Hacker News new | past | comments | ask | show | jobs | submit login
EdgeBSD (edgebsd.org)
73 points by justincormack on Aug 22, 2013 | hide | past | favorite | 42 comments

Finally got it to load. From the site, for those who can't:

EdgeBSD is a new member of the family of BSD-based Operating Systems, starting development with the current NetBSD codebase with Git for Source Code Management. Package management is based on pkgsrc.


The primary goal of EdgeBSD is to provide an ambitious environment for working as a bigger community together on the NetBSD Project. This will be achieved thanks to a more modern development infrastructure, while taking a more aggressive stance on integrating and enabling features.

Ultimately, EdgeBSD should be just as fun and attractive as a Research & Development platform while delivering a modern, robust, and industrial-grade system for all ranges of computer devices. First steps

The preliminary plan looks as follows:

* existing features will simply be enabled and used by default (SSP, ASLR, modular kernels and Xorg, full disk encryption, securelevel...);

* a release with these features will be delivered, based on the latest stable NetBSD branch.

Every meaningful contribution will be proposed back to the NetBSD Project.

Longer term

EdgeBSD should be as attractive a platform as possible, and use the advantages of its existing codebase to experiment on being a modern, safe, and portable Operating System. This vision currently includes:

* advanced facilities for developers (patch management, build environments...);

* re-organization of the base system (Git submodules, packages...);

* a graphical installer;

* modern package management (signed packages...);

* alternatives to Xorg and default desktop environment;

* ready-to-flash images for embedded devices;

* virtualization of most components with the RUMP anykernel.


EdgeBSD users and developers can be found on the #EdgeBSD channel on the freenode IRC network.

A web interface for the Git development trees can be found at git.edgebsd.org.

More services are being brought up and will be provided soon (mailing-lists, wiki...). Hosting

EdgeBSD is primarily hosted in Germany, Europe.

"EdgeBSD is primarily hosted in Germany, Europe."

I expect to see that a lot more in the future. It's pretty much saying "EdgeBSD is not primarily hosted in the USA."

No, I'm pretty sure it's just saying that it's hosted in the Germany... Our primary company servers are hosted in Germany, because that gives the lowest overall latency for the locations of our employees, maybe it's just a similar technical reason?

And it's so slow that I suspect it's running from someone's bedroom, anyway.

Yes, I think hosting open source projects outside the US is eminently sensible; it would be terrible if organizations like the NSA were able to go through every single commit on the project, see who did it, and what they changed.

What's stopping NSA from scanning http://git.edgebsd.org ?

The GP was being sarcastic. The need for privacy would be small on a project that is open by it's very nature.

True, but there's also the argument of patents (eg how DVD decoding libraries cannot be shipped from US-based Linux distros)

For us Europeans knowing servers are hosted in an European country has got everything to do with latency and nothing to do with some sort of anti-americanism.

Actually in our case, it's for compliance and confidence purposes and hatred of American politics and government policy, not the American people.

Not one single company in the financial sector in the UK wants their kit anywhere near the US or in any datacentres with US ownership any more simply because of the PATRIOT act and PRISM etc.

We just moved 2 tonnes of kit into a wholly UK owned DC away from two large primarily US based DC's. We've also cancelled our Amazon S3 storage option and migrated over 540Gb of data back to our kit.

People have paid for all this voluntarily because being responsble for being fucked over by the US government is a big concern. Would you want all your mortgage, insurance and credit scoring data in the hands of a foreign government who religiously ignore data protection laws?

Not one single company in the financial sector in the UK wants their kit anywhere near the US or in any datacentres with US ownership any more simply because of the PATRIOT act and PRISM etc.

It's odd because it seems that the British government and the USA have a sharing agreement (from what I understand of the PRISM story, which I don't follow a lot, I admit) which doesn't make it any safer to move hosting from the US to the UK.

Also, we happen to have many customers in the finance industry, including in the UK, and I never heard a single one of them telling me they're moving their servers from the US because of politics (or any other reason for that matter).

It would even be impossible for most of them as they have office in NYC and need to have IT there.

Would you want all your mortgage, insurance and credit scoring data in the hands of a foreign government who religiously ignore data protection laws?

Actually I'm more worried about credit companies and banks who also ignore the laws and share this data. I think it's a bigger problem.

We still require a warrant in the UK which is the major issue. In the US this is probably still required but is by fact not honoured. The data centre we have moved to has financial guarantees that they won't let anyone in without a warrant and will inform us if anyone issues one immediately. The datacentre also don't have access to our cages (they are locked) so only forced entry is possible which requires a warrant issued.

Also we can drop the SAN fabric encryption keys remotely or on network events (such as peer disconnection) which will warrant the cluster useless until someone physically reloads the keys off the KMS.

This all puts the onus on the authorities to prove access is warranted and necessary.

This is what our clients want.

You are saying "including the UK". We deal with ONLY wholly UK based companies as we are very specialist.

Credit companies and banks in the UK do not share this data voluntarily. Sometimes there are leaks and cock ups but they are surprisingly rare.

The worst people for data leaks are utility companies.

We still require a warrant in the UK which is the major issue.

I'd just about be willing to bet money that it will eventually come out that your GCHQ is doing all the same things as the NSA. So far it's already emerged that they are pretty solidly in bed with the NSA, so I don't even think that would be a surprising revelation. And consider that the UK has already been out in front of the USA in terms of openly advocating a "surveillance state". Isn't the statistic that the UK has more surveillance cameras, per capita, than any other country? Or something to that effect?

they won't let anyone in without a warrant and will inform us if anyone issues one immediately.

So far as you know right now.

Credit companies and banks in the UK do not share this data voluntarily.

So far as you know right now.

Probably are.

CCTV statistics are rubbish. Most of them are in private hands and/or are for traffic management.

As I said there is a financial penalty and we have motion tracking webcams in the cage so any unauthorised access, we know about straight away.

We do know because we're responsible for making sure stuff like that doesn't happen.

The NSA does not require a warrant to spy on you in the UK and has pretty much been doing it since their inception.

This is certainly the case for businesses with proprietary data, for an open-source community like we're discussing it's just another (admittedly rather useless) online backup service :)

Until someone things it's ok to meddle with your infrastructure and codebase without a warrant...

If you think only the US is capable of these kind of shenanigans you have another think coming.

I don't think anyone is labouring under the illusion that only the U.S. is capable of that sort of thing, but they have been very clearly proven to be doing so already. There's a huge difference between `could do' and `already known to do'.

I agree, but I dislike the use of the qualifier `primarily'.

The page source gives no hint of the source of the slowness, but curl -I reports it's Apache running PHP. So I'm going to guess it's mod_php in standard forking mode, fruitfully multiplying.

That's maybe why I can't even load it. I thought perhaps it was my work proxy.

no varnish?

What I don't like about the approach is that they announce to prominently use git as a modern DVCS, which is not BSD software. I would rather see improvements in the existing BSD-licensed VCS. Currently, the only candidate under active development would be http://fossil-scm.org/.

Or heck, maybe even start an initiative for a DVCS implementation under a BSD license that is able to work with the git protocol. This could even use the git disk format, so you can still use git in parallel until it's feature complete.

Users don't want to learn yet another fossil scm; Git is ubiquitous. It seems like a wasted effort to reimplement Git just because of its license.

libgit2 exists and has been making steady progress, and its license is permissive enough.

I can't speak for "users", but fossil is an absolute joy to use, easy to pick up, and has features that I'm not aware of in any other SCM (hello, built-in first-class tickets).

libgit2 has been "making progress" for a long time -- it's barely used in github (it's one or two little features of libgit that are harnessed internally, according to the githubber I talked to at a meetup), and, without trying to insult the developers/development, I seems more accurate to say libgit is "plodding along slowly". With "critical mass" as one of gits features, this is sort of surprising. I suspect it speaks to the complexity of git, but I'm not positive.

With this argumentation you could also say it's wasted effort to implement a BSD kernel because Linux exists.

Thanks for the pointer to libgit2.

Isn't OpenCVS being worked on too? I don't think it's decentralized though.

Sadly, no. It's pretty much dead. As far as I can tell it's fairly complete, but many or most users have switched back to GNU cvs due to long standing bugs and some missing stuff nobody's interested in working on. The only commits to OpenCVS I recall seeing are mostly janitorial or tiny fixes -- no major work.

For a moment there my heart stopped in the hope this new project will bring the one thing I've been missing the most: decent binary package management.

Alas, no.

I'm obviously biased (as one of the developers of IPS), but since some of the BSDs have integrated ZFS, seems like they should use the Solaris packaging system too :-)


How's FreeBSD's pkgng these days?

See [1] for an explanation of why pkgng isn't useful, especially the April 30th update: "...Port managers are currently working on introducing new-style (as known as "pkgng") binary packages in the coming months, please check the FreeBSD ports announcements list for further gradual status updates."

[1]: http://www.freebsd.org/news/2012-compromise.html

It works fine, but there's still no official repository.

Maintaining your own or using a third party is possible, but that's more of a temporary fix.

NetBSD could easily start using OpenBSDs pkg_tools to solve that problem.

How's it different from the pkgsrc tools coupled with the binary packages supplied by NetBSD (e.g. here http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/)

OpenBSD's pkg_tools handle dependencies correctly, allowing you to do things like upgrade packages, dependencies, etc. It provides the same level of experience as apt.

Will it have a proper packaging system?

It's using pkgsrc, which is excellent source-based package management (I prefer it over FreeBSD ports myself; it feels less brittle).

The biggest changes over NetBSD for this NetBSD-derived OS are using git for source control (versus CVS of NetBSD), and by default turning on options like disk encryption. I had a brief discussion with the principle driver of this, and it sounds to me like this is all based in technical pursuits, and not (as mentioned above), hosted in Germany and enabling encryption as an NSA reaction, or anything like that.

It says pkgsrc. Do you consider that proper?

Nope, just pkgsrc.

Seems to be crippling under the load, here's a mirror — http://archive.is/yTdHm

What a horrible web site!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact