I love how easy it is to be a part of FreeBSD:
Open a account at https://bugs.freebsd.org/bugzilla/
Go to https://portscout.freebsd.org/ and find your outdated port (or port without maintainer (ports@freebsd.org))
Update port (makefile) open a bugreport add your diff and that's it...or ask to take additionally maintainership of that port.
From the release notes, it appears this may be the last release with i386 / 32-bit Intel x86 (as well as 32-bit armv6 and PowerPC) support.
“FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries.“
Probably 14.3 will be the last release with i386. But yes, 14.x will be the last major branch with i386.
Surprised that armv7 will be getting 32bit support but not x86. I know arm is huge, but it's platform support is also fragmented compared to an x86 box. Can anyone share some more info on this?
Also surprised they are cutting Power. That is one of the 4 platforms RHEL supports.
There's an industrial computer chip using ARM9 (aka: ARMv5 !!!!), let alone ARMv7.
https://www.microchip.com/en-us/product/sam9x60
This was released in the year 2020, for example, the latest Atmel SAM Microprocessor. While ARM9 / ARMv5 is abnormally out-of-date (lol Nintendo DS was ARMv6), its still getting new chips even today.
ARMv7, consisting of Cortex-A5, A7, and similar chips, is also similarly widespread today. I don't know how much FreeBSD support there is but I can think of multiple chips that have been made in the past 5 years that are still 32-bit ARMv7.
In an embedded world that still buys 8-bit computers, 32-bit is a luxury and 64-bit is just too much.
----------
I'm only familiar with these chips from a Linux perspective however. But I have to imagine that some FreeBSD fanboi is hard at work porting FreeBSD to them!
EDIT: Lets see.... https://www.freebsd.org/platforms/arm/
Oh snap, Xilinx Zynq7 family. Yeah, that will do it. That's an extremely common chip (FPGA + ARMv7 / Cortex-A9).
> ... some FreeBSD fanboi is hard at work porting ...
Or developers.
Aside from 32-bit arm being used in more small embedded systems, I think it has 64-bit time_t. One of the reasons for killing of i386 is the Y2038 issue.
> Also surprised they are cutting Power. That is one of the 4 platforms RHEL supports.
They're cutting 32-bit Powerpc. It looks like powerpc64le support remains in FreeBSD14.
I have 2 ARMv7 boards sitting on my desk. They're still extremely common in industry.
Which ones? ... If you don't mind me asking? At least the microprocessor if you can't tell me the board :-)
I was introduced to FreeBSD (v3.3) in the late 90s by /user?id=gjvc. I bought the CD set and the FreeBSD Handbook in paperback format from The FreeBSD Mall.
I was too young to appreciate it back then, but now in my mid-40s I find myself hankering back to those early days for me. It's a shame that some cloud providers like DigitalOcean and Hetzner have dropped native support for FreeBSD as base operating systems for their VPSes. I think this release will be the turning point for me getting back into FreeBSD after too many years away.
Thanks to the FreeBSD release team!
Yup.. FreeBSD was awesome becausethe FreeBSD handbook has always been top notch. It covers everything you need to install and administer FreeBSD + many of its packages
My early FreeBSD moment was when I had a cable modem, and you were able to download one or two boot floppies. After you booted them up, you could install the entire OS from the network. No CD needed.
I assume it just downloaded everything straight from FTP servers.
Oh, look who has a fancy cable modem! Back in my day, we had to do it with 14.4 kbaud modems (really) after walking to school, uphill both ways in the snow (not really).
I would guess you had a 14.4 kbps modem operating on 9600 baud.
https://tornadovps.com/ (formerly prgmr) has first-class FreeBSD support. I've been with them since 2011.
The problem with FreeBSD is that it couldn't keep up. No containers or VMs (jails and their homegrown HV don't cut it), fewer drivers, etc. It's great for some server use cases but I just couldn't do my work in FreeBSD. I did like it though, the docs and community are great.
They have had jails for 20+ years at this point. I would consider FreeBSD jails and containers on Linux equivalent at this point with overall the FreeBSD jails being better to manage if you do some scripting. The bhyve hypervisor, I haven't played with enough to form an opinion on.
Talking about hetzner, they write you an image on a USB-Stick and put it in your Server (at no cost). Since it's a real server i don't need any "native" support from them. Otherwise Oracle-Cloud or Vultr.
But you are right, it's sad that hetzner dropped the "webinstall no hands-on" support.
I run freebsd on a hetzner cloud vps, don’t remember how exactly I did it but I think I uploaded the install medium to the server console. Wasn’t too much hassle iirc.
If you want to automate FreeBSD deployments on Hetzner Cloud you can try:
https://github.com/paulc/hcloud-freebsd
(Allows you to provision instances using either the hcloud utility/web uni with ssh key/user-data support)
If it's a FreeBSD VPS you're after, I'd suggest you give UpCloud a chance. I'm currently running a few FreeBSD VPSs on UpCloud and I have not run into any issues. It's kinda great!
Related:
FreeBSD 14.0 Release Information - https://news.ycombinator.com/item?id=38291436 - Nov 2023 (6 comments)
FreeBSD 14.0 has reached – RELEASE - https://news.ycombinator.com/item?id=38219578 - Nov 2023 (93 comments)
FreeBSD 14.0-RC1 Now Available - https://news.ycombinator.com/item?id=37881293 - Oct 2023 (17 comments)
FreeBSD 14.0-BETA2 Now Available - https://news.ycombinator.com/item?id=37532706 - Sept 2023 (7 comments)
I think a lot of the work for serving 800Gbps of TLS encrypted traffic from Netflix landed on FreeBSD 14.
Cant wait to see if they are doing 1600Gbps.
IIRC the limit right now is per CPU socket memory bandwidth and inter-socket bandwidth. There just isn't enough bandwidth available to treat dual socket Xeon or EPYC systems as a single node ans the networks colocating their appliances aren't able to steer connections to the NICs in the same NUMA domain as the NVMe storage holding the data users want.
Probably need to dig up those info, because I keep remembering they were on Dual Socket 64core Zen 3 with PCI-e 4 and DDR 4. The 128Core Zen4C with more memory channel and DDR5 should be able to push further.
When will the torrents be created and released?
https://wiki.freebsd.org/Torrents
EDIT: Looks like they're up now!
I tried out FreeBSD and loved it, between the documentation, cohesion, and the ports system.
Unfortunately, I need Docker for work on a few different projects -- one for Supabase migrations, and another project that's orchestrated (in development too) via docker-compose.
Highly recommend it otherwise.
You could run Docker in a Linux VM, which is what Docker Desktop does anyway. FreeBSD has Bhyve for this.
Having to use a VM for docker is no different than what MacOS users have to do and then at that point why not just use a Mac.
I do this and the only thing that sucks is that network speed is limited. Between host and guest I only get about 1.5Gpbs on a Threadripper 1950X.
NIC pass-through should work though, I already got NVMe pass-through working, so if I had a spare PCIe slot I'd do that with a 10G adapter.
Do you even need a VM? FreeBSD has linux binary compatibility.
I have a similar requirement and will be doing exactly this.
I've been running FreeBSD for homelab stuff for years now and the documentation is a huge pain point IMO. The handbook is okay, but beyond that it's pretty poor.
E.g. every single major upgrade in recent memory has shat the bed. There's always a new reason, at one point it's because I rolled past the 3AM deadline and the periodic scripts absolutely fucked freebsd-update. So this time around I thought it'd be nice to script the 13.x install so I'd have a nice repeatable process.
Except the documentation around unattended installs still references sysinstall (which was replaced eons ago) in some parts. After quite a lot of digging I realized the automation story is "roll your own ISO". Nothing that even comes close to kickstart or quickstart in Linux land (geee no wonder AWS adoption is fairly low).
So I dug into some stuff that would've made automated installs from a stock ISO easier, got a proof of concept working and fired off an email to one of the names on the current installer (which is still missing features from sysinstall!). And that's where the story ends. I'm ready to get off of this train, and were it not for ZFS I would've already bailed.
Don't get me started on the ports tree.
I would not run FreeBSD in a production environment without a good reason. If you're already tied to docker that's a great reason to stay with Linux.
> FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.
Sounds pretty future proofed unless I'm missing a x86 processor out there that does this
If you combine multiple CPU sockets, you could get there. EPYC, IIRC, supports up to 64 cores per chip, so if you build a machine with 16 sockets, you get 1024 cores. To my knowledge, no such machine exists today, but HPE offers (or used to, anyway) a machine with 32 Xeon chips, so its core count could well reach several hundred. (I may or may not be drooling at the thought.)
Intel® Xeon® Platinum 8490H Processor
Total Cores 60
Total Threads 120
Max Turbo Frequency 3.50 GHz
Processor Base Frequency 1.90 GHz
Scalability S8S
AMD EPYC™ 9754
# of CPU Cores 128
# of Threads 256
Max. Boost Clock Up to 3.1GHz
All Core Boost Speed 3.1GHz
Base Clock 2.25GHz
Socket Count
1P / 2P
> up to 1024
Curious where this (rather large, yet still seemingly arbitrary) limit comes from.
> Curious where this (rather large, yet still seemingly arbitrary) limit comes from.
It is Good Enough for now, while keeping various pre-allocated, statically created structures with-in reasonable size limits:
> Global and allocated arrays sized by MAXCPU result in excessive bloat on systems with lower core counts. In addition, some code used u_char (8 bits) to hold a CPU index, which is not valid if MAXCPU is greater than 256.
> A number of recent commits addressed these sorts of issues, including at least: […]
* https://cgit.freebsd.org/src/commit/?id=9051987e40c5
See:
> The SMP system now supports up to 1024 cores on amd64 and arm64. Many kernel CPU sets are now dynamically allocated to avoid consuming excessive memory. The kernel cpuset ABI has been updated to support the higher limit. 76887e84be97[1] d1639e43c589[2] 9051987e40c5[3] e0c6e8910898[4] (Sponsored by The FreeBSD Foundation)
* https://www.freebsd.org/releases/14.0R/relnotes/#kernel-gene...
Gotta have some limit, 4x the current limit of 256 seems reasonableish. Dual socket Epyc 9654 is 96 cores * 2 threads / core * 2 sockets = 384 threads. Intel says their Xeon Platinum 8490H can live on an 8 socket board[1], if you can find one (SuperMicro has one, no price listed [2]; not sure if this is really an 8 socket system, or if it's 4x dual-socket nodes in one chassis?); 60 * 2 * 8 = 960, so that's within the limit, and 8 socket boards are pretty difficult to find.
[1] https://ark.intel.com/content/www/us/en/ark/products/231747/...
[2] https://www.supermicro.com/en/products/system/mp/6u/sys-681e...
9754 is 128/256 now, so 256/512 for that.
That supermicro system is 8-way; it's 4 dual-socket motherboards but they're one system, hooked together by backplane boards. You can price supermicro's complete-system-only stuff (all of it now, alas) out on thinkmate or similar sites, but a minimal config (and you'd never buy that for a minimal config) hits around $60k.
Bitmaps for logical CPU cores and certain lock-free algorithms don't scale well to arbitrary high CPU counts e.g. reclaiming resources once in a while is O(n^2) or worse or the size of the lock structure is linear to the maximum number of cores etc.
The relevant parts of the ABI have been future proofed to allow raising the kernel CPU core count limit without breaking the syscall interface for systems with less cores than the existing limit.
"supports up to" doesn't have to mean "works well/optimally with".
I want to love FreeBSD, but there are some things I wished were easier. Like getting the firewall pf set up. When I install Debian with ufw I get a really nice starting ruleset that works well with IPv6 and good ICMP filtering etc. With FreeBSD I was confused for awhile about how to get IPv6 working with (the very powerful) pf, which you have to write a config file completely from scratch for. I was left with a lot of suggestions and snippets but struggling to dig through the man pages and set all the complex rules for which types of ICMP messages to filter, etc. I wish there was an easier way to get going with the firewall with a good ready-made pf.conf file for a web server that works well with IPv6. Yes the power and easy customability of pf is great. But for many users who aren't network experts, some nice, accepted starting templates would be great.
"Like getting the firewall pf set up"
pfSense 2.7.0 is FreeBSD 14 based already and 2.7.1 was released todayish. You could try tearing their scripts apart to see what's what but bear in mind that pfSense is designed to be a router/firewall not a host based firewall, which sounds like what you really want.
It sounds like you want ufw or firewalld for FreeBSD. No idea if it exists and I am well passed DIY - I had custom scripts for ipfw, ipchains and iptables on Linux and then gave up. I don't use FreeBSD on the desktop but if I did ...
https://www.digitalocean.com/community/tutorials/how-to-conf...
or keep it simple:
https://www.digitalocean.com/community/tutorials/recommended...
You mention a web server. I suggest you keep the host firewall simple, this is in pseudo code:
allow ssh from LAN
allow monitoring_ip to monitoring_ports
drop blocklist_ips to ALL
allow https from ALL to webserver_ip
deny all
If you can, consider deploying multiple VLANs. This does raise the technical bar somewhat! Host firewalls are just as good for small setups. Decide on what your security requirements really are and work on from there. I will grant you that is quite tricky for the uninitiated but keep asking questions and ducking the inevitable "RTFM" style answers from entitled numbskulls and you will get there.
Good luck 8)
Thanks, I used that Digital Ocean tutorial, but it doesn't get into the ICMP filtering enough, which you need for IPv6. And the pseudo code you shared is nice, but again, IPv6 will not work with that. ufw comes with a base ruleset with like 100ish lines of complex ICMP filtering. It's difficult/impossible to expect everyone to be able to write something like that from scratch in a syntax like pf. I just wish there was a complete, good template out there, but I haven't found anything.
I'd caution you from pulling examples from other operating systems. I started dicking around with writing an interactive pf shell earlier this year (which somehow got me to where I am today writing an xpath parser in rust) and quickly learned that a.) the documentation is often pretty sparse especially for the API and b.) pf is all over the place (Solaris, MacOS, FreeBSD, OpenBSD, DragonFly, pfSense, etc.) but each version has some pretty significant differences.
Every single one (including pfSense) has their own variant. From what I can tell FreeBSD's taken bigger steps to sync up with OpenBSD than the rest, certainly bigger than pfSense.
It's been forever since I really played with firewalls, but I remember pf being much more thought-out than iptables.
Well there are some examples:
https://github.com/freebsd/freebsd-src/tree/main/share/examp...
But yeah that pf.conf could be expanded allot, but there are many source to cobble a conf together. My conf is massive but 99.9% commented out so i have my "template" for nearly everything, from mail to web to blacklistd etc.
Those are great but I don't see anything for a web server. Would just love a webserver that works with IPv6 and handles all the ICMP filtering like ufw does out of the box.
Have you considered putting your conf on GitHub?
One of my most popular repos (which isn't saying a lot) is a single config file.
Let me think about it..it's really massive and has comments like "*uck that if scrub on" or "set aggressive -> emailservers try and try again" and those are the best understandable comments believe me.
All is mixed from highly reliable and fast connections to dial-up "industry" stuff.
However that would be a good motivation to clean that monster up...hmmm
Do it! :)
Finally FreeBSD has fast WiFi?
"WiFi 6 support has been added to wpa (wpa_supplicant(8) and hostapd(8)). c1d255d3ffdb 3968b47cd974 bd452dcbede6" https://www.freebsd.org/releases/14.0R/relnotes/
> The iwlwifi(4) driver for Intel wireless interfaces has been updated to the latest version, supporting chipsets up to WiFi 6E AX411/AX211/AX210, and with preparations for upcoming BX and SC chipsets. (Sponsored by The FreeBSD Foundation)
* https://www.freebsd.org/releases/14.0R/relnotes/#drivers-dev...
* https://man.freebsd.org/cgi/man.cgi?query=iwlwifi&manpath=Fr...
>While iwlwifi supports all 802.11 a/b/g/n/ac/ax the compatibility code currently only supports 802.11 a/b/g modes. Support for 802.11 n/ac is to come. 802.11ax and 6Ghz support are planned.
I am reading it correctly that FreeBSD doesn't have 802.11n wifi support?
What exactly is the compatibility code?
Yes, but only if your card's driver does too. Mine uses iwm [0], which makes me sad:
>Currently, iwm only supports 802.11b and 802.11g modes. It will not associate to access points that are configured to operate only in 802.11n or 802.11ac modes.
Thankfully, 802.11a seems to work, so I can use my 5 GHz radio. But it's not fast.
Thanks to everyone who made FreeBSD possible! Cheers!!
Full release notes at:
RACK? No mention of RACK or BBR. I thought the kld was being enabled by default in this release cycle.
or is this "old news" and it was rolled into an older release?
See "Request for Testing: TCP RACK" at:
* https://lists.freebsd.org/archives/freebsd-current/2023-Nove...
tcp_rack(4) has been available since FreeBSD 13.0, just not the default:
* https://man.freebsd.org/cgi/man.cgi?query=tcp_rack&manpath=F...
An article from 2021:
* https://klarasystems.com/articles/using-the-freebsd-rack-tcp...
* 2021 Discussion: https://news.ycombinator.com/item?id=28549370
If you really want BBR, you can build a custom kernel: https://www.linkedin.com/pulse/frebsd-13-tcp-bbr-congestion-...
I know. I was asking if it had been brought into the premade, mainline state.
I'm a fairly new FreeBSD user and this will be one of my first major upgrade. What should I be aware of when performing major upgrades? On Linux, I would avoid it and just start from a clean system. Curious what more experienced users thoughts are.
I've had some issues with the opensmtpd port when upgrading from 13 to 14 which is probably due to the openssl upgrade. Apart from that the upgrade process tends to be pretty simple the updater warns you of any potential problems. As with any upgrade take a backup first so you can restore to 13 if you need to.
Congratulations! Here's a summary of the highlights from the release announcement [1]:
- OpenSSH has been updated to version 9.5p1.
- OpenSSL has been updated to version 3.0.12, a major upgrade from OpenSSL 1.1.1t in FreeBSD 13.2-RELEASE.
- The bhyve hypervisor now supports TPM and GPU passthrough.
- FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.
- ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.
- It is now possible to perform background filesystem checks on UFS file systems running with journaled soft updates.
- Experimental ZFS images are now available for AWS and Azure.
- The default congestion control mechanism for TCP is now CUBIC.
> - ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.
Post-2.2 OpenZFS has RAID-Z expansion committed:
* https://github.com/openzfs/zfs/discussions/15232
Also committed to FreeBSD -HEAD/development:
* https://github.com/freebsd/freebsd-src/commit/e716630d4cf89e...
How about zfs native encryption?
- The bhyve hypervisor now supports TPM and GPU passthrough
Supernice.. I'm really looking forward to more separation between OS installs. similar to Qubes.
- cperciva (also submitter of this post) now head of the releng team
To be clear, me taking over the release engineering team a few days before the release announcement was entirely coincidental timing.
A. Huge thanks for all involved in FreeBSD.
It's amazing how polished, supported and performant it is for the relative size of the team involved.
B. Please consider donating.
https://freebsdfoundation.org/donate/
C. I have much love for FreeBSD and as such, these are things I hope get address in the next major version (15.0)
- turning all internet facing services (except ssh) off, by default. OpenBSD does this.
- move all non-core things out of the base, like sendmail (now DMA, what a nice import from DFly btw)
- the base should only have one way to do things (don’t have 3 different firewalls in base like today)
- better defaults, https://vez.mrsk.me/freebsd-defaults.html
- something like io-uring, (async-sendfile is similar but that’s only for sendfile)
Thank you again for an amazing OS.
EDIT: I updated the first bullet of C for more clarity.
> - turning all services (except ssh) off, by default. OpenBSD does this.
I think people would be rightfully upset if syslogd, cron, and getty weren't started by default. moused and a mailer daemon I get not wanting to start. What else starts by default that you don't want?
> - the base should only have one way to do things (don’t have 3 different firewalls in base like today)
I dunno about ipf; but ipfw and pf don't have complete overlap --- I need to use both to run my network how I want to (pfsync has no equivalent in ipfw, ipfw pipe/queue/sched doesn't have an equivalent in pf)
Regarding the first bullet, thanks. I just updated my post for more clarity.
I meant internet facing services (e.g. not referring to cron, etc).
Well still, what's running out of the box other than a mail daemon (which I agree with you about), and maybe sshd? (I think it asks you during setup for that one, but I'm not sure anymore)
[flagged]
Gosh... This is not some random guy. He wrote the release announcement
https://lists.freebsd.org/archives/freebsd-announce/2023-Nov...
Whoooooooosh
Colin is extremely well known on HN. Famously he was a center of a.... peculiar exchange where his skills were questioned, and he had the comeback of a lifetime: https://news.ycombinator.com/item?id=35079
Yes, I do.
Obligatory reference: https://news.ycombinator.com/item?id=35083
What's the Putnam if I may ask? It sounds like an academic competition? Google didn't really enlighten me.
I know what it's like though, I won a big prize in school. Not saying it compares to yours but I stood out too. Didn't really help me become more popular though or boost my self confidence. But it was nice to give a middle finger to all the bullies for once.
Ah ok a maths prize, cool! My prize was more general science. I'm very good at sciences but I have a mental blind spot for maths, I can understand really complex abstract problems but only if I can imagine them, explaining them with math makes it more confusing. It's weird :) In fact I was super surprised I won it because I screwed up the math part as expected.
Nice about the scholarship! I didn't get one but we don't really need them in the Netherlands. All universities cost a minimal standard fee only.
OP is the founder of Tarsnap, a Silver sponsor of the FreeBSD foundation for over a decade at this point. This means donations between $10,000 - $24,999 for the fiscal year.
GP might have been joking
I wish more random guys gave 2^18 dollars to open source.
[flagged]