
FreeBSD 10′s New Technologies and Features - radimm
http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/
======
emaste
A few corrections:

LLVM/CLANG: GCC is still in the base FreeBSD source tree, and is still used
for CPU architectures where Clang support is not sufficiently mature. In
addition, the article claims that GCC will remain "for a time" in the ports
tree. GCC isn't going to be removed from the ports tree.

Tickless kernel: There's a spurious reference to "atomic close-on-exec" here.

PF: PF itself was ported from OpenBSD, while the SMP improvements were
developed in FreeBSD.

Netmap: Netmap is a very high performance _Layer 2_ Ethernet packet interface;
the reference to "65536 routing tables" is not applicable.

There are also a few items on here which are either works in progress or
brainstorming ideas, and are not likely to be available in FreeBSD 10.0 (but
may arrive in a later 10 point release): Variable symlinks, full UEFI, PCI
hot-plug, Thunderbolt.

~~~
twic
Variable symlinks stood out as a bit of a surprise on that list. Everything
else is understandable as either an improvement in the implementation of an
established feature, or an improvement of a feature in FreeBSD's core areas of
excellence (eg networking and storage), or a sop to the fashion for
virtualisation. But variable symlinks seem, to my ignorant eyes, like a new
feature that is not aimed at any particular strategic goal, just some cool
thing.

What is the rationale behind adding variable symlinks? Are they necessary to
support some other feature? Are they being adopted for parity with some other
form of UNIX? Is there a considered opinion that they will be found widely
useful?

Is there any discussion about them we can read?

~~~
noelwelsh
I think they are to support lightweight virtualisation like that used by
Docker.io. This allows multiple processes to act as though they own a
particular filesystem, which in fact in shared.

------
tete
We recently switched from a Debian and Cloud hybrid to FreeBSD. Result: We
have recent, stable software (Ports rock!), we are overall more stable than we
were on the cloud, we have no more need to work around limitations of clouds
and we have more resources while only paying a fraction, compared to our cloud
service. Because of this we can have way more systems, which means we can use
that for HA and are always set up for a sudden increase of users. With
FreeBSD's jails we have a perfect cloud-like separation of services.

I used to be a huge fan of cloud computing, but what I really dislike these
days is that while it makes it easier and way cheaper for companies it
actually brings close to zero benefits to users, even being more expensive and
connected with more limitations. A lot of the time people seem to use cloud
hosting, because everyone else does so and because it is a hype right now.

~~~
jrochkind1
What's the relationship between the switch from 'cloud' hosting to your own
boxes; and the switch to FreeBSD? What does one have to do with the other?

~~~
hcarvalhoalves
I believe he/she explains it ("jails").

~~~
biot
As one can run FreeBSD "in the cloud" and use jails there, I don't think that
explains it.

~~~
tete
It partly explains it, because for some it might be a reason to go for clouds
in first place. I agree, it's not always the case.

However as explained I think there are many wrong expectations coming from
clouds:

\- Isolation: Like already mentioned. You can use jails and nowadays LXC

\- Up to date software: Either managed or with special/official images (again
the isolation comes up her). This is a reason for FreeBSD. Their ports system
and base system allow for both stability and up to date software. Big plus for
startups, because they usually depend more on this than others.

\- Uptime: I don't know why this is so big. If you are designing (mostly)
stateless systems, like for the cloud you usually have the same benefits off
the cloud. You have to pay for HA (many instances) on the cloud. It doesn't
make it magically more available. However, if you go off the cloud, even
reserved Amazon instances you can easily build extremely high availability
cause it will cost less for you. One big thing when cloud computing game up
was how great it is that resources can be used more efficiently and how it is
cheaper for that reason. However, because of all the hype (I guess) it is only
cheaper for cloud hosts.

\- Scale out: Again, this is a question of cost: Do you start out with two or
three instances in the cloud or for the same money just get 5-10 real systems
(no joke, look how cheap professional grade hosting became!) so you don't need
to bother in first place?

So you end up with less resources and higher costs and potentially cannot (or
have a harder time to) run certain services that simply are not optimized for
the cloud. Again, if you design your software to run in the cloud you usually
have software that on real hardware is close to zero maintenance (well, at
least less than what you have to do for clouds anyway).

I am sure there are good reasons for running FreeBSD on the cloud instead of
just buying your own machines and connect them (over multiple data centers if
you worry a lot). And we actually also use the cloud for backups.

However I really think that often the term cloud is used as just another
buzzword and the benefits are mostly imagined, caused by a huge hype, not
always, but way too often.

Don't get me wrong, I am not against cloud computing at all. I just came
across way to many people/startups paying for expensive cloud infrastructure
seemingly not having any reason for it, other than it being hyped. When I ask
why they do it then they either don't know or have really wrong expectations.

------
windexh8er
I loved FreeBSD all through the late 90s / early 2000s in high school and
college. I was working for a small ISP that ran 100% FreeBSD and cut my teeth
on *nix in general on the platform. My first foray into Linux (Debian) felt
sloppy and discombobulated comparatively. Why? FreeBSD is an entire OS, not a
menagerie of tools wrapped around a common kernel. FreeBSD always felt much
more polished, complete and predictable. Unfortunately our team made the
choice to migrate to Debian for ease of upgrades and security patches (no more
building world). Back in the day the limited resources from a processing
perspective made those upgrades much longer than an apt-get upgrade.

I love Linux (Arch / Debian), but I still have a soft spot for FreeBSD. I have
flashbacks to the network install via a floppy that remind me of the simpler
time of the Internet. I need to re-engage with 10. Lots of great platforms I
use are still based on it - FreeNAS and PFSense.

If you've never tried it, I encourage you to learn the system.

~~~
lbenes
After working Solaris and AIX for years, I still prefer BSD's userland to
Linux's, but Linux's overwhelming HW support eventually won me over. Would
anyone else here be interested in a distro with a Linux kernel with FreeBSD's
userland? I've experimented with Starch Linux and MirOS, but both are pre-
alpha.

~~~
chubot
What's better about the FreeBSD userland? Are you talking about the shell
tools like coreutils/diffutils/etc., or more about daemons like DNS/mail/etc.?

I am actually thinking of doing the opposite: using GNU user land tools
(coreutils etc.) with the FreeBSD kernel. I know there are some projects
already in this direction -- Debian/BSD, Arch/BSD, and I think Gentoo has some
relation to BSD.

Reason: I want some BSD kernel features but don't want to waste time porting
shell scripts and so forth.

~~~
GalacticDomin8r
> What's better about the FreeBSD userland?

For one example, take networking tasks:

Task / BSD / Linux

set ip / ifconfig / ifconfig or now "ip" which is confusing

wifi / ifconfig / iwconfig

speed / ifconfig / miitool or ethtool

duplex / ifconfig / miitool or ethtool

vlan / ifconfig / vlan

wol / ifconfig / miitool or ethtool

bridge / ifconfig / brctl

link aggregation / ifconfig / flags while loading module OR use distro network
config scripts and restart all networking or reboot server

Want find out which nic is occupying ethX perhaps for tuning or scripting etc?

Linux = complicated, by distro/version

FreeBSD = nic by device eg em0

~~~
ajross
Most of your list is just the fact that FreeBSD has a giant ifconfig binary
instead of separate tools for different features. That's mostly a taste issue.
Certainly dumping everything in the same tool is no less "confusing". I just
googled the FreeBSD man page for ifconfig -- yikes!

The last bit is unfair. Yes, Linux distros have recently diverged on network
device naming. But that's for a good reason: the old scheme wasn't robust
against probe order, the new systemd one is, _and FreeBSD 's isn't either_.
The systemd naming (while ugly) is better, period. That's a feature for Linux,
not a confusing problem with its userland.

~~~
mitchty
giant?

Freebsd 9.1 RELEASE: 260k /sbin/ifconfig

My Arch box: 76K /usr/bin/ifconfig

I have to use linux for work, but he's right, keeping everything in ifconfig
is much more close to the old school "unix" way than "lets play 20 commands"
that seems to be present in most linux mindsets.

~~~
ajross
This may be the first time I've every heard the "old school unix way" defined
as (heh) "packing all related functionality into one command".

But use what you like. Just don't pretend that it's anything other than taste.

~~~
mitchty
Its more keeping networking related things for interfaces in the
InterFaceCONFIG command seems to be a more "one tool for the same thing" in my
mind.

------
harrytuttle
Wonderful!

I may actually consider dumping Debian for FreeBSD 10.

I've never been totally happy with Linux after moving off "proper" UNIX
machines. I had a FreeBSD 4.4 machine floating around for years which I was
rather happy with but drifted off to Linux-land primarily due to convenience
when it came to Flash and audio.

So many compelling reasons to switch back to FreeBSD now.

~~~
maheart
What exactly is attracting you to FreeBSD?

I ask because Debian has a FreeBSD "port". That is, it offers the Debian
userland on top of the FreeBSD kernel.

So, depending on what you're looking for, you might be able to gain access to
the best of both worlds.

If you're after the FreeBSD experience (i.e. the community, the BSD command
line utils, ports, and the preference for permissive licenses), then I guess
Debian/kFreeBSD really isn't of any interest to you.

~~~
mavhc
I use debian/kfreebsd on my server so I can use zfs. Had Freebsd previously,
but the lack of a Stable ports tree meant updating broke things often.

Although many things don't work on debian/kfreebsd, and searching for help is
tricky, do I go the debian way or the freebsd way, it's always updated with
few problems.

~~~
Freaky
Port updates are a _lot_ nicer now we have poudriere and pkgng - I haven't had
a "pkg upgrade" break anything in months, and that was prior to automatic
shared library tracking and just needed a "pkg install -Rf lang/perl" to fix.

e.g. the latest entry in UPDATING is for any port depending on
converters/libiconv. Using portmaster or portupgrade requires querying the
package database for the list of depending ports, force-deleting libiconv and
then force-rebuilding from the previously saved list. With pkgng it's a case
of "pkg upgrade && pkg autoremove".

------
TheSwordsman
I've really wanted to give FreeBSD a 100% solid shot. With this release I may
try uploading my own FreeBSD image to a Xen VPS provider (probably Linode).

With that being said, I feel like I may be a spoiled little GNU user. There's
plenty of times where I end up on a BSD system, and I try to use some sort of
GNU-idiom in a command-line utility and I end up really really confused and
unsure of how to bend it to my will. I think GNU sed is one of the first ones
to come to mind, but there are definitely other utilities where the flags
don't match up or don't even exist.

~~~
untothebreach
The next time that happens, try running the command again, but prepend a 'g'
(so gsed, gawk, etc). Most BSD systems have the GNU versions of utilities
present in their ports systems, and many come with the gnu coreutils
installed, g-prefixed.

~~~
asdasf
None of them come with the GNU coreutils installed. You have to install them
if you want them. I'd recommend learning basic unix commands instead though,
it doesn't take very long at all.

------
parennoob
Have never used FreeBSD, and am curious about using it on my laptop -- so an
honest and perhaps naive question for people who do use it as their main
system:

Does it JustWork on the majority of average-user things, like connecting to
your Wi-Fi access point, displaying your desktop at its maximum resolution
without crying, playing your multimedia files, etc? Ubuntu gets this just
right, providing a perfect balance between core technologies for developers,
and ease of software installation for common activities like, say, watching a
Youtube video.

Support for 500 virtualisation technologies and no easy support for, say,
playing mp4 files is going to make me not want to use it on my laptop. Then
again, the average user might not exactly be who FreeBSD is targeting for
their software.

~~~
belorn
If you are looking for a pragmatic operative system, freeBSD is going to be at
the bottom of the list thanks to it having the hardest licensing requirement
for included software projects.

Ubuntu include anything from proprietary freeware blobs, to GPL, to permissive
licensed software. So long the inclusion improves the practical use, it is
included. The more ideological free software operative systems excludes the
proprietary freeware blobs, but keeps the GPL licensed and permissive licensed
software. FreeBSD excluded both proprietary freeware blobs and GPL licensed
software, and only uses software that is permissive licensed accordantly to
the OSI standard. This methodology also cover driver support for hardware, as
they won't port a linux driver to BSD if the linux driver is GPL.

However, most commonly used GPL software has an permissive alternative, so if
you are lucky, using those alternative won't impact you too much. On the
server side, I would think that is more true than for the laptop.

~~~
bunderbunder
> they won't port a linux driver to BSD if the linux driver is GPL.

It's more a "can't" than a "won't". They can't incorporate GPL code into the
BSD kernel without violating the GPL.

LGPL-licensed code might be something they could port as a pluggable driver,
though don't quote me on the details there.

~~~
lmm
It seems perverse to say the least that freebsd was willing to incorporate the
(more restrictive) CDDL[?]-licensed ZFS driver into their kernel, but won't
include GPL code.

~~~
emaste
The CDDL is a file-scope weak copyleft license, and is (broadly) less
restrictive than the GPL. As bunderbunder pointed out FreeBSD is not able to
include GPL code, because the GPL is not compatible with the distribution
terms for the kernel.

------
mcfist
Just right now happen to help old $work with their 4.11-STABLE FreeBSD
station, not touched since 2005 .. amazing technology, love it!. Still
working, and while compiling ancient stuff from ports tree, am writing this
comment from Konqueror 3.3.2 from 2004 . Thank you FreeBSD people!

------
chris_wot
So no qualms about backdoors in RDRAND? Will they be doing the same as Linux
with their random number generator and add additional sources of entropy?

~~~
simias
If I understand the source code correctly[1] they use the output of rdrand
directly. However they also have an option "hw.ivy_rng_enable"[2] to disable
it.

The code is actually nicer to read than the Linux counterpart and it seems
trivial to implement a new "random_adaptor" that would xor the output of ivy
(rdrand) with yarrow (the software one).

[1]
[http://fxr.watson.org/fxr/source/dev/random/ivy.c](http://fxr.watson.org/fxr/source/dev/random/ivy.c)
[2]
[http://fxr.watson.org/fxr/source/dev/random/probe.c](http://fxr.watson.org/fxr/source/dev/random/probe.c)

~~~
GalacticDomin8r
There are indeed plans to post-process the output of rdrand.

------
checker659
Anyone know what happened to Capsicum? Can't find any mention of it anywhere.

~~~
enjolras
Capsicum is still work in progress and worked on. Since FreeBSD 9, it has
undergone a lot of internal design changes (capabilities are now embedded in
the filedescriptors instead of being standalone structures), and API changes.

Yet another API change is undergoing to make the code more future proof
(currently, you can have only 64 different capability rights, which is not
enough), but it's happening out of tree. There are also new libraries to ease
applications developpement.

Capsicum is not yet in a real production state. It's a big project and it
needs a lot of thoughs to get it right. I don't know if it will get in FreeBSD
10, I'm not a freeBSD guy, but you can be sure there are still a lot of work
dedicated to capsicum ! After the basic kernel API and libs has been
stabilized, it will still need work to convert applications to capsicum before
you can consider capsicum as a deployed security mechanism in FreeBSD.

------
MichaelMoser123
Does anybody know how RDRAND is being used in FreeBSD 10 ? is RDRAND somehow
mandated so that it must be used, I mean why are both Linux and BSD both
thinking that this is such a swell feature that must be implemented ?

Theodore Tso - the author of Linux /dev/random thinks that using it is a bad
idea
[https://plus.google.com/117091380454742934025/posts/SDcoemc9...](https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J)

~~~
bcoates
A lack of entropy sources on some kinds of hardware is a real problem, and
buggy attempts to work around it have resulted in defective, easily factorable
keys being used in the wild on equipment like Juniper SRX gateways:
[https://factorable.net/weakkeys12.extended.pdf](https://factorable.net/weakkeys12.extended.pdf)

------
Ixiaus
I love this operating system.

~~~
knob
Heck yeah! And the communities in (forums.freebsd.org) and #freebsd (and
#44BSD)...

------
jff
Does pkgng actually have any packages on it these days? The last few times
I've checked, nothing's been available because of a security breach a year ago
or whatever.

~~~
kryptiskt
PC-BSD has pkgng packages, you just have to change the URL.
[http://wiki.pcbsd.org/index.php/Convert_a_FreeBSD_System_to_...](http://wiki.pcbsd.org/index.php/Convert_a_FreeBSD_System_to_PC-
BSD%C2%AE#Switching_to_the_PC-BSD.C2.AE_pkgng_Repository)

------
lawnchair_larry
Unfortunately FreeBSD is still in the 90s with security technology, making it
completely unsuitable for hosting anything important.

~~~
profquail
Can you provide any citations to back that up?

FreeBSD's new security framework -- Capsicum -- has been backed by Google:
[http://www.cl.cam.ac.uk/research/security/capsicum/](http://www.cl.cam.ac.uk/research/security/capsicum/)

------
Apocryphon
Will *BSD projects eventually try appealing to the mainstream the same way
Ubuntu and Mint have been over the last decade?

------
tsahyt
Is there any reason for switching to LLVM/CLANG from GCC other than the
licensing?

------
jacobwcarlson
The replacement of BIND is quite the landmark.

------
Nux
I guess this is not the year FreeBSD gets a decent package manager (for
binaries).. :( Maybe next year.

~~~
GalacticDomin8r
I guess you're wrong.

[http://www5.us.freebsd.org/doc/handbook/pkgng-
intro.html](http://www5.us.freebsd.org/doc/handbook/pkgng-intro.html)

~~~
Nux
No I am not. I said "decent", this implies at least "usable". It'd be nice to
get that done by the time it hits stable, but I wouldn't hold my breath.

~~~
GalacticDomin8r
> No I am not.

Yes you are.

> I said "decent", this implies at least "usable".

Agreed.

> It'd be nice to get that done by the time it hits stable, but I wouldn't
> hold my breath.

pkgng has been usable for over a year. Read the page I linked too.

~~~
Nux
I'm still not wrong. :)

Pkgng itself seems like it's working, but bootstrapped fresh on a FreeBSD 9.1
it provided a non-existing repo:

[root@freebsd91 ~]# cat /usr/local/etc/pkg.conf packagesite:
[http://pkgbeta.FreeBSD.org/freebsd:9:x86:64/latest](http://pkgbeta.FreeBSD.org/freebsd:9:x86:64/latest)

And that URL is actually a 404 page.

Additionally the existing binary repos (the one pkg_add uses) cannot be used
with pkgng.

So essentially - unless you want to start building packages and maintaining
repos - pkgng is at this moment _useless_.

I do wonder if they'll manage to come up with decent[1] repos in time for the
final release.

[1] - providing many packages and updates like in the linux distros world, not
just "set it and leave it" as they do with the current repos.

~~~
GalacticDomin8r
> _I 'm still not wrong. :)_

Yes, you are.

> _So essentially - unless you want to start building packages and maintaining
> repos - pkgng is at this moment _useless_._

Well since that is the point of pkgng I'm not sure what you're griping about.
The effort of it? poudriere allows pretty trivial building and automated repo
generation. Is it a little more effort than typing apt-get update? Yup. But
you aren't at the whim of repo maintainers on getting new packages in(like
most stale Linux distros), or with ideal compile time options, or trying to
find a repo that has the packages you're seeking.

> _[1] - providing many packages and updates like in the linux distros world,
> not just "set it and leave it" as they do with the current repos._

With pkgng, you control when the repo is updated and what is updated. It's
negligible effort to do so since it's a product of the ports system. I'm not
sure what distro you've been using that leaves you with such pie in the sky
attitude but it isn't one I'm familiar with. The enterprise distro are all
horribly out of date, the bleeding edge are inappropriate for production use,
and the in-betweens give you problems from both ends.

------
AsymetricCom
11\. backdoor in sshd, compliments of NSA

