FreeBSD has supported nesting of jails natively since version 8.0, which dates back to 2009. Looking at the jail(8) man page, there is an entire paragraph named Hierarchical Jails that explains the concept of jail hierarchy well. It’s one of the many gems of FreeBSD that, although not widely known or used, is, in my opinion, extremely useful.

BastilleBSD plays a central role in this article, and that’s a project I’ve been hearing a lot about recently. I feel like the various BSDs are currently hitting a stride, and there seems to be a lot of movement from Linux to BSD at the moment.

PipeWire 1.0 now has all the features that are expected to move media streams inside a system. It takes advantage of advanced features of the Linux kernel to provide low latency, low footprint, and high performance while being secure. It is the perfect tool to build an embedded system or to securely share streams between containers.

Linux audio and video has come a long way, and PipeWire is part of that. Excellent work.

App developer Elias Saba has had some bad luck with Digital Millennium Copyright Act (DMCA) takedowns. His Android TV app Downloader, which combines a web browser with a file manager, was suspended by Google Play in May after several Israeli TV companies complained that the app could be used to load a pirate website.

Google reversed that suspension after three weeks. But Downloader has been suspended by Google Play again, and this time the reason is even harder to understand. Based on a vague DMCA notice, it appears that Downloader was suspended simply because it can load the Warner Bros. website.

Application stores are basically random number generators. The worst possible applications, from non-functional garbage to ad-ridden gambling games designed to prey on children, make up the bulk of what’s on offer, but functional, useful applications spiral into Kafkaesque bureaucratic dark holes. Being a mobile developer in 2023 is a nightmare.

When I used OpenBSD, I was a big fan of bsd.rd: a kernel that includes a root file system with an installer and a few tools. When I invariably did something bad to my root file system, I could use that to repair things. bsd.rd is also helpful for OS updates. And there is only a single file involved.

On NetBSD however, there is usually no netbsd.rd kernel installed, or even available by default. The facility is there, it’s just not standard. To be fair, there are a number of architectures that use kernels with a ramdisk for installation.

Recently, I have been toying with NetBSD on an Orange Pi 5. This is a 64-bit ARM board, using the evbarm-aarch64 architecture. I am booting from an SD card (details in a followup post) but once booted, the kernel does not see the card any more, only the NVMe SSD. So my thoughts went back to bsd.rd and I decided that I want one!

Such a kernel seems like a very useful tool to have, so if you’re running NetBSD – this guide will help you add it to your toolbox.

After I wrote about the possibility of programmable Mac ROM SIMMs in Quadras a couple of months ago, I suspected that there had been a way for developers at Apple in the 68k Mac era to reflash the ROM in their Macs during development, just like BIOS updates on PCs. The reason I believed this is because the ROM SIMM socket in the Quadras brought out pins for 12V (VPP) and write enable (/WE). I had verified that the write enable pin was going into the memory controller chip in several Mac models, so I was pretty confident that in-system programming was possible.

As luck would have it, multiple people pointed out to me that an Apple internal utility used for ROM flashing had been uploaded to the Macintosh Garden. It was recovered from a prototype PowerBook 520 purchased in 2020. Of course, I had to download this utility and figure out how it works.

I honestly cannot believe it’s taken this long for such a tool to become available one way or the other. Classic Macs are incredibly popular in the retro community, and being able to reflash the ROMs like this is incredibly useful. It took some work and disassembly, but Doug Brown got it working.

Debian’s MIPS64EL that is a 64-bit little endian port using the N64 ABI is at risk due to declining access for building the Debian 64-bit MIPS packages. MIPS64EL is now being treated as an “out of sync” architecture due to lacking sufficient build daemon resources for timely building new packages and if the situation doesn’t improve, it may not be suitable as a release architecture for Debian 13 “Trixie”.

Not all architectures last forever, and as time goes on, more and more of these once promising architectures will simply no longer be part of the modern Linux world. It makes sense – but it’s still sad.

Sunway’s new supercomputer therefore feels like a system designed with the goal of landing high on some TOP500 lists. For that purpose, it’s perfect, providing a lot of throughput without wasting money on pesky things like cache, out-of-order execution, and high bandwidth memory. But from the perspective of solving a nation’s problems, I feel like Sunway is chasing a metric. A nation doing well in advanced technology might have a lot of supercomputer throughput, but more supercomputer throughput doesn’t necessarily mean you’ll solve technological problems faster.

A detailed look at China’s new supercomputer. The conclusion quoted above is very well supported by the data and research concerning this new supercomputer, and the article is a great read.

Windows Terminal is getting an optional feature – ChatGPT-powered “AI chat” on Windows 11. ChatGPT integration is now available in Terminal (Canary), a new development channel to test experimental features ahead of a wider rollout. With ChatGPT AI Chat in Terminal, you can use AI to generate commands, explain errors, and get recommendations.

Microsoft wants Terminal to use the natural language AI to explain commands, such as “DISM”, or errors you might get when running commands. Similarly, it can suggest actions, like an alternate command when the original one doesn’t work.

When Microsoft said it wants to shove “AI” into every aspect of Windows, they weren’t kidding.

If you read the initial reviews of Apple’s new M3-based Macs, you’d be forgiven for thinking little had changed in their CPU cores, apart from a rejigging of numbers and an increase in the maximum frequency of their P cores. As my MacBook Pro 16-inch M3 Pro arrived three days early, this article presents a tentative first look at what has changed in their CPU cores, and from that, how you might choose the right chip for your next Apple silicon Mac. Like Apple, I’m going to make comparison between M1 and M3 chips, as in most respects discussed here, M2 CPU cores didn’t change as much from those in the M1, and I’ve had and tested four different M1 models.

As the introduction suggests, there’s more here than many seem to think.

With OpenSolaris and derivatives such as illumos, we gained the ability to build a whole IT infrastructure in a single box, using virtualized networking (crossbow) to build the underlying network and then attaching virtualized systems (zones) atop virtualized storage (zfs).

Some of this was present in Solaris 10, but it didn’t have crossbow so the networking piece was a bit tricky (although I did manage to get surprisingly far by abusing the loopback interface).

In Tribblix, I’ve long had the notion of a router or proxy zone, which acts as a bridge between the outside world and a local virtual subnet. For the next release I’ve been expanding that into something much more flexible and capable.

I’m continuously impressed by the work Peter Tribble is putting into Tribblix. Maintaining a distribution of something like OpenSolaris is hard enough as it is, but to then also add various unique functions and capabilities, while also maintaining support for SPARC, is just amazing.

Jason Scott posted the source code for all the Infocom games in 2019. This was pretty awesome. Everybody who is interested in that stuff cheered, and now it’s part of the common knowledge of Infocom. If you’re researching the history of those games, or want to study their design, you can dig in.

[…]

So the game source was big news. Infocom’s interpreter source, however, remained obscure. This was the game-playing software for each platform: the Apple 2 interpreter, the Commodore 64 interpreter, and so on. A particular Infocom game release (“Zork 3 for the C64”, say) was a floppy containing the C64 interpreter and the Zork-3 game file. Boot the floppy, the interpreter starts up; it loads the game data and the game begins.

The code for the interpreter, however, was never released as open source – until now. Andrew Plotkin posted all of the code on Github, followed later by an additional code dump by David Fillmore.

There has been quite a bit of documentation about exploiting the CANON Printer firmware in the past. For some more background information I suggest reading these posts by SYNACKTIV, doar-e and DEVCORE. I highly recommend reading all of it if you want to learn more about hacking (CANON) Printers.

The TL;DR is: We’re dealing with a Custom RTOS called DRYOS engineered by CANON that doesn’t ship with any modern mitigations like W^X or ASLR. That means that after getting a bit acquainted with this alien RTOS it is relatively easy to write (reliable) exploits for it.

Having a custom operating system doesn’t mean it’s more secure than popular solutions.

After a few minor delays, FreeBSD 14.0 has officially been released. The highlights according to the FreeBSD team itself:

• OpenSSH has been updated to version 9.5p1.
• OpenSSL has been updated to version 3.0.12, a major upgrade from OpenSSL 1.1.1t in FreeBSD 13.2-RELEASE.
• The bhyve hypervisor now supports TPM and GPU passthrough.
• FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.
• ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.
• It is now possible to perform background filesystem checks on UFS file systems running with journaled soft updates.
• Experimental ZFS images are now available for AWS and Azure.
• The default congestion control mechanism for TCP is now CUBIC.

For more details, you can dive into the release notes, and if you’re already using FreeBSD you know exactly how to upgrade.

Firefox users across the internet say that they are encountering an “artificial” five-second load time when they try to watch YouTube videos that exists on Firefox, but not Chrome. Google, meanwhile, told 404 Media that this is all part of its larger effort against ad blockers, and that it doesn’t have anything to do with Firefox at all.

I’m sure it doesn’t, Google.