EDIT: Article seems to have been updated to remove mention of Chromium.
This article contains a lot of errors, for example Chromium on FreeBSD does NOT use Capsicum, it never has. That was experimental and invasive work done 17 years ago that was NEVER committed to their official ports repository. In fact, not a single browser on FreeBSD uses Capsicum or any form of sandboxing _at all_.
Contrast that with OpenBSD, where the Chromium port has used pledge(2) since January 2016, and unveil(2) since 2018. Both are enabled by default. Mozilla Firefox ports also use both pledge and unveil since 2018-2019, with refinements over the years.
OpenBSD's fork of tcpdump has been privsep for ~22 years, and its packet parser runs with no privileges. It's pledged tightly "stdio" and has no network/filesystem access, and uses OpenBSD specific innovations like bpf descriptor locking (BIOCLOCK) missing from both FreeBSD/Linux tcpdump today (despite FreeBSD adding the ioctl in 2005).
In the years since it was added, the reason Capsicum has only been applied to a handful of utilities is because it's a tree barren of decades worth of incremental work on privilege separation and security research.
AFAIK Loongson is dead and isn't made anymore, and unlike OpenBSD/sgi, Loongson was a little-endian arch. OpenBSD/octeon is a closer match, but also discontinued as Cavium switched to making ARM CPUs.
LoongArch is a new ISA and isn't MIPS compatible, and OpenBSD doesn't support it.
I didn't say Loogson the company was dead, or that LoongArch was either. I said the predecessor Loongson/Godson CPUs are, like the 2E and 2F, which were MIPS-compatible. They're not manufactured anymore, and were practically unobtainium when they were.
LoongArch is not MIPS, despite it having similarities. It's a new platform/ISA and requires a completely different toolchain and new OS port.
It is not at all "new MIPS-family hardware is being made today" like you originally wrote, and it has little to no relevance to SGI hardware.
You are angrily arguing against things I didn't say and am not saying. I suspect you're downvoting me as well.
I never claimed it was entirely compatible, because it wasn't. Nobody ever said it was.
I'm saying that there are MIPS like architectures still being made today, and I stand by it. You seem to think they don't count. You have not coherently explained why. Maybe they are not close enough for you, maybe the endianness is not the one you want. I don't know and TBH I don't care.
It's close. It's related. There is new hardware in the greater MIPS-like family. If you or Theo de Raadt don't like it, that is not my problem.
You said, although now you're backtracking, that it's dead. That is not true.
I called you on saying things that are not true and ISTM that now you are trying to quibble.
There is someone on GitHub who's been trying to keep OpenBSD/sgi alive out-of-tree using bits and pieces (e.g: userland binaries) of OpenBSD/octeon, which remains supported.
Yes they still do, and fun fact, SummVM has integrated support for AGS a few releases back, so one of my favourite titles from Wadjet Eye Games, Unavowed, works great on a ton of different OSes/platforms.
I had discovered it searching on SourceForge originally, but the tmux creator Nicholas Marriott was already an OpenBSD user and he took MAINTAINER for the port.
A year later, tmux was imported by nicm@ to the OpenBSD base system, where it has remained upstream for last 16 years (GitHub sync's from OpenBSD).
This article contains a lot of errors, for example Chromium on FreeBSD does NOT use Capsicum, it never has. That was experimental and invasive work done 17 years ago that was NEVER committed to their official ports repository. In fact, not a single browser on FreeBSD uses Capsicum or any form of sandboxing _at all_.
https://github.com/rwatson/chromium-capsicum
https://www.freshports.org/www/chromium/
https://cgit.freebsd.org/ports/log/www/chromium/Makefile?qt=...
Contrast that with OpenBSD, where the Chromium port has used pledge(2) since January 2016, and unveil(2) since 2018. Both are enabled by default. Mozilla Firefox ports also use both pledge and unveil since 2018-2019, with refinements over the years.
https://marc.info/?l=openbsd-ports-cvs&m=145211683609002&w=2
https://marc.info/?l=openbsd-ports-cvs&m=153250162128188&w=2
OpenBSD's fork of tcpdump has been privsep for ~22 years, and its packet parser runs with no privileges. It's pledged tightly "stdio" and has no network/filesystem access, and uses OpenBSD specific innovations like bpf descriptor locking (BIOCLOCK) missing from both FreeBSD/Linux tcpdump today (despite FreeBSD adding the ioctl in 2005).
In the years since it was added, the reason Capsicum has only been applied to a handful of utilities is because it's a tree barren of decades worth of incremental work on privilege separation and security research.
reply