[HN Gopher] OpenBSD Innovations
___________________________________________________________________
OpenBSD Innovations
Author : angristan
Score : 501 points
Date : 2025-02-22 22:08 UTC (1 days ago)
(HTM) web link (www.openbsd.org)
(TXT) w3m dump (www.openbsd.org)
| commandersaki wrote:
| Really surprised that pledge / unveil isn't featured more
| prominently on this page.
| ajb wrote:
| Well, it's in date order. But they could do with a line or so
| of explanation
| aomix wrote:
| Everything I've read about pledge and unveil really admire the
| approach and the results but it didn't seem to have a big
| impact outside of OpenBSD. It took ~20 years for OpenBSD's
| CSPRNG to be re-implemented everywhere else maybe we're
| operating on a similar timeline here.
| hellcow wrote:
| https://justine.lol/pledge/
|
| While not the same, this is a SECCOMP-based Linux alternative
| (and it can even be used to restrict pre-compiled binaries).
| eyberg wrote:
| We definitely took inspiration and implemented in the nanos
| unikernel cause we think it's a great idea:
|
| https://nanovms.com/dev/tutorials/applying-sandbox-
| security-...
| saagarjha wrote:
| This is generally how modern systems do sandboxing.
| wint3rmute wrote:
| Maybe I'm not getting something here, but I find the
| pledge/unveil approach confusing.
|
| Why should I expect a program to set allowed
| syscalls/filesystem paths? Why would I trust that it will set
| itself the right permissions? What is allowed should be set
| externally from the program, similarly how I can map filesystem
| volumes and add capabilities to a Docker container [1].
|
| I'm not familiar with BSD and I only used it a couple times out
| of curiosity. What am I missing?
|
| [1] https://docs.docker.com/engine/security/#linux-kernel-
| capabi...
| somat wrote:
| The threat vector is not that you don't trust the program,
| pledge/unveil is completely unsuitable for that. but that you
| worry the program will be compromised while it is running.
|
| so the observation is that programs tend to have a startup
| state where they need access to files and a run state where
| they don't. so pledge/unveil is a mechanism for a program to
| inform the os that it no longer needs access to
| files/syscalls and any future access should be considered a
| hostile takeover. please kill me.
| IcePic wrote:
| > Why should I expect a program to set allowed
| syscalls/filesystem paths? Why would I trust that it will set
| itself the right permissions?
|
| Because the admin or owner will know FAR less about what a
| complex program needs at all times, and when it will be safe
| to drop privs. A database might be tested for a week and then
| it has a special snapshot thing done for the monthly backup
| and you did not foresee this, whereas the coders would know
| what perms are needed in order to do these dumps. Hence, you
| can't set perms just once before starting, and as a user of
| said software, you can't expect to just make a quick test and
| then design a fully working harness for it either.
| tptacek wrote:
| A phenomenal resource on the same subject:
|
| https://isopenbsdsecu.re/mitigations/
| i80and wrote:
| I like this -- despite the clown nose logo, it's actually fair
| to my eye and is respectful to parts of OpenBSD that _are_
| thoughtfully designed.
| chicom_malware wrote:
| OpenBSD is thoughtfully designed because it is one of the
| best examples of "design by dictator" (Theo) - and a small
| core team - as opposed to design by committee like every
| other OS out there. Look me in the eye and tell me 90% of
| changes and unnecessary features in macOS aren't there
| because some team needs to justify their existence.
| lobf wrote:
| What features in macOS are you referring to?
| amiga386 wrote:
| I'm not OP but renaming IOMasterPort to IOMainPort _for
| the sake of renaming alone_ drove home what a bunch of
| backwards-incompatible clowns Apple are
| arp242 wrote:
| I assume you meant to write "disrespectful"?
| i80and wrote:
| While much of this document is openly disdainful, there are
| areas like the malloc implementation[1] and features like
| the atexit hardening[2] where OpenBSD is _unambiguously_
| excellent, and it says as much, noting that the latter is a
| "pretty cool mitigation".
|
| I used to do some OpenBSD ports work, and even got a tiny
| patch into the base system. I love OpenBSD! I don't have an
| axe to grind here! But it is not above reproach, and I
| think this site is overall harsh but fair.
|
| [1]: https://isopenbsdsecu.re/mitigations/malloc/
|
| [2]: https://isopenbsdsecu.re/mitigations/atexit_hardening/
| jamal-kumar wrote:
| Besides the clown nose on puffy it's honestly just
| realistic and not all just talking bad like I've seen some
| people do:
|
| https://isopenbsdsecu.re/mitigations/pledge/
| justaj wrote:
| This looks quite concerning:
| https://isopenbsdsecu.re/mitigations/packages/
| brynet wrote:
| Outdated FUD, OpenBSD's Mozilla port maintainer regularly
| updates and backports non-ESR Firefox to the -stable tree.
|
| https://freshbsd.org/openbsd/ports?q=firefox
|
| Tor browser bundle is also being updated consistently.
|
| https://freshbsd.org/openbsd/ports?q=tor-browser
| mmooss wrote:
| They are very positive about some mitigations:
|
| https://isopenbsdsecu.re/mitigations/pledge/
| ardupper wrote:
| Thanks for posting this, I think in our industry provenance is an
| underrated piece of knowledge.
| bradley_taunt wrote:
| Also a great resource:
|
| https://why-openbsd.rocks/
| avodonosov wrote:
| Is OpenBSD suitable for daily use on a laptop?
|
| Does anyone have such experience? Is it ok?
| hoppp wrote:
| Yes but depends on the laptop.
| myaccountonhn wrote:
| It works quite well. The OOB experience is very complete and
| hardware gets picked up without issue. However you're limited
| in the amount of apps and it's also incredibly slow, so you'll
| need to really use minimal, fast cli apps.
|
| I left it ultimately because it had way worse battery life than
| Linux on my T480s and I also wanted to play some games with
| steam.
| eru wrote:
| You could probably get close to the same experience by
| running your BSD in a VM when you need it?
| tasuki wrote:
| > it's also incredibly slow
|
| I never used OpenBSD. Why is it incredibly slow?
| daneel_w wrote:
| Disk I/O is notably slower than e.g. Linux or Windows and
| executional performance is generally a tiny bit slower, but
| nothing about it is "incredibly slow".
| dijit wrote:
| browsers are exceptionally slow in my experience.
| daneel_w wrote:
| You will want to enable GPU-accelerated rendering for
| Firefox and Chromium to get a smoother experience when
| scrolling pages and for certain video playback, because
| that's disabled by default. Besides that they load and
| parse pages and act on input pretty much as fast as they
| do on Linux.
| amatecha wrote:
| well, SMT/hyper-threading is disabled by default[0] , not
| sure if there are other reasons though. It's not that bad,
| but yeah OpenBSD is probably not your optimal gaming OS :P
|
| [0] https://www.mail-archive.com/source-
| changes@openbsd.org/msg9...
| daneel_w wrote:
| SMT being disabled is not a reason for anything to be
| incredibly slow, or even tangibly slower, unless the CPU
| has a single core.
| dbtc wrote:
| https://jcs.org/openbsd-laptops
| LeoPanthera wrote:
| The developers often use ThinkPads, and so consequently it
| works quite well on ThinkPads.
|
| Your experience will be a lot more variable on any other
| laptop.
|
| Worth remembering that OpenBSD has no support for bluetooth,
| which many users often require on a laptop.
| chicom_malware wrote:
| Worth mentioning lack of Bluetooth is only because they felt
| the existing BT stack was not up their standards and ripped
| it out rather than let it rot like most software.
| porridgeraisin wrote:
| There are a grand total of zero valid reasons for not
| including bluetooth in a desktop OS.
| toast0 wrote:
| It's pretty easy to avoid Bluetooth, and it'a a complex
| stack and having code quality standards means sometimes
| you have to remove features because the code quality
| isn't there, and nobody had time/interest/motivation to
| do the work to make an implementation with the proper
| amount of quality.
|
| If you have a 'must have' device for your desktop
| environment that's bluetooth, then yes, it makes OpenBSD
| unviable for you; but OpenBSD isn't viable for every use
| case.
| porridgeraisin wrote:
| > isn't viable for every use case
|
| Yes, and desktop, especially laptop, is an example.
| dijit wrote:
| I'd prefer not to have something than to have a _bad_
| something.
|
| Yeah, it was annoying when I tried to pair my mouse- but
| you know... a wired mouse isn't that big of a deal.
|
| One thing that brings me the most displeasure about
| internet discourse about operating systems is this idea
| that they all have to do all the same things.
|
| Thats homogeny by another name; the point of different
| operating systems is different trade-offs.
| porridgeraisin wrote:
| Sure, and openbsd has traded off being a desktop OS for
| not tainting their code with the Bluetooth stack
| dijit wrote:
| If we're going to be bad faith discussing: as you seem to
| be should I remind you that your definition of "being a
| desktop OS" means running a stack that is primarily
| useful for phones and laptops- definitively not "Desktop"
| devices?
| toast0 wrote:
| I haven't used a Bluetooth device on a desktop or laptop
| in decades now. Not because I'm using OpenBSD, but
| because while the promise is there, the reality of using
| Bluetooth has been so disappointing it's not even worth
| trying for me anymore. Personally, I'm not opposed to
| wires, because wires usually mean low latency and no
| dropped connections; but even when using thinks like
| wireless mice, using them in propriatary modes was so
| much better than Bluetooth that after a couple attempts,
| I stopped trying.
|
| You've clearly had a different experience with Bluetooth,
| and that's good for you, and neither of our experiences
| is universal, but I think there are plenty of people
| willing to use a desktop OS without Bluetooth.
|
| Heck, my new car only uses bluetooth to do phone pairing,
| then it switches to wifi to talk to phones, because
| that's clearly better than Bluetooth.
| IcePic wrote:
| Sounds easy to buy one of those bluetooth dongle things
| that can talk to your external mouse/keyboard and pretend
| to be a set of wired usb-hid devices to solve that small
| issue.
| mrweasel wrote:
| Not having developers to work on it seems pretty valid.
| It's a matter of opinion, but I feel like it's better to
| have no Bluetooth, compared to having a half-broken and
| unsupported implementation. Again you could also view is
| as having a semi-functional Bluetooth is better than none
| and then hopefully attract developer wanting to fix it.
| esseph wrote:
| Then make it. Are you waiting for someone else to do the
| work?
| prmoustache wrote:
| I can't recall having needed bluetooth for anything else
| but audio[1] on my laptops so there is a huge YMMV.
|
| [1] for which there is an easy workaround in the form of
| class compliant usb audio cards that output to bluetooth.
| mikem170 wrote:
| Small usb bluetooth dongles work, they show up as a regular
| audio device. I use one and sndiod can set set to
| automatically switch back and forth to it.
|
| I run openbsd on my laptop, a thinkpad x260 with an ssd, and
| it works great.
| RachelF wrote:
| Get a Mac laptop. OS X is based on BSD.
| daneel_w wrote:
| Common misconception. It is not. The kernel is XNU, and the
| OS base is Darwin which has some BSD parts in it, and some of
| the userland came directly from FreeBSD (though heavily
| modified).
| hnlmorg wrote:
| You're not actually disagreeing with the OPs statement
| though. And they're _technically_ right too.
|
| The problem is that all the user facing stuff in macOS
| isn't BSD. It's Apples proprietary APIs. So while macOS was
| originally and _technically_ based on BSD, almost none of
| that is exposed to their users.
|
| So they're _technically_ correct that macOS / Next was
| based on BSD. But also completely wrong to recommend macOS
| as a comparison to OpenBSD.
| mattl wrote:
| macOS was originally based on OPENSTEP. OPENSTEP was
| based on NeXTSTEP which was based on 4.3 and later 4.4.
|
| BSD stuff has a complicated history due to the lawsuits
| in the 1990s.
|
| NetBSD and FreeBSD were based on 386BSD. OpenBSD was a
| fork of NetBSD by one of the NetBSD founders (Theo
| deRaadt)...
| hnlmorg wrote:
| It's not even as clear cut as that because there's
| FreeBSD and NetBSD code in XNU too.
|
| Also OpenStep is an API rather than an OS. So macOS
| contains both NextStep and OpenStep code.
| mattl wrote:
| OPENSTEP is the OS, OpenStep is the framework.
|
| After NeXTSTEP 3.3 there was OPENSTEP 4.0.
|
| OPENSTEP 4.2 is the last operating system release prior
| to Rhapsody.
|
| Yes it's confusing.
| hnlmorg wrote:
| True. The capitalisation rules for releases kills me
| every time too. Not just with OpenStep but with Next too.
| I now don't even bother trying to get the capitalisation
| correct.
|
| Considering how obsessed with UX that Jobs was, I don't
| get how he thought the naming conventions were a good
| idea.
| mattl wrote:
| I believe it all came after Paul Rand did the logo.
|
| NeXT looks good in the logo, and they spent $100,000 on
| it.
|
| FWIW, I like it but it is confusing and made harder by
| the fact they also didn't stick to their own conventions
| much of the time.
| t-3 wrote:
| I'm pretty sure I've even read about FreeBSD code in the
| Windows networking stack. Is Windows now based on BSD?
| Open source code, especially when it's permissively
| licensed, ends up absolutely everywhere.
| hnlmorg wrote:
| Windows is very much based on NT, which has its
| influences from a few different OS, most notably being
| VMS.
|
| AFAIK there isn't any BSD code in Windows however the
| original TCP/IP stack in Windows was a port from BSD. But
| we are talking about the early 90s here and it's long
| since been rewritten by Microsoft (or so they say, but I
| have no reason to disbelieve Microsoft)
| p_ing wrote:
| For NT 3.1, Microsoft purchased a _TCP /IP_ stack from
| Spider Systems[0]. It's not clear how much of that code
| was based on BSD's TCP/IP stack. Microsoft wrote their
| own TCP/IP stack for NT 3.5.[1]
|
| Microsoft did leverage BSD code for common network
| utilities (ping, tracert, ftp, etc.), which still exist
| in Windows today, although Microsoft's preference is to
| leverage the "better" equivalent PowerShell cmdlets where
| available.
|
| [0] https://en.wikipedia.org/wiki/Spider_Systems
|
| [1] https://web.archive.org/web/20151229084950/http://www
| .kuro5h...
|
| EDIT: If you want to hunt for BSD code, try taking a look
| at NT4[2].
|
| [2] https://github.com/lianthony/NT4.0/tree/master/privat
| e/ntos/...
| hnlmorg wrote:
| OpenBSD is as different from macOS as Windows 11 is from
| OpenVMS.
| brynet wrote:
| It depends on what you need for your daily use, OpenBSD has
| ports of common desktop environments, KDE Plasma, GNOME. In
| fact, thanks to KDE and GNOME port maintainers, Rafael
| Sadowski, and Antoine Jacoutot, respectively, OpenBSD 7.6
| -current has the latest versions of both (KDE Plasma Desktop
| 6.3.1, GNOME 47).
|
| I recently checked out KDE 6 for the first time last year, it
| really is as easy running as 'pkg_add kde kde-plasma kde-
| plasma-extras' and then reading through the local pkg-readme
| file, that said if you're not familiar with OpenBSD it won't be
| like other systems where it comes preinstalled and
| preconfigured.
|
| https://brynet.ca/article-l13gen2.html
|
| There's many popular window mangers and applications you can
| install using the package tools, as you'd expect, including
| Chromium and Firefox, but you can quickly search here:
| https://openbsd.app/
| matteotom wrote:
| It was a few years ago, but I ran OpenBSD for about a year in
| college (on a Thinkpad). It worked because I rarely needed
| anything more than Firefox, code editors, and a shell with ssh.
| Most of my time was spent reading, writing papers, writing
| emails, and writing code.
| LAC-Tech wrote:
| my big issue when I looked into it was the default filesystem
| was quite an antiquated design that would lose or corrupt data
| in a powercut or unexpected shutdown. Last I checked many of
| the devs have fairly elaborate uninterruptable power supplies
| to deal with this.
|
| A lot to like about openBSD; doas is my daily driver on linux,
| openbsd man changes are incredible, but I'm not going to mess
| about recovering disks just because I forgot to plug my laptop
| in.
| kovac wrote:
| I use OpenBSD. You must check the hardware support. If it
| works, it works far better than Linux from my experience.
| Somethings to take note: 1. Power management
| may not be as good as with Linux 2. No HDMI sound support
| 3. No bluetooth 4. You need to be comfortable with config
| files and man pages. 5. Probably fewer applications in
| the ports tree (I have all I need).
|
| If you are fine with the above, OpenBSD is the finest OS I've
| used so far. I've never run into random issues like wifi
| connectivity, audio issues like with Linux.
| puffybuf wrote:
| I use it, and even run wayland (sway) on my dell laptop. No
| bluetooth support. Encrypted disk. Takes a lot of time to
| setup. Generally similar to linux, but less hardware support.
| jmclnx wrote:
| OpenBSD foundation raised around ~380 thousand IIRC.
|
| By creating OpenSSH and the fact all fortune 500 companies use
| it, I would say every year, the foundation should be bringing in
| around 1 or 2 million. It is time these companies really give
| back.
|
| And while I am here, hardware vendors should open up their
| source, looking directly an Nvidia.
| olddustytrail wrote:
| They could easily raise a few million if they bothered working
| on sales, but they don't.
| dbtc wrote:
| a) they shouldn't have to
|
| b) part of what makes it great is that they don't
| hoppp wrote:
| Its not really a for profit project and I prefer it stays
| that way. Projects that raise money tend to get "corrupted"
| by the greed.
|
| Not that there is anything wrong with raising money, but the
| ideology behind openBSD don't really fit if they go for
| profit
| renewiltord wrote:
| They have a sales team of online enthusiasts who work for
| free. Unfortunately, they got what they paid for.
| fc417fc802 wrote:
| > Unfortunately, they got what they paid for.
|
| Industry wide adoption?
| renewiltord wrote:
| We're happy; they're happy. But the sales team works on
| commission.
| deadbabe wrote:
| When you give freely and generously to the community you should
| do so with no expectation of getting anything in return.
| Sometimes that expectation is fulfilled.
| noisy_boy wrote:
| They are not talking about OpenBSD's expectations, it's about
| the ethics (!) of the companies using things on the back of
| the generosity without giving back.
| zx8080 wrote:
| Ethics does not belong to capitalism. Money is the central
| part of it, not ethics.
| all2 wrote:
| Any system of economics may be abused.
|
| A moral people could operate communism successfully.
| Unfortunately, most people are not even remotely moral.
| Pragmatically moral (in plain view, but not behind closed
| doors), for sure, but innately good -- definitely not.
| mmooss wrote:
| That's the excuse, but society only works if people
| behave ethically and not entirely in their self-interest.
| I don't see why that doesn't apply to people working in
| businesses, and it never has: Businesses have always
| contributed to their communities in many ways.
| kweingar wrote:
| I see this mindset more and more, and to me it seems
| against the ethos of open-source software. There's
| something philosophically odd about saying "you are free to
| use, change, redistribute, or sell this with basically no
| restrictions" while simultaneously maintaining that users
| incur unstated ethical debts by accepting. It could even be
| seen as a kind of bait-and-switch.
|
| Contributions and reciprocity are praiseworthy of course,
| and we should all aspire to this. But that doesn't mean
| someone is ethically wrong for choosing to accept a gift
| freely given without giving one in return.
| 0dayz wrote:
| If you've never maintained a project you don't know just
| how unthankful and demanding it is.
|
| Because of the endless amount of expectations.
| fc417fc802 wrote:
| You are legally free to use. Your ethical obligations
| will depend on your particular worldview, and are likely
| to vary substantially by culture.
|
| All cultures I'm familiar with recognize that someone who
| is well off taking advantage of a tragedy of the commons
| is unethical. The particulars vary by locale but my
| impression is that it is universal that the degree of
| condemnation increases the wealthier the person
| exploiting the system is.
| kweingar wrote:
| The thing about the tragedy of the commons is that you
| are actively hurting everyone else by depleting a non-
| rivalrous good.
|
| When I accept a friend's hospitality and don't
| reciprocate, I am taking their time and resources. When I
| take five free samples at the store, I ruin it for others
| who come later.
|
| When I download an open source GitHub repo, I am burning
| 1C/ of Microsoft's money.
| fc417fc802 wrote:
| I'm not sure I see the point in distinguishing between
| something beneficial being reduced in value actively
| versus passively. Whether it's individuals taking
| negative action or individuals failing to take positive
| action, the end result is the same at the end of the day.
| Something beneficial is reduced in value by collective
| greedy (in)action. The world at large is made worse for
| it over time.
|
| Perhaps my definition is off? If so I would appreciate a
| pointer about the correct terminology.
|
| I suppose it might be different in the case of a one-time
| fork. It still seems like there's an ethical obligation
| to contribute back if you are well off and you benefit
| from something. I think there's a meta, societal level
| tragedy of the commons to be found there. But if you
| aren't actively benefiting from maintenance efforts then
| perhaps it doesn't qualify as a direct tragedy of the
| commons.
| MrJohz wrote:
| The cost of software is not the cost of distribution,
| it's the cost of maintenance, support, and
| implementation. When you clone a repo, this has little
| impact by itself, but the work to create that repository
| in the first place, to maintain it and ensure it is free
| of bugs, and to provide documentation and support so that
| people understand how to use it - that all has a cost.
|
| If nobody pays for that cost, then the work will never
| get done in the first place, and we won't have these
| resources.
| jraph wrote:
| > When I download an open source GitHub repo, I am
| burning 1C/ of Microsoft's money.
|
| While the other examples seem good for illustrating the
| point, this one has it backwards I think. Microsoft
| worked very hard to be in this position. They did this on
| purpose and this aspect is essential to their success:
|
| - GitHub did everything they could to capture the market
| by being free to use and by leveraging the network effect
|
| - Microsoft bought GitHub at a point where it was already
| widely successful in this aspect, so they fully knew what
| they were buying
|
| Capturing the whole open source market is part of their
| business model. I don't like they've done this and I
| don't get to choose where authors host their code. Even
| the authors themselves might not have felt free to choose
| something else because of the network effect. It's only
| fair Microsoft pays for the privilege. GitHub being free
| is a feature for Microsoft.
|
| > When I accept a friend's hospitality and don't
| reciprocate
|
| I came to realize that you don't need to return the favor
| specifically to the person who helped you. Things work as
| long as you help anybody. The loop will be closed by
| someone who will eventually help the person who helped
| you (or has in the past). Actually, it doesn't events
| need to be a loop. This is very powerful and quite
| relaxing because you can be chill both for helping and
| for receiving help, and it has the potential of working
| very well and be very enjoyable.
|
| In short: take (from anybody) as long as yougive (to
| anybody)
|
| (Of course, in a friendship, some reciprocity is
| necessary, if things only go one way, it doesn't work)
| cb321 wrote:
| >In short: take (from anybody) as long as yougive (to
| anybody)
|
| Another pithy way people express this is with "pay it
| forward" https://en.wikipedia.org/wiki/Pay_it_forward
| jraph wrote:
| Ah, I didn't plan to keep this "In short" sentence in my
| comment, but it allowed you to share this, nice. I didn't
| know this "Pay it forward" phrasing nor that the idea was
| theorized (but of course it was, in hindsight). It is
| such a nicer way to express this.
| wongarsu wrote:
| > But that doesn't mean someone is ethically wrong for
| choosing to accept a gift freely given without giving one
| in return
|
| Many cultures do in fact work that way. And while modern
| American culture views the idea of taking everything you
| can and only giving back what you are contractually
| forced to in a more positive light, the term freeloader
| still has negative connotations.
| kweingar wrote:
| If you're a maintainer and reciprocity is an important
| value to you, and you think that people who don't give
| back are freeloading, then why did you specifically
| choose not to use a GPL license for your project?
|
| Your point about the gap between the words of a license
| and an ethical expectation is well taken. But why put
| that gap there at all? It's going out of your way to make
| sure that people have the choice to screw you.
| grandempire wrote:
| > American culture views the idea of taking everything
| you can and only giving back what you are contractually
| forced to in a more positive light
|
| That's not a thing in American culture. Maybe you are
| referring the low trust culture of international
| commerce, which just happens to be centered in the US.
| hulitu wrote:
| > There's something philosophically odd about saying "you
| are free to use, change, redistribute, or sell this with
| basically no restrictions" while simultaneously
| maintaining that users incur unstated ethical debts by
| accepting
|
| Not users, companies that make bilions. We call that
| shameless.
| jjmarr wrote:
| Use GPLv3 or AGPL then. If you want companies to "give
| back" when they use your code, put it in the licence.
|
| Or you can charge money for your product.
| bentley wrote:
| I don't think OpenBSD is clamoring for code contributions
| from the companies with proprietary SSH forks. Just money
| to support continued development.
|
| > Use GPLv3 or AGPL then. If you want companies to "give
| back" when they use your code, put it in the licence.
|
| Seems like a poor choice given that projects like MongoDB
| try out AGPL for this reason and then later switch to
| nonfree licenses like SSPL. OpenBSD is not interested in
| that--whether its attempts to raise funds through
| goodwill work out or not, OpenBSD will always be free
| software.
| toenail wrote:
| People choose BSD licenses precisely because they don't
| want to impose any ethics on anybody.
| DeathArrow wrote:
| >it's about the ethics (!) of the companies
|
| A company doesn't have ethics. It's sole purpose is to make
| a profit.
| rswail wrote:
| This is incorrect. Companies form for numerous different
| reasons, including a group of people needing a legal
| structure for investments, or to protect against
| liability, or for particular ventures.
|
| One of the primary outcomes that people want from
| corporate structures is profit, but that is not the
| structure's "sole purpose", either in law or practise.
|
| Corporate structures can't have ethics because they are
| not people (legal constructions of "person" vs "natural
| person" notwithstanding).
| elcritch wrote:
| Nope, a companies purpose is to fulfill it's charter.
| Profit is generally a goal of for profit companies, but
| they usually have others too.
|
| https://www.nytimes.com/roomfordebate/2015/04/16/what-
| are-co...
| nickpsecurity wrote:
| Capitalism is usually maximization of selfish gain. A
| business in any form maximizes the objective of its
| owners, often financial gain. However, they can be
| designed to or run for altruistic purposes or a mix of
| altruism and selfishness. Here's two types of companies
| not soley about the money:
|
| https://www.forbes.com/sites/jerrybowyer/2017/04/25/what-
| mak...
|
| https://money.usnews.com/investing/articles/public-
| benefit-c...
| karparov wrote:
| If you make it about ethics, it's not going to work. Your
| C-suite folks wont be on board.
|
| You need to make it about utility. Open sourcing some
| package or contributions to an existing package is giving
| you returns far beyond your investment. A community will
| help maintaining, improving, growing your code. Perhaps
| even competitors will chip in. (If they don't, well, their
| loss..) It's going to be a net positive.
| surajrmal wrote:
| How many restaurants serve food and ask for donations from
| patrons instead of charge them specific amounts? People are
| not generous, large companies made of lots of people, none
| of which feel specifically responsible for the companies
| actions are also going to accordingly not be. If they need
| money, the expectations should be set accordingly. Maybe
| spruce should be open but features and bug reports must
| have accompanying bounties set by the individuals reporting
| them otherwise the maintainer will ignore them.
| pjmlp wrote:
| I would really like that the supermarket, my landlord,
| electricity and water company would equally be so generous.
| saagarjha wrote:
| Sounds like you're in favor of UBI.
| pjmlp wrote:
| As European we are lucky to already enjoy minimum wage
| and unions, across many countries, still money has to
| flow from somewhere, namely taxes.
|
| Yet people still need to work somehow, and UBI is more of
| an ideal that will never happen in capitalism society
| driven by profits of few shareholders at the expense of
| everyone else.
|
| Now the current trend is replacing people with self
| service machines, they aren't getting UBI, they are being
| shown the street.
| lnxg33k1 wrote:
| Capitalism is based on the exploitation of workers who are
| directly hired by a company, now imagine if a company would pay
| someone who it doesn't have to
| genewitch wrote:
| I'd change "workers" to "persons with little capital".
| throwaway72063 wrote:
| Any example of exploitation in the capitalist tech industry,
| and what job under any other system is not exploitative by
| comparison?
| slome wrote:
| The openbsd foundation raised around 5 million, half of which
| has been spent. Curiously they aren't as transparent as they
| once were.
|
| You mention nvidia support, others are hopeful for a better
| filesystem and wifi as well.
| brynet wrote:
| > The openbsd foundation raised around 5 million, half of
| which has been spent.
|
| Citation needed, they've raised nowhere near that amount.
|
| https://github.com/bob-beck/foundation-
| web/commit/483266cece...
|
| https://www.openbsdfoundation.org/campaign2024.html
| thegeekpirate wrote:
| Not OP, but they've raised $4,974,668 since 2014 (done by
| adding up all the thermometers at https://github.com/bob-
| beck/foundation-web), and I'm excluding anything prior.
|
| That's certainly what they meant ;)
| brynet wrote:
| Thanks, very misleading..
| brynet wrote:
| > .. wifi as well.
|
| OpenBSD has supported 11ac for several years, and has the
| iwx(4) driver for modern Intel WiFi cards. There's also
| support for Broadcom FullMAC, bwfm(4), which is on e.g: Apple
| Silicon machines.
|
| HaikuOS also has a port of OpenBSD's iwm/iwx drivers.
|
| FreeBSD just recently announced they've started porting the
| OpenBSD iwx driver.. from Haiku.
|
| https://freebsdfoundation.org/blog/laptop-support-and-
| usabil...
| nickpsecurity wrote:
| The license says use it however you want with nothing in
| return. They usually get nothing in return. It's a license best
| used when you want maximum uptake by users, including
| proprietary products. It's also good for people who enjoy
| knowing others enjoy using what they build. Whereas, it's one
| of the worst licenses if a supplier wants money.
|
| Lets assume goals like OpenBSD's. If one also wants money, they
| can make the software paid, free for many categories of users,
| source-available, and derivatives (mods) allowed. The paid part
| can be regular payments or one-time per release. Probably an
| exception to mods allowed saying they can't backport paid
| features from new versions to old versions but independent
| creation is allowed. From there, companies will pay to support
| it or they'll determine it has no market value.
|
| There are proprietary, source-available RTOS's on the market
| for real-time and secure use. One source said, but I haven't
| verified, that INTEGRITY RTOS royalty-free was around $17,000
| minimum per product or company. Another said LynxOS with
| communications middleware was around $50,000. A number of small
| vendors exist showing one can generate sales if their product
| is marketable. Tons of companies selling firewalls, load
| balancers, etc like OpenBSD is often used in.
|
| https://en.wikipedia.org/wiki/Comparison_of_real-time_operat...
|
| So, if money is important, they can change their terms to
| demand money some or all of the time. If the license says "free
| giveaway!," expect most people to treat it that way. I imagine
| quite a few of the developers have exactly that expectation.
| They are motivated by the joy of writing great code, not money.
| alexvitkov wrote:
| Your second paragraph is explaining perfectly why open source
| doesn't work and how its economics don't add up.
|
| I would also add that it indirectly kills the vast majority of
| programming jobs - nobody is ever going to get paid to create a
| JPEG decoder as everyone can just use libjpeg. Nobody is ever
| get paid to write a new kernel as everyone can just use Linux.
| Very few people are going to get paid to work on a new database
| as you can just use Postgres...
|
| Once there's a good enough open source solution in a field, in
| the long run it will out-compete commercial offerings, even
| it's overall a worse package, as it's some guy's free time
| project and is created on a $0 budget.
|
| Programmers work for free, end users get a worse product,
| companies make trillions.
| tredre3 wrote:
| > Nobody is ever get paid to write a new kernel as everyone
| can just use Linux
|
| Not that it negates your point in any way, but lots of people
| are paid lots of money to write Zircon (Google Fuschia's
| kernel) which is intended to replace Linux in many scenarios.
| LtWorf wrote:
| So they are paid to write a useless toy. While people who
| write the useful code are not paid.
| surajrmal wrote:
| If people didn't do the work for free in open source,
| then companies who need that functionality would in fact
| be forced to pay for it, although it may not necessarily
| be open source in turn. It's hard to complain about the
| state of open source because people choose to put
| themselves in these predicaments. If you need money to
| sustain the project, asking for donations is not really
| an adequate plan.
| pjmlp wrote:
| Sadly it went nowhere, it remains to be seen how long it
| will take to join Android Things, Tango, and other Google
| OS related projects.
|
| Yes I am aware it is shipping on Nest Hub.
| surajrmal wrote:
| It's open source and you can track how active it is by
| commits per week. It's still a very active project. It's
| a bit disheartening to see people make random armchair
| judgements.
| pjmlp wrote:
| Very active keeping Google engineers busy, that is
| certainly indeed.
|
| What matters after almost 15 years, with a couple of
| major rewrites, is when it will ship on anything else
| besides Nest Hub.
| surajrmal wrote:
| I will note that the number of people who actually work on
| the Zircon kernel directly is relatively small. Zircon is a
| small fraction of Fuchsia's codebase. However if you widen
| your view to include things that are not in the kernel but
| would be in Linux the math lines up better.
| mmooss wrote:
| > open source doesn't work
|
| What could you mean by that? It's an extremely successful
| model organizationally and technically.
|
| > it indirectly kills the vast majority of programming jobs
|
| All software kills the vast majority of jobs - think of all
| the jobs there would be if we had no software. Anyway, are we
| short of programming jobs?
|
| Efficiencies create new, higher-value possibilities than, for
| example, JPEG decoders.
| alexvitkov wrote:
| > It's an extremely successful model organizationally and
| technically.
|
| There are technically impressive open source projects -
| e.g. Linux, and most of them have people paid to work on
| them full time. Those are the exception, not the rule. Most
| open source projects are some guy's hobby, done for free in
| their free time. Hobbyists solve problems they find
| interesting, and often ignore a lot of the "gruntwork"
| required to make a technically sound package.
| > Anyway, are we short of programming jobs?
|
| Yes. Especially good ones. > Efficiencies
| create new, higher-value possibilities than, for example,
| JPEG decoders.
|
| I don't see it - a large portion of programming jobs have
| devolved to gluing together a bunch of open-source
| libraries, doing the boring gruntwork to actually make them
| work, and dealing with the inevitable hell, caused by using
| 500 components that were never designed to work together.
| otherme123 wrote:
| > Hobbyists solve problems they find interesting, and
| often ignore a lot of the "gruntwork" required to make a
| technically sound package.
|
| OTOH some commercial software only solve problems that
| make money, and ignore the technically sound part unless
| it makes money. E.g. the enshittification of Google,
| Windows or Facebook, and friends, from a product that
| worked to a product that nobody asked for. All the
| technicality spent in tracking users, more ads, etc.
|
| These are a lot of commercial software that are not much
| more than a repackaging of open source software and a UI
| layer (ffmpeg, for example).
| thayne wrote:
| > Those are the exception, not the rule. Most open source
| projects are some guy's hobby, done for free in their
| free time.
|
| And most proprietary software becomes completely
| unavailable when the company making it goes out of
| business. At least with the open source software, if
| there is interest in it, someone else can pick it up, if
| the original creator stops maintaining it.
|
| > a large portion of programming jobs have devolved to
| gluing together a bunch of open-source libraries, doing
| the boring gruntwork to actually make them work, and
| dealing with the inevitable hell, caused by using 500
| components that were never designed to work together.
|
| And you think that would be any different without open
| source? A large portion of programming would still be
| gluing together a bunch of components, but instead of
| open source libraries you would have proprietary
| libraries, where if the documentation is inadequate or
| wrong, you have no option of looking at the source code
| to see what it actually does. Or in-house libraries that
| were designed for some specific purpose that doesn't
| match yours at all, and are very low quality, because
| they were made under a tight deadline, and no one ever
| went back to pay the tech debt after the MVP was
| released. Or maybe instead of a library you make API
| calls to some SaaS with no SLA and barely any
| documentation.
| prmoustache wrote:
| > Those are the exception, not the rule. Most open source
| projects are some guy's hobby, done for free in their
| free time.
|
| It also applies to proprietary software.
| flohofwoe wrote:
| > Most open source projects are some guy's hobby, done
| for free in their free time.
|
| E.g. exactly how Linux was created? ;)
| throw0101d wrote:
| > _Those are the exception, not the rule. Most open
| source projects are some guy 's hobby, done for free in
| their free time._
|
| 90% of everything is crud:
|
| * https://en.wikipedia.org/wiki/Sturgeon%27s_law
| grandempire wrote:
| > Hobbyists solve problems they find interesting, and
| often ignore a lot of the "gruntwork"
|
| Yes
|
| > required to make a technically sound package.
|
| No. What they don't do is take the time to turn it into a
| product used by a general audience. Technical soundness
| is usually something corporations don't have time for.
| ape4 wrote:
| I don't think there would be jobs manually doing many
| things that software currently does.
| mmooss wrote:
| If software doesn't automate things, why are we investing
| so much in it?
|
| Maybe I misunderstand, but computers make us much more
| efficient: writing, graphics, computation, communication,
| storage and retrieval of information, searching
| information, machine control, ... for a time, 'computers'
| were rooms full of people doing computations.
|
| Think of the software stack that runs HN. What would we
| do? Write letters to a journal for publication? Gather in
| a room someplace?
| dagi3d wrote:
| If we had to write every single piece of code over and
| over(or pay for them), computer science would have barely
| evolved and would not be so mainstream
| liamkearney wrote:
| No, writing them over and over is literally what evolves
| computer science. Not having to write them over and over is
| what improves software. They're different.
| hulitu wrote:
| > No, writing them over and over is literally what
| evolves computer science.
|
| If this is the way computer science evolves, it is safe
| to say that it evolves at the same pace as life.
| z3phyr wrote:
| Computer science evolved during the time when most people
| did not have a computer.
|
| The concepts of compilers, operating systems, databases,
| file systems, computer graphics all evolved from the 60s to
| the early 90s.
|
| After that, it was mostly scaling.
| hulitu wrote:
| > Programmers work for free, end users get a worse product,
| companies make trillions.
|
| I bet you didn't use any Microsoft product. /s
| karparov wrote:
| > Your second paragraph is explaining perfectly why open
| source doesn't work
|
| > some guy's free time project and is created on a $0 budget.
|
| > Programmers work for free
|
| You seem to be completely out of touch with what FOSS is.
|
| The amount of relevant FOSS hacked by some teenager for free
| in moms basement is negligible. The largest contributors to
| the Linux kernel are IBM, Intel and Oracle. Nobody there
| works for free.
| pjmlp wrote:
| Because it costs down their own development costs, doing
| more with less.
|
| How much upstream do you think BSD gets from Sony and
| Apple, besides a few crumbs?
|
| clang was sponsored exactly to allow Google and Apple to
| take a compiler and not be legally obliged to upstream
| their sauce.
|
| Nowadays clang has mostly replaced most proprietary
| compilers on surviving UNIXes, and embedded OSes, how much
| of those downstream changes land on upstream clang? It is
| mostly volunteer work improving ISO C and ISO C++
| compliance, despite all the money being made by those
| folks.
| tgma wrote:
| > clang was sponsored exactly to allow Google and Apple
| to take a compiler and not be legally obliged to upstream
| their sauce.
|
| Sponsored is an understatement. It was pretty much
| entirely funded by those two, so if the goal was to leech
| on volunteers, that would be a pretty bad move by those
| companies.
| pjmlp wrote:
| The goal was not to give anything back as expected by GCC
| and GPL, especially the at the time relatively new GPL3.
|
| Which is exactly what happened after clang got mature
| enough, GCC was expunged from their platforms.
|
| Apple first, followed by Google about a year later.
|
| Note that nowadays, Apple clang has its own column on
| cppreference, Google is focused on Carbon/Rust/Go, and
| both cases most of the contributions are on LLVM side,
| not clang and ISO compliance.
| tgma wrote:
| I totally get that avoiding GPL3.0 was the goal for Apple
| (less so for Google I'd say). If avoiding "giving
| anything back" were the goal they have fucked up on that.
| Regardless, the point is they could have pretty much done
| proprietary software and kept it for themselves too and
| no one would complain. It's not somehow a brilliant
| conspiracy to leech off of the measly volunteer base when
| they have paid the majority of development costs.
|
| P.S. you focus on ISO compliance. Could it be that the
| actual user base does not really care about it as much as
| the rest of the aspects of the compiler (features,
| correctness, performance) and thus deprioritized by
| everyone. I don't consider clang abandoned by Google or
| Apple.
| pjmlp wrote:
| What matters is actually who puts the effort into
| bringing clang into modern times, regardless of your
| opinion Github is there for tracking purposes, who
| contributes what.
|
| Also clang was only one example of who profits and who
| puts into the work, like the endless number of PhD
| students contributing to LLMV or MLIR.
| karparov wrote:
| Nobody forces those Ph.D. students to do that.
| pjmlp wrote:
| HR Person at cool startup: "Please show me your Github
| repos"
| tgma wrote:
| Yes, I just briefly clicked at the top contributors. As
| expected they are mostly not homeless PhD students. All
| big ones are employed or have been employed by
| Apple/Google/RedHat/SiFive/Sony, often multiple of those.
| (Did you actually look or just spreading your hunches?)
|
| If you think it's the long tail of endless contributions
| is what makes a production quality open source project
| like clang tick, well, we disagree...
|
| (In fact such PhD students are often the prime
| beneficiaries of the work by commercial companies,
| because they get to build their research stuff on top of
| LLVM.)
| thayne wrote:
| > I would also add that it indirectly kills the vast majority
| of programming jobs - nobody is ever going to get paid to
| create a JPEG decoder as everyone can just use libjpeg
|
| Looked at another way, open source means that instead of a
| bunch of programmers getting paid to write multiple
| implementations of the same thing over and over, so the
| programmers that otherwise would be doing that can instead
| work on new innovative things.
|
| In an ideal world, all software would be open source, and
| programmers would spend all their time improving said
| software for everyone. The problem is I don't know how those
| programmers would be compensated for their work. In many
| ways, open source software is a public good, since anyone can
| benefit from it[1], so an argument could be made that OSS
| should be publicly funded (i.e. paid for by government
| grants). However, I am doubtful that the government could do
| a good job of allocating resources to open source projects.
| Then again, I don't think the private sector is doing a great
| job of that either. Just look at how many resources are put
| into showing people ads.
|
| [1]: And it has the interesting property, that unlike most
| public goods, the cost does not scale with the number of
| people who use it, or have a limit on the number of people
| who use it.
| autopoiesis wrote:
| Isn't the solution to have much shorter copyright terms?
| Software could be closed source at first, its
| implementation costs recouped, then opened by default when
| its copyright term lapses. New releases could still be
| closed, so income could continue. Set the term at 5-10
| years, rather than >70.
| dpassens wrote:
| This doesn't really work for projects that want to be
| closed source, as they can just not publish the source.
| After the 10 years, people can copy the binary, but that
| doesn't really give you a whole lot of benefit.
|
| And if a project does want to be open source eventually,
| they can already license their code that way.
| autopoiesis wrote:
| Couple it with a generalized right to repair: source code
| is what's needed in order to be able to repair the
| software that you use. If beyond the support period or
| the copyright term (whichever is least), the materials
| needed to repair the product must be released.
| diffeomorphism wrote:
| No, you just make that a prerequisite for the software
| copyright. If you don't submit the code, you don't get
| the protection.
|
| Same idea as for patents vs trade secrets.
| globular-toast wrote:
| But you'd also need some way to stop derivatives becoming
| copyrightable again. Currently the only way to achieve
| this is copyleft licences.
| z3phyr wrote:
| But it is anti-alternative. It discourages alternative ways
| to do things.
|
| This is bad in the long term because alternative ways of
| doing things open other avenues of investigation and
| development.
|
| But all we get are improved versions of hammer when
| everything is made out as a nail.
| williamscs wrote:
| OSS isn't anti-alternative at all? Just because you don't
| pay for the software doesn't mean there's no competition.
|
| Even well-established software can have meaningful
| alternatives. Look at ripgrep. While it hasn't replaced
| grep as a distro default, it's still being used by folks
| that find it a better solution for them.
| oriolid wrote:
| Don't you remember how hostile people were to ripgrep
| just because ag or find + xargs + grep existed? Or the
| same with meson because cmake exists and cmake because
| autotools exists? Or systemd or clang? It takes an
| unusualy stubborn person or strong corporate backing to
| actually create an alternative to an established open
| source project.
| AAAAaccountAAAA wrote:
| I wouldn't be a good way to spend money and resources to
| rewrite things like jpeg decoders again and again. It would
| not help to make the final product any better, but just
| siphon the money off from more worthwhile purposes.
|
| Companies make billions? Good. It's time to tax them and use
| the money for the benefit of everyone.
| exe34 wrote:
| > nobody is ever going to get paid to create a JPEG decoder
| as everyone can just use libjpeg.
|
| if there's no technical reason why libjpeg isn't suitable,
| I'd consider it a huge waste of human life to create another.
| if there is a good technical reason to build a new one, then
| somebody will do it for free or somebody will pay for it to
| be made.
|
| I think the system is working.
| InsideOutSanta wrote:
| As a generic rule, it's true that open source software
| increases the supply of software, which means that the value
| of software goes down.
|
| The reason this doesn't really matter in a truly noticeable
| way, and why I'm also not really concerned about AI taking
| programming jobs, is that demand for software is so much
| higher than supply. You can go to any random local small
| business, and within five minutes, you will identify software
| demand that is not being met adequately, or at all. They use
| Excel for their inventory and constantly have problems with
| it that need to be manually resolved. Their website doesn't
| work right and nobody knows how to fix the broken links. They
| have somebody who does paychecks by hand. One person is in
| charge of scheduling holidays in a shared calendar. And so
| on.
|
| These companies would pay developers to fix their issues if
| they could afford them. As programmers become more
| productive, whether that is by using open-source software
| instead of writing things manually, by using LLMs, or by
| other means, there is a downward pressure on salaries. But
| that doesn't mean that jobs disappear; it just means that
| more companies now have access to developers they could
| previously not afford.
|
| We make less money doing some in-house processes for a small,
| local business than writing a database for a multinational
| corporation. But on the upside, we improve the lives of
| people who actually matter, rather than making some
| billionaire even richer.
| agumonkey wrote:
| And I ironically think that if you want to fix the open
| source you end up creating a good old economy.. where people
| don't give, but negotiate an exchange apriori so they know
| they won't be disappointed after the fact.
| matt-p wrote:
| I think killing software jobs is a bit of a silly argument,
| it's not a better world that we've got 1,000 closed source
| jpeg decoders rather than one excellent open source one.
|
| What I do find massively problematic is that the developers
| of the open source ones often aren't paid. That should be
| impossible, companies are profiting off of free labour and
| that's wrong. If anything open source developers should get
| paid more per accepted PR, they provide more value and
| probably better quality code.
| nickpsecurity wrote:
| "nobody is ever going to get paid to create a JPEG decoder as
| everyone can just use libjpeg. Nobody is ever get paid to
| write a new kernel as everyone can just use Linux. Very few
| people are going to get paid to work on a new database as you
| can just use Postgres..."
|
| There's still many paid offerings for databases, operating
| systems (esp RTOS's), and image processing. That includes
| libraries. The companies are usually profitable with some
| making a fortune on the products. Quite opposite of what you
| said.
|
| The question you should ask is: why?
|
| Next question: how do I use those lessons to sell and give
| away something like OpenBSD?
| flossDaily wrote:
| Seems like the economics works better than 99% of our society
| does. The point of the economy is not to produce jobs, it's
| to circulate goods and services. Open source does this more
| efficiently in the long term. The American (or globalized)
| economy is mostly inefficient and irrational outside the
| perspective of shareholders and investors. Unfortunately,
| those same people will make us commit mass suicide before
| allowing the basis of resource management to change.
| tonyhart7 wrote:
| "hardware vendors should open up their source"
|
| this doesn't make sense, how can you expect hardware companies
| to do this, where the moat???
| mrweasel wrote:
| It's not as bad as it used to be, but one moat some companies
| had was "excellent support for Linux/Unix/BSD". Until CUDA no
| one in their right mind would buy Nvidia for their Linux
| workstation, just like you'd avoid certain Broadcom wireless
| chips.
|
| Hardware companies need their devices supported by as many
| operating systems as possible, especially if those devices
| can be used in servers, desktops less so. Apple is pretty
| much the exception.
| tonyhart7 wrote:
| having support for linux != open source their shit
|
| You can still support linux while still having closed
| source
| surajrmal wrote:
| Source code is often still very confusing without
| accompanying documentation. A weird cryptic series of
| register writes with random values makes it difficult to
| really understand what's going on.
| jillesvangurp wrote:
| It's not the foundation that does the work but developers. With
| that kind of budget, the foundation is just administrative
| support. They aren't employing a lot of developers. Many
| developers are employed of course. Partially by those same
| fortune 500 companies that you mention.
|
| Open source is a pragmatic arrangement where developers
| embedded in the industry can collaborate and share code; often
| explicitly supported by the companies they work for. It has
| worked very well for decades and there's no urgent reason to
| change anything.
|
| For example, Damien Miller, who puts in a lot of time on
| OpenSSH, is employed by Google. Employing key contributors is
| how the industry supports OSS.
| KerrAvon wrote:
| Yes. What's interesting is that this corporate software
| engineering socialism isn't new with modern open source. It
| dates back to the earliest operating systems for IBM
| mainframes.
|
| See: https://en.wikipedia.org/wiki/SHARE_Operating_System
| jorvi wrote:
| > For example, Damien Miller, who puts in a lot of time on
| OpenSSH, is employed by Google. Employing key contributors is
| how the industry supports OSS.
|
| Yeah that's just confirmation bias. How often do we read
| about key open source libraries that are being maintained by
| one random dude in his free time, said dude's free time dries
| up, and suddenly everyone is in panic mode on how to get
| funding to him.
|
| It'd be much nicer if every tech company above X amount of
| yearly revenue would be required to kick in 1.0% (0.1%?
| 2.5%?) of their profit into a foundation. That foundation
| then would put out bounties or contracts for open source
| project maintainers. The priority (= monetary value) of these
| would be decided on by a mix of community voting, open source
| expert panel, and commercial interest, split 1/3 / 1/3 / 1/3
| .
| jillesvangurp wrote:
| There's a long tail of stuff that isn't paid indeed but I
| don't think this is confirmation bias. I maintain a few
| things myself actually. The thing is, I'm not actually
| expecting to get paid.I think you are underestimating just
| how many OSS developers have steady jobs and over
| estimating the urgency of the issue. I don't think the
| crisis you are outlining actually exists. But I'm sure
| there are individuals who'd like to get paid more for
| whatever they are doing.
| jorvi wrote:
| I mean, the XZ backdoor happened because the main
| developer was overworked and burned out[0]. Stuff like
| this happens all over the OSS sphere, its just that its
| usually on less-critical projects. AFAIK, Heartbleed also
| sat unnoticed in OpenSSL for years because it was no
| one's full-time job to care.
|
| If you were paying someone to full-time maintain XZ or
| Heartbleed, or whatever, it would have their singular
| attention.
|
| [0]https://www.mail-archive.com/xz-
| devel@tukaani.org/msg00567.h...
|
| > I haven't lost interest but my ability to care has been
| fairly limited mostly due to longterm mental health
| issues but also due to some other things. Recently I've
| worked off-list a bit with Jia Tan on XZ Utils and
| perhaps he will have a bigger role in the future, we'll
| see.
| dimal wrote:
| This seems reasonable, but my concern is that the money
| would not do much good. It could simply lead to a more
| powerful bureaucracy that prioritizes its own survival
| instead of it's original mission, like what seems to have
| happened with the Mozilla or Wikipedia foundations. More
| money doesn't always solve problems. It can simply create
| new problems.
| _flux wrote:
| > By creating OpenSSH and the fact all fortune 500 companies
| use it
|
| It was a fork of Tatu Ylonen's SSH, so I think it would be more
| accurate to call it forking, not creating.
|
| Of course, they've created a lot of new code as well since
| 1999.
| alecco wrote:
| From a fork of an old version that was still open source, the
| OpenBSD team audited every single line and rewrote most of
| it, AFAIR.
|
| https://www.openssh.com/history.html
| traceroute66 wrote:
| > It is time these companies really give back.
|
| I'm not going to sit here shilling for the corporates, but at
| the same time I think you need to put yourself in their shoes.
|
| The stance you are taking is essentially the same as if a
| chugger stops me in the street and asks me to sign up to
| regular donations to $charity because "its only $1 a month". To
| which the inevitable answer is "sure, and there are a gazillion
| other charities, so I'm supposed to give $1 to all of them
| because its 'only' $1 a month" ? I will choose which charities
| and how much to donate to on my terms, thank you very much.
|
| And its the same with corporates and open-source. Your
| favourite pet-project might be OpenBSD and you might think
| $evilCorp should give more to them ? But what about all the
| gazillion other pieces a typical $evilCorp will use ? OpenSSL ?
| curl ? ping ? traceroute ? In your idealistic world a corporate
| would give $1m to each of them I guess ?
|
| The fact is the corporate lawyers know you've released your
| software on open terms. I'm sure they would be happy to buy an
| OpenBSD license ... but OpenBSD made their bed, as it says on
| their website "OpenBSD policy is simple -- OpenBSD strives to
| provide code that can be freely used, copied, modified, and
| distributed by anyone and for any purpose. "
|
| And before you say "well, they could donate instead of buying
| licenses" ... let's just say you would be naive. Buying
| licenses is a "simple" standardised procurement exercise in
| most corporates. Meanwhile giving donations typically is a far
| more bespoke process involving far more administrative burden.
| And the smaller the recipient of the donation, the more admin
| burden required.
|
| As others have pointed out $evilCorp does contribute indirectly
| to open-source. Many of the core maintainers and contributors
| to open-source are employed by $evilCorp and file their PRs to
| the open-source projects on their employer's dime, often whilst
| sitting in their employer's offices, using their employer's
| computers and infrastructure.
| formerly_proven wrote:
| E-Corp typically has support contracts with vendors like Red
| Hat which in turn employ developers.
| danlitt wrote:
| > I will choose which charities and how much to donate to on
| my terms, thank you very much.
|
| Indeed. The observation is that generally for most
| corporations the charities are "nobody" and the amounts are
| "$0". If you, an individual, behave this way then you're a
| bad person. The argument is merely that the corporate
| "people" are also being bad people.
|
| > In your idealistic world a corporate would give $1m to each
| of them I guess?
|
| Why make this ridiculous strawman? If we said "some
| reasonable amount, distributed among their dependencies" why
| is that unreasonable? Do we have to draw out the whole
| picture before these people even attempt to consider what a
| reasonable contribution could be?
|
| > The fact is the corporate lawyers know you've released your
| software on open terms.
|
| Yes, and corporate parasites will therefore extract the
| maximum value while providing the minimum in return. History
| repeats itself.
|
| > Buying licenses is a "simple" standardised procurement
| exercise in most corporates.
|
| If you think about this for a few seconds you will realise it
| is not a good excuse. If ping/openssl/whatever had a
| "recommended contribution" listed on their "corporate
| licensing" page, then there is no administrative burden
| required whatsoever. You just pay whatever they ask, same as
| a license. You think the price is too high? Make up one.
|
| So why is there a high administrative burden? Simply, because
| corporates themselves place a high value on "paying the bare
| legal minimum". In other words, they over-value the virtue of
| being cheap and unsociable. If your reaction to this is
| "that's just how business is", then good for you: according
| to your understanding, business is antisocial, and should be
| discouraged.
| ekianjo wrote:
| The beauty of FOSS is that it does not ask for anything in
| return (the 4 freedoms). That's exactly why things get adopted
| in the first place. Because you are free to use them as you see
| fit, which is why Fortune 500 companies use them in the first
| place.
| globular-toast wrote:
| > It is time these companies really give back.
|
| Our system rewards those who take as much as they can and give
| as little as they can. The tradeoff here is that each entity
| having a certain amount of freedom makes us happier since we
| can be different and choose to allocate our resources in
| different ways. But asking corporations to give back when they
| don't have to is like asking your neighbours to pay more tax
| because the roads need repairing.
|
| You can't appeal to individuals, so the solution is simply to
| raise the bar on what that minimum is. The way to do that with
| software is to use copyleft licences. Support copyleft projects
| in any way you can and reject permissively licensed projects
| where possible. If we had stuck with copyleft we'd be so much
| better off.
| voidfunc wrote:
| > It is time these companies really give back.
|
| There's no reason for them to do so while maintainers continue
| to be willing to work for free and governments take a lax stand
| on security breaches.
| brynet wrote:
| In addition to work pioneering privdrop/privsep design for
| network daemons, and the almost ubiquitous adoption of
| pledge(2)/unveil(2) across the base system, I think people are
| missing out on much more recent mitigation work, such as
| mimmutable (which Linux is just beginning to land with mseal), on
| OpenBSD, most of a programs static address space (.text/ld.so's
| .text/.bss/main stack) is now automatically immutable.
|
| There's also execute-only memory and BTI/IBT on modern Intel/AMD,
| and ARM machines, enabled by default. Including a significant
| amount of ports development work to make the larger software
| ecosystem ready for this.
| saagarjha wrote:
| Execute-only memory on ARM is a footgun (bypasses PAN); Linux
| and macOS both block it. OpenBSD probably should too.
| brynet wrote:
| Why? OpenBSD seems to think execute-only in userland is
| important. We've had SMAP on x86 for many years, it helped
| fixed bugs early, these bugs are rare now, so why is everyone
| concerned about kernel accesses that aren't using copyin(9)?
|
| EPAN is already supported, hardware is now arriving, it's
| used if available, but the idea that execute-only was less
| important than PAN was probably misguided.
| crest wrote:
| How does execute only memory disable privileged access never
| memory? The bigger problem I expect is the overhead of
| loosing PC-relative loads unless the hardware still allows
| these as instruction fetching related? Would you have to
| dedicated one of your 31 GPRs as the table of contents
| pointer similar to PowerPC's ABI (e.g. sizeof(void( _)(void))
| == 2_ sizeof(void *))?
| eru wrote:
| > Random-data memory: the ability to specify that a variable
| should be initialized at load time with random byte values
| (placed into a new ELF .openbsd.randomdata section) was
| implemented in OpenBSD 5.3 by Matthew Dempsky.
|
| What's the use case for this?
|
| EDIT: further down is one example:
|
| > RETGUARD is a replacement for the stack-protector which uses a
| per-function random cookie (located in the read-only ELF
| .openbsd.randomdata section) to consistency-check the return
| address on the stack. Implemented for amd64 and arm64 by Todd
| Mortimer in OpenBSD 6.4, for mips64 in OpenBSD 6.7, and
| powerpc/powerpc64 in OpenBSD 6.9. amd64 system call stubs also
| protected in OpenBSD 7.3.
| ephaeton wrote:
| I suppose: Sometimes things work fine with the implicit default
| value that you end up with. So this will cause problems when
| you forget to initialize values to expected sane defaults.
| brynet wrote:
| https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib...
|
| Many things, retguard uses this for per-function random
| cookies, for instance.
|
| The bootloader uses this mechanism to pass data to the kernel.
|
| https://www.openbsd.org/papers/hackfest2014-arc4random/mgp00...
| ndesaulniers wrote:
| I would imagine that the use of uninitialized locals could no
| longer be deterministically used to exploit a program.
| Joker_vD wrote:
| Perhaps one day the OpenBSD folks will figure out how to
| completely prevent user programs from making syscalls. It seems
| they are mostly there but still not quite. Please don't mention
| WASM in your replies.
| ori_b wrote:
| It's rather hard to do anything useful if you disable i/o.
| Joker_vD wrote:
| Precisely! And yet they make it really hard for my shellcode
| to do anything useful for some reason, ugh.
| ori_b wrote:
| Since the only way a program like that would be interacting
| with the environment via a side channel, it'd be equivalent
| to not running the code at all.
|
| As a result, you can disable all syscalls for your program
| with one simple request: 'exit()'
| yjftsjthsd-h wrote:
| Are you referring to their only allowing syscalls from libc?
| Because AFAIK that's fully functional already?
|
| Or if you're trying to solve a problem, what are you doing that
| pledge() doesn't cover? For that matter WASM.... would do that,
| so why not use it?
| yapyap wrote:
| wow, 25+ years later and ipv6 is still not fully integrated
| daneel_w wrote:
| What? I think you misread. The IPv6 stack was "almost fully
| operational [already] by june 1996".
| 4ad wrote:
| OpenBSD was the first system with an IPv6 stack.
| eqvinox wrote:
| Have they implemented ISO C11 _Thread_local yet? It's been the
| number one annoyance1 with porting software to OpenBSD. It is
| (was?) the only mainline OS without support for native thread-
| local storage.
|
| 1 e.g.
| https://github.com/FRRouting/frr/blob/3f290c97e8325bd9db9363...
| fuhsnn wrote:
| I believe their system clang support it with -femulated-tls.
| eqvinox wrote:
| Pretty sure we tried that and it didn't work, but that was at
| least 2 years ago... time to retry I guess.
|
| Emulated TLS isn't particularly great though in any case :/
| p_ing wrote:
| carp is one of my favorite things to come out of OpenBSD. It's
| awesome combined with HAProxy. I really enjoyed managing that
| system.
| sillywalk wrote:
| I also like OpenBSD's release art/songs.
|
| "Hello, I'd like to by a CARP license please."[0]
|
| [0] https://www.openbsd.org/lyrics.html#35
| ksec wrote:
| I wonder if we could get router based on OpenBSD.
| jamal-kumar wrote:
| It does the job great with the default install as long as
| you're comfortable with the console but if you're talking
| something with a web interface like what pfsense/opnsense on
| freebsd, there was one out of Sweden I think it was for a while
| that fizzled out called securityrouter. Nowadays these are what
| I've seen (But not tested):
|
| https://github.com/sonertari/PFFW
|
| https://github.com/sonertari/UTMFW
| alpn wrote:
| yes we can - https://www.openbsd.org/faq/pf/example1.html
| kQq9oHeAz6wLLS wrote:
| I use OpenBSD as my router and have for years. Works great.
| muppetman wrote:
| A LOT of those innovations were first present in grsecurity/PaX.
| Back when it was freely available to everyone as well. I guess
| the arguments is the OpenBSD has them by default with needing a
| 3rd party patch, that's why they're claiming them as their
| innovations?
| kennysoona wrote:
| Yup! The idea behind Pledge/Unveil was first in Landlock also.
|
| > that's why they're claiming them as their innovations?
|
| I think they are just listing their specific implementations as
| innovations, their particular approach. Too many of what they
| list was definitely not an original idea, so they can't
| possible be suggesting otherwise. At least, I would hope not.
| ori_b wrote:
| > _Yup! The idea behind Pledge /Unveil was first in Landlock
| also._
|
| Landlock was released in Linux 5.13, in 2021. Pledge was
| released in OpenBSD 5.9, in 2016. As far as I'm aware, Pledge
| is the first of its kind.
| kennysoona wrote:
| Linux 5.13 was the first kernel release with Landlock
| incorporated, but the Landlock project is from 2016 also.
|
| I found the announcement email for Landlock posted to the
| lkml[1] where the author compares the project to Pledge.
| There's also his talk[2] from 2016 if you're interested. I
| was certain landlock predated pledge, as I thought the
| website or earliest talk was from late 2015, but I am less
| certain now, indeed I seem to have been wrong in my claim.
|
| As for either being the first, at the very least Seatbelt
| from Apple has a paper dated 2011[3] and was released with
| macOS 10.5.
|
| [1] https://lwn.net/Articles/700607/
|
| [2] https://archives.kernel-recipes.org/document/landlock-
| lsm-un...
|
| [3] https://www.ise.io/wp-content/uploads/2017/07/apple-
| sandbox....
| brynet wrote:
| OpenBSD's pledge(2) was first talked about publicly as
| tame(2), and was presented in at FSec 2015, it was
| renamed pledge(2) as mentioned on the OpenBSD 5.9 page.
|
| https://www.openbsd.org/papers/tame-fsec2015/
|
| https://man.openbsd.org/OpenBSD-5.8/tame
|
| https://www.openbsd.org/59.html
| kennysoona wrote:
| I thought I had remembered something from Landlock from
| 2015 also, but can't find anything supporting that. The
| first version referenced is v7 or v0.7, so it's possible
| there was a talk for v0.1 or something that isn't online
| anywhere.
|
| I'll concede that's less likely and I'm probably just
| wrong and misremembering though.
| brynet wrote:
| > The idea behind Pledge/Unveil was first in Landlock also.
|
| This is so plainly, and verifiably untrue, that it's almost
| funny. The patch series and kernel commit adding Landlock to
| the Linux kernel even references OpenBSD pledge(2)/unveil(2)
| as a source of inspiration.
|
| https://github.com/torvalds/linux/commit/17ae69aba89dbfa2139.
| ..
|
| https://lore.kernel.org/linux-security-
| module/20210422154123...
| kennysoona wrote:
| > This is so plainly, and verifiably untrue, that it's
| almost funny.
|
| I just found that email and the talk for the project myself
| and noted the author referenced pledge in another comment,
| but thought that could be due to the earlier OpenBSD
| release having gotten press, making it useful as a point of
| comparison.
|
| I had honestly thought the landlock website or an earlier
| talk had pre-dated the release of OpenBSD 5.9, but I appear
| to have been wrong about that.
| gtirloni wrote:
| Incredible. I wonder what's the debugging experience for userland
| developers with all these security features enabled (especially
| the memory randomization ones).
| bentley wrote:
| My general experience has been that it's great at turning rare
| crashes into frequent crashes, which are much easier to fix.
| fc417fc802 wrote:
| Can't you launch the debugger as root and attach to the
| process? Which is to say, I'd expect the experience to be
| approximately the same.
|
| Alternatively, debug in a VM where the security features are
| disabled.
|
| > especially the memory randomization ones
|
| I have never once relied on memory addresses being reproducible
| between program runs. In an era of ASLR that seems like a
| really bad plan. Plus multithreading breaks that for malloc'd
| stuff anyway.
| sidkshatriya wrote:
| I am guaranteed to get grief on this but an anti-Innovation in
| OpenBSD (so obsessed it is about security) is to use an unsafe
| language like C everywhere in kernel and user space.
|
| The implementation of OpenBSD predates many safer systems
| languages but I think OpenBSD should now start moving to a
| checked variant of C or a safer language like
| Rust/OCaml/Odin/Zig/Something else.
|
| The conversion can start with some OpenBSD user space programs. I
| notice a steady stream of C related security fixes in the OpenBSD
| changelog. Many of these could have been probably avoided if the
| implementation language was more "safe" by default.
|
| I doubt that this is going to happen but I think it is fair to
| point out that using C does give you some additional security
| headaches by default.
| chicom_malware wrote:
| Theo has addressed this directly. I cannot find the video at
| the moment - it is _somewhere_ on YouTube - but his response
| essentially is okay, so where is 'cat'? Where is 'grep'? Where
| is Korn Shell?
|
| Everyone is busy jumping up and down and bitching about
| reinventing the wheel in Rust but no one has even taken the
| time to rewrite the simplest of Unix tools in Rust.
|
| Not to mention OpenBSD has a rule that "base builds base" and
| the Rust compiler is a bloated monster that would fail that
| most basic task.
|
| So where is the benefit?
| fc417fc802 wrote:
| The worst part is when you come across something advertised
| as a replacement and it does something like 80% to 90% of
| what the original does with a WONTFIX for the rest. That can
| certainly be a valid choice in some cases, but for core
| tooling it's not realistic to expect widespread replacement
| to happen in that scenario.
| ptman wrote:
| https://github.com/uutils/coreutils
|
| Parent wasn't about rust specifically. Just something safer
| than C
| oguz-ismail wrote:
| > uutils
|
| Under development for longer than a decade and still
| unstable
| tazjin wrote:
| The website says "production ready" for their coreutils.
|
| Maybe catching up to 40+ years of development takes a
| little bit of time?
| dpassens wrote:
| > Maybe catching up to 40+ years of development takes a
| little bit of time?
|
| Sure. But that's not OpenBSD's problem, is it?
| IcePic wrote:
| Which is the point. 40 years of development is 40 years
| of development.
| dijit wrote:
| "put up or shut up" is a valid response.
|
| Someone is "putting up", just need _someone_ to merge
| uutils and the OpenBSD kernel to see what it starts to
| look like.
|
| Maybe this is the next part of the "put up or shut up"
| mantra- but we're getting closer.
|
| The parents irony is not lost though. C and perl are both
| quite dangerous in their own ways, lots of implicit
| assumptions; its ironic that a safety focused operating
| system would lean _in_ on those languages.
| sillywalk wrote:
| >no one has even taken the time to rewrite the simplest of
| Unix tools in Rust.
|
| "The uutils project reimplements ubiquitous command line
| utilities in Rust. Our goal is to modernize the utils, while
| retaining full compatibility with the existing utilities."
|
| https://uutils.github.io/
|
| https://github.com/uutils/coreutils
| dazzawazza wrote:
| "We are planning to replace all essential Linux tools."
|
| It would be nice if they commit to replacing more than just
| Linux tools. There are numerous quirks/additions to the GNU
| utils that the BSDs don't want or need.
| saagarjha wrote:
| lol? These have been rewritten several times by various
| people, it's almost a meme at this point to make "x utility
| but in Rust".
| radiator wrote:
| It will not be Rust, since this has not happened after so
| many years of Rust existing. It will be some other language.
| LAC-Tech wrote:
| _so where is 'cat'?_
|
| https://github.com/sharkdp/bat (Haven't used this one, but
| it's pretty popular)
|
| _Where is 'grep'?_
|
| https://github.com/BurntSushi/ripgrep Use this one often.
| It's fast af to search a directory of source code.
|
| _Where is Korn Shell?_
|
| https://fishshell.com/blog/fish-4b/ Fish is now entirely in
| Rust, very popular, and to be frank basically a step above
| bash or ksh.
| oguz-ismail wrote:
| None of these is a 1:1 replacement.
| nickpsecurity wrote:
| Of alternatives, I think Zig is closest to what they like. It's
| small, easy to maintain, has great tooling for C, and already
| used for high-reliability (TigerBeetle). I don't know if its
| portability is as good as they like, though.
| alberth wrote:
| While I totally agree, OpenBSD has a goal to run on some legacy
| & esoteric hardware.
|
| Hardware that isn't supported by many of these "newer & safer"
| languages.
| renox wrote:
| Well Rust has the most momentum, but going from C to Rust is
| quite a jump.
|
| Zig isn't even 1.0. Odin,DasBetterC have not much uptake.
|
| OCaml has a GC which is a non-starter for kernel, it could be
| used in user space sure.
| alberth wrote:
| Does OpenBSD still have a giant lock?
|
| Genuinely curious, and it's been years since I've looked at it.
| saagarjha wrote:
| I still see spl references so I think so?
| daneel_w wrote:
| Most of that is gone and the performance upswing is very
| noticable. A little bit of work remains.
| alberth wrote:
| > It turns out that all the OpenBSD locks boiled down to a
| global netlock rw lock for the entire IPv4/IPv6 stack.
|
| I guess addressing the network stack is work that still
| remains?
|
| https://news.ycombinator.com/item?id=40076376
| daneel_w wrote:
| A lot of the network stack has been unlocked (and
| parallelized) already. There are probably a few bits left
| to untangle in there. In my own experience, depending on
| what driver/MAC is used, the network performance has on
| average doubled in the last two years.
| IcePic wrote:
| It has, and it is used less and less. Not sure if any OS never
| does it anywhere, but the important part is to remove it from
| all "hot paths", not to remove it where its not relevant.
|
| Can't say if they still do, but FreeBSD for the longest time
| used to list the floppy driver being one of the modules using
| GiantLock and that was a problem for what I guess was about
| zero people.
|
| But if one asks fbsd devs if they still have it, they would
| have to answer yes, even if the rest of the OS runs super great
| without locks anywhere else, so the binary question of "is
| there somewhere something that for some time could possibly
| call the giant lock" isn't very interesting, but rather "will
| it do it for the tasks I imagine I will run on my machine?" and
| that would have to be a more fine-grained question with some
| research, just like the locks in the kernels are getting more
| and more fine-grained.
| snvzz wrote:
| I am hopeful for got (game of trees).
|
| OpenBSD still uses CVS, and I suspect its development will
| benefit greatly (actually accelerate) from the switch, once it
| eventually happens.
| snvzz wrote:
| It also leads the BSDs in RISC-V support.
| hackernoops wrote:
| Big respect to OpenBSD. Now all it needs is a FS with ZFS's core
| capabilities and it'll be almost perfect.
| agent327 wrote:
| Position-Independent Executables (and ASLR) were used by AmigaOS
| back in 1985. It had to, since the Amiga lacked an MMU, and had
| very little memory, so anything that was loaded had to be placed
| at whatever ram was available.
|
| It didn't need the executable to end up in a single block either,
| every individual section could end up in a different location.
| Compilers produced large numbers of sections to facilitate this
| process.
| amiga386 wrote:
| That's not what's meant by PIE though. It means the code can
| appear at any address and still be valid.
|
| Amigas could, of course, have position-independent code. Use
| BSR and BRA rather than JSR and JMP; use LEA label(pc),A0 /
| MOVE.L (A0),D0 instead of MOVE.L label,D0 .. but the limits for
| PC-relative addressing are +/- 32k so you need to get creative
| to reach code or data further than that.
|
| More commonly, Amiga executables had _relocs_ , a list of
| fixups to apply. The code on disk in each hunk was written as
| if all hunks were loaded at address 0. There was then a list of
| relocations at the end of each hunk, saying what offsets in
| that hunk need the base address of another hunk (including
| themselves) added there, to fixup the absolute address
| reference.
|
| This is _relocatable_ code, but not _position independent_
| code. If I used an MMU to make that relocated code appear at
| another address, all its absolute addressing would be wrong at
| that new address.
|
| Position-independent code can be shared by multiple proceeses,
| and appear anywhere in their address space, while only existing
| once in memory
| Joker_vD wrote:
| Well, PIC, as it commonly is done nowadays (via PC-relative
| addressing), requires the static/global data it references to
| be postioned at very specific offset from it. Which prohibits
| one not only from e.g. putting in 16 GiB away (why would you
| actually want this?) but also from having unduly large code
| modules -- x64 only provides +-2GiB for PC-relative
| addressing so you'd have to use some sort of indirection
| scheme anyhow.
| IcePic wrote:
| Well, resident programs (actual Pure residents in AmigaOS)
| would be like PIE, though that came a bit later, and gave the
| same effect, several programs could run the same code with
| different set of registers, and all data was pointed to by
| registers and no globals.
| Alifatisk wrote:
| For someone who's interested in getting into any *BSD, which
| should I go with? OpenBSD or FreeBSD?
| bell-cot wrote:
| What's your use case?
|
| (FWIW, there several other *BSD's.)
| Alifatisk wrote:
| I don't have any specific use case yet, I'm planning on
| having a little server at home. Things I'll use it for is
| hosting small apps, local dns server, monitor our LAN and
| maybe act as a host for multiplayer games.
| p_ing wrote:
| What games? Few multiplayer servers, if any, would run
| natively on a BSD.
|
| Unless you're spinning up a MUD.
| Alifatisk wrote:
| Well for starters, I'm thinking of hosting a Minecraft
| server for my friends when we're bored
| p_ing wrote:
| In theory:
|
| https://minecraft.wiki/w/Tutorial:OpenBSD_startup_script
| Alifatisk wrote:
| Thanks
| homebrewer wrote:
| FreeBSD is much more similar to Linux (you'll feel right at
| home in a few hours of practice), usually performs better,
| supports more hardware, includes full ZFS support
| (including root-on-ZFS -- and several FreeBSD developers
| work on ZFS full time), has decent compatibility with Linux
| binaries, and more software in the ports.
| dilippkumar wrote:
| I use OpenBSD. I love it, but I recommend reading warnings on
| the label.
|
| I would say FreeBSD is somewhat like Ubuntu is to Linux - easy
| to get setup, works for more people.
|
| There isn't anything like OpenBSD in the Linux world - where
| the primary focus is system correctness, even at the cost of
| user convenience at times.
| bell-cot wrote:
| For those interested in _actually_ supporting some of this work:
|
| https://www.openbsdfoundation.org/donations.html
|
| https://www.openbsd.org/donations.html
| teddyh wrote:
| > This is a list of software and ideas developed _or maintained
| by_ the OpenBSD project
|
| (Emphasis mine.)
| YesThatTom2 wrote:
| John Ioannidis (first name on the list... IPsec) passed away a
| few weeks ago and almost nobody noticed.
|
| I attended a memorial on Zoom and people said he also created the
| building blocks that permitted Mobile IP (IP on your cell phone)
| to work.
| StatsAreFun wrote:
| Oh wow, I was not aware of his passing! Thank you for sharing
| that information. RIP John :(
| mmooss wrote:
| Thank you for letting us know. Have you tried to submit
| something for the front page?
|
| If you knew John, then my condolences. We're all using the
| things he built, every day.
| knorker wrote:
| W^X is only true in an extremely narrow sense. They said they
| were first, and that it cannot be done on x86. Which was a
| surprise to me, having run it on multiple Linux architectures,
| including x86, for years with PaX or grsec.
|
| Then I guessed they looked around, and saw oh we can do it on x86
| too, the pax way.
| arnejenssen wrote:
| Off topic: I'm wondering why OpenBSD pages (and many "*ux") just
| uses basic HTML with no styling or CSS?
|
| Typography matters for readability. For the minimum get a decent
| line height and limit the line length to 60-ish characters.
|
| Are OpenBSD not taking (potential) users seriously? User
| experience matters, and the readability of the docs is part of
| the UX.
|
| (sorry for the rant)
| gkbrk wrote:
| That page uses CSS though. Maybe we're looking at different
| view-sources.
|
| And for readability I already have my browser set up with my
| favorite fonts and font sizes and background/foreground colors.
| How can I expect every website to guess my preferences
| perfectly, as opposed to all the other people with different
| preferences. So I just set it up one time in the browser UI and
| it just works everywhere.
|
| If a user is not able to navigate a font/color selection UI but
| wants to give technical advice to the OpenBSD team, I think
| it's that user not taking OpenBSD developers seriously.
| quotemstr wrote:
| Yet they can't manage a unified page cache like every other OS on
| the planet? I'll be more receptive to the concept of OpenBSD
| innovating when their virtual memory subsystem gets over Reagan
| leaving office.
| ZevsVultAveHera wrote:
| They forget to list The0's comebacks
___________________________________________________________________
(page generated 2025-02-23 23:00 UTC)