FreeBSD on Intel Broadwell

Around two years ago I posted about using FreeBSD 10 on the X250. A great deal has happened since then.

It is now possible to use the Intel Broadwell integrated graphic card (among others) under FreeBSD-CURRENT FreeBSD-STABLE! Also if I’m right, this will be integrated in FreeBSD 11.2-RELEASE. What a great day it is for FreeBSD on the desktop. I bet FreeBSD 12 will be truly great!

Note that it works much better on STABLE now than CURRENT because CURRENT is -well- not that stable…

So if you want to try this now, what you first need to do is to upgrade to the STABLE branch. For this you need to fetch the source, buildworld, buildkernel and installworld. Here is a very quick tuto (that you may need to adapt though). You can also find this here.


# Don't forget to upgrade RELEASE
# in any case that there were any bugs in the building tools.
freebsd-update fetch
freebsd-update install
reboot
freebsd-update install

# Replace the current source tree with STABLE.
mv /usr/src /usr/src-RELEASE
svn checkout svn://svn.freebsd.org/base/stable/11 /usr/src

# Build! Build! Build!
cd /usr/src
make buildworld -j4

# Customize (while you are at it) and build STABLE kernel.
cd /usr/src/sys/amd64/conf
cp GENERIC {YOUR-CONF}
vim {YOUR-CONF}
cd /usr/src
make buildkernel KERNCONF={YOUR-CONF}
make installkernel KERNCONF={YOUR-CONF}
reboot

# Now it's time to install world over the new kernel.
# In the meantime we also update configuration files
# with mergemaster.
mergemaster -p
cd /usr/src
make installworld
mergemaster -Ui
reboot

Now that your are on the latest STABLE, you can update the ports tree and install drm-next.


# Install ports tree if needed.
portsnap fetch
portsnap extract

# Install drm-next.
cd /usr/ports/graphics/drm-next-kmod
make install clean

Finally you must tell rc.conf to use the new i915 module instead. That is, add in /etc/rc.conf:


kld_list="/boot/modules/i915kms.ko"

Just one final reboot and you are done! Test this with the xorg and mesa-demos ports. Just startx from your user and check /var/log/Xorg.0.log to see if the intel driver was correctly loaded.

Samba denied on FreeNAS

If you recently discovered that some of your authenticated samba shares on your FreeNAS refuse to well authenticate. And maybe you did your own investigation and found that it failed with NT_STATUS_NO_SUCH_USER. Do not worry, you are not alone!

From what I understand, the last update changed the constraints on the user accounts metadata. In particular it seems that the E-Mail field must now point to a real e-mail address (something@domain) and cannot just be an alias to another local user.

Don’t know if that’s intended or not or why it would be. Going to IRC right now to find out.

Long story short, users that don’t match the new constraints are not recognized anymore by samba (and probably other services too), hence the permission denied and NT_STATUS_NO_SUCH_USER. So for those user using a local alias as E-Mail, use a fully qualified E-Mail. That will fix the shares. However it seems that "user"@localhost doesn’t work either. And you will also have to retype their password.

Wrong OS version in pkg

If FreeBSD’s pkg refuses to update because of a wrong OS version, for example because you are in a FreeNAS jail and version mismatch are bound to happen, then you can always try to force the OS version in pkg. Either put OSVERSION={{version}} in /usr/local/etc/pkg.conf or start it with pkg -o OSVERSION={{version}} where {{version}} is the target version, for example 1101001.

Today’s movie: Une part d’ombre

We had the occasion to assist to the premiere of Une part d’Ombre a Belgian film by Samuel Tilman with Fabrizio Rongione, Natacha Régnier, Baptiste Lalieu, among others. Going there without knowing what to expect, this ended up being a unique and pleasant surprise.

It’s a movie about trust, the social contract that we build upon it which transcends all our relationships and the subjective value that people are willing to give to them. How things left unsaid rot the most obvious friendship and love and the fact that we cannot (most of the time) do a single thing about it. We just got to let it trough, even though the rambling mistrust breaks everything into its wrath and we know for sure than nothing will ever be the same.

It was amazing how after discussing the movie we could all reflect on this. We all had those stories of break up, circle of friends or family exploding because some could not live up to what was that we define as us. But it’s part of the human chore. Apparently many of us suck at relationships. We’ve just got to deal with it and try for ourselves to be among those we’d call human.

Still it may be a bit of our fault. Because there are many of those things that we don’t say either. Because we think wrongly that it would be better to keep our share of shade for the the sake of our beloved ones and the sacred things that lay between us. Maybe many of these situations would be a heck of a lot simpler if we could just at times lay our cards on the table and for others to accept our pledge of honesty.

And that’s the really important message from this movie. That at times, we’ve got to look into others eyes, and say “trust me”, and reciprocally for ourselves to say to them, I accept and trust you, it’s up to you to trust me in that. Because surely without that everything fall, sooner or later, into a bunch of ashes.

Sshguard, PF and FreeBSD

We recently had a problem with sshguard. Some IP that were blocked were still able to send packets through because the associated states were not killed properly with pfctl -k $ip. We used an older version until then, so I just did an upgrade to the latest port.

From this point however sshguard did not block anything anymore. In fact it didn’t recognize the correct backend to use to block those IP. Not sure if we always have to specify it manually in the configuration or if there is some kind of broken-autodetect. But you can force the backend inside the configuration file in /usr/local/etc/sshguard.conf (see /usr/local/etc/sshguard.conf.sample):

BACKEND="/usr/local/libexec/sshg-fw-pf"