 So hello everyone. My name is Benny Sieger. Today I'm going to give you an update on Net BST. And I wrote not that kind of update because if you follow along what Silicon Valley companies do when they write a blog post titled an update on X, that usually means that X is cancelled or dead. So my thesis is Net BST is not dead and I want to show you something about it and I'm going to go reasonably quickly through the slides because I only have 20 minutes. So first of all, the last major release of Net BST it seems an eternity ago but it was actually last year so it's in scope for this talk I suppose. It's Net BST 8 and it was released in July, has binaries for 55 ports available. So ports are not architectures, it's a bit difficult. Port is something like EVB ARM, evaluation board with an ARM processor and then there's multiple, so to speak, supports for like 32-bit, 64-bit, ARM V6, ARM V7 hardware flow, software flow, big engine. Anyway, so there's lots of those. So Net BST 8 is quite a big upgrade from Net BST 7 for a number of reasons. The first one you'll probably notice on the first boot is that you have DRM for supported cards which means you get a graphical console because the kernel handles all the video mode switching and all of that nonsense. Other than that, there is USB 3 support which is really nice especially because if you have a laptop desktop with USB 3 it probably doesn't support the older controller thingy so either you have no USB in Net BST 7 or USB 3 here. NVMe cards, if you have those, they're quite a lot faster. Via Oskasi I'm going to talk about in a second, it's a storage layer for an emulated hard drive that a bunch of cloud providers use and also QMO supports. And there's been quite a bit of hardening for security that has been done. So we now have ASLR enabled by default, M-Protect which the OpenBSD folks call WRX. Position independent executables. There's an option to build everything reproducible which I'm not sure, I think it's not the default. There's an internal audio mixer which is kind of minor but very cool so you can play as many different audio sources as you want. They can all open deaf audio and play stuff and it'll be mixed together. No pulse audio or other crap needed. And so as I was saying, it seems like in eternity the thing is NetBSD8 took a long time to get released. I dug out this email here which was the announcement of the branch and you notice it's from over a year before, it's 6th of June 2017 and it says here, we don't have a strict timeline for the 8th release but things are looking pretty good at the moment. We expect this release to be happening in a shorter amount of time. Well, that didn't happen. Basically what ended up happening was that DRM had been imported and it's such a headline feature. We absolutely wanted to ship with it but it wasn't quite working. Oh, that was the excuse for 7. What was the excuse for 8? Anyway, so these were both long releases and technically NetBSD7 is still supported because the NetBSD project supports the two last major releases. But at least on Intel and AMD architectures, I would really like to encourage you to stop using NetBSD7 because of these two guys, Spectre and Meltdown. NetBSD8 ships with full mitigations for those. NetBSD7 doesn't and they have not been back ported. So it's not a good idea to be running NetBSD7 on anything remotely sensitive. Now, let's talk about NetBSD9. So NetBSD9 is not a thing yet. It has not been branched yet. We keep saying that this release is going to be the one that's better than the previous releases. And the NetBSD foundation has actually done something. It has hired a person full-time as a release engineer, Martin Husserman. So we're cautiously optimistic that once we decide to actually branch the thing, we can release in a finite amount of time. In the meantime, we're at a point where NetBSD7 current has become really good compared to NetBSD8. And typically in open source, that's a sign that you should just release what you have but it's not that easy. So on a bunch of hardware, it's actually now the best NetBSD7 that you can run this current because it had major improvements in drivers, in performance and in security. So security has the introduction of kernel ASLR. If you want that, it's not on by default. You have to change your bootloader config, I think, to do that. It works by having a little trampoline kernel, so to speak. That pretends it's the kernel. It loads the image, randomizes the addresses, and then boots it. Then there's the K leak, the kernel leak detector. There's going to be a talk on this after me. Then the kernel address sanitizer, the kernel undefined behavior sanitizer. All of these have found quite a few bugs, by the way. The sanitizers are also in user land. I believe that a number of user land bugs have also been found and fixed due to that. There is an updated ZFS, which is now actually usable. So you can actually run your storage on NetBSD on ZFS. It's a bit fiddly to get it working first because your kernel and your user land must match exactly because the interface is not quite stable, I think. But yeah, ZFS is there. We have updated graphics drivers. Again, that's a big one. If you're using any halfway recent Intel board, like I myself have one with Intel Iris graphics that was not supported in 8, but it's now supported. There's also been AMD and NVIDIA fixes, I think. It's all relatively current. So basically with all major graphics hardware, you should be able to get graphical console, accelerated X, accelerated video, and even accelerated 3D, which is nice. And if you're running on ARM, then there has been a tremendous amount of work gone into NetBSD on ARM, and it is a lot better than NetBSD8. I want to show you a little bit about ARM because it's the new hotness, so to speak. So first of all, Jared McNeil, who is a NetBSD developer, has made this really nice page invisible.ca slash ARM that gives you a bunch of bootable images for NetBSD8. You can just write on an SD card, put the SD card in, boot the machine. I here have expanded the 32-bit menu. You see that we support the various pies. There's the Raspberry Pi, obviously. The Orange Pi, which is really nice. I have one of those. The Banana Pi, the Nano Pi, the Odroid, which is also really nice here, and so on. And then for 64-bit, the list is a bit shorter, but ARM64 is a completely new architecture in NetBSD current. 8 doesn't have it yet, so there's that. You have? It's also shorter because many of them are supported with generic 64-bit images. Yes. Good point. It's also shorter because there's a generic 64-bit image that supports most of these. So for example, if you have a Raspberry Pi 3, you can run it in 64-bit mode. The Pine A64 is supported, the Rock64, RockPro, and the NanoPie, Neo2, and NeoPlus2. This list, by the way, will get shorter over time, as Christoph said, so we have better support for FDT, flattened device trees, and better support for UEFI booting, which means that you no longer need board-specific kernels or board-specific bootloaders or anything. You have one image, and it's just going to work on all of the things, which is really what you want. And I see one here in the audience. This thing here is super cool. It's called the Pine Book. The 14-inch version, which I've shown here, there's also a smaller one in 11-inch. They're $99. It's pretty good. They have an ARM processor, light and thin, as it says here. And so what happened is that the NetPiste Foundation bought a bunch of those for developers, I think about 30, and then gave them out to all of the developers who wanted one, basically. And as a result, of course, there was rapid development in drivers and bug fixes and whatnot. To the point that I think on these things, a NetPiste is more or less the primary OS now, so that they should still ship with Linux by default, but NetPiste is relatively prominent on them. So that's really cool. Then I have one more thing that I scraped off. So Zachary McGrew is doing a port of NetPiste to risk five. However, it's not in the tree yet. It's a separate tree right now. It hasn't been merged into the main tree, and I think it's not quite at the state where you can boot a full system and go multi-user. So compared to FreeBST, what we heard just in the previous talk, we're a bit behind on that, but they're basically in the process of setting up new port mailing lists and the structure for adding new ports for risk five. So that's also going to be a thing very soon. I don't know if it will be, it will probably not be in NetPiste nine, I suppose, but it's coming. Will risk five be the new ARM? Will risk five be the new ARM? That's a good question. I don't think so. I think ARM will be the main thing in the future. Really, like ARM is at the point of displacing, I suppose, the Intel architectures. You see it in various cloud providers. You see it in the persistent rumor that Apple is going to have ARM processors for the next generation of MacBook, so it's going to be very interesting from that point of view. And now I want to talk a little bit about virtualization in cloud because NetPiste is a great cloud OS, believe it or not. So if you want to virtualize something on a NetPiste desktop, let's start small. You have a machine running. NetPiste, you want to virtualize something else on it. The easiest thing you can do is run QMU and have it emulated in software. That's kind of slow. That's kind of sucky. And then up until very recently, you had, as a second option, only Xen, and there's two new options that I want to talk about. So Xen is, and I was like, I don't know, it's a hypervisor where you install a special kernel, the Xen kernel, and then load your operating system kernel, as was called, the DOM zero, and then you can create new domains in it. It's a bit heavyweight. It's not super easy to set up. And the NetPiste Xen support used to be really first class and it's slightly bit rotting, I think, because it doesn't support two of the four virtualization modes that Xen offers, and those two happen to be the preferred ones these days. But we gained two new virtualization frameworks. Funnily enough, one of them works better on AMD. One of them works better on Intel. So NVMM is written by a NetPiste developer in a weekend, essentially. It's a simple library and a little kernel. It has a user end part and a kernel part and it does primitives for VM management, if you will, using hardware virtualization on certain AMD CPUs, most AMD CPUs. And Hexam is the Intel hardware accelerated execution manager. It's a thing developed by Intel and used, for instance, by Google in the Android Studio builds. It's the default emulation framework to do the Android emulation. That is also imported to the NetPiste kernel. It is in the kernel, in current. And both of these share is that the front end to manipulating them is QMU again. So you compile QMU with the back ends for these two and it'll select the one that works, I suppose. Or you can give it a command line option to say, I want to run this VM with Hexam or with NVMM. And then you'll have basically the full speed of your hardware. You'll be using hardware virtualization instructions that are built in these CPUs. You can run multi-core VMs as many as you have cores. You can even run more emulated cores than you have real cores, although it gets a bit slower. And it's really nice. So you have very performant virtualization support using these two things. And then if you want to run NetPiste off-premises, I've put here three options that are all three really good, I think. The first one, full disclosure, I work for Google, but I think Google Cloud Platform is great, is fully supported with NetPiste, although you have to build your own image because of the way they treat official images. The official images are all Linux and you cannot... It doesn't have a feature like AWS has community AMIs where one person can upload a working NetPiste image and then others can instantiate it. That doesn't work, unfortunately. But other than that, it works really, really good. Again, we have the VIO SCSI and the Virtual Network Drivers. These are para-virtualized things offered by their hypervisor and we have drivers for them, so we have full performance. Another option that's very intriguing is Scaleway. It's a French company, so if you don't like multinational American companies, maybe that's good. They offer ARM VMs, like a cloud running exclusively on ARM, all their storage is SSD-backed, so it's very fast. It's faster than GCP, I think, and they're really cheap. You can get, say, a development machine, a development VM with four or eight cores and a decent amount of RAM costs you six zeros per month if you leave it running all the time. That's really nice. One caveat though is that you can run NetPiste EVB ARM64 bit on it, but the CPU itself does not support any 32-bit instructions, so you cannot run any ARM32 binaries on it, which means that currently you can't run any Go binaries because NetPiste ARM64 support for Go hasn't landed yet. And then the last option, Amazon EC2 on AWS Classic, there are official images prepared by the NetPiste Foundation under the Community AMIs list for the Intel-based servers, and some AWS zones now have ARM-based servers. They're quite a bit cheaper to run than the Intel ones. And again, you can run NetPiste EVB ARM64 bit on it, and it works just fine if you use current. For Google Cloud Platform, I've released this script for a while ago, github.com slash Google slash NetPiste GCE. It's a little bash script that you run and it creates an image for you that you can then upload. It's in a required format. The readme explains the commands you need to upload the thing. The required format is a hard disk image. No, it's a raw image. It must be raw. It must be in a targizet file. The tar file must be GNU-tar, and it must have a certain name. It's completely brain-dead. Does the disk have to be bootable? Yes. So the NetPiste has a tool called Anita, which is an automated installation thingy that we use for running tests in VMs. And basically I abuse Anita to install NetPiste and then shut down the VM before the first reboot and then pack up the disk that we just installed. So I have 15 seconds left to conclude. I think NetPiste is an OS on the bleeding edge. It doesn't only run on obsolete big iron hardware. You should give it a try on modern hardware, be it your desktop where it's really good these days, be it a pine book or some sort of single-board computer for $30. It does make a decent desktop. I haven't talked about packages at all, but there's been a tremendous amount of work that's gone into making XFCE, and other desktops run well. And it is also an excellent server OS for running in the cloud or on-premises. Thank you for your attention.