This is an awesome guide and I appreciate it including ZFS.<p>One thing I'm curious about is the deletion of this file:<p><pre><code> var/db/man.db
</code></pre>
I don't have first-hand experience with NetBSD but their online documentation seems pretty great. Does that also translate to the manpages? How could man.db be preserved for a read-only system?<p>I'm toying with the idea of using NetBSD as a server for some fundamental network services. My goal is a scenario where I get Bus Factor'd and whoever takes over says:<p><pre><code> The previous guy left, but we should be able to run with this for now. At first we were worried, but it turned out to be just a self-contained Unix system. The thing hasn't been rebooted in 20 years, but the documentation's complete enough for ChatGPZ to understand it. Keep in mind this doesn't support Nuralink, so we'll have to dig out the old keyboard. Don't forget the USB-D adaptor.
</code></pre>
* In an alternative future, NetBSD will be ported to Nuralink.
Good article imho. Read-only with "ramdisk" (volatile memory
filesystems) is a much overlooked defence. I am amazed at the number
of IoT devices I've picked up in second hand stores that are loaded
with state, secrets and PII. I got a GPS device with a large company's
entire delivery address book, and a VoIP phone containing another
company's entire internal voice network with names, office numbers,
and personnel notes.<p>Put this stuff into a capacitor backed volatile disk with the main OS
running from non-volatile. Set the current drain so that it stays for
at most 7-14 days after power is removed.