[GTALUG] interesting article on FreeBSD kernel almost getty dangerous code
Anthony de Boer
adb at adb.ca
Mon Mar 29 20:58:57 EDT 2021
Lennart Sorensen via talk wrote:
> On Mon, Mar 29, 2021 at 04:10:38PM -0400, Peter King via talk wrote:
> > OpenBSD is still thriving, and they carefully audit all their code before
> > incorporating it, as well as have ongoing rolling security audits. They
> > may be too extreme in their focus, but that's another issue.
>
> Oh OpenBSD definitely handles code updates in a safer way than FreeBSD,
> although it seems their rate of progress may be even lower then FreeBSD
> and not too much is happening there.
One thing all the *ixen are facing would be all the niche hardware that
not every developer has, and can test or code for. I really think that
drivers ought to be sandboxed like user processes so they can interact
with their hardware only, and their code crashing can't bring down the
whole kernel.
And maybe canned drivers could be a bit more portable too. There'd still
be the license barrier to hurdle between the Linux and BSD camps, but a
driver that was arms-length from the kernel itself might be at sufficient
distance for that too.
Back when I was working with OpenBSD I found that it was too much about
network security and it was near-impossible to do a simple RAID to
protect my data from threats coming up from the hardware.
> And I doubt any of the BSDs will ever have a userspace that is worth
> putting up with.
Last time I ran a BSD desktop (bunchteen years ago) it was the same X
environment that I had over on my Linux box. At one point it was where
you had to go for ZFS and for jails (chroots with network namespacing)
and then awhile later Linux got ZoL and LXC that looked suspiciously
familiar. Other stuff like FUSE has been ported the other way. But I
think folk develop expectations of what's in a modern *ix and the feature
set tends to converge back and forth.
Between Red Hat and Gentoo and Debian and FreeBSD I'd always find the
great majority of packages I wanted in their respective packaging
systems, and every one of them had at least one moment of being sworn at
for omitting something I should have found them carrying.
The range of Linux distros and BSDs tend to be more similar if you're
looking for a generic traditional portable OS, but the latest new
features always require picking up one that has that (or doing like a
hockey fan of a different team and downplaying the need for the feature
until your side has it!)
--
Anthony de Boer
More information about the talk
mailing list