I was curious to learn more about practical use cases for rump kernels
in everyday computing and found this amazing guide on the NetBSD docs,
which, as a matter of fact, I had somehow managed to miss until now.
The document provides a proof of concept for many interesting
implementations of rump kernels in user space for unprivileged users, accounting for some of their top features which include portability (to
other OSs), modularity, reproducibility and standardization, isolation
,attack surface reduction and possibility to perform certain tasks
without root privileges in a secure manner.
I find particularly compelling the idea of restricting Firefox to its
own TCP stack.

https://www.netbsd.org/docs/rump/sptut.html


--
“Hell is empty and all the devils are here.„

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

sehnsucht <sehnsucht@sdf.org> writes:

I was curious to learn more about practical use cases for rump kernels
in everyday computing and found this amazing guide on the NetBSD docs,
which, as a matter of fact, I had somehow managed to miss until now.
The document provides a proof of concept for many interesting
implementations of rump kernels in user space for unprivileged users, accounting for some of their top features which include portability (to
other OSs), modularity, reproducibility and standardization, isolation ,attack surface reduction and possibility to perform certain tasks
without root privileges in a secure manner.
I find particularly compelling the idea of restricting Firefox to its
own TCP stack.

https://www.netbsd.org/docs/rump/sptut.html

This sounds very interesting. I have never tried NetBSD but reading that
makes me think of some creative applications to it. Now, I just need the hardware to install it on.

--
Ang kalayaan ay dili gihatag, ini'y giabot.
--
{gemini,gopher}://kalayaan.xyz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sul meriggio di 120222 07:40,
rtr <rtr@haraya.invalid> enarrava tali parole:

This sounds very interesting. I have never tried NetBSD but reading that
makes me think of some creative applications to it. Now, I just need the
hardware to install it on.

My thinkpad x250 works really well with it. But yes, NetBSD is picky,
even more than other BSDs...but at least less than Solaris.
I'm definitely going to attempt this rump kernel -based sandboxing and
write a post about it :)
Another loosely related netbsd-born thing you might like is sandboxctl https://github.com/jmmv/sandboxctl
--
“Hell is empty and all the devils are here.„

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

sehnsucht <sehnsucht@SDF.ORG> writes:

Sul meriggio di 120222 07:40,
rtr <rtr@haraya.invalid> enarrava tali parole:

This sounds very interesting. I have never tried NetBSD but reading that
makes me think of some creative applications to it. Now, I just need the
hardware to install it on.

My thinkpad x250 works really well with it. But yes, NetBSD is picky,
even more than other BSDs...but at least less than Solaris.
I'm definitely going to attempt this rump kernel -based sandboxing and
write a post about it :)
Another loosely related netbsd-born thing you might like is sandboxctl https://github.com/jmmv/sandboxctl

Oh please, I would like to read your post about it.

I think as long as I am running a Thinkpad I should be alright? But I've
been lurking in the mailing list for quite some time but there doesn't
seem to be as much activity there. I've been mulling over the thought of
either running it in a spare Thinkpad or just build a desktop for it.

What do you think?

--
Ang kalayaan ay dili gihatag, ini'y giabot.
--
{gemini,gopher}://kalayaan.xyz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sul meriggio di 150222 07:27,
rtr <rtr@haraya.invalid> enarrava tali parole:

I think as long as I am running a Thinkpad I should be alright?
I've been mulling over the thought of either running it in a spare
Thinkpad or just build a desktop for it.

There's this myth about thinkpads being the only usable sort of laptops
which BSDers care about. Fact is that the variety of hardware components
has shrinked significantly over the years and that common configurations (netbook, laptop, mobile workstation) tend to overlap across
manufacturers. While I really like thinkpads, I've run NetBSD on all
sorts of high end and consumer grade laptops, including those from
Toshiba, Fujitsu, and a Samsung one which used to be 100% supported
(bluetooth) included back in the day.

I got the impression OpenBSD folks are somehow picky about sticking to thinkpads, since OpenBSD developers seemingly always opt for thinkpads
and that's what they mean by 'eating their own dogfood'. Reality is that
as long as you choose a laptop from a notoriously *nix -friendly company
(HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5),
chances are high for hardware support to be acceptably good.

That NetBSD's hardware support is years behind the others is another
widely spread misconception. True, the graphics stack was pretty old up
until recently (and still is on 9.x); newer models are unlikely to be
supported but through the generic 2d-accelerated framebuffer driver on
9.x. And even on current, there's still significant ongoing work
so it's not like the updated drivers are really 100% stable already.

As you might have seen in another thread here, currently the drm/kms
code in NetBSD (9.x) is still based on that of Linux 4.4, which means
no amdgpu, no support for intel chips beyond SkyLake and no support for
nvidia beyond 9xx (and even 9xx was not so supported well by that
version of nouveau at the time when it was ported). The good news is
that in -10 the updated drivers (from Linux 5.6) will most likely be
included.
drm is hard and given the limited manpower of NetBSD, it's mostly a
single developer to take care of it, which means updates for graphics
only happen once in a while in the NetBSD land, and you have to wait, or
run -current, or stick to older models.

Wifi support is really similar to that of OpenBSD (there's continuous cross-pollination in this field between the 2 BSDs).

In addition, you get decent bluetooth support, nvidia support and good
power management (finely tunable via the powerd(8) scripts).
Some additional features which come in handy even on desktop are FFSv2 journaling, FFSv2 snapshots, as well as ZFS, LVM, CHFS, compat_linux,
wine, tmpfs, the dk(4) system, which is somewhat similar to FreeBSD's
GEOM, and very good virtualization.

See wiki.netbsd.org/laptops for laptops nd search for a couple of really
useful theads on UnitedBSD discussing the topic.
As for a desktop, I'd buy a relatively old Dell/HP/Lenovo workstation.
Used one are cheap (even the coolest ones with Xeon CPUs), and you'll
prevent useless waste.

As for other architectures (desktop-wise), aarch64 (Pinebook /
RockPro64), macppc, i386, sparc64 and alpha all have very good support.
NetBSD performance is ok - to - good, somewhere between FreeBSD and
OpenBSD, but definitely not comparable to Linux'. One field where NetBSD
really shines however is performance / lightweight ratio, whereby you
can't go wrong by putting it on a old x86 laptop (and eve nuse it as a
daily driver) or an embedded board.

But I've
been lurking in the mailing list for quite some time but there doesn't
seem to be as much activity there.

Well community is not as large as that of other BSDs, and users are less inclined to 'be social' and spend their spare time in OS advocacy. netbsd-users,
current-users and tech-kern are fairly active mailing lists. The #netbsd
irc channel on Libera Chat and the UnitedBSD forum are also very active. There's also an official telegram group, which sees some interesting
debates from time to time, as well as a dedicated subreddit.

Cheers!

--
“Hell is empty and all the devils are here.„

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

sehnsucht <sehnsucht@SDF.ORG> writes:

Sul meriggio di 150222 07:27,
rtr <rtr@haraya.invalid> enarrava tali parole:

I think as long as I am running a Thinkpad I should be alright?
I've been mulling over the thought of either running it in a spare
Thinkpad or just build a desktop for it.

There's this myth about thinkpads being the only usable sort of laptops
which BSDers care about. Fact is that the variety of hardware components
has shrinked significantly over the years and that common configurations (netbook, laptop, mobile workstation) tend to overlap across
manufacturers. While I really like thinkpads, I've run NetBSD on all
sorts of high end and consumer grade laptops, including those from
Toshiba, Fujitsu, and a Samsung one which used to be 100% supported (bluetooth) included back in the day.

I got the impression OpenBSD folks are somehow picky about sticking to thinkpads, since OpenBSD developers seemingly always opt for thinkpads
and that's what they mean by 'eating their own dogfood'. Reality is that
as long as you choose a laptop from a notoriously *nix -friendly company
(HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5), chances are high for hardware support to be acceptably good.

Yeah, I think I am a bit spoiled with OpenBSD since I'm running a
thinkpad. The only I had with it is there's no bluetooth support. But I
don't really use any bluetooth stuff aside from a keyboard so there's
that.

That NetBSD's hardware support is years behind the others is another
widely spread misconception. True, the graphics stack was pretty old up
until recently (and still is on 9.x); newer models are unlikely to be supported but through the generic 2d-accelerated framebuffer driver on
9.x. And even on current, there's still significant ongoing work
so it's not like the updated drivers are really 100% stable already.

As you might have seen in another thread here, currently the drm/kms
code in NetBSD (9.x) is still based on that of Linux 4.4, which means
no amdgpu, no support for intel chips beyond SkyLake and no support for nvidia beyond 9xx (and even 9xx was not so supported well by that
version of nouveau at the time when it was ported). The good news is
that in -10 the updated drivers (from Linux 5.6) will most likely be included.
drm is hard and given the limited manpower of NetBSD, it's mostly a
single developer to take care of it, which means updates for graphics
only happen once in a while in the NetBSD land, and you have to wait, or
run -current, or stick to older models.

Wifi support is really similar to that of OpenBSD (there's continuous cross-pollination in this field between the 2 BSDs).

In addition, you get decent bluetooth support, nvidia support and good
power management (finely tunable via the powerd(8) scripts).
Some additional features which come in handy even on desktop are FFSv2 journaling, FFSv2 snapshots, as well as ZFS, LVM, CHFS, compat_linux,
wine, tmpfs, the dk(4) system, which is somewhat similar to FreeBSD's
GEOM, and very good virtualization.

This is interesting. I've been mulling over with NetBSD since I wanted
to see whether it is worth running over FreeBSD. It looks like most of
the stuff that I care about are supported in NetBSD.

See wiki.netbsd.org/laptops for laptops nd search for a couple of really useful theads on UnitedBSD discussing the topic.
As for a desktop, I'd buy a relatively old Dell/HP/Lenovo workstation.
Used one are cheap (even the coolest ones with Xeon CPUs), and you'll
prevent useless waste.

As for other architectures (desktop-wise), aarch64 (Pinebook /
RockPro64), macppc, i386, sparc64 and alpha all have very good support. NetBSD performance is ok - to - good, somewhere between FreeBSD and
OpenBSD, but definitely not comparable to Linux'. One field where NetBSD really shines however is performance / lightweight ratio, whereby you
can't go wrong by putting it on a old x86 laptop (and eve nuse it as a
daily driver) or an embedded board.

I see. I've picked up a bunch of defective X200 and I managed to build a
couple up from the parts. I will probably try NetBSD on one of those.

But I've
been lurking in the mailing list for quite some time but there doesn't
seem to be as much activity there.

Well community is not as large as that of other BSDs, and users are less inclined to 'be social' and spend their spare time in OS advocacy. netbsd-users,
current-users and tech-kern are fairly active mailing lists. The #netbsd
irc channel on Libera Chat and the UnitedBSD forum are also very active. There's also an official telegram group, which sees some interesting
debates from time to time, as well as a dedicated subreddit.

Cheers!

I'm currently subscribed to netbsd-users atm. I'm considering
subscribing to current-users too.

Thanks for the brief primer, cheers!

--
Ang kalayaan ay dili gihatag, ini'y giabot.
--
{gemini,gopher}://kalayaan.xyz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)