BSD-Curious
So for no particular reason at all, I recently got the urge to try out a BSD variant on my laptop. Now, historically I’ve been a die-hard Linux user, having cut my teeth on Slackware back when you needed dozens of floppies to install the thing (as a quick aside, I didn’t have internet access at home at the time, and so I used a PC at school to download Slack from a local BBS, which meant trucking dozens of floppies there and back… which was really fun when, say, disk 12 of 20-something had a bad sector, requiring me to return to school the next day (leaving the install process up and in limbo in the mean time) to write out a new disk). Since then, I’ve worked with Redhat, Debian, Fedora, and Ubuntu, but have never strayed outside the realm of Linux, and so, in a fit of boredom, I decided to address that little shortcoming in my technical upbringing.
Of course, there are multiple BSDs out there, each with their own focus and vision, and chosing one is often a matter of taste. My initial choice was FreeBSD, which I threw on a 10GB partition on my laptop, after which I found myself facing the familiar command prompt (well, not quite familiar… it was straight sh instead of bash, which was… annoying), and a fairly barebones system. At this point I discovered an important difference between the BSDs and, say, Ubuntu: out of the box, they tend to provide a very bare-bones system, enough to get you bootstrapped so you can build the system you need. But you have to build it. Not that I mind, I’m a tinkerer at heart.
I then spent the next couple days fiddling around with the system and configuring it as necessary, which was a very different experience from what you see in Linux. You see, in FreeBSD (and NetBSD, which I’ll get to later), the primary system configuration, which includes network configuration, system daemon selection, and so forth, is all stored in a single file in etc called ‘rc.conf’. In contrast, Linux distros tend to manage things in varying ways, which means you to need to learn individual platform quirks and tools, something which is always a bit tedious. And so, by playing with the rc.conf, I was easily able to get networking up and running, including my wireless card, various system daemons, and so forth. And after that, it was off to install some interesting programs.
And this was where I discovered my next surprise. In the Linux world, package managers are really king, with two main contenders vying for the top spot: deb and rpm. Of course, there are a few outliers (Slackware’s tgz’s, Gentoo’s portage system, etc), but for the most part, modern distros are based on one of these two package management systems. Not so with FreeBSD. FBSD uses a system called ‘ports’, which should be familiar to a Gentoo user, as portage is really a rip-off of ports. In essence, ports is a gigantic set of scripts, where each supported application is represented by a directory containing Makefiles, patches, and so forth, which can be used to install the application. A simple ‘make install’ in the directory results in the source for the package being downloaded, patched, configured, built, and installed. It’s really quite slick, if you’re interested in building everything from source (which can take quite a while). Of course, FBSD also has binary package support, but building from ports is the most common way people install software in the FBSD world.
Unfortunately, I finally hit a brick wall with FBSD on my laptop when I attempted to suspend it. Big mistake. You see, it turns out that, even now, with FreeBSD 8.0, support for suspend/resume is incredibly weak. So while Linux has stumbled along and finally reached a point where things kinda sorta work most of the time, FBSD is, I’d wager, at least 5 years behind. Which is a real shame, as I use suspend all the time with my laptop. And thus it was that FBSD as a possible OS alternative was nixed.
So, what next? Well, in my mind, the most obvious alternative contender was NetBSD (I eventually chose the 32-bit version for reasons I won’t get in to here). Like FreeBSD, NetBSD installs to a very barebones system, though even more barebones than FBSD, if that can be believed. In fact, the ISO for the installation media is a mere 250MB, give or take, which is pretty diminutive beside FBSD’s 2GB DVD image (though, to be fair, FBSD’s DVD ships with a ton of pre-compiled packages, while NetBSD leaves you having to download all that software from the intertubes). Similar to FBSD, the entire system is configured through /etc/rc.conf, and basic configuration was equally easy. Once that was done, again my thoughts turned to software.
The NetBSD package system shares a lot of commonalities with the FreeBSD system. Which shouldn’t be surprising because NetBSD’s system, pkgsrc, was forked from ports back in 1997. As such, they share an underlying philosophy, and so the two systems operate very similarly. I will say, though, that ports does have one significant advantage over pkgsrc: Much better OS integration. See, pkgsrc is really a sister project to NetBSD. As such, it can actually be run on myriad operating systems, including Linux, among many others. But that means that the system doesn’t tie into the OS all that well. So while a ports package, once built, will populate /etc/rc.conf will configuration values, throw itself into /usr/local/etc/rc.d, and so forth, a pkgsrc package requires the user to perform extra work to integrate the software into the OS. Additionally, I do prefer the way ports actively prompts the user for configuration directives for packages that provide them, but that’s probably just a matter of taste.
Of course, I once again made the mistake of investing a fair bit of time into installing packages before I decided to test out suspend, and once again I was disappointed, though somewhat less so (which is why NetBSD is still on my laptop). Suspending the laptop worked flawlessly, and was incredibly fast. Honestly, I’ve never seen a laptop go to sleep that quickly. But on resume, oddly enough, my videocard doesn’t get initialized properly (this is a known problem with nVidia graphics chips in general, and on my laptop model in particular). On the other hand, everything else works perfectly (the OS is actually fully responsive under the hood, the display simply doesn’t come on). Some hacking got things sorta working, but not reliably, so for now suspend on NetBSD will have to wait. But at least there appears to be a chance.
So for now I’ve decided to stick with NetBSD. Naturally I expect there to be more problems and limitations (at minimum, I’ll be stuck with nv as my X driver, as nVidia’s binary blob isn’t supported on NetBSD), and I doubt it’ll displace my Ubuntu install, but it should be fun seeing if it can!
And quick aside: I was very impressed to discover that both Free and NetBSD supported essentially all the hardware on my laptop, without exception (well, save for ACPI suspend, of course), straight out of the box. Very nice!
Transition Complete
Welcome to the new domain! As per my previous post, I’ve made the migration to my new domain, “b-ark.ca”. Additionally, this website is now IPv6 accessible, so anyone with IPv6 access (either through a tunnel broker, 6to4, or teredo) will be able to reach this place over v6 instead of v4.
As an aside, Hurricane Electric and Afraid.org are awesome services. Tunnel performance is spectacular (I see maybe 20ms extra latency over IPv6 versus IPv4), and they provide a routed /64, a full routed /48 if you want it, and support for reverse DNS delegation (so my IPv6 addresses will reverse resolve to my host names).
Meanwhile, Afraid.org has excellent support for IPv4 and dynamic DNS, and IPv6, both forward and reverse. Now maybe I’ll go apply for an “IPv6 Enabled” badge to stick on the website…
The Great IPv6 Experiment
So during the last week I decided it was about time I rebuilt my firewall, if for no other reason than to upgrade to the latest version of m0n0wall, as the version I was running dated back to 2006. Of course, naturally enough, during the course of my initial experimentation, my old firewall hardware kicked the bucket (it was an old 150Mhz P-II… I’m surprised it hadn’t died sooner), so I suddenly found myself in need of a new firewall PC. “Lucky for my, I ditched my old MythTV motherboard”, I thought to myself… what a fool I was.
As a bit of background, I’ve been running an open wireless access point for years and years now, and to achieve reasonable security, the network topology was something like the following:
Where both the WiFirewall and Firewall perform network address translation. Unfortunately, this means:
- The wireless network is double-NATed, which makes forwarding ports back from the firewall to the wireless network a heck of a lot more cumbersome.
- I have to maintain two separate sets of firewall rules.
Plus, the WAP I have doesn’t support IPv6, so if I wanted to deploy IPv6 internally, I couldn’t do so for the wireless pool.
Well, this screamed for a solution, hence me building a new firewall. My vision was the following:
In this sort of arrangement, the firewall acts as a single NAT for both subnets, and also allows me to control access from the wireless pool to the LAN and vice versa all in one place. Plus, because both subnets are directly connected to the firewall, which supports IPv6, I can deploy v6 across my network.
Of course, this scenario requires three NICs in the firewall, one for the WAN, one for the wireless subnet, and one for the LAN subnet. So I took my spare machine, threw three NICs in it, fired up the newest version of m0n0wall, and got… “watchdog timeout: dc0”, followed by hard locks.
sigh
Many hours later, after running up and down the stairs a couple dozen times, my conclusion was IRQ conflicts between one of the NICs and the USB controller on the board. Yes, that’s right, in 2010, I was fighting with IRQ conflicts. Seriously, what the heck?
The next day, I relented and decided to try out another motherboard I had lying around (yes, that’s right, I had two spare motherboards just lying around. Go figure.) Luckily, this one seems to work beautifully, and I now have a brand new firewall set up as described above. I even configured m0n0wall’s traffic shaping such that bittorrent traffic is de-prioritized versus other traffic, so I no longer need to perform upstream throttling in rtorrent, as the firewall takes care of everything (and it works beautifully… rtorrent can now saturate my upstream, while web browsing, etc, continue to work flawlessly).
Furthermore, I figured, hey, why not deploy IPv6 for kicks? So I went and allocated a tunnel from Hurricane Electric. They provide free IPv6 tunnels plus a free routable /48 if you want it (yes, that’s right, an 80-bit address space for nothing). You just need a router/firewall that supports it. Well, as you might imagine, m0n0wall does. Additionally, Hurricane Electric has a deal with Google such that, if you use HE’s nameservers, then all of Google’s services will be accessible over IPv6. So now anyone connected to my WAP will be able to browse the IPv6 internet, and access Google’s services over v6. Neat!
And, as if that weren’t enough, I registered a new domain name: “b-ark.ca”. I then plan to use afraid.org, which is a free DNS hosting service which provides support for IPv4, both static and dynamic, and IPv6, both forward and reverse. Of course, I’ll need to find a way to cleanly migrate away from “frodo.dyn.gno.org”, but once I do, that address will be disappearing, and this place will be reachable at “b-ark.ca”.
Nethack == Gambling
So, it’s winter here in the northern hemisphere (although, given the weather we’ve been having lately, you wouldn’t know it), and I now have a renewed passion for two of my favorite hobbies: knitting and Nethack.
Mmmm… juxtaposition.
Anyway, since the start of my “season” I’ve created and killed off a whole host of characters, during which time I’ve often felt the nearly irresistible urge to throw my DS against the wall. And this fact begs an interesting question (to use that phrase colloquially): Why on earth do I do this to myself??
Now, for those not in the know, Nethack is part of a family of games known as Rogue-likes, named after their original progenitor, Dungeon Crawler. Err, I mean, Rogue. Anyway, this family of games all have a few things in common (which is why they’re a family, duh):
First, they’re almost invariably centered around a character the user controls, who is then responsible for exploring a world, encountering bad guys, and eventually progressing to the endgoal, whatever that may be. In the case of Nethack, it’s a dungeon, and the player’s goal is to descend to the bottom of that dungeon, retrieve the Amulet of Yendor, and return it to his god, whilst not dying along the way.
Second, most roguelikes involves lots of items, armour, weapons, scrolls, wands, spellbooks, and so forth, that the player can acquire along the way, either by finding them randomly, looting from corpses, or buying or stealing from shops.
Third, those items? They’re unidentified at the outset. For example, in Nethack, you may come across a scroll with a name like “NR 9”, but you’ll have no idea what it actually does. So a large part of the game is focused on various tricks to identify those items. Oh, and of course, items can be good or bad, so that scroll may have been a scroll of enchant armour, or it may have been a scroll of destroy armour. So you can’t just go randomly reading scrolls, zapping wands, and trying things on (unless you plan to die quickly).
Fourth, when you die, you’re dead. No take-backsies. No save points. Nadda. You can, of course, save your current game and pick it up later, but if you die, that save state is gone. Toast. Kaput. You’re boned. So you have to be very careful. And avoid stupidity (the YASD, or Yet Another Stupid Death, is a common experience amongst Nethackers).
Fourth, and most importantly, the level layout, the positions of the items and their identities, the enemies, they’re all random. So each game is completely different.
So, back to the question. Why do I do this? YASD after YASD, I still come back for more, and I like it. And it’s that fourth item that, I think, is the key.
You see, gambling works by a pretty simple reward system, combined with the thrill of risk taking. Of course, anyone who’s spent any time in a casino understands what I’m talking about, here. Notice any similarities? Like any other form of gambling, Nethack provides randomized rewards to the players in exchange for risk, and as one progresses in the game, the risk only gets more pronounced (since the player has more and more invested in their character). One game, they may find a wand of wishing on the second level. The next, they might hit a poly trap in the Gnomish Mines, blow out their armour, and get killed by a cockatrice. That kind of randomized reward system plays with the brain in the exact same way that, say, Blackjack does.
So you really have to wonder, are there problem Nethack players out there? Was Rogue really the first Evercrack? I’m betting the answer is ‘yes’… the only difference is, unlike WoW, the Rogue-like family has maintained a relatively low profile, and so you don’t see the kind of widespread addiction we now see in modern MMORPGs.