Depends on how you look at it. It's that particular old version of GCC in base because of licensing, yes -- but that old version is now effectively obsolete, so there's a technical reason (originally forced from licensing) to move away from it.
That said: it's good to remember how much of a breath of fresh air clang was way back when. Error messages in that era of GCC were _terrible_. Clang showed up with colorized error messages and ASCII art arrows and it felt like magic. So, sure, licensing alone would have been a fine reason for base to do what it did, but I don't think it's fair to characterize it as _just_ licensing. GCC has made huge improvements since then, but those are only visible in ports (which has always had and continues to have modern GCC). Which I guess you could argue makes it a licensing issue? :-)
I have recently set DECSCNM on in my terminal(s), which inverts everything, effectively swapping the foreground and background colours. The clang error messages now come out with unsightly large streaks of extraneous colour, as freshly erased lines caused by scrolling fill with the colour that clang has not yet turned off. clang was always doing this. But when it's the background colour it's more visible.
It would be such a simple fix, that's actually in line with code elsewhere in the same class. I wonder how many years it will take to get it changed.
> That said: it's good to remember how much of a breath of fresh air clang was way back when. Error messages in that era of GCC were _terrible_.
I disagree; I think clang set a trend and now GCC's error message are worse than they used to be. In the recent days I've seriously considered patching them out because I'm getting really tired of the wall of text of useless suggestions, macro expansion, etc. that hides the actual error. 99% of the time I just need to see which line my error originates from (before any macro expansion) and I can follow the chain manually in the remaining 1% of cases.
What's happening now is that I have a line with an error, and I get 50 lines of trash output among which the actual error is buried. And trying to jump to the error in my editor has me jump through headers, #include rows, and other garbage, sometimes missing the original error line entirely!
It's ridiculous. The suggestions are also largely either wrong or so obvious that they have only negative value. It's just clutter. Same goes for the ascii art arrows. Just clutter, making it harder to see relevant things.
I can see these messages being helpful for a total newbie who's still acquainting themselves with the standard library and figuring out the basics of the language, but for me (writing C daily for a living, and as a hobby for the past 15+ years) it's just getting in the way.
It's a pity that you weren't instead reminded of -fno-color-diagnostics, -fno-caret-diagnostics, and -fno-diagnostics-show-note-include-stack. You could have told clarry about them. (-:
IMO, still very much a licensing issue. Modern GPL3 GCC versions produce superior debuginfo as compared with Clang, in 2020, and the error messages and optimizations are currently competitive between the two. The ancient GPL2 GCC4.2.1 (C) compiled much faster than the modern Clang (C++), but I don't know if that still holds true for newer versions of GCC.
I have heard that the LLD (LLVM linker) is much faster than either ld.bfd or ld.gold.
In which way terrible? Error messages for C++ were at times unhelpful, but I can't remember being dissatisfied with those for C. Outside the Desktop environment, is there much C++ code in the FreeBSD system?
devd is C++, and it is not alone. Unfortunately, the dynamically-linkable C++ runtime library is in the wrong place, and not in the same place as the C runtime library, so things like devd have to be statically linked.
But the clang switch was not motivated by its C++ error messages, to my knowledge.
What is the problem of using a GPLv3 compiler? Only political reason, since FreeBSD is still an open source project and they can use GPLv3 software without any problem.
Not only that, but even proprietary software can be built with a GPL compiler, the binaries produced by the compiler are not considered derived work that must be covered by the same GPL license, so if Microsoft wanst to build Windows with GCC for example they can do that, provided that they don't link in the executable produced GPL code (e.g. glibc).
The legal subject of licensing GPLv3 is a lot more nuanced then you are indicating. One example of this is that while the license can explicitly allow proprietary software to link to a library it cannot explicitly deny proprietary software linking to a library. Copyright law defines what is and what isn't derivative works, not licenses. And copyright licenses are fundamentally limited to copyright law.
But there are technical reasons to avoid using GCC nowadays as well.
The GNU people have built in shitty anti-features into GCC suite, ostensibly to limit the ability of proprietary software to incorporate GCC into their products.
LLVM, which is what CLang uses, was partially a response to the artificial technical limitations intentionally imposed on users by the GNU GCC authors.
The main issue with GPLv3 software isn't the linking. You can link stuff using GCC without making sources available to anybody.
The main issue with GPLv3 is the so-called Tivoization clause. It basically states that if you have a product that ships with any GPLv3 software, you need to give your users the ability to install a modified version of anything you included that's GPLv3. Which basically means you can't lock down your device. That's a big security risk on an embedded system - both from an IP protection point of view, and also from a botnet/pwning point of view.
FreeBSD (and others presumably) don't want their users to need to worry about accidentally installing something from the core system and finding themselves in violation of the GPL.
>That's a big security risk on an embedded system - both from an IP protection point of view
If a company is interested in "protecting their IP" by closing the source then it's questionable why they would have even wanted to use GPLv2 software at all. The OEM's IP situation is also not related to the security of the customer. Maybe it matters to the security of the OEM, but that's different.
>and also from a botnet/pwning point of view
Complying with the GPLv3 doesn't mean the device becomes vulnerable to botnets. All it means is that the customer who purchased the device has to get access to the hardware keys. For their own device. That they purchased.
> If a company is interested in "protecting their IP" by closing the source then it's questionable why they would have even wanted to use GPLv2 software at all. That also is not related to the security of the customer at all. Maybe it matters to the security of the OEM, but that's different.
I can't speak for other engineers. But at companies I've worked in, a common product model is "embedded Linux with GPLv2 software, and some proprietary secret-sauce binaries". At those companies, they usually do send patches to upstream open-source projects and they try to contribute. Also they usually provide full source-code on request, for everything except the proprietary stuff.
The net effect of GPLv3 has been that GNU packages basically don't exist on embedded devices any more. Which means that engineers like me don't have the professional opportunity to contribute features and patches. It sort of isolates GPLv3 projects into a walled garden, which I feel like is the opposite of what GPL was intended to foster. Instead, I can only have the professional opportunity to contribute on GPLv2 or permissive-license projects.
> Complying with the GPLv3 doesn't mean the device becomes vulnerable to botnets. All it means is that the customer who purchased the device has to get access to the hardware keys. For their own device. That they purchased.
I sympathize with the intent behind this. There are also just some practical realities that are tough. At my current company, the team working on our next embedded Linux product is pretty small. We don't have infinite time or resources to make sure that our own code is 100% intrusion-resistant - all we can do is try our best.
It's a big ask for us to support _two_ methods of firmware-update (local and over-the-network) with different keys/security requirements for each. We just plain don't have the manpower to support that, not when we can be developing features to improve our product instead.
And if you have access to the filesystem, it's that much easier to comb through it and look for vulnerabilities in our network updater (for example). And it's easier to pick apart the proprietary bits with Ghidra or something. Could you do it anyways, even without our help? Maybe. But it's much harder.
Can we design a system that's robust enough to allow you to install whatever you want on your unit? Maybe. Probably. Hopefully we're already there. But I'm not going to risk my company's livelihood on it just to ship GPLv3 software, especially considering that there are almost-as-good alternatives for a lot of it. We just don't have the resources to make sure we cover every security angle on an open-box system.
We are in a bind here. If you ship GPLv2 software on a locked down device then nobody downstream has the professional opportunity to contribute, because they simply can't get any of their changes onto the device. The reason to rectify this is not "to ship GPLv3 software" the reason is because otherwise customers don't have control over their own devices.
The developers who relicensed to GPLv3 don't care that some companies won't contribute. From their perspective, any of those contributions would be unusable to them. I feel a similar way with my open source projects -- why would I as an outsider maintain code that nobody outside of your company will ever have any possible way to test in a real production scenario? It's a waste of my time. Yes I might be missing out on minor bug-fixes but I don't really care about that. Like you said, feature development is more important.
As far as firmware-updating goes, to be in compliance the user just needs to have some way to get access to the keys. You don't need to make separate keys, it can be the same method that you use.
> We are in a bind here. If you ship GPLv2 software on a locked down device then nobody downstream has the professional opportunity to contribute, because they simply can't get any of their changes onto the device.
I should clarify - what I meant is that if we're shipping GPLv2 software like Busybox, then I'm able to spend billable time improving Busybox and upstreaming my patches. That's labor that could be going to GNU coreutils instead, if it was the userspace on my product. But since I'm not shipping it, that means I don't find bugs or need features very often. Which means I have way less of an opportunity to pitch in.
That's great for you. In that situation, if my company buys your product, we have zero opportunity to pitch in to Busybox and are not able to spend any of our billable time upstreaming our patches, because the device is locked down. Who wins here? It's not the project who wins, because they lost contributions. It's not my company or any of your other customers who win, because we can't contribute. It's not you who wins, because if you get a different job then you lose access to the device and can't contribute, and you also lose the billable consulting hours that you could have charged to my company. It's not your company who wins, because they lose the shared contributions from my company.
I'm not making this up either. Even in my personal life I own lots of random devices that I know for a fact are running Linux and Busybox. But I have to go out of my way to find a device that I actually have a chance to get a toolchain running on and can actually start working on patches. It's usually limited to old devices that had no security or had their security broken. So any contributions I make are limited to things that only work on insecure old legacy hardware, stuff that is not going to be of interest to your company working on the next new hotness. There is a real problem here that's in-part solved by the GPLv3, but you have to actually acknowledge that it's a problem.
Just a note - I appreciate this discussion, and your point of view! Thanks for having it.
Ease of contribution is a problem for sure, and it's one that GPLv3 was intended to address. My main point is that the changes from GPLv2 actually had the opposite effect for a whole group of developers.
Instead of encouraging -more- development, I feel like maybe it's just driven developers away and onto GPLv2, MIT, or BSD equivalents. Maybe this is intended behavior, and not an accidental side-effect. I don't know. But it's hard to dispute that it reduces the pool of potential contributors to GPLv3 packages.
GPLv3 components just aren't an option for a lot of products, regardless of whether GPLv3 is better for users (I agree that it is). I think it's really harmed the FSF a lot. With fewer installations of FSF packages, the FSF sees less participation and loses some of its clout. And that makes me sad :(
People and groups that wanted to contribute but couldn't because of locked-down devices were already driven away and discouraged from development. And it was worse for them, if you own a locked-down device you can't go and decide to run FreeBSD on it to fix that. You just can't work on it at all. The GPLv3 was drafted in response to complaints about this -- specifically, companies that were shipping Linux and Busybox and were either straight-up GPL violating, or were telling users to get lost when they asked how it would be possible to get patched software on the device in any practical sense. From my perspective, there already was a wall in between those companies locking down their devices and the rest of the community. The GPLv3 only highlighted it.
> It's a big ask for us to support _two_ methods of firmware-update (local and over-the-network) with different keys/security requirements for each. We just plain don't have the manpower to support that, not when we can be developing features to improve our product instead.
But you don't have to do two different systems. You can use the exact same update mechanism, just with the cryptographic validation controlled by the owner of the hardware.
Look at how Secure Boot is implemented on most x86 platforms. Default installed keys from the OEM, can not be changed from the OS, but can be disabled or replaced by the end user.
Chromebooks offer another example of how to do it well with their "Developer Mode" switches. With the switch (which is not accessible on an operating system) in the default position it will only boot Google signed images. With the switch in developer mode it notifies the user of this on every boot, but no longer verifies signatures. The device is factory reset when switching modes to ensure that the unsigned mode can not be used to compromise a stolen device.
Android phones with unlockable bootloaders work similarly, they just have a software toggle in the first-stage bootloader rather than a physical switch.
---
There are plenty of low-effort ways to provide cryptographic verifiability to end users while still following not just the letter but the spirit of the GPL.
Obviously most of us would prefer something like the first example where a user could replace the stock keys with their own and sign their own code to maintain full security when going off on their own, the second and third options are nearly trivial to implement. One switch or jumper, a single input pin, and however much code it takes to check the state of that pin when performing any boot validation.
When ever people mention the Tivoization clause they forget to include the big exception which the license gives. You do not need to give your users the ability to install a modified version of GPLv3 software if there is no mechanism for which the manufacturer can modify the software after sale.
People can create any number of embedded system which are locked down so no one can change the software. The key here is nobody. Not the user, not the manufacturer, not some backdooring third party.
People are free to argue that allowing manufacturers access to devices after sale but not the actually owners is a security feature to prevent botnets and pwning, but that is a harder sell.
Don't write proprietary compilers. You can thank GCC for mostly eliminating that possibility in the years before clang. Now we are dealing with that again.
> Only political reason, since FreeBSD is still an open source project and they can use GPLv3 software without any problem.
And what about Dell EMC Isilon OneFS, which uses FreeBSD as the base of their product? Or Panasas or NetApp? Juniper? Sony and their PlayStation 4? Netflix?
