FreeBSD 11.0 Released
Alternative OS news [not Windows, not Linux]... https://www.freebsd.org/releases/11.0R/announce.html https://www.freebsd.org/releases/11.0R/relnotes.html https://www.freebsd.org/features.html https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ https://forums.freebsd.org/ ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/
Is anyone here using FreeBSD? I started using OpenBSD for my personal computer and I am quite impressed. Why would anyone choose FreebSD over OpenBSD? Number of packages available? Also, what's the deal with HardnedBSD[1]? Anyone used it? Any good impressions? [1] https://hardenedbsd.org/ On 10/11/2016 02:53 AM, grarpamp wrote:
-- Kind Regards, Ben Mezger https://benmezger.nl
On Tue, Oct 11, 2016 at 01:07:51PM -0300, Ben Mezger wrote:
Is anyone here using FreeBSD?
I use it at home and we use it at work (hundreds of FreeBSD boxes). It is stable, maintainable, good to update, has pretty good hardware support and superior performance.
Why would anyone choose FreebSD over OpenBSD? Number of packages available?
FreeBSD has a way larger developer community and is in wide use, especially by companies. You didn't ask, but: if you ever use FreeBSD for a longer time, you'll never go back to Linux. At least not voluntarily :) - Tom
As I am still trying to understand OpenBSDs core, is there a main reason I should check out FreeBSD (except the reasons you pointed out)? How is the default security on FreeBSD? I've read it somewhere something like: "FreeBSD devs don't really care much about security as much as they should" How true is this statement? 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? 2. How easy can I sandbox software? Using jails only? 3. How about W^X? 4. Trusted Path Execution? Thanks! On 10/11/2016 02:08 PM, Tom wrote:
On Tue, Oct 11, 2016 at 01:07:51PM -0300, Ben Mezger wrote:
Is anyone here using FreeBSD?
I use it at home and we use it at work (hundreds of FreeBSD boxes). It is stable, maintainable, good to update, has pretty good hardware support and superior performance.
Why would anyone choose FreebSD over OpenBSD? Number of packages available?
FreeBSD has a way larger developer community and is in wide use, especially by companies.
You didn't ask, but: if you ever use FreeBSD for a longer time, you'll never go back to Linux. At least not voluntarily :)
- Tom
-- Kind Regards, Ben Mezger https://benmezger.nl
On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
As I am still trying to understand OpenBSDs core, is there a main reason I should check out FreeBSD (except the reasons you pointed out)?
In the end you'll need to compare them yourself, features, policies, hardware support, security, whatever. I just happen to like FreeBSD more and Theo de Raadt less :)
How is the default security on FreeBSD?
Why, pretty good I'd say.
"FreeBSD devs don't really care much about security as much as they should" How true is this statement?
Replace "FreeBSD Users" with "human beings" and the sentence might be true. Of course there are uncaring FreeBSD users, as are uncaring Windows, OSX or OpenBSD users. Oh - and not caring about security doesn't lead to an insecure system neccessarily. Many years ago we made an audit of some BSDi machine: it had all patches installed and was top secure. However, nobody have been logged in since a couple of years. So, why was it so secure? Because: 0 * * * * cd /usr/src && make world :-)
1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? 3. How about W^X? 4. Trusted Path Execution?
I'm not sure about all those things, google will help you with details. Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might be better suited from this perspective.
2. How easy can I sandbox software? Using jails only?
There's bhyve. I use jails and am very happy with it. - Tom
Thanks Tom, I will look into it more and perhaps give it a try. OpenBSD has lots of packages, but unfortunately not the ones I really need.
Oh - and not caring about security doesn't lead to an insecure system neccessarily. Many years ago we made an audit of some BSDi machine: it had all patches installed and was top secure. However, nobody have been logged in since a couple of years. So, why was it so secure? Because:
0 * * * * cd /usr/src && make world
Looks really promising. Doing something like this automatically on the Linux Kernel + monkey patching, would probably break in the first try. Same goes with the Gentoo port system. On 11/10/16 15:43, Tom wrote:
On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
As I am still trying to understand OpenBSDs core, is there a main reason I should check out FreeBSD (except the reasons you pointed out)?
In the end you'll need to compare them yourself, features, policies, hardware support, security, whatever.
I just happen to like FreeBSD more and Theo de Raadt less :)
How is the default security on FreeBSD?
Why, pretty good I'd say.
"FreeBSD devs don't really care much about security as much as they should" How true is this statement?
Replace "FreeBSD Users" with "human beings" and the sentence might be true. Of course there are uncaring FreeBSD users, as are uncaring Windows, OSX or OpenBSD users.
Oh - and not caring about security doesn't lead to an insecure system neccessarily. Many years ago we made an audit of some BSDi machine: it had all patches installed and was top secure. However, nobody have been logged in since a couple of years. So, why was it so secure? Because:
0 * * * * cd /usr/src && make world
:-)
1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? 3. How about W^X? 4. Trusted Path Execution?
I'm not sure about all those things, google will help you with details. Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might be better suited from this perspective.
2. How easy can I sandbox software? Using jails only?
There's bhyve. I use jails and am very happy with it.
- Tom
-- Kind Regards, Ben Mezger Met vriendelijke groet, Ben Mezger
0 * * * * cd /usr/src && make world
Looks really promising. Doing something like this automatically on the Linux Kernel + monkey patching, would probably break in the first try.
Open uses continuous integration, they're picky about it. Free spreads the same idea across whatever RELENG_M branches are open... 9,10,11 right now, and adds release branches. Linux is on it's own M.m.r release model. It's all pretty reliable so long as you look over your output to detect relatively rare build fail.
Same goes with the Gentoo port system.
Ports on any os seem like will always be spotty, far too many dependencies and upstream change. That's more or less expected.
On Wed, 2016-10-12 at 01:50 -0400, grarpamp wrote:
Linux is on it's own M.m.r release model.
It is important not to confuse Linux, the kernel, with GNU, the actual operating system. Linux, the kernel, and GNU, the operating system, are developed mostly independently of each other. Technically, there is no requirement that one run only a GNU variant under Linux, the kernel, or that GNU must run only under Linux, the kernel (in fact there is or at least was a port of GNU to the FreeBSD kernel at one time). Also of note that GNU also has its own kernel, Hurd (microkernel-based), which is still under development a couple of decades later. -- Shawn K. Quinn <skquinn@rushpost.com>
On Wed, Oct 12, 2016 at 2:04 AM, Shawn K. Quinn <skquinn@rushpost.com> wrote:
It is important not to confuse Linux, the kernel, with GNU, the actual
I don't. Sure there's bsd-gnuland and linux-bsdland hybrids now too. Yet to a bsd user, the linux kernel is the most visible trackable thing to them guiding what they can do with any linux (even though to match a bsd base you have to pack at least binutils and glibc to linux kernel... but that's mostly moot herein).
Also of note that GNU also has its own kernel, Hurd (microkernel-based), which is still under development a couple of decades later.
So is plan9 and a bunch of other stuff that still hasn't gone anyware. Oh well.
On Wed, Oct 12, 2016 at 02:18:40AM -0400, grarpamp wrote:
Also of note that GNU also has its own kernel, Hurd (microkernel-based), which is still under development a couple of decades later.
So is plan9 and a bunch of other stuff that still hasn't gone anyware. Oh well.
But don't worry, it's already scheduled for 2057. Be prepared ... - Tom
On Tue, Oct 11, 2016 at 1:08 PM, Tom <tom@vondein.org> wrote:
You didn't ask, but: if you ever use FreeBSD for a longer time, you'll never go back to Linux. At least not voluntarily :)
Many don't get that the Linux "distros" are often just that, distributions... of the same damn thing... they make some app bundling and packager choices but that's about it. Except for the commercial ventures like RedHat which do contribute sizeable raw development. Whereas the BSD's all picked something long ago and generally stick with it to this day, with blending across them... Open - secure, free Free - serving, all around utility, hardware, storage Dragon - clustering Net - platforms including your toaster
In the end you'll need to compare them yourself, features, policies, hardware support, security, whatever.
That's the key as always. Someone really needs to maintain a giant wiki table with this and the bsd's.
Yes I use FreeBSD 10 for a couple of servers. I chose it over openbsd because i have more familiarity with it, no other reason :) I'm quite happy with it, aside from some weird port pkg interactions... And it has supported PF for a long time, which it basically stole from openbsd (who stole it from Darren Reed). PF is great... I'm still on FreeBSD 10. John
On Oct 11, 2016, at 12:07 PM, Ben Mezger <benmezger@autistici.org> wrote:
Is anyone here using FreeBSD? I started using OpenBSD for my personal computer and I am quite impressed. Why would anyone choose FreebSD over OpenBSD? Number of packages available?
Also, what's the deal with HardnedBSD[1]? Anyone used it? Any good impressions?
On 10/11/2016 02:53 AM, grarpamp wrote: https://www.freebsd.org/ports/
-- Kind Regards, Ben Mezger https://benmezger.nl
On Tue, Oct 11, 2016 at 2:28 PM, John Newman <jnn@synfin.org> wrote:
Yes I use FreeBSD 10 it has supported PF for a long time, which it basically stole from openbsd (who stole it from Darren Reed).
No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been dropped by Open and Dragonfly BSD, for license and other reasons, including being a dead project. last release: e9d51c6e58f549c4ab499254c81c90d2 PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, NPF is Net's, IPFW3 is Dragon's. All actively maintained by their own communities. PF is ported to all.
On Oct 12, 2016, at 12:48 AM, grarpamp <grarpamp@gmail.com> wrote:
On Tue, Oct 11, 2016 at 2:28 PM, John Newman <jnn@synfin.org> wrote: Yes I use FreeBSD 10 it has supported PF for a long time, which it basically stole from openbsd (who stole it from Darren Reed).
No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been dropped by Open and Dragonfly BSD, for license and other reasons, including being a dead project. last release: e9d51c6e58f549c4ab499254c81c90d2
PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, NPF is Net's, IPFW3 is Dragon's. All actively maintained by their own communities. PF is ported to all.
Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you want to call it. Pf has made some nice improvements in the years since, but there is no doubt it started as a clone of IPF so Theo could include the superior software firewall mechanism in openbsd without the license restrictions. John
On Oct 12, 2016, at 7:04 AM, John Newman <jnn@synfin.org> wrote:
On Oct 12, 2016, at 12:48 AM, grarpamp <grarpamp@gmail.com> wrote:
On Tue, Oct 11, 2016 at 2:28 PM, John Newman <jnn@synfin.org> wrote: Yes I use FreeBSD 10 it has supported PF for a long time, which it basically stole from openbsd (who stole it from Darren Reed).
No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been dropped by Open and Dragonfly BSD, for license and other reasons, including being a dead project. last release: e9d51c6e58f549c4ab499254c81c90d2
PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, NPF is Net's, IPFW3 is Dragon's. All actively maintained by their own communities. PF is ported to all.
Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you want to call it.
Pf has made some nice improvements in the years since, but there is no doubt it started as a clone of IPF so Theo could include the superior software firewall mechanism in openbsd without the license restrictions.
John
I've always thought the IPFW mechanism in FreeBSD was crap, compared to IPF/PF, just as an aside... Years ago IPF was actually also ported to Solaris and Linux. I used it on some Sun boxes when I was just a little guy a long fucking time ago..... John
On Wed, Oct 12, 2016 at 07:16:47AM -0400, John Newman wrote:
No. Ipfilter (aka: Ipf) is Darren's / Phil's and has been dropped by Open and Dragonfly BSD, for license and other reasons, including being a dead project. last release: e9d51c6e58f549c4ab499254c81c90d2
PF (packet filter) is Open's, IPFW2 (ipfirewall) is Free's, NPF is Net's, IPFW3 is Dragon's. All actively maintained by their own communities. PF is ported to all.
Right, but all the SYNTAX was stolen from IPF. Or copied. Whatever you want to call it.
Pf has made some nice improvements in the years since, but there is no doubt it started as a clone of IPF so Theo could include the superior software firewall mechanism in openbsd without the license restrictions.
John
I've always thought the IPFW mechanism in FreeBSD was crap, compared to IPF/PF, just as an aside...
Years ago IPF was actually also ported to Solaris and Linux. I used it on some Sun boxes when I was just a little guy a long fucking time ago.....
John
Off-topic - I can't stand the way the phone email clients I habitually use format email. The results come out looking horrible. It's rare that I have a chance to reply to the list from an actual computer (generally I'm too busy when I'm in front of a real computer)... Anyway, I suppose I could start using mutt on android :P John
On Tue, Oct 11, 2016 at 01:50:20AM -0400, grarpamp wrote:
Alternative OS news [not Windows, not Linux]...
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/
Nice to see open source competition :) How do I verify the ISOs from the above plain ftp url, there is no crypto signature and downloading the checksums from the same (possibly owned) site doesn't make much sense. As an aside, why big vendors choose linux (android, wireless routers, etc) instead of the permissive BSD license (do the fuck what you want, no GPL, no Stallman)? (BSD appears to support less hardware, but for few bucks this can be solved).
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.0/
crypto signature and downloading the checksums from the same (possibly
They're in the release announcement linked in OP. As I've said before, FreeBSD has issues with strong cryptographic provenance, stemming from their choice of repo, on out to iso's and packages. But they're getting better fast. ie: They're almost, if not 100%, reproducible builds now... see new flags to ar(1) for a simple example, commitlogs 'reproducible'.
As an aside, why big vendors choose linux (android, wireless routers, etc) instead of the permissive BSD license (do the fuck what you want, no GPL, no Stallman)? (BSD appears to support less hardware, but for few bucks this can be solved).
Vendors are cheap, including not paying devs to "do the fuck they want", so they choose whatever licence won't get them sued (either is fine), and whatever os has been cobbled together for their hardware, and is known to the vendors cobbled together team. That's usually linux, or windows.
participants (6)
-
Ben Mezger -
Georgi Guninski -
grarpamp -
John Newman -
Shawn K. Quinn -
Tom