
FreeBSD Q2 2016 Status Report - danieldk
https://www.freebsd.org/news/status/report-2016-04-2016-06.html
======
cm3
The organization of these status reports is outstanding and so structured,
like the rest of FreeBSD's documentation and communication.

I wish more of the HardenedBSD features would land in FreeBSD trunk. Other
than that, I'm really glad to see that it's making great progress, like RISC-V
support. The address randomization feature in 11 is ASR (not ASLR), per the
review comments by the inventor of ASLR (PaX dev), so it's a pity the initial
HardenedBSD devs decided to not continue upstreaming things after they felt
the ASLR patch review was taking too long. OPNsense seems to be basing itself
on HardenedBSD, so that's nice to see.

~~~
tachion
This is not exactly what happened. People behind HardenedBSD code take
criticism of their code personally and are very, very, very reluctant to
adhere to advices on correction of the code, or design or even processes
around their code(one of the main points aganist accepting their ASLR code was
that it wasn't designed, but ...just written) so the claims of that code being
well tested, well written and in general production ready quality should be
taken with a grain of salt.

However, its worth noting, that if it wasnt for them persistently making a lot
of 'noise' around this particular feature, FreeBSD guys wouldnt come up with
their own implementation anytime soon.

~~~
cm3
I see, that's unfortunate. TBH, I wasn't entirely sure what to make of the
comments in the ASLR Phabricator ticket, and it looked like they gave up after
failing to address the VM comments.

Do you know if there are there plans to implement the rest of the important
mitigation techniques?

~~~
tachion
To be honest, I am not sure there are such plans. First of all, there's that
discussion (and lack of agreement) between FBSD implementation author and the
ASLR idea author on what's the 'L' there really is (or what it should be), and
second, there is another division of opinions wether the ASLR is worth much in
first place, given there were successful bruteforce (and other) cracking
reports for other platforms proud ASLR implementations.

~~~
aseipp
> wether the ASLR is worth much in first place, given there were successful
> bruteforce (and other) cracking reports for other platforms proud ASLR
> implementations.

That is because ASLR, by itself, is almost totally worthless, and is meant as
a stop-gap to stop certain direct code attacks (vs "data only" attacks). It is
a stop-gap because most modern systems are completely riddled with things like
infoleaks, and you only need to leak one pointer to actually defeat the setup
completely.

The real vector that's sitting around to be killed is control-flow based
exploits (e.g. ROP, simple stack smashing, vtable ptr overwrites, all those de
jour exploit techniques). You need a powerful form of control-flow integrity
to stop this at the software level. You also need a method to actually help
mitigate information leaks so they can do less damage, and increase attacker
cost (e.g. "execute only pages" are worthless if all users have the same
kernel image. I can just download your GENERIC kernel elf image, and just find
the opcodes to do e.g. a ROP attack anyway. grsecurity uses compiler plugins
that randomize kernel stacks and the compilation method with a particular
private seed, at compile-time, so every compiled grsecurity kernel is
different from the last one).

TBQH: FreeBSD is probably better off copying the other twenty gazillion
exploit mitigation features from grsecurity that can reasonably stop exploits,
even by themselves, dead in their tracks - like UDEREF, KERNEXEC, refcount
overflows, triggering the kernel on unmarked signed overflow, the compiler
plugin features, etc. Those will actually ban classes of exploits outright,
every time, and always work, without wasting time through lots of wincing over
the finer details, like ASLR.

You won't get to parade "look at our weak ASLR implementation!" (thankfully),
but I feel we already have enough of that going around.

~~~
cm3
From what I understand, HardenedBSD basically ported GRsecurity features and
added stuff like default-PIE compilation and a couple userspace tools.

------
tachion
On another note, have YOU donated[0] yet? :)

0\.
[https://www.freebsdfoundation.org/donate/](https://www.freebsdfoundation.org/donate/)

~~~
pyvpx
on a somewhat related note: if you're reading this and you use OpenSSH, you
really ought to donate to the OpenBSD project via their foundation. And you
should band together with the rest of your technical team(s) who most likely
also use OpenSSH, and get management to make a donation in kind.

[http://www.openbsdfoundation.org/](http://www.openbsdfoundation.org/)

~~~
X86BSD
+1 EVERYONE uses OSSH. The OBSD foundation should be just rolling in cash like
scrooge mcduck from everyone donating. I think it's pretty sad and says a lot
about the IT industry that they are not. Considering that everyone uses it and
it's a pretty damn vital part of everyones core infrastructure.

~~~
xoa
Edit: I debated how to phrase some of this and apparently was not careful
enough based on the reply. I in no way meant to imply that OpenBSD was for
profit, scummy, taking money or any such thing or hadn't carefully formulated
their bylaws or weren't following them. I have tons of respect for them and
have repeatedly donated myself. What I was arguing (and am far from the first)
is that they have made it harder and less rewarding in numerous small ways
that affect donations, and I stand by that. \---- True, but at the same time
(and this is not an uncommon pattern with the OpenBSD team) they have thrown
up some silly roadblocks that shouldn't deter individual small contributions,
but are certainly of concern for large contributions or GP pyvpx's suggestion
of organized donations and matching ones, ie

>"and get management to make a donation in kind"

Unlike FreeBSD and pretty much every other serious donation-supported project
(including NetBSD) the OpenBSD Foundation is _not_ a [strike]legal non-
profit[/strike] "tax deductible charity" (in the US that'd commonly be a
501(c) tax empty). So donations are not tax deductible and may run into
barriers that others sail through. Many of the matching programs I've seen for
example simply have official non-profit status as a flat-out requirement.
While of course it might be possible to negotiate exceptions with management,
just in having the conversation at all we're already talking massively more
friction, and friction is the enemy of spending.

OpenBSD has some little bit of handwaving about it (Canadian, too much
trouble) which may well be valid in isolation but is irrelevant in the larger
picture, and feels more like a common pattern of prideful disdain at being
about "anything but the code". But to the extent money from non-coders is
considered important, the interests of non-coders also have to be at least
mildly considered if an increased response rate is desired. It's the 100%
right of OpenBSD to make it a PITA and have snark and proudly run rough sites
and such, but of course that's going to have natural consequences in
interactions with the rest of the world.

There's no right or wrong answer here, but I don't think your "it's pretty sad
and says a lot about the IT industry that they are not" actually fully
captures the situation. Other foundations are registered non-profits, have
somewhat nicer pages (not crazy webapp monstrosities, but even little things
like simple acknowledgment of smaller donors that OpenBSD blows off), and so
on. Donors _are_ special and rare, and a bit of personal recognition and
appreciation is free and can go a long way. A lot of coders may dislike the
softer general human networking side of things, but tossing it aside will
generally result in a reduced experience unless there is some other form of
stickiness.

~~~
phessler
This is so blatantly wrong, I had to create an account.

Yes, it is true The OpenBSD Foundation is not a US 501(c)3 (side note: that is
not the only type of US non-profit). That is because instead it is a _Canadian
Not-For-Profit-Corporation_, which is a legal non-profit for Canada.

Please, do NOT spread FUD that The OpenBSD Foundation is not a non-profit. It
absolutely is.

Proof: Canada Federal Corporation Information
[https://www.ic.gc.ca/app/scr/cc/CorporationsCanada/fdrlCrpDt...](https://www.ic.gc.ca/app/scr/cc/CorporationsCanada/fdrlCrpDtls.html?corpId=4409612)
The OpenBSD Foundation Bylaws:
[http://www.openbsdfoundation.org/foundation/bylaws.html](http://www.openbsdfoundation.org/foundation/bylaws.html)

~~~
cperciva
_Yes, it is true The OpenBSD Foundation is not a US 501(c)3 (side note: that
is not the only type of US non-profit). That is because instead it is a
_Canadian Not-For-Profit-Corporation_, which is a legal non-profit for
Canada._

This is absolutely true; however, the OpenBSD Foundation is not a _charitable
organization_ (and donations don't get any special income tax treatment) --
because Canada is far more restrictive in our definition of "charity". The
FreeBSD Foundation wouldn't have any special tax status if it was set up in
Canada either.

------
Arnt
Of particular note: the core team takes action against bad behavour. I wish
others would.

I'm not talking about Linus. Linus swears, I think that's almost OK. No, I'm
talking about the people who go out of their way to be unpleasant. Some of
them swear too, but saying fuck isn't the heart of what makes them bad. And I
wish Linus wouldn't swear — he attracts too much criticism and shields people
who could use a little headwind.

I'm going to donate to freebsd just for that.

~~~
Arnt
If any freebsd people read this, could you please have a quick look at ff-
wbe1.nyi.freebsd.org, which is thanking me for my generous donation once per
minute?

~~~
dgoodkin
On behalf of the FreeBSD Foundation, I want to apologize for this
inconvenience. We are experiencing a problem with our receipt generator right
now. We have someone looking into the issue right now. Thank you for your
support and donating to the Foundation!

------
tachion
There's also some work around the OS installer to implement a new menu where
OS security features are turnable, it wasnt on the report, but I hope it gets
to the 11.0-RELEASE.

~~~
jlgaddis
This sounds interesting. I'll go looking for it myself, but can you point me
towards the (mailing list?) discussion of this?

------
olavgg
Really cool to see active work on patching Ceph to run on FreeBSD. There
should be some advantages by running Ceph OSD on ZFS, but there is very little
information about if ZFS work well with Ceph even on Linux. Transparent
compression and checksum validation on read are two features I would love have
on a Ceph cluster.

------
hibbelig
I am excited to read about AllWinner support. How do I find out which devices
are impacted? I have a Cubietruck (aka Cubieboard 3) and it would be great if
I could run FreeBSD on it...

~~~
jmcneill
Cubietruck definitely works! There is no pre-configured image, so you need to
build your own. Easiest is to start with another Allwinner image (say the
Cubieboard2 one), replace U-Boot with the one for your board, and add your
dtb.

Look at ports/sysutils/u-boot-cubieboard2 for a template on how to build a
suitable U-Boot, and sys/boot/fdt/dts/arm/cubieboard2.dts for a template for
your dtb.

For a detailed list of supported hardware, have a look at the wiki:
[https://wiki.freebsd.org/FreeBSD/arm/Allwinner](https://wiki.freebsd.org/FreeBSD/arm/Allwinner)

------
akerro
Does anyone know when can we expect KDE5 in FreeBSD? Better support for Rust
would be also nice :(

~~~
feld
swills is working on KDE5

[https://twitter.com/swills/status/757797521133449216](https://twitter.com/swills/status/757797521133449216)

~~~
swills
Since you mentioned it, here's an update. My testing went well except for one
issue which was with unlocking after the screen locked. That turned out to be
because I'd built using a jail that was built before pam was updated, but was
testing on a system after the pam update (11.0-BETA2).

Also, the sddm package didn't build because the kdemerge tool can't merge the
UIDs/GIDs files. That was changed to go ahead and build the package and give a
pkg-message to create the user.

I want people to be able to test using 11.0-BETA2 and have sddm, so I've
updated the jail and am currently in the process of rebuilding the packages.

Because the jail changed, everything builds from scratch, so it's taking a
little while, but when they're done building (should be soon), I'll test some
more and write up some docs on testing KDE5 and post them for those who are
interested.

~~~
swills
Oh, and to give credit where it's due, all I'm doing is setting up poudriere
and jenkins. The guys working in the area51 deserve all the real credit for
doing the real hard work of getting things working.

~~~
akerro
Now you confused me, where should I donate?

------
floatboth
The best part:

> Intel GPUs up to and including the unreleased Kaby Lake are supported

> Amdgpu AMD/ATI driver has been updated to GCN 1.1 and higher

~~~
tedunangst
Unfortunately
[https://wiki.freebsd.org/Graphics](https://wiki.freebsd.org/Graphics) still
has big red boxes for broadwell and skylake.

~~~
floatboth
Yeah the wiki is updated, like, once in a year

~~~
jlgaddis
It's really unfortunate that the wiki is so neglected. I've gotten to the
point where I can't simply trust anything on it anymore. It has (had?) the
potential to be such a great resource to compliment the Handbook.

------
tazjin
I like FreeBSD but after getting used to systemd I can't go back to systems
without useful init systems anymore.

Maybe at some point one of the BSDs will implement a new, cleaner init system.

~~~
laumars
I'm curious, what is it you find messy about FreeBSD's init system? Personally
I prefer it to systemd.

(I know these topics can get quite heated, but I'm genuinely not looking to
start a flame war).

~~~
cm3
Previously service administration was different from linux distro to linux
distro. This is of course no problem for FreeBSD, since there wasn't such a
difference to begin with. One feature that FreeBSD may be missing is the
dynamic behavior of desktop and mobile machines, which doesn't seem to map
well to the existing init scripts.

While systemd clearly helped consolidate and make administration more
predictable across linux distros, there are deficiencies and regressions due
to systemd which for the most part didn't exist in the pre-systemd era. It may
be due to the scope of functionality systemd aims to cover, but some of the
unconventional or missing command line options don't help either. However,
it's used by enough mainstream distros that I expect the kinks to be fixed
with time.

~~~
digi_owl
> One feature that FreeBSD may be missing is the dynamic behavior of desktop
> and mobile machines, which doesn't seem to map well to the existing init
> scripts.

I keep seeing this argument, and i keep wondering what it is actually trying
to say.

Just about the only time i can think of that i want to spin up a daemon in
response to hardware changes would be with a USB bluetooth dongle, as it would
require certain daemons to get working.

But the cost of just leaving a deamon idle in ram seems much lower than having
to engineer a whole new init that monitor /dev changes so that it can start or
stop a process or two in response to them.

Then again, maybe i am not the laptop packing dev convention goer that seems
to use their laptop more like an oversized phone than a laptop (never mind a
desktop).

Edit: damn keyboard ignored the copy command somehow, so i had the wrong quote
pasted...

~~~
cm3
I don't know, it's just an argument I've heard from systemd and launchd
proponents. I've had hardware events via udev for a long time before systemd.

~~~
tedunangst
Rule number one: if you don't understand a claim, don't repeat it. Nobody
benefits.

~~~
cm3
You're right. I've trusted the content of Jordan Hubbard's presentation,
seeing how he was inside OS X for a long time and is a FreeBSD expert too, and
didn't question the validity.

