Create a FreeBSD swapfile (tutorial)

Home > Blog > Create a FreeBSD swapfile (tutorial)

After having to deploy a new FreeBSD server, I found out there’s an overlooked trick needed to keep the swapfile mounted after reboots. So here’s a quick tutorial on how to use a swapfile in FreeBSD 10 and onwards!

The basics

Swap in operating systems basically means using disk space as extra RAM. It’s definitely not optimal if you use a lot of it but it’s wise to have some, as memory exhaustion is never nice and can lead to application downtime. The FreeBSD handbook comes in handy in a lot of situations. It states here that you should have twice the amount of swap as RAM, but I deploy with enough memory after doing research and experiments. I create less or equal the amount of RAM as swap. Measure twice, cut once!

Let’s go already…!

Okay, okay, easy. For the following examples you might replace doas with sudo, or gain root privileges depending on how you set your system up. Doas is more secure.

We start with creating an 8GB swapfile under /usr. Alter the count for your intended size, e.g. 1024 will give you 1GB, 2048 will give you 2GB, etc.

doas dd if=/dev/zero of=/usr/swap0 bs=1m count=8192

Afterwards we modify the permissions, this is very important!

doas chmod 0600 /usr/swap0

Then, we add this to the bottom of our fstab to mount it during startup.

md99	none	swap	sw,file=/usr/swap0,late	0	0

The late keyword is crucial here! It allows the system to mount it with a delay, otherwise the system finds it can’t mount it at boot and doesn’t do it.

You can now either reboot or run swapon -aq to enable it during runtime! You should now think and consider if you want to encrypt your swap or not.

I hope you’ve found this useful after pulling your hair out, because you didn’t read the handbook like me. BTW, this website is proudly hosted on FreeBSD!

The FreeBSD logo.

The beauty of odd aspect ratios

Home > Blog > The beauty of odd aspect ratios

Recently I’ve began using screens with 5:4 aspect ratios on my workstation and gaming setup. Yes, they’re 14 years old. No, it’s not just because I had them laying around. Please trust me, I’m not going insane just yet.

Not just for cinephiles

Odd aspect ratios are a favorite among filmmakers, as it allows them to broaden or narrow their shots and visual scope of scenes. A square shot of someones face up close will come across as more claustrophobic. A film company famous for playing with aspect ratios is A24, known for movies like Midsommar, The VVitch or Hereditary. For designers, limiting space or content can also be freeing.

The reason I like them is because I hate wasted space. A desk can only be so big. So why plonk down another 16:9 monitor, when I could use a 16:10 and fit more code on my screen, or a 4:3 or 5:4 for text editing with just the right amount of information bombarding me. On the other hand, these issues may be fixed by using a tiled window manager or an ultrawide display.

Here you can see some examples of what I’m talking about. There’s very little wasted space. No empty columns and less distractions.

These square monitors are also cheap as bits to buy! As they’re often cast aside for the most popular aspect ratio (16:9) these odd ducklings can be had for cents on the dollar or euro. The nice ones with swiveling arms or modern video inputs can be a bit more expensive.

My workstation is as of now two 1080p screens, one of which is on an arm alongside a 1280×1024 screen. My gaming setup is as of now a 144Hz 1080p monitor on an arm and a 1280×1024 screen on the side.

The 512kb Club: the web on a diet

Home > Blog > The 512kb Club: the web on a diet

Recently I found out about something called the 512kb Club. It’s a collection of websites whose entire size, when transmitted from server to browser, is less or equal to 512 kilobytes uncompressed. That is quite the prospect. Similarly, there is also a 1MB Club. Self-imposing this limit is far from ascetic however, as I will reveal below.

According to the clubs website the website for the New York Times has grown to over 15 megabytes! But how bad could this be, if it is even bad at all?

Fruit on a plate, a measuring tape and some dumbells.
Some research is needed

I took it upon myself to find what could be the biggest website in the world. Some oddballs that I found were the self-proclaimed tallest website and one that grows with every visitor. The largest I found was Gfycat (~32MB) which is not odd, considering their content is exclusively animated images. Another bad offender was blizzard.com (~17MB.) My website floats around 2-2.5MB depending on what page, which is about on par with the average.

The consequences of this is that websites take longer to load in those parts of the world where internet connections aren’t that fast. It’s also bad for the environment as this data has to be transmitted (more info on this) from often idle (and thus power wasting) servers.

To coin a suitable term: a web footprint.

Not an exercise in minimalism

Anyone can piece together a page with little to no style or images. But that is not the point of the 512kb Club. Minimalism and frugality might be a solution but boring and unusable websites definitely aren’t.

Let’s go back to the days where the IBM PC had 640kb of RAM. Did this limit detract from the usability of the system? No. But inspiring graphics it definitely did not have out of the box, they were achieved through optimization and clever tricks. The hard limit bred innovation.

A 512kb limit does not constrain design as much as one might think. Layouts do not affect transfer size much or at all. FontAwesome also supports stacking icons out of the box, adding another dimension to iconography without adding much size. 

WebM, WebP and SVG’s can fill this perceived gap. Cleverer usage of HTML and CSS also helps as using classes and inline styles everywhere adds unnecessary size. Likewise with unnecessary wrapping elements. Unused parts of libraries might be removed through cherry picking functions, SASS or tools like UnCSS. Minifying JavaScript and CSS is now an industry standard, but I still talk to developers that don’t do it with HTML when working statically.

Devils advocate

To provide some counter arguments, perhaps all this is not even needed as long as our SEO and conversion are fine. As technology progresses we don’t have to punish ourselves with endless diets for our software stacks. Bloat is never nice but eliminating the excesses we concern ourselves with here might not even amortise in speed, security and eco-friendliness.

Economically speaking, throwing money against a relatively small problem like a few megabytes isn’t worth it when we can make technology ease the symptoms for us through compression and caching for far less costs.

Core takeaways

The goal of this is obviously to call attention to the fact that all this bloat is just not needed. We can do better. It has certainly piqued my interest and I hope you in return may also get inspired to slim down your web footprint while maintaining your web presence, perhaps by hiring me 🙂

Too cheeky?

Seriously though, the 512kb Club is an admirable effort to call attention to an omnipresent problem. Software bloat persists throughout the computing world and as the web is the future, it is the place to start the diet.

FreeBSD, the perfect server (for me)

Home > Blog > FreeBSD, the perfect server (for me)

A project is usually only as good as its technical underpinnings, much like a house of cards. Here’s some, not most, of the reasons why I prefer FreeBSD over Linux for my servers.

Ridiculous ease of use/documentation

In my opinion, documentation is always the key to success. Not many sane people can read man pages or the Arch wiki. FreeBSD’s documentation project alone is a major reason to use the operating system. Everything that’s possible is outlined so clearly I use it as an entrypoint for most Linux questions I have when Google does not supply a quick answer.

Security and reliability

While many people like to flaunt that FreeBSD has less CVE’s than Linux, I have to admit that fact is probably due to the fact that it’s not as widely used. Perhaps a form of security through obscurity. Listing who uses it (Apple, Netflix, Sony, Nintendo, Yahoo!, Yandex) does not prove its perceived superiority either, just that it is trusted and perhaps useful.

The reason why these companies use FreeBSD is because it just works. It really does. Security and reliability is achieved through engineered-in excellence in those aspects. One does not inspect quality into a product, it is built in, designed in even. FreeBSD is derived from the BSD of the 70’s and 80’s, meaning it has run real workloads for well over four decades. It has weathered some serious storms, lawsuits and competition, and the fact it not only exists but thrives alongside other Unices and Unix-likes means it has its place. When you see an old item that’s still usable and in use that means the initial concept was good enough. When you see that same item still in production today… It really does speak for itself.

Security also leads into my next point.

Underappreciated diversity

If you want the tightest security, go for OpenBSD. Need performance in some more niche usecases, go for DragonFly BSD. Must it run on literally any heap of sand capable of thought, go for NetBSD. Want an it-just-works desktop? There’s choices for you too, GhostBSD, NomadBSD and more are capable of giving an excellent experience.

My point is that there is true diversity. Fedora and Ubuntu will probably garner similar experiences on the desktop, Ubuntu Server and RHEL are both still enterprise Linux servers that to me seemingly only differ in some methodology of management. The BSD universe has succinct varying qualities with practical end uses.

The BSD license

Perhaps the biggest difference to Linux is the license FreeBSD is distributed under. It boils down to the following.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Think that is the boiled down version? It’s the entire license. You can read it here.

It’s much more permissive than most licenses, this has a couple of effects that I will not discuss here but this makes it an excellent choice to build a project that you do not want to release the source code to (like Sony and Nintendo), although it is better to do so (like iX Systems.) This is code that is truly out there to be used for the betterment of mankind.

The filesystems

It’s clear and simple: ZFS, despite its few drawbacks, rules. Proven robust for almost 20 years. More than a filesystem, without going into too much detail, it also manages disks, compression and redundancy and much more. Btrfs, Refs and VxFS are not nearly as good all rounders, while ZFS beats them nearly outright in every area. Hardware RAID is obsolete.

ZFS is a first class citizen on FreeBSD, and fact of the matter is that it’s not that on Linux.

UFS is the default and is battletested since the 80’s. NTFS, ext4, FAT and more are of course also available.

FreeBSD and Linux as projects

Linux is just the kernel, governed by one man: Linus Torvalds (humorously called Benevolent Dictator for Life.) In my opinion this is actually a good thing for it, Linux’ main “superpower” is the fact it can shift any which way it pleases. It’s why it’s a jack of all trades. If there is demand, it will provide.

FreeBSD is a democratically governed project that spans the entire operating system. Its features scale from the users programs all the way up into the kernel. It prefers technical excellence over quick development or popularity.

A human readable firewall?

I love things that do things well. PF (Packet Filter) is an example of that.

A firewall is a collection of rules that coordinate actions imposed upon network traffic.

Because PF is a filter, it can do the things a firewall does AND more. Like redirecting traffic between containers, configuring specific rules for each ethernet adapter and more. And it’s readable too.

ext_if="vtnet0"

set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
rdr-anchor "rdr/*"

block in all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state

This is the base configuration needed for Bastille to work. If you can’t read what this says, I don’t think you should be working with firewalls.

Linux compatibility/Linuxulator

That’s right, you can run almost all Linux programs on FreeBSD, sometimes even faster. The original Matrix movie special effects were created on Linux, but rendered on FreeBSD because it ran the Linux software faster.

Jails/Bastille and Docker

Jails are nowadays often described as the original containerization platform. In reality this is a new development as Docker has taken the software world by storm to the point where people will look at you like you’re insane if you don’t use it. A jail is essentially the FreeBSD term for container before the word container was known as a container. More accurately a jail is a collection of namespace changes.

The first and foremost purpose of a container is exactly that, to contain. It’s a safety measure, often appearing to an intruder as the real system whereas they’re actually only digging in a small part. It also separates applications, meaning a rogue program won’t take down the whole system provided the container was well configured. And jails are very easily configured to limit system resources, access to raw sockets and more.

In the real world they are used to very easily deploy/provision fragile applications even though tools like Ansible exist exactly for that task. The benefit of Bastille in this that it does everything well. Out of the box it provides a sane base thin jail, thin meaning it shares the operating systems userspace programs. You can even replace it with a Linux userspace with the drop of a command, to run Linux apps. Even the programs in its filesystem can be “shared” through ZFS deduplication. You can package up entire older insecure FreeBSD systems into jails and protect them from the outside world.

The best thing about Bastille is the templates. There are a lot of templates for webservers, home automation, databases, etc. In other words, you can stack them on top of each other to create these software bundles. In Docker templating is still considered experimental.

Jails are a seemingly endlessly flexible tool.

In conclusion

Because FreeBSD stacks its features from top to bottom, it means it is not an edgecase to combine features in any which way. It is performant, stable, secure and extremely well documented. A mature developmental organization coupled with a track record of quality makes it a competent or even superior alternative to Linux. It might even “feel” nicer to use FreeBSD because of its logical administration.

This website is hosted on FreeBSD.