Continuing the all-Spectre, all-Meltdown week here at the Digest, BSDNow 228 talks about it for FreeBSD and will cover more next week. And oh yeah other news, including a mention of new-to-me NomadBSD.
Matthew Dillon posted a summary of IBRS and IBPB support in DragonFly, and some numbers showing its impact in various configurations of options and CPUs.
Are you tired of hearing about Meltdown/Spectre yet? Doesn’t matter! The two sysctls for controlling mitigation in DragonFly have been renamed:
machdep.meltdown_mitigation machdep.spectre_mitigation
They go to hopefully sensible defaults, but Matthew Dillon has done some testing to show the effects of each in various combinations. (Update: more changes and tests.) Note that this is not the final mitigation work; compilers (i.e. gcc) are being updated to include workarounds for this, so new gcc -> new compiler in DragonFly -> new defenses. No silver bullet there, though.
One side effect of Meltdown/Spectre are CPU microcode (firmware) updates. For future needs: sysutils/devcpu-data is the port that has the updates for Intel, and cpucontrol(8) is the program you run on DragonFly to add them.
I haven’t used this myself, yet, so I can’t tell you how necessary an immediate update could be – but you will probably want to use it soon.
Update: Newer CPUs might require this sizing change.
Update update: a better explanation of applying microcode updates. There’s new ones out, too. (via)
If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.
Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware. There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.
Update: step-by-step microcode fixes from Intel if you really want to trash your performance.
I had to trim this down; there’s been a post-Christmas surge in material.
- Always good to start the year with new (to me) Mickens: Life as a Developer. (via)
- Learn – Computer-Aided Instruction on Unix. A UNIX tutorial program from 1979. (via)
- Espple – Apple 1 Emulator with PAL RF Output. (via)
- The History of Rogue: Have at You, You Deadly Zs (2009). (via)
- From the previous link: Rog-O-Matic.
- Operating System Design Book Series. (via)
- 30 Days of Stuff. Some gems in there, like 140 issues of Maximum RockNRoll! (via)
- ReCurta: Our goal is to build the first Curta calculator since 1972. (via)
- The Story of the Gömböc. (via)
- Productivity is Dangerous. Fun for the line “LINKEDIN IS A DEATH CULT”. (via)
- Inventing the Lisa User Interface. (via)
- REMEMBER turn your computer off before midnight on 12/31/99. The most eighties tumblog ever. (via)
- A history of S_IFMT. (via)
- V7/x86 – x86 port of Unix V7. (via)
Note the non-profit link; that may be useful to you.
- BSD on New Hardware.
- BSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer. (video)
- Moving bacula-sd into a FreeBSD jail.
- As noted here in a comment, you can name a BSD non-profit as a recipient of the ‘commission’ from Amazon purchases. Doesn’t cost you anything, or at least Amazon keeps that part of their pricing opaque.
- OpenBSD Workstation Guide. More hardware detail than I expected… and I really like the key storage idea. (via)
- Scripts to run an OpenBSD mirror, rsync and verify. (via)
- Best BSD for PowerPC machine?
- The LLVM Memory Sanitizer support work in progress. On NetBSD. (via)
- Linux Professional Institute and BSD Certification Group Join Efforts. (via)
- Thinking of joining Mastodon? Try bsd.network!
- Which BSD systems are affected by new Intel cpu bug?
- Meltdown, aka “Dear Intel, you suck”
- Every day a bug is embargoed is actually two days. Looking at it that way, the 48 hours it took Matt Dillon to patch DragonFly turned into 367 days – and it was Google/Intel’s decision to have it that way. (via)
- MWL’s 2017 Wrap-Up. Ironically, systemd is a moneymaker for him.
I’m a bit late posting it, but: BSDNow 227 covers Open, Free, and Net this week.
By now you’ve probably heard of the Meltdown/Spectre attacks. (background rumors, technical note) Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.
It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs. Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.
Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.
Update: Matthew Dillon posted a summary to users@.
Update 2: He told us so.
A minor bit of housekeeping: the archives page has been fixed up to correctly list all categories, and list posts grouped by month. So if you want to see what I posted under the roguelike category, or see what I posted in February 2011, you can. Post counts provided, too.
More user group news: Helsinki, Finland, has a new BSD User Group: HelBUG. First meeting is February 7th. There’s no mailing list/site that I know of, yet.
I’m posting this waaaay ahead of time: next NYCBUG meeting is tomorrow. It’s a porting session, and here’s some of what to expect.
DragonFly has a donation page and a Paypal account. There’s no 501c3 benefit for U.S. residents to donate; DragonFly doesn’t exist as a non-profit. People have still been donating in smaller sums over time. It’s not enough to offset the colocation fees ($4k/year) plus the hardware there, but the money does get used for specific tasks. Matthew Dillon wrote a description of his upcoming plans: more storage, plus some interesting details on how much wear the existing SSD disks have sustained.