@kaveman Thank you so much for mentioning my little experiment with bringing Jails to NetBSD here - I really appreciate it.

In the meantime I’ve brought it to a somewhat usable state (at least in its core) and experimented with some interesting - though highly experimental - integration paths with UVM and NPF.

I’m currently thinking about what the best next step would be. One idea is a stripped-down version that complements the kernel code - essentially just secmodel_jail+kauth+jailctl+jailmgr, but without UVM and without NPF integration - possibly as a pkgsrc package?

The current experimental state is described here:
https://www.petermann-digital.de/blog/netbsd-secmodel_jail-update/

(Sorry - at the moment it’s available in German only.)

#netbsd

Alt...

A visualization of a atom with the core (secmodel_jail) and orbits of jailctl and jailmgr.

While writing my article, it became clear to me how much responsibility — and especially experience — is required to touch areas like UVM or NPF inside NetBSD.

I’ve learned a lot over the past weeks. But I’m also honest enough to say: I don’t yet have the depth of experience needed to modify those subsystems responsibly.

So I made a conscious decision.

I’ve created a new experimental branch for secmodel_jail / jailctl / jailmgr that is strictly additive:

- No changes to existing kernel code paths

- No UVM hooks

- No NPF integration

- No hidden coupling between subsystems

It adds new code only.

The reason is simple: even without deep UVM or NPF integration, the security model already delivers significant practical value for me. And in this reduced, explicit form, the attack surface is clear and the audit scope sharply defined.

This feels like the right first alpha candidate: understandable, bounded, and reversible.

https://github.com/MatthiasPetermann/netbsd-src/tree/feature/jails-v1-ga

#netbsd

I'm slowly getting myself back to having a personal website.

First blog post is up. Trying to write an intro post felt weird, so I just wrote a technical article. It's about how I set up the chroot that caddy and anubis run in on the server (running #NetBSD 10.1):

https://overeducated-redneck.net/blurgh/netbsd-chroot-isolation.html

@osnews

Well, learn something new every day :)

I just tried this on #NetBSD and it worked as described. Since #slackware now has nvi, it will be interesting for people there too.

#unix

@lcheylus running #NetBSD ? 🤠

I just wrapped up an interesting call that was originally scheduled for last week but rescheduled for today. The client is looking for a unique setup, and thanks to having an early re-read of the fantastic The Book of PF - 4th Edition, I was able to propose some configurations that had completely slipped my mind. The client is extremely curious, and this will likely lead to a new OpenBSD deployment in an interesting environment.

At the same time, I received an email from a professor at an Italian university whom I had encouraged to extend his lectures to include BSDs. I piqued his curiosity as well and proposed a session specifically on firewalls, focusing on OpenBSD and pf. He will be reading The Book of PF soon and will likely add it to his students' recommended reading list. I'll probably present them, too.

In short - one book, a thousand new possibilities. Infinite thanks to @pitrh for the massive and wonderful work behind it.

https://nostarch.com/book-of-pf-4th-edition

#OpenBSD #FreeBSD #NetBSD #RunBSD #PF #Firewalling #IT #SysAdmin

World #RISC-V Days - Gujarat India

#NetBSD #FreeBSD #OpenBSD #RunBSD

https://community.riscv.org/events/details/risc-v-international-risc-v-synergy-forums-technical-talks-and-webinars-presents-world-risc-v-days-gujarat-india/

Tracked down the #NetBSD 11 WiFi problems I was having on i386! IT WAS EERO'S FAULT.

Eero has some wonky behaviour when it runs in WPA3/WPA2 mixed mode, sometimes it seems to return NULL packets during auth.

NetBSD11 has wpa_supplicant upgraded to 2.11, which blocks this kind of behaviour.

The fix turned out to be really simple: force wpa_supplicant to only use WPA2 and also specify "ieee80211w=0" in the network config.

I've got a working install; AND #Lagrange also built perfectly this time. I am really quite happy.

I will be even happier when I finally replace these stupid AP's, I have grown to detest them.

Obligatory Dmesg: https://dmesgd.nycbug.org/dmesgd?do=view&id=8833
#NetBSD #RunBSD

Make Your Own CDN with NetBSD

NetBSD is a lightweight, stable, and secure operating system that supports a wide range of hardware, making it an excellent choice for a caching reverse proxy.

https://it-notes.dragas.net/2024/09/03/make-your-own-cdn-netbsd/

#NetBSD #RunBSD #ITNotes #CDN #Caching #IT #SysAdmin

Celebrating #WorldRadioDay with the most portable OS on the planet. 🌍

Whether it's the embedded controller inside a vintage radio or the legendary NetBSD Toaster 🍞, the ham/ 📻category in #pkgsrc has you covered.

Why just make toast when you can transmit packets over the airwaves at the same time?
#NetBSD #SDR #PacketRadio #HamRadio #VintageComputing #Linux #unix

And again @stefano outperformed me While I'm writing my home control system in #C for #NetBSD , he already preparing talk about his home control system for BSDCan

Thats the difference between North, with it's cold weather and low atmospheric pressure, and the South with humane environment :-D

@bsdcan

Make your own Read-Only Device with NetBSD

One detail that is often overlooked when dealing with embedded (or remote) devices is a key point of vulnerability: the file system.

https://it-notes.dragas.net/2024/09/10/make-your-own-readonly-device-with-netbsd/

#NetBSD #RunBSD #EmbeddedDevices #OwnYourData #ITNotes

As the @bsdcan lists of talks and tutorials have been posted, I can officially announce my presentation:

Don't Freeze in the Cloud: Reclaiming Home Control with NetBSD

In 2010, I was taking more flights than cups of coffee. After a two-week trip, I returned home to a nasty, albeit expected, surprise: an indoor temperature of 7.8°C (46 F). Possessing more time than money, I decided to solve the problem my own way. I built a custom Python-based control system, accessible only via VPN, to manage my heating.

In 2015, after moving houses, this system was demoted to a secondary role, replaced by a shiny, commercial "smart" thermostat. However, I continued to maintain and update my custom solution for fun.

Fast forward to October 2025: major cloud providers faced significant outages. My commercial thermostat became dumber than a mechanical switch. I was reduced to manual two-hour overrides, with no visibility into settings or usage. It was a wake-up call: keeping my home warm should not depend on someone else's server.

I dusted off my solution and adapted it to modern needs - powered, of course, by NetBSD, running on the very same hardware that served my previous home for years.

In this talk, I will share the journey, the technical challenges, and the architectural decisions behind the project. I will demonstrate how NetBSD’s stability and low footprint make it the ideal operating system for long-term, "set-and-forget" home automation, allowing us to reclaim control from the cloud.

#NetBSD #BSDCan #BSDCan2026 #RunBSD #OwnYourData #Presentation #Talk

As I wrote before (https://mastodon.bsd.cafe/@evgandr/115912395421390028) I tried to use TURN server for communication with my relatives, but failed to setup secure enough solution. So, I decided to try an old and reliable solution — Asterisk. With the help of a book "Asterisk: The Definitive Guide" from J.V. Meggelen & R. Bryant & L. Madsen, of course.

First, I was forced to build the asterisk package by myself (from ports, ofc), since the binary version from NetBSD repository compiled with the all DB support, except my favourite PostgreSQL database.

By the way, adding users and writing dialplan with the help of aforementioned book was not so hard as I expected . Same for network setup. Since, I'm using PJSIP I just opened SIPS port and a range of UDP ports for RTP protocol on the my firewall. Despite, my home network hidden behind NAT on the router, there are no big problems with networking — end-user devices and an Asterisk server connected with use of simple star topology.

Surpisingly, the quality of the voice call is excellent comparing with service, provided by local cellular network operators. I suppose, that the secret in used codecs, or it is because there are not so much users (only 2) of my service.

#Asterisk #NetBSD #sip #VoIP

Alt...

Hand-drawn diagram of connection between my Asterisk server and the two end-users with mobile phones (with Linphone application on these phones).

Built #Lagrange for #NetBSD 10.1 bit it fails to launch, throws a SIGSEGV. Unless I run it as root. But of course then it finds no X11 session to auth, so it runs but doesn't run. But at least no SIGSEGV. That's only for my user. What's going on?!

Victory is mine! #NetBSD 11 RC1 is working!

Overall, pretty uneventful...

Now, I will let it rest for a little while, until qemu 9.2.4 has finished compiling.

Alt...

A white on black console whowing, in bold ASCII letters "NetBSD 11.0_RC1 amd64"

@ParadeGrotesque

I believe 'man 7 entropy' will explain what #NetBSD uses that for. On my machine, file "/var/db/entropy-file" gets recreated on every boot.

#NetBSD 11, you are doing the packages in alphabetical order, right?

RIGHT? 😂

Alt...

A qemu console showing the NetBSD sysinst trying to download the 'xbase' package. As with the previous screenshots, the sysinst is trying an IPv6 address first.

[3348/9317] Compiling C object libqemu-mipsn32el-linux-user.a.p/linux-user_signal.c.o

So, roughly 30% done. I think the #NetBSD VM will be done first!

The good side of this, is that I can keep an eye on both the #NetBSD 11 VM and the compilation of qemu on my #Slackware server! 😋

It works, but it is going to be painful: since the qemu network emulation provides the VM with an IPv6 address through DHCP, #NetBSD sysinst tries IPv6 first, times out, then tries IPv4... all of this to be redirected by the web server and go through IPv6 - timeout - IPv4 again.

In other words: it downloads, but really really slowly. ☹️

Any help getting out of that painful loop is greatly appreciated (I know how to do it on an installed machine, just not in sysinst)

Alt...

A white-on-blue NetBSD installation console showing error messages, such as: /sets/modules.tar.xz ftp: Can't connect to [2ad4:ded2:1d::262]:80: No route to host

It seems #NetBSD 'sysinst' still has issues with the 'curses' qemu console, but it remains readable, so onward!

Alt...

A qemu console showing a NetBSD installation disk selection menus. Little display bugs (strange glyphs and added blank spaces) can be seen here and there...

Well, well, well... What do we have here?

Hello #NetBSD 11!

Alt...

A qemu console showing the sysinst installation programme from NetBSD Blue background, white text

From:

https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-11/20260206082425Z/amd64/INSTALL.html#Features%20to%20be%20removed%20in%20a%20later%20release

The following features are to be removed from #NetBSD in the future:

- groff(1). Man pages are now handled with mandoc(1), and groff(1) can still be found in pkgsrc as textproc/groff.

- pf(4). This packet filter is obsolete and unmaintained in NetBSD. It will be eventually removed due to possible long-standing security issues and lack of multiprocessor support. New installations should use npf(7).

No 'npf mastery' book so I really need to read that man page...

$ /usr/local/bin/qemu-img create -f qcow2 /opt/qemu/netbsd11.img 20G

20GB should be enough for most installations I suppose... #netbsd

~/files/download/ISO/NetBSD$ curl -O https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-11/20260206082425Z/amd64/installation/cdrom/boot.iso

Yeah, going to test #NetBSD 11-RC1 like a savage as usual... 🤓

#NetBSD

https://youtu.be/Tv6Q4MZS5LI

We got #CentOS Mascot before #GTA6
https://blog.centos.org/2025/05/release-the-quokka/

Let's go #NetBSD we should get Mascot other than logo