016K wait     0:00   0.00% sh
  467 _dhcp         1  52    0    13M  2828K select   0:00   0.00% dhclient
  672 root          1  20    0    13M  2748K select   0:00   0.00% syslogd
  406 root          1   4    0    13M  2708K select   0:00   0.00% dhclient
  403 root          1  44    0    13M  2632K select   0:00   0.00% dhclient
  814 root          1  26    0    13M  2516K nanslp   0:00   0.00% cron
  757 root          1  20    0    13M  2404K select   0:00   0.00% moused
  850 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  847 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  848 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  844 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  849 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  845 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  846 root          1  52    0    13M  2248K ttyin    0:00   0.00% getty
  468 root          1  20    0    11M  1540K select   0:00   0.00% devd

Summary of the RAM usage results are below.

  MB  ENVIRONMENT
----  --------------------
  97  FreeBSD Text Console
 614  Openbox
1361  MATE
1548  XFCE
2622  GNOME
2843  KDE/Plasma

Seems that MATE

CPU Time Usage Results

As I already had the top(1) outputs I also compared the CPU time used for that limited test. I will not post the top(1) results again as they are posted above. The Seconds column below is the sum of the TIME field from the top(1) command output.
Here are the results of used CPU time.

SECONDS  ENVIRONMENT
-------  --------------------
      0  FreeBSD Text Console
      7  Openbox
     26  MATE
     42  XFCE
     72  GNOME
     92  KDE/Plasma

Seems that MATE is twice as light on resources then XFCE. World has changed a lot since GNOME 2 was considered heavy fully fledged desktop environment while XFCE was light and fast … but even that ‘hungry’ XFCE takes only half of the time that KDE/Plasma uses for the same tasks.

Subjective Experience

The Openbox ‘environment’ started fastest and was most responsive to operate.

Both MATE and XFCE started little slower but after they loaded the desktop and taskbars they were snappy and fast to use.

On the other hand the KDE/Plasma took longest to load and each application I started – I needed to wait ‘a little’ with ‘bouncing mouse cursor’ for them to load. Also scrolling the /etc/ssh/moduli file to its end in Kate took REALLY long … even with Logitech M720 mouse which scroll wheel was spinning freely (without clicks). I want to mention that I am not disappointed by KDE/Plasma. Its just slower when used in a limiter 1 CPU and 8 GB RAM environment. Probably the load times and usability is a lot better on a 4 CORE system with 16 GB of RAM on fast NVMe SSD disk while we used rather slow virtual machine.

After adding GNOME to comparison it felt even slower then KDE/Plasma. Probably because GNOME requires hardware 3D acceleration for smooth operation. With its software rendering it felt really sluggish … while consuming less RAM and CPU time then KDE/Plasma.

Summary

Not sure how useful that is but I just was curious and wanted to check it out – and as I did I share what I found.

UPDATE 1 – Added freecolor(1) and htop(1) RAM Measurements

After suggestions from other places I added freecolor(1) and htop(1) measurements when it comes to RAM usage. Here are the results.

            | htop(1) | conky(1) | freecolor(1)
    FreeBSD |  112 MB |    - -   |  157 MB 
    Openbox |  237 MB |  460 MB  |  382 MB 
       MATE |  508 MB |  778 MB  |  788 MB 
       XFCE |  533 MB |  794 MB  |  829 MB 
helloSystem |  585 MB |    - -   |  830 MB 
      GNOME |  625 MB |  990 MB  | 1000 MB 
 KDE/Plasma |  730 MB | 1659 MB  | 1167 MB

Hope that helps.

EOF

FreeBSD 13.1 on ThinkPad W520

I created whole FreeBSD Desktop series … but I never created an article describing how I run FreeBSD on my own daily driver – the Lenovo ThinkPad W520 from 2011 – the last one with the so much appreciated 7-row keyboard. In this article I will share how I configured FreeBSD to make the most of it. If you are curious why I use such old laptop then my older Epitaph to Laptops article explains that in detail.

This is the Table of Contents for this article.

• FreeBSD 13.1 on ThinkPad W520
• ThinkPad W520
• Specifications
• FreeBSD System Configuration
• Desktop Environment
  • Openbox
  • XFCE
  • GNOME
• Accessories
  • Smaller Power Supply
  • Mouse Companion
  • Two Additional USB 3.0 Ports
  • Larger Custom Battery
• Experience
• Summary

ThinkPad W520

This machine was out-fucking-standing when it was released in 2011 … and expensive as hell also 🙂 With 4 physical cores and up to 32 GB RAM only a few laptops could compete with it – Dell Precision M4600 – also could do that back then … but not exactly the same. You see – the last Dell Precision to carry similar 7-row keyboard was Dell Precision M4500 – but that one was from 2010 and was able to pack only … 8 GB RAM (official) and 16 GB RAM (unofficial) – so its not a fair comparison. Today 11 years (!) later ThinkPad W520 is still very capable and powerful machine. The only thing that you may need to do is to replace the thermal paste. I also did that – Classic ThinkPad Thermal Paste Change – as described here.

To make you imagine how big that 11 years time span in IT is I will try to show you example with a car. Its like driving 30 years old Mercedes-Benz W124 from 1992 today because IT world and hardware changes and improves a lot faster then automobile industry. The Mercedes-Benz W124 with its indestructible automatic transmission and engine along with comfortable suspension and automatic air conditioning – offers daily experience not that far away from today’s cars – the meritum is definitely fulfilled. I know that from first hand since I owned one not that long ago. Not to mention its legendary reliability. Its also a car that is very liked by mechanics as its very ‘serviceable’ and has lots of space for everything. You do not need to disassemble entire front bumper and the headlight just to replace a broken light beam.

This is the same that I would say about ThinkPad W520 today. You can put three (!) storage devices at the same time. Two 2.5 SATA drives and one mSATA disk. Assuming you would use 8 TB 2.5 Samsung QVO drives and 2 TB mSATA drive you would have 18 TB of storage … in a 11 years old laptop. You can grow that to 19TB with 1TB SD card in the slot … and we even did not touched any USB ports yet. Today you are able to get ThinkPad W520 in nice condition for about $300 if you are not heisty and getting 32 GB of DDR3 RAM costs another $100 so its pretty affordable hardware.

Specifications

For the record below You will find specs of mine machine. I also added driver and/or package that is used to support these devices.

CPU: Intel Core i7-2820QM 2.30GHz (4C/8T) Sandy Bridge 32nm
RAM: 32 GB (4 * 8GB DDR3)
HDD0: 128GB mSATA Samsung PM830 (system)
HDD1: 4 TB 2.5 SATA Samsung 860 QVO (data)
GFX0: Intel HD Graphics 3000 (integrated) [graphics/drm-kmod]
GFX1: Nvidia Quadro 2000M (discrete) [x11/nvidia-driver-390] {nvidia}
SCR: 15.6 1920x1080
USB: 2 x USB 2.0 + 2 x USB 3.0 [ehci(4) + xhci(4)]
AUDIO: Conexant CX20590 [snd_hda(4)]
PORTS0: 1 x VGA
PORTS1: 1 x DisplayPort
PORTS2: 1 x eSata
SD: Card Reader 5in1 [sdhci(4)]
LAN: 10/100/1000 Intel 82579LM Gigabit [em(4)]
WIFI: Intel Centrino Ultimate-N 6300 AGN 802.11n [iwn(4)]
BT: Bluetooth 3.0 [ng_ubt(4)]
CAM: Webcam 720p [multimedia/webcamd]

Articles such as this one often focuses on what works and is supported by FreeBSD and what is problematic or does not work at all. The very nice thing about ThinkPad W520 under FreeBSD command is that EVERYTHING works. From Bluetooth through Card Reader and also multiple suspend/resume cycles. I am doing months of uptime on that laptop and I reboot only when I need to update the system or I want to test something … but that often also does not need reboot now as you can just reroot into other BE as described in my other ZFS Boot Environments Revolutions article.

I do not need the compute power of discrete Nvidia Quadro 2000M card so I disabled it in the BIOS – but when I tried it with drivers from the FreeBSD Ports – everything worked as desired. I use integrated Intel HD Graphics 3000 which is more then enough for my needs. To be honest I would get ThinkPad T520 which can be bought with integrated graphics only but it has two downsides. The T520 does not have any USB 3.0 ports – that one I could probably live with but … it comes only with Dual Core CPUs. You can of course place a Quad Core CPU in it by yourself – but as W520 exist I do not see a reason not to get one 🙂

FreeBSD System Configuration

From many things that I really like about FreeBSD (more here – Quare FreeBSD? – in separate article) is that it can be mostly configured using just 3 files. This configuration already features all power management settings that I described in the The Power to Serve – FreeBSD Power Management article.

I installed FreeBSD in a pretty standard way with GELI full disk encryption enabled and with ZFS as the filesystem as I can not live without ZFS Boot Environments. The FreeBSD installer automatically detects and applies the so called ‘Lenovo Fix‘. When in doubt the installation procedure is described in the FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 article.

Main FreeBSD configuration files.

• /etc/rc.conf – system and services configuration
• /etc/sysctl.conf – runtime parameters configuration
• /boot/loader.conf – parameters configurable at boot

I will also include these below as they are also important:

• /etc/devfs.rules – devices configuration
• /etc/fstab – filesystems configuration
• /etc/ttys – terminal initialization configuration
• /etc/wpa_supplicant.conf – WiFi configuration
• /usr/local/etc/automount.conf – automount(8) configuration
• /usr/local/etc/doas.conf – doas(1) configuration
• id(1) groups membership
• /usr/local/etc/X11/xorg.conf.d/* – X11 configuration

First the main /etc/rc.conf configuration file.

% cat /etc/rc.conf
# SILENCE # ------------------------------------------------------------------
  rc_startmsgs=NO

# NETWORK # ------------------------------------------------------------------
  hostname=w520.local
  background_dhclient=YES
  extra_netfs_types=NFS
  defaultroute_delay=3
  defaultroute_carrier_delay=3
  gateway_enable=YES
  harvest_mask=351
  rtsol_flags="-i"
  rtsold_flags="-a -i"

# MODULES/COMMON/BASE # ------------------------------------------------------
  kld_list="${kld_list} /boot/modules/i915kms.ko"
  kld_list="${kld_list} fusefs coretemp sem cpuctl ichsmb cuse"
  kld_list="${kld_list} libiconv cd9660_iconv msdosfs_iconv udf_iconv"

# MODULES/VIRTUALBOX # -------------------------------------------------------
  vboxnet_enable=YES
  kld_list="${kld_list} vboxdrv vboxnetadp vboxnetflt"

# POWER
  performance_cx_lowest=C1
  economy_cx_lowest=Cmax
  powerd_enable=YES
  powerd_flags="-n adaptive -a hiadaptive -b adaptive -m 800 -M 2000"

# DAEMONS | yes # ------------------------------------------------------------
  zfs_enable=YES
  xdm_enable=YES
  xdm_tty=ttyv4
  nfs_client_enable=YES
  ubuntu_enable=YES
  moused_enable=YES
  syslogd_flags='-s -s'
  sshd_enable=YES
  local_unbound_enable=YES
  webcamd_enable=YES
  rctl_enable=YES

# DAEMONS | no # -------------------------------------------------------------
  linux_enable=NO
  sendmail_enable=NONE
  sendmail_submit_enable=NO
  sendmail_outbound_enable=NO
  sendmail_msp_queue_enable=NO

# FS # -----------------------------------------------------------------------
  fsck_y_enable=YES
  clear_tmp_enable=YES
  clear_tmp_X=YES
  growfs_enable=YES

# OTHER # --------------------------------------------------------------------
  keyrate=fast
  keymap=pl.kbd
  virecover_enable=NO
  update_motd=NO
  devfs_system_ruleset=desktop
  hostid_enable=NO
  savecore_enable=NO

Now the runtime parameters /etc/sysctl.conf file.

% cat /etc/sysctl.conf
# SECURITY
  security.bsd.see_jail_proc=0
  security.bsd.unprivileged_proc_debug=0

# SECURITY/RANDOM PID
  kern.randompid=1

# ANNOYING THINGS
  vfs.usermount=1
  kern.coredump=0
  hw.syscons.bell=0
  kern.vt.enable_bell=0

# ZFS DELETE FUCKUP TRIM (DEFAULT: 64)
  vfs.zfs.vdev.trim_max_active=1

# ZFS ARC TUNING
  vfs.zfs.arc.min=134217728
  vfs.zfs.arc.max=536870912

# ZFS ARC FREE ENFORCE @ 1024 \* 1024 \* 3
  vfs.zfs.arc_free_target=3145728

# JAILS/ALLOW UPGRADES IN JAILS
  security.jail.chflags_allowed=1

# JAILS/ALLOW RAW SOCKETS
  security.jail.allow_raw_sockets=1

# DESKTOP/INTERACTIVITY
  kern.sched.preempt_thresh=224

# DESKTOP QUANTUM FOR TIMESHARE THREADS IN stathz TICKS (12) NomadBSD
  kern.sched.slice=3

# DESKTOP/IRIDIUM/CHROMIUM
  kern.ipc.shm_allow_removed=1

# SAMPLE RATE CONVERTER QUALITY (0=low .. 4=high) (1) NomadBSD
  hw.snd.feeder_rate_quality=3

# PERFORMANCE/ALL SHARED MEMORY SEGMENTS WILL BE MAPPED TO UNPAGEABLE RAM
  kern.ipc.shm_use_phys=1

# VIRTUALBOX aio(4) SETTINGS
  vfs.aio.max_buf_aio=8192
  vfs.aio.max_aio_queue_per_proc=65536
  vfs.aio.max_aio_per_proc=8192
  vfs.aio.max_aio_queue=65536

# NETWORK/DO NOT SEND RST ON SEGMENTS TO CLOSED PORTS
  net.inet.tcp.blackhole=2

# NETWORK/DO NOT SEND PORT UNREACHABLES FOR REFUSED CONNECTS
  net.inet.udp.blackhole=1

# NETWORK/LIMIT ON SYN/ACK RETRANSMISSIONS (3)
  net.inet.tcp.syncache.rexmtlimit=0

# NETWORK/USE TCP SYN COOKIES IF THE SYNCACHE OVERFLOWS (1)
  net.inet.tcp.syncookies=0

# NETWORK/ASSIGN RANDOM ip_id VALUES (0)
  net.inet.ip.random_id=1

# NETWORK/ENABLE SENDING IP REDIRECTS (1)
  net.inet.ip.redirect=0

# NETWORK/IGNORE ICMP REDIRECTS (0)
  net.inet.icmp.drop_redirect=1

# NETWORK/DROP TCP PACKETS WITH SYN+FIN SET (0)
  net.inet.tcp.drop_synfin=1

# NETWORK/RECYCLE CLOSED FIN_WAIT_2 CONNECTIONS FASTER (0)
  net.inet.tcp.fast_finwait2_recycle=1

# NETWORK/CERTAIN ICMP UNREACHABLE MESSAGES MAY ABORT CONNECTIONS IN SYN_SENT (1)
  net.inet.tcp.icmp_may_rst=0

Now the boot parameters in /boot/loader.conf file.

% cat /boot/loader.conf
# CONSOLE COMMON
  autoboot_delay=1       # OPTION '-1' MEANS NO WAIT AND 'NO' MEANS INFINITE WAIT
  hw.usb.no_boot_wait=0  # DO NOT WAIT FOR USB DEVICES FOR ROOT (/) FILESYSTEM
  boot_mute=YES          # SAME AS '-m' IN LOADER - MUTE CONSOLE WITH FreeBSD LOGO
  loader_logo=none       # DESIRED LOGO: fbsdbw beastiebw beastie none
  loader_menu_frame="none"
  screen.font="6x12"

# CONSOLE RESOLUTION
  efi_max_resolution="1920x1080"

# WINE FIX
  machdep.max_ldt_segment=2048

# MODULES - BOOT
  geom_eli_load=YES
  zfs_load=YES

# drm-kmod PACKAGE - USE SEMAPHORES FOR INTER-RING SYNC
  compat.linuxkpi.semaphores=1

# drm-kmod PACKAGE - ENABLE POWER-SAVING RENDER C-STATE 6
  compat.linuxkpi.enable_rc6=7

# drm-kmod PACKAGE - ENABLE POWER-SAVING DISPLAY C-STATES
  compat.linuxkpi.enable_dc=2

# drm-kmod PACKAGE - ENABLE FRAME BUFFER COMPRESSION FOR POWER SAVINGS
  compat.linuxkpi.enable_fbc=1

# ENABLE SYNAPTICS
  hw.psm.synaptics_support=1

# DISABLE /dev/diskid/* ENTRIES FOR DISKS
  kern.geom.label.disk_ident.enable=0

# DISABLE /dev/gptid/* ENTRIES FOR DISKS
  kern.geom.label.gptid.enable=0

# TERMINAL vt(4) COLORS
  kern.vt.color.0.rgb="#000000"
  kern.vt.color.1.rgb="#dc322f"
  kern.vt.color.2.rgb="#859900"
  kern.vt.color.3.rgb="#b58900"
  kern.vt.color.4.rgb="#268bd2"
  kern.vt.color.5.rgb="#ec0048"
  kern.vt.color.6.rgb="#2aa198"
  kern.vt.color.7.rgb="#94a3a5"
  kern.vt.color.8.rgb="#586e75"
  kern.vt.color.9.rgb="#cb4b16"
  kern.vt.color.10.rgb="#859900"
  kern.vt.color.11.rgb="#b58900"
  kern.vt.color.12.rgb="#268bd2"
  kern.vt.color.13.rgb="#d33682"
  kern.vt.color.14.rgb="#2aa198"
  kern.vt.color.15.rgb="#6c71c4"

# RACCT/RCTL RESOURCE LIMITS
  kern.racct.enable=1

# DISABLE ZFS PREFETCH
  vfs.zfs.prefetch_disable=1

# POWER MGMT / POWER OFF DEVICES WITHOUT ATTACHED DRIVER
  hw.pci.do_power_nodriver=3

# POWER MANAGEMENT FOR EVERY USED AHCI CHANNEL (ahcich 0-7)
  hint.ahcich.0.pm_level=5
  hint.ahcich.1.pm_level=5
  hint.ahcich.2.pm_level=5
  hint.ahcich.3.pm_level=5
  hint.ahcich.4.pm_level=5
  hint.ahcich.5.pm_level=5
  hint.ahcich.6.pm_level=5
  hint.ahcich.7.pm_level=5

# GELI THREADS
  kern.geom.eli.threads=4

Now the mentioned /etc/devfs.rules file.

% cat /etc/devfs.rules
[desktop=10]
add path 'acd*'      mode 0660 group operator
add path 'cd*'       mode 0660 group operator
add path 'da*'       mode 0660 group operator
add path 'pass*'     mode 0660 group operator
add path 'xpt*'      mode 0660 group operator
add path 'fd*'       mode 0660 group operator
add path 'md*'       mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*'     mode 0660 group operator
add path 'usb/*'     mode 0660 group operator
add path 'video*'    mode 0660 group operator
add path 'cuse*'     mode 0660 group operator
add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups

Filesystems and SWAP configuration.

% cat /etc/fstab
# SWAP
  /dev/gpt/swap0  none  swap  sw  0 0

# FreeBSD PSEUDO - NEEDED BY wine(1)
  procfs  /proc  procfs  rw  0 0

# Ubuntu Linux PSEUDO
  linprocfs  /compat/ubuntu/proc     linprocfs  rw,late                    0 0
  linsysfs   /compat/ubuntu/sys      linsysfs   rw,late                    0 0
  devfs      /compat/ubuntu/dev      devfs      rw,late                    0 0
  fdescfs    /compat/ubuntu/dev/fd   fdescfs    rw,late,linrdlnk           0 0
  tmpfs      /compat/ubuntu/dev/shm  tmpfs      rw,late,size=1g,mode=1777  0 0
  /home      /compat/ubuntu/home     nullfs     rw,late                    0 0
  /tmp       /compat/ubuntu/tmp      nullfs     rw,late                    0 0

Terminals configuration under /etc/ttys file. Important part is the ttyv4 entry to match the xdm_tty=ttyv4 value from /etc/rc.conf file.

% grep '^[^#]' /etc/ttys | cat
console none                            unknown off insecure
ttyv0   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv1   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv2   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv3   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv4   "/usr/libexec/getty Pc"         xterm   off secure
ttyv5   "/usr/libexec/getty Pc"         xterm   off secure
ttyv6   "/usr/libexec/getty Pc"         xterm   off secure
ttyv7   "/usr/libexec/getty Pc"         xterm   off secure
ttyv4   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
ttyu0   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu1   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu2   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu3   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
dcons   "/usr/libexec/getty std.9600"   vt100   off secure
xc0     "/usr/libexec/getty Pc"         xterm   onifconsole secure
rcons   "/usr/libexec/getty std.9600"   vt100   onifconsole secure

Wireless config – as an example for different network types. As you have seen I did not included any network information in the /etc/rc.conf file – this is because I use my own network.sh solution to connect to various both wire and wireless networks – FreeBSD Network Management with network.sh Script – described in detail here.

# cat /etc/wpa_supplicant.conf
# GENERAL
eapol_version=2
ap_scan=1
fast_reauth=1

# OPEN NETWORKS
network={
  key_mgmt=NONE
  priority=0
}

# NETWORK WITH HIDDEN SSID
network={
  scan_ssid=1
  ssid="hidden-network"
  psk="12341234"
  priority=0
}

# NAMED OPEN NETWORK
network={
  ssid="Free_Internet"
  key_mgmt=NONE
  priority=0
}

# NORMAL WPA/WPA2 SECURED NETWORK
network={
  ssid="SECURED"
  psk="12345678"
}

The automount(8) config.

% cat /usr/local/etc/automount.conf
  USERUMOUNT=YES
  USER=vermaden
  FM='caja --no-desktop'
  NICENAMES=YES

The doas(1) configuration.

# cat /usr/local/etc/doas.conf
# CORE
  permit nopass keepenv root     as root
  permit nopass keepenv vermaden as root

# THE network.sh SCRIPT
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd wpa_supplicant

Groups I am member of with id(1) output.

% id vermaden | tr ' ' '\n' | tr ',' '\n'
uid=1000(vermaden)
gid=1000(vermaden)
groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)

Current X11 configuration.

% cat /usr/local/etc/X11/xorg.conf.d/card.conf
Section "Device"
  Identifier "Card0"
  Option "DPMS"
  Driver "intel"
  Option "DRI" "3"
  Option "AccelMethod" "sna"
  Option "TearFree" "true"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/flags.conf
Section "ServerFlags"
  Option "DontZap" "off"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/keyboard.conf
Section "InputDevice"
  Identifier "Keyboard0"
  Driver "kbd"
  Option "XkbLayout" "pl"
  Option "XkbOptions" "terminate:ctrl_alt_bksp,ctrl:nocaps"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/touchpad.conf
Section "InputClass"
  Identifier "touchpad"
  MatchIsTouchpad "on"
  Driver "libinput"
  Option "Tapping" "on"
  Option "NaturalScrolling" "on"
EndSection

I also do not rely on ‘stock’ fan speeds and set my own speeds according to CPU temperature with acpi-thinkpad-fan.sh script.

Desktop Environment

Openbox

As for the ‘desktop environment’ that I use – its my custom setup with Openbox along with tools like Tint2 and Dzen2 – for the most basic setup. The screenshot is from FreeBSD 11.1 but it looks exactly the same today.

I described this setup in details in the entire FreeBSD Desktop series.

XFCE

I have also tried XFCE – I liked it especially with the Global Menu app-menu plugin. You go this way with this XFCE Cupertino Way handy guide.

GNOME

I also tried GNOME for a test – it did not suit me well so I went back to my Openbox setup – but You may find it more comfortable to use. Here is the FreeBSD GNOME 3 Fast Track article that will help you with that.

Accessories

There are some accessories that are very handy with the ThinkPad W520 laptop. I will describe them below.

Smaller Power Supply

The ThinkPad W520 comes with quite large brick of ThinkPad 170W Power Supply. It works. Its OK … but you can use smaller one and more universal at the same time. I use the ThinkPad 135W Power Supply that originally was sold with ThinkPad W510 – the earlier model. Besides being smaller in size it also has one additional advantage. Its plug is round and also fits into other ThinkPads from this line like ThinkPad X220 or ThinkPad T420s. The original ThinkPad 170W Power Supply unfortunately only fits into the ThinkPad W520 laptop. Below you can compare their sizes.

Mouse Companion

After checking many mouse models – as described in the UNIX Mouse Shootout article – I finally settled with Logitech Triathlon M720 mouse. I have plugged the Lenovo USB Receiver into the back ‘powered’ USB port. While I use that mouse over the USB receiver you can also connect it using Bluetooth – also to other computers. This mouse has a special dedicated button to switch between 3 different computers. Unfortunately the copy-paste between them does not work 🙂

If you would like to ‘save’ that port for something else then you may use special USB board adapter that you will place in the Bluetooth module under the palm rest. You would loose Bluetooth support then of course – but not everyone uses that. Its available for example on Aliexpress site and looks like that.

I do not use it as I do not need the ‘back’ USB port so below you will find its mounted picture on the ThinkPad X220 laptop instead – along with the Lenovo USB Receiver attached.

Two Additional USB 3.0 Ports

The ThinkPad W520 comes with not well known today ExpressCard port. With this cheap adapter from Aliexpress you can add two additional USB 3.0 ports. You may of course do not need that many ports – but if you are left handed then you probably use mouse on the left of your laptop – then USB ports on the right will be handy.

These USB 3.0 ports may be also useful with some bhyve(8) setups. Currently its not supported to pass-thru just a single USB port to a virtual machine. You need to pass thru entire controller. This way you can pass-thru that controller to bhyve(8) VM and have another USB 3.0 ports on the host.

Larger Custom Battery

The original largest extended battery for ThinkPad W520 had 9400mAh capacity. Its possible to get even larger custom extended battery but in the same physical size and shape – with 9600mAh capacity – and for only about $50. To remind you the original one costs closer to $200 unfortunately. I got mine from this Aliexpress page. With my power settings and with this battery along with enabled WiFi and screen brightness just one step less then maximum brightness it show more then 7 hours of time left in acpiconf(8) command.

% acpiconf -i 0
Design capacity:        10368 mAh
Last full capacity:     10368 mAh
Technology:             secondary (rechargeable)
Design voltage:         10800 mV
Capacity (warn):        518 mAh
Capacity (low):         18 mAh
Low/warn granularity:   1 mAh
Warn/full granularity:  1 mAh
Model number:           42T4763
Serial number:              1
Type:                   LION
OEM info:               SANYO
State:                  discharging
Remaining capacity:     97%
Remaining time:         7:17
Present rate:           1393 mA (17086 mW)
Present voltage:        12266 mV

As you can see from the command above this custom battery size is even reported as closer to 10400mAh instead of advertised 9600maH. I do not know how to check which one is closer to truth – but the fact is that it allows longer work then the official one – and for smaller price.

Experience

This laptop along with its smaller and lighter brothers such as ThinkPad X220 or ThinkPad T420s are the best machines I know to work on FreeBSD … but maybe its because I do not use newer laptops 🙂 The general experience of FreeBSD on ThinkPad W520 is stable and uninterrupted work count in days and weeks of uptime. The suspend/resume works like a charm with many cycles possible – not just one. I one even recorded such suspend/resume cycle with many applications and games running on a busy FreeBSD system. Its available here FreeBSD 12.2 Suspend/Resume on a Vimeo page.

Here is now its being used daily.

Summary

I have been using this laptop since many years and I even laugh that as its a decade old – I would use it for the next decade 🙂 Most/all of this configuration applies to other ThinkPad models from this lineup like X220/T420s/T420/T520 … probably even L520 (but I did not tested that one).

EOF

XFCE Cupertino Way

I really like GhostBSD … and NomadBSD. They are really great graphical and easy to use FreeBSD variants for the lack of better word. While NomadBSD is more focused on portable USB pendrive edition the GhostBSD is more like a Ubuntu replacement. Install and use on your laptop or desktop computer. It comes in two flavors – the default MATE edition and an alternative XFCE edition.

One of the things I really like about Ubuntu MATE edition is that it comes with desktop layout helper tool that will allow you to select one of the available predefined MATE desktop layouts.

From all of the available ones I like the ‘Cupertino’ one the most – its tries to mimic the Apple Mac OS X operating system behavior with global menu on top and Plank dock at the bottom … and it does it really well.

I wanted to do something similar on GhostBSD but unfortunately the Vala Panel Application Menu for MATE desktop environment is not available for FreeBSD (and that means its also not available for GhostBSD). Fortunately the XFCE global menu is available on FreeBSD as x11/xfce4-appmenu-plugin package so I will try to make GhostBSD look more like Ubuntu Mate in its Cupertino layout with several easy steps.

By default GhostBSD XFCE edition comes with single XFCE panel at the bottom. I have done pretty straightforward installation with fish(1) shell chosen as default during installation.

Fonts

By default GhostBSD comes with 96 DPI set by the installer. Lets change that to something smaller. Start the Appearance application.

Now set the desired settings for the fonts on the Fonts tab. After some checks the 80 DPI along with Hinting set to None looked best. I also switched to the Ubuntu font.

ZSH Shell and Terminal

While the fish(1) shell is quite decent interactive shell with sane defaults I really prefer the POSIX syntax compatible zsh(1) shell instead. I talked more about that in my Ghost in the Shell – Part 7 – ZSH Setup article.

I will not repeat everything I wrote there and I will just paste the instructions here to make that zsh(1) shell configured and nice looking.

root # pkg install -y \
         zsh \
         zsh-autosuggestions \
         zsh-syntax-highlighting \
         ubuntu-font

root # fetch -o /usr/local/etc/zshrc https://raw.githubusercontent.com/vermaden/scripts/master/zshrc

user % fetch -o ~/.zshrc             https://raw.githubusercontent.com/vermaden/scripts/master/DOT.zshrc

user % fetch -o ~/.zshrc.DOAS.SUDO   https://raw.githubusercontent.com/vermaden/scripts/master/DOT.zshrc.DOAS.SUDO

user % chsh -s /usr/local/bin/zsh

user % fc-cache -f

As we are at the terminal related things enable Solarized (Dark) theme in the XFCE Terminal options.

… and change font to Ubuntu Mono with your preferred size.

Now you have the zsh(1) shell configured and set as your default shell. Also the XFCE Terminal looks better now. Some settings will require logout and login route but I recommend something different. Go through all these setting and then do just one single reboot or logout/login routing.

XFCE Global Menu

I though that XFCE global menu is – same as MATE one – not available on FreeBSD. Fortunately Joel Carnat with its FreeBSD 13 on ThinkPad T460s article proved me wrong. He even added the instructions to his guide – for which I am very thankful to him.

To get XFCE global menu on FreeBSD (and GhostBSD) we need to do these steps.

root # pkg install -y xfce4-appmenu-plugin

user % xfconf-query -c xsettings -p /Gtk/ShellShowsMenubar -n -t bool -s true

user % xfconf-query -c xsettings -p /Gtk/ShellShowsAppmenu -n -t bool -s true

user % xfconf-query -c xsettings -p /Gtk/Modules -n -t string -s appmenu-gtk-module

Now we will be able to add the XFCE AppMenu Plugin to our top panel.

We need to now move the XFCE panel from bottom to the top. Go into the Panel Preferences as shown below and move it.

After moving it to the top and enabling the Lock Panel option add/remove the Items to match this list below. Feel free to also add other items that you need.

To make the XFCE AppMenu Plugin look even better enable Bold Application Name in its Preferences dialog.

As for the Whisker Menu left only icon enabled to display to make it look better.

The XFCE AppMenu Plugin should be now ready and the top panel should look somewhat like that.

You can also customize the DateTime plugin to your needs.

Window Manager

The Window Manager settings are not controlled by the Appearance application. It has its own separate one. Lets start it.

We will also set the Ubuntu font here.

Groups

Make sure your user (vuk in this guide) is in below groups.

root # pw groupmod wheel    -m vuk
root # pw groupmod operator -m vuk
root # pw groupmod video    -m vuk
root # pw groupmod network  -m vuk

You can omit the network group if you do not intend to use network.sh to manage your network connections.

Plank

As the last step we will add the Plank dock at the bottom.

root # pkg install -y plank

user % plank &

user % plank --preferences

You should see something like that on the bottom of your screen.

The Plank preferences are shown below.

Make sure to add Plank to Startup so it will start automatically at each login.

Result

After all these steps our GhostBSD looks more or less like that now.

Plain FreeBSD Way

Some people will prefer to stick to the ‘original’ FreeBSD instead of using preconfigured GhostBSD. This last section is for them. First install FreeBSD like described HERE. Then install these packages shown below.

root # pkg install -y exa ubuntu-font xfce xfce4-appmenu-plugin xorg-minimal

user % echo '. /usr/local/etc/xdg/xfce4/xinitrc' > ~/.xinitrc

user % xintrc

Now having done the above do all the steps from that article.

The end result seems quite similar.

You may even want to replace Plank with another bottom XFCE Panel if you want.

Viola! You have XFCE configured on plain FreeBSD. One thing to keep in mind is that besides XFCE you have nothing more 🙂 Using GhostBSD method all other things are configured. With plain FreeBSD way you have no device automounting. No network plugin in the taskbar. No power management tuning. No other applications. Nothing. But you can all do it yourself using the needed articles from the FreeBSD Desktop series or other sources.

One last thing. I really appreciate that GhostBSD exists and is actively maintained and expanded – this guide is not here to make it look bad. Its here to make it better.

Regards.

Epitaph to Laptops

This article was in my ‘TODO’ list since almost start of this blog several years ago. Usually I try to focus on positive side of things but this article is one way highway quite the opposite way. If you do not want do lose your good attitude then please do not read further. Nothing good awaits you at the end for you unfortunately. The song of King Crimson – Epitaph is appropriate tune here. You have been warned.

Naive

When I was younger I though that World only gets better. Things are improved. People live better and longer. Cars broke less frequently and need less maintenance. Computers not only go faster and draw less power but they become more usable and allow people to be more productive because of new features introduced.

Unfortunately it’s not true. Some things are improving but other get forgotten or get worse. Depending on the current geopolitical situation people live better or worse. Cars are more complicated then ever so they broke more and are now also often disturbed by software and firmware updates – not to mention bugs and security issues. It’s harder today to find a car (even used one) that is reliable, cheap in maintenance and also with engine not crippled by for example EURO 7 regulations enforced by EU. Computers are faster … or at least they have more CPU cores and draw some less power but one thing in computing went entirely wrong way.

Laptops

It’s not about their CPUs or RAM. Screens also got better – they are brighter then ever – and FullHD 1920×1080 resolution finally become the standard. Some manufacturers went even further with 16:10 or even 3:2 screen ratios. Larger touchpads with support for multi touch and gestures are also very often and welcome. There is however one aspect that ALL laptop manufacturers got entirely wrong.

Keyboards

The first laptop I got was Dell Latitude C600.

With its 7-row keyboard and functional INS/DEL HOME/END PGUP/PGDN layout at the top right side probably fixed me for life.

This is the most important fragment I am talking about.

It was so obvious for me that it was there – providing standard cursor position manipulation without taking all the space that a TKL (tenkeyless) keyboard takes. Its 1024×768 screen resolution may seem very ancient today but it was higher then the default consensus at 800×600 one back then.

Besides the great keyboard that Dell laptop also provided other useful feature – modularity. It had two universal bays for things like:

• batteries
• CD-ROM or CD-RW drive
• floppy drive

You could put two batteries to maximize battery power or put CD-RW drive instead of battery to get other functionality. The two batteries also meant that you could run this laptop as long as you want if you only had enough charged batteries. This was available almost two decades ago. 19 years to be precise. My currently favorite FreeBSD operating system also run well on it with Fluxbox on X11 display server.

In that time many laptop manufacturers provided both more productive 7-row keyboard and modularity … or at least business oriented ones … even with SUN SPARC or IBM POWER CPUs. The IBM RS-6000 POWERbook is shown below.

… and the Tadpole SPARCbook also.

Several years later I went for upgrade and got the Dell Latitude D630 laptop with successful Intel Core 2 Duo CPU and 1400×900 screen which provided so much more screen space and flexibility.

Besides the obvious 7-row keyboard its creators got great idea that extended main battery would extend in the front of the laptop instead of the back. That had two implications. First – you got a lot of usable ports at the back. Second – you got additional elegant palm rest on the front. Both Dell D630 batteries shown below.

Besides this ‘frontal’ idea it also had universal UltraBay slot on the side which similarly to the earlier Dell C600 allowed one of the following accessories:

• CD-RW or DVD-RW drive
• additional bay battery

Thanks to that you could extend the battery life of your laptop to about 8 hours … even on FreeBSD with its limited power management back then. You could also get additional batteries to work as long as you like of course. It was introduced in 2007. I even run OpenSolaris on that laptop for some time and all hardware was fully supported. The only problem OpenSolaris had back then is the same one as OpenIndiana has now. Very small amount of packages of additional software. Back then FreeBSD provided most software that was available on Linux but OpenSolaris was in its own limited league. I really liked OpenSolaris WiFi management with dladm(1M) tho.

After some time my attention went into revolutionary Lenovo ThinkPad X300 with custom low power Core 2 Duo L7100 CPU designed by Intel only for this model.

It was as thin and light as Apple MacBook Air while providing same functionality and modularity as other Latitude and ThinkPad laptops. Same as my previous laptop it had ‘main’ and ‘additional’ battery interchangeable with the DVD-RW drive. It had awesome speakers. Never had THAT GOOD speakers in laptop again as they were ThinkPad X300.

After I started my work at new employer I got Dell Latitude E6400 so Lenovo ThinkPad X300 became kinda redundant.

That Dell was NOT as sturdy or reliable as magnesium body Dell D630 but it had the most important feature – the oldschool 7-row keyboard.

Life went by and some time later I needed to take a look at something newer. At my work I got myself in the position of being responsible for selection of a laptop that would be successor for the Dell Latitude E6400 that we had. After checking what is available I frighted for Lenovo ThinkPad W520 back then … and I even succeeded … and failed at the same time.

I got approval for my choice for entire department … but the corporate process to make it happening took so long that Lenovo stopped offering ThinkPad W520 and started shipping its successor ThinkPad W530. I was really sad by that fact – the ThinkPad W530 was the first Lenovo laptop with new ‘island’ type keyboard instead of the classic 7-row keyboard.

The so much appreciated and needed INS/DEL HOME/END PGUP/PGDN block was gone … forever. I thought that maybe the World is ‘right’ and I am ‘wrong’. For the next 3 years I have tried to ‘migrate’ mentally with my ‘muscle memory’ to the new island keyboard layout … unsuccessfully. The only thing that went well was … ThinkPad W530 warranty keyboard replacement because the key with letter ‘E’ failed and fell off.

It was obvious for me that I need to get other laptop – a one with 7-row keyboard layout. Today I would probably just reflash the ThinkPad W530 Embedded Controller with custom firmware written by Hamish Coleman and put there ThinkPad W520 keyboard there but that option was not available back then. I also encourage you to watch the Hamish Coleman speech My Personal Fight Against the Modern Laptop from 2017.

After checking what laptops the World has to offer … I was disappointed. Since 2012 not a single laptop manufacturer offered a laptop with 7-row keyboard. Zero. Nada. Zip. None. I decided to take a look in the past instead. The last Dell Latitude models that got the 7-row keyboard were E6410 for 14″ or 6510 for 15″ screen – were introduced in 2010. Lenovo with its X220/T420/T420s/T520/W520 lineup were from 2011 – survived a year longer. As I got used to 14 inches I opted for ThinkPad T420s (slimmer and lighter ThinkPad T420 version).

With its 1600×900 screen and also my usual two batteries setup (with one being placed in the UltraBay) It was pleasure to use (and carry as it was quite light also).

In the mean time it was needed for me to pick up newer laptop at my employee. Knowing what market has to offer I only wanted the laptop to be light and small and that it should have FullHD 1920×1080 resolution screen … and my demands were met. I got Dell Latitude E7280 laptop … with GLARE touch capable FullHD screen. Great …

As you can see it was running Windows and my ex-company policy was very simple here. Windows or GTFO. For the first several years – when my ex-company was not that big I was able to work more productive with FreeBSD on that ThinkPad W530. Unfortunately that ex-employer grown to the ‘corporation’ level too much and that ruined many things. After having ThinkPad W530 I did not expected much from new Dell but it got my disappointment to a whole new level. Take a look at the top right part of its keyboard.

Besides the fact that INSERT key is ‘shared under the F12 button and I need to use now the FN key to send it each time is another level of PITA … but placing the keyboard shortcut to DISABLE WIFI one key next really got me pissed. I do not have to tell you how many times instead if just pressing INSERT key I disconnected my WiFi card which also meant disconnecting VPN and all the tasks that I had in place … not to mention how much time it takes to first reconnect WiFi and then to reconnect again to the VPN … but the next key to the right is SUSPEND – which I also got several times while only trying to use INSERT. Awesome. Even better. Also – did you notice where is the POWER button? Yes – I also lost part of my work several times because of that. Probably Dell Latitude E7280 was my worst laptop experience.

Some may wonder why I use INSERT so much? I got used to copy-paste with SHIFT-INSERT and CTRL-SHIFT-INSERT shortcuts – this is the guilty one I suppose.

Some time later – as size and weight was not an issue – the larger FullHD 1920×1080 screen equipped ThinkPad T520 laptop got my attention. I did not needed the dedicated graphics card of ThinkPad W520 but there were two drawbacks comparing to ThinkPad W520. Four physical CPU cores and USB 3.0 ports. With current JavaScript overblown web pages World I welcome the fact that ThinkPad W520 can hold 32 GB of RAM. It was huge amount in 2011 when it was released and it is more then enough now. As you probably guessed I got the ThinkPad W520 laptop.

It was the best upgrade ever. After replacing the thermal paste as described in my older Classic ThinkPad Thermal Paste Change article I finally felt like at home again. Its not possible to add additional battery into the UltraBay slot as only DVD-RW or SATA HDD caddy are allowed – but with extended battery I get about 5+ hours of battery time – more then needed.

Fast forward to today … I am running 11 years old ThinkPad W520 laptop and looking at what is available – I do not see any perspectives on what could be my next daily driver. All manufacturers decided to abandon the productive 7-row keyboard in order to sell ‘island’ type keyboard equipped laptops. Some of them even went completely insane as they now add a POWER button on the top right keyboard key. Insanity.

The only thing a reasonable user can do is to disable it in the software to not accidentally lost its work.

For some time I believed that Lenovo would make something more from its Retro ThinkPad initiative that allowed ThinkPad 25th Anniversary Edition to see the light of day … but that also not happened.

This slightly modified ThinkPad T470 had dull dark FullHD screen and only one version available. It was also produced in only 5000 pieces … worldwide. It was in 2017 and fast forward 5 years nothing more has happened as we are in 2022 now. Also because only 5000 of them were created its almost impossible to get a used one.

Some people took the matters in their hands and started to make their own modern and modified ThinkPad variations. The most known ones are ThinkPad T62 and ThinkPad X330 with replaced high resolution screens and sometimes even thin bevels along with new hardware underneath of course.

Even today the ThinkPad W520 is quite fast machine. The FreeBSD kernel compilation takes about 600 seconds. On the fresh brand new System76 laptop with also 4 core Intel i7-1165G7 CPU and same 32 GB RAM it takes 300 seconds. Keeping in mind that there are 11 years between these laptops this does not seem that much to be honest.

About quarter ago I changed my employer and got new business laptop – the brand new ThinkPad T14 GEN 1 one.

It has the same keyboard layout as ThinkPad W530 which is kinda good remembering how fucked up was the Dell Latitude E7280. The biggest issue with these keyboards (T14/W530) is the lack of empty space between ESC and F1 keys. If you switch desktops with ALT-F1 to ALT-F4 keys then you need to ‘waste’ some more time to make sure you are not doing the ALT-ESC shortcut which is for something entirely else. Its also good to be back on X11 as my new employer allows you to choose RHEL instead of Windows.

Back to ‘personal’ laptops – if my ThinkPad W520 would break I would just get another one … and another … or ThinkPad T520 if W520 would not be available. If for some reason I would not be able to use them anymore I would probably get that:

• cheapest laptop with enough cores/RAM and FullHD screen
• wireless “tenkeyless” keyboard in front of that laptop

Maybe I will even put that ‘proper’ keyboard on top of the builtin one to save space.

It will take little more space but at least it will be usable and productive.

Generation Lost in the Bazaar

For long time I assumed that a lot other people also lack that keyboard layout. Seems I was partially wrong. One of my mates realize me that a lot of people grown up even without ever using the INS/DEL HOME/END PGUP/PGDN layout. I will quote him below.

I didn’t know I was raised without those keys!
I mean, they were there but I wasn’t taught how to use them properly.
And now it seems we can’t find them so frequently…

If like me you went to school in Poland you would probably know (or at least recall a little) a poem of Polish poet Józef Ignacy Kraszewski titled called Birds in a Cage. Let me quote it for you here as its not that long.

Birds in a Cage
‘Why do you weep?’ a young canary said to an old canary,
‘You are better off now in a cage than you were in the fields.’
‘You were born in it,’ said the old one, ‘so I forgive you;
I was once free but now I’m in a cage and that is why I am weeping.’

Why do I quote it here? Because its very similar to the situation of new laptops available now. Those who do not know the oldschool modular laptops with 7-row keyboards are kinda born in a cage. They pick their MacBook or latest ThinkPad X1 Carbon machines with island keyboard layouts and believe that these are the best possible choices. Its was not always like that.

Future

I do not see the (laptops) future in bright lights. I like what PINE64 PineBook or Framework Laptop bring to the table but on the keyboard side … its still the island type dark ages.

References

I am not the only one that feels cheated by the industry. If you are like me here is some more fuel for your nostalgia.

• Fucking Laptops
• My Personal Fight Against the Modern Laptop
• Why I Went Back to Using ThinkPad from 2012
• FrankenPad T25 with Quad Core CPU and UHD LCD Panel

Regards.

Secure Containerized Browser

By default Chromium on OpenBSD (not so) recently got OpenBSD’s unveil(2) support. That means that of you run Chromium with --enable-unveil flag then it will be prevented from accessing anything other than the ~/Downloads directory. No such thing on FreeBSD exists. Firefox or Chromium have access to all files user can read – even to your system sshd(8) keys or even worse to your private keys laying in the ~/.ssh dir. On FreeBSD thanks to its FreeBSD Jails technology we can create secure containerized browser with only access to the specified directory. On my system its the ~/download dir.

You may want to check other desktop related articles in the FreeBSD Desktop series on the FreeBSD Desktop page.

Configuration

We will start with /etc/jail.conf file configuration. For the record – we will be using /jail for our FreeBSD Jails main dir. I will also use /jail dir for the ‘base’ FreeBSD versions tarballs as a convenient place. As I use 10.0.0.0/24 address space I will use 10.0.0.200 for our containerized browser. Feel free to pick other IP from which you will be able to reach the Internet. The /etc/jail.conf is shown below. One thing to note here. As I am using WiFi wlan0 interface I have put that into the Jail configuration. If you use LAN interface (for example em0) then put that instead into this Jail config. As you see from the example below we will be using Firefox browser in out example.

root@host # cat /etc/jail.conf

# GLOBAL
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  exec.consolelog = "/var/log/jail_${name}_console.log";
  mount.devfs;
  host.hostname = ${name};
  path = /jail/${name};

# JAILS
  firefox {
    devfs_ruleset = 30;
    ip4.addr = 10.0.0.200;
    interface = wlan0;
    allow.raw_sockets;
    allow.sysvipc;
    mount.fstab = "/jail/firefox/etc/fstab";
  }

As you can see we will also be using devfs(8) rules in the /etc/devfs.rules file – shown below. This configuration is needed to have access to sound(4) in our FreeBSD Jail. If you do not need sound then you can delete devfs_ruleset = 30; from the /etc/jail.conf file and also do not add anything in the /etc/devfs.rules file.

root@host # cat /etc/devfs.rules
[sound=30]
add path 'mixer*' unhide
add path 'dsp*'   unhide

If we are about to share the ~/download dir with our containerized browser then we need to somehow add that information to our FreeBSD Jail. We will use the FreeBSD’s mount_nullfs(8) command to mount our currently existing ~/download dir into our FreeBSD Jail. We will use following /jail/firefox/etc/fstab for that purpose.

root@host # cat /jail/firefox/etc/fstab
#SOURCE         #MNT                                      #TYPE   #OPTS       #DUMP/PASS
/data/download  /jail/firefox/usr/home/vermaden/download  nullfs  rw,noatime  0 0

Of course you do not have to share any directory with your containerized browser.

You may as well would want to make this jails start everytime you boot your system. To do that add below lines to the /etc/rc.conf file as shown below.

jail_enable=YES
jail_parallel_start=YES
jail_list="firefox"

Create the Jail

As I use FreeBSD 13.0-RELEASE I would be using also the FreeBSD 13.0-RELEASE Jail for that purpose. If you are running for example FreeBSD 12.3-RELEASE then make sure that you will use FreeBSD 12.3-RELEASE Jail. The Jail version needs to be lower then the host system version. We will now fetch needed FreeBSD ‘base’ file and unpack it within /jail/firefox dir where our container would live. We will also configure several other basic files such as /etc/resolv.conf or /etc/hosts files.

root@host # mkdir -p /jail/BASE /jail/firefox /jail/firefox/usr/home/vermaden/download

root@host # fetch -o /jail/BASE/13.0-RELEASE-base.txz \
    http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/13.0-RELEASE/base.txz

root@host # tar -xvpf /jail/BASE/13.0-RELEASE-base.txz -C /jail/firefox

root@host # echo nameserver 1.1.1.1 > /jail/firefox/etc/resolv.conf

root@host # echo 10.0.0.200 firefox >> /jail/firefox/etc/hosts

root@host # cat << EOF > /jail/firefox/etc/fstab
#SOURCE         #MNT                                      #TYPE   #OPTS       #DUMP/PASS
/data/download  /jail/firefox/usr/home/vermaden/download  nullfs  rw,noatime  0 0
EOF

We will now start our fresh FreeBSD Jail.

root@host # service jail onestart firefox

We can now also see two new mounts in the mount(8) output.

root@host # mount | tail -2
/data/download on /jail/firefox/usr/home/vermaden/download (nullfs, local, noatime)
devfs on /jail/firefox/dev (devfs)

root@host # mount -p | tail -2 | column -t
/data/download  /jail/firefox/usr/home/vermaden/download  nullfs  rw,noatime  0 0
devfs           /jail/firefox/dev                         devfs   rw          0 0

You may want to update the FreeBSD version to the most up to date one with freebsd-update(8) commands.

root@host # freebsd-update -b /jail/firefox fetch
root@host # freebsd-update -b /jail/firefox install

Install Needed Packages

Before installing anything we will first switch to the latest branch for the pkg(8) packages to have most up to date software. We will then process to installing the Firefox package. We will also need x11/xauth package for X11 Forwarding process.

root@host # sed -i '' s.quarterly.latest.g /jail/firefox/etc/pkg/FreeBSD.conf

root@host # grep latest /jail/firefox/etc/pkg/FreeBSD.conf
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",

root@host # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.200      firefox                       /jail/firefox

root@host # jexec 1

(root@jail) # pkg install -y firefox xauth

Create Matching User and Configure sshd(8) Daemon

We will now enter our FreeBSD Jail again for several other needed tasks for our containerized browser to be working. First is creating inside similar user as you currently use inside. Especially with the same UID/GID to have files with proper permissions in your real ~/download directory instead of files with other UID/GID that you will have to chown(8) with root user. As my vermaden user uses UID/GID 1000 I will also use that inside. I will also set simple password that You will only use once – to copy your public SSH key there.

root@host # jexec 1

(root@jail) # echo your-username-password-goes-here | pw user add -u 1000 -n vermaden -m -s /bin/sh -h 0

Now we need to run /usr/local/bin/dbus-uuidgen --ensure once to make sure DBUS is initialized properly. Firefox and many other apps would not start if we omit that step.

(root@jail) # /usr/local/bin/dbus-uuidgen --ensure

Now the sshd(8) daemon. The only thing we need to do is to add it to the system startup and also add X11UseLocalhost no option to its config file.

(root@jail) # sysrc sshd_enable=YES
sshd_enable: NO -> YES

(root@jail) # echo X11UseLocalhost no >> /etc/ssh/sshd_config

(root@jail) # service sshd start
Generating RSA host key.
2048 SHA256:VnrvItf0tl738C5Oc2St6T63/6o8zaDlfUskB+NrElo root@firefox (RSA)
Generating ECDSA host key.
256 SHA256:ZAjcAGqlrVwvY+J9MuVzErx9QUOqIOJE3nJX/Oqwtpk root@firefox (ECDSA)
Generating ED25519 host key.
256 SHA256:JdzUql2D2+X8iBn3c1jWDHQRNQMKqWGOcL4J16fIX0E root@firefox (ED25519)
Performing sanity check on sshd configuration.
Starting sshd.

Copy Public SSH Key and Start

Copying your public SSH key is optional but if you omit this step then you would have to type your FreeBSD Jail user password every time you would want to start your secure Firefox instance.

vermaden@host % ssh-copy-id -i ~/.ssh/id_rsa vermaden@10.0.0.200
Password:

Now you can start your containerized browser. I have added some useful flags for ssh(1) client like compression with -C and fastest supported encryption with -c aes128-ctr option. The -X is for X11 Forwarding option. I also added GDK_SYNCHRONIZE=1 to make Firefox yell less 🙂

vermaden@host % ssh -C -c aes128-ctr -X vermaden@10.0.0.200 env GDK_SYNCHRONIZE=1 firefox --new-instance

Now without password you should see fresh Firefox instance.

I will now try to play some random video. I can not show you that from an image but the sound also works 🙂

Similar setup can be created for other browser if Firefox is not your browser of choice of course. If you are curious how much space it uses its about this:

root@host # du -smx /jail/BASE/13.0-RELEASE-base.txz /jail/firefox 
181     /jail/BASE/13.0-RELEASE-base.txz
1603    /jail/firefox

root@host # du -smx -A /jail/BASE/13.0-RELEASE-base.txz /jail/firefox
181     /jail/BASE/13.0-RELEASE-base.txz
2601    /jail/firefox

I also added the -A flag in second the du(1) command to show you how much more space would be used without the ZFS LZ4 compression.

UPDATE 1 – Use XPRA Instead of X11 Forwarding

Some people complained that this is quite good setup but they were not happy with using X11 Forwarding for the connection method. I decided to add additional XPRA method to connect to our secure containerized browser. First thing you need to do is to install the x11/xpra package on both the host system and also inside the jail container.

root@host # pkg install -y xpra

(root@jail) # pkg install -y xpra

Now – after logging into your user in the Jail container – vermaden in may case – we will use the xpra commands to create new session with Firefox browser.

Lets see if any xpra sessions currently exists.

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
No xpra sessions found

Seems not. We can not start our Firefox session.

(vermaden@jail) % xpra start --bind-tcp=:14500 --start='firefox --new-instance'
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Entering daemon mode; any further errors will be reported to:
  /tmp/xpra/S19958.log
Actual display used: :0
Actual log file name is now: /tmp/xpra/:0.log

We can see in the xpra list command that new session appeared.

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Found the following xpra sessions:
/home/vermaden/.xpra:
        LIVE session at :0

We can also see that xpra is now listening on the 14500 port.

(vermaden@jail) % sockstat -l4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
vermaden python3.8  20781 3  tcp4   10.0.0.200:14500      *:*
root     sshd       58454 3  tcp4   10.0.0.200:22         *:*
root     syslogd    48568 5  udp4   10.0.0.200:514        *:*

We will now move to out host and start graphical xpra client to connect to our FreeBSD Jail with Firefox process.

After clicking the large Connect button we can now enter our Jail address.

After again clicking the Connect button on the bottom this time we can now se our Firefox browser from our secure environment.

After we done our job at more secure Firefox we can now end our xpra session on the jail system.

(vermaden@jail) % xpra stop
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
xpra initialization error:
 cannot find any live servers to connect to

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
No xpra sessions found

As XPRA provides OpenGL acceleration you may verify that fact from your host system using below command.

vermaden@host % xpra opengl
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Warning: cannot handle window transparency
 screen is not composited
Warning: vendor 'Intel Open Source Technology Center' is greylisted,
 you may want to turn off OpenGL if you encounter bugs
Warning: window 0xffffffff changed its transparency attribute
 from False to True, behaviour is undefined
GLU.version=1.3
GLX=1.4
accelerate=3.1.5
accum-alpha-size=0
accum-blue-size=0
accum-green-size=0
accum-red-size=0
alpha-size=0
aux-buffers=0
blue-size=8
buffer-size=24
depth=24
depth-size=0
direct=True
display_mode=ALPHA, DOUBLE
double-buffered=True
green-size=8
level=0
max-viewport-dims=16384, 16384
opengl=3.0
pyopengl=3.1.5
red-size=8
renderer=Mesa DRI Intel(R) HD Graphics 3000 (SNB GT2)
rgba=True
safe=True
shading-language-version=1.30
stencil-size=0
stereo=False
success=True
texture-size-limit=8192
transparency=True
vendor=Intel Open Source Technology Center
zerocopy=True

You can also use VNC or other methods of course.

Hope that helps 🙂

EOF