It's no secret NetBSD is the smallest of the three contemporary modern BSDs (FreeBSD, OpenBSD, NetBSD, intentionally ignoring PC-BSD/TrueOS). Many don't give NetBSD any more thought than 'oh its the one that can run on a toaster' (which is true as long as it has a MMU :)
(Full article here )
There are some interesting features that are useful on desktops as well as embedded that deserve being mentioned. I list some of the features that caught my eye in no particular order. Also in no way are these unique to NetBSD (well mostly), but some may surprise you.
I'm not sure how popular it is or if its really used, but it is a possibility to write kernel modules in Lua. This is pretty darn cool and lua support in the kernel is the fruits of a previous Google Summer of Code (GSoC) project.
For Lua to work, you need to load the lua and lua sytem modules:
Then you can create a Lua state and load a script like so:
You can find full examples here
CGD (Cryptographic device driver) lets you encrypt disks at an entire disk or partition level. Of course, this is nothing new, but it has more flexibility for key sizes and available ciphers versus, eg, OpenBSD. This may no longer be true
NetBSD Rump kernels offer many benefits, of particular interest is being able to compile kernel drivers and test it in seconds without using a VM. In simplified terms, it is basically the various drivers that usually live in kernel space, but running as separate entities in the rump kernel userspace.
Rump kernels are not an operating system specific concept, for background see What is a rump kernel? NetBSD 'anykernel' is (was?) the first implementation of a usable rump kernel though. It has a funny name to boot
I have to admit I'm just starting to dip my toes in
pkgsrc. It's a solid
package manager, downloading and compiling sources for you and managing deps,
as you would expect of a package manager in 2018.
It has some lesser known auxiliary features:
In layman terms, veriexec compares binaries and files to a pre-configured whitelist of hashes and refuses to run any that diverge. While this would require a bit of setup (and would be annoying for casual daily desktop use), you could really lock down a machine with this setup that would be resilient to even root privilege escalations.
With the state of MD5 and SHA1 hashes being worthless for integrity and having vulnerabilities and proof of collision respectively, it supports SHA256, SHA384, SHA512, and RMD160 hashing. There are a few levels of strictness which can make the machine dynamically learn or report in an IDS style of operation as well.
This is not so much a feature as my personal preferences, but on NetBSD
you get things like a sane, centralized
rc.d startup system. No
6 runlevels, no systemd, no having to rifle around to find defaults.
/etc/rc.d after looking at
/etc/defaults/rc.conf and be done with it.
Additionally, third party stuff always ends up in
/usr/pkg and their
configs go in
/usr/pkg/etc. While GNU/Linux isnt awful, I am annoyed switching
distros and having no idea where things go, install to, overwrite, etc.
Being able to install an entire system (with X) using an installer under 350mb is unheard of in this day and age too. I'm pretty sure the Nvidia drivers are bigger than that now.
..Back to Dexter Haslem home