×
Operating Systems

OpenBSD 7.6 Released (phoronix.com) 22

Phoronix's Michael Larabel reports: OpenBSD 7.6 is out this evening as another major step forward for this BSD operating system with enhanced hardware support, security improvements, updating various user-space software, and enabling other kernel enhancements. There are a ton of changes to find with the just-released OpenBSD 7.6.

Some of the new OpenBSD 7.6 features include:

- OpenBSD 7.6 provides initial support for Qualcomm Snapdragon X1 Elite (X1E80100) SoCs. The 7.6 release also has initial Samsung Galaxy Book4 Edge boot support in ACPI mode with OpenBSD 7.6.
- ARM64 has additional CPU security mitigations with Spectre-V4 now in place on ARM64 and adding Spectre-BHB for Cortex-A57 cores.
- OpenBSD 7.6 on RISC-V now supports the Milk-V Pioneer board.
- OpenBSD 7.6 on AMD64 has finally implemented support for AVX-512.
- Various SMP kernel improvements.
You can view the full list of features and download the OpenBSD 7.6 release via OpenBSD.org.
Unix

Mike Karels, of 4.4 BSD Fame, Has Died (startribune.com) 10

Michael 'Mike' Karels, one of the authors of "The Design and Implementation of the 4.4Bsd Operating System" and a part of the Computer Systems Research Group at Berkeley, who received the USENIX Association Lifetime Achievement Award, has died. Longtime Slashdot reader bplipschitz shared the news.

The FreeBSD Foundation issued a statement in memory of Karels: "We are deeply saddened about the passing of Mike Karels, a pivotal figure in the history of BSD UNIX, a respected member of the FreeBSD community, and the Deputy Release Engineer for the FreeBSD Project. Mike's contributions to the development and advancement of BSD systems were profound and have left an indelible mark on the Project. Mike's vision and dedication were instrumental in shaping the FreeBSD we know and use today. His legacy will continue to inspire and guide us in our future endeavors."
Unix

In Development Since 2019, NetBSD 10.0 Finally Released (phoronix.com) 37

"After being in development since 2019, the huge NetBSD 10.0 is out today as a wonderful Easter surprise," reports Phoronix: NetBSD 10 provides WireGuard support, support for many newer Arm platforms including for Apple Silicon and newer Raspberry Pi boards, a new Intel Ethernet drive, support for Realtek 2.5GbE network adapters, SMP performance improvements, automatic swap encryption, and an enormous amount of other hardware support improvements that accumulated over the past 4+ years.

Plus there is no shortage of bug fixes and performance optimizations with NetBSD 10. Some tests of NetBSD 10.0 in development back during 2020 showed at that point it was already 12% faster than NetBSD 9.

"A lot of development went into this new release," NetBSD wrote on their blog, saying "This also caused the release announcement to be one of the longest we ever did."

Among the new userspace programs is warp(6), which they describe as a "classic BSD space war game (copyright donated to the NetBSD Foundation by Larry Wall)."
Open Source

Redis To Adopt 'Source-Available Licensing' Starting With Next Version (redis.com) 44

Longtime Slashdot reader jgulla shares an announcement from Redis: Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). The new source-available licenses allow us to sustainably provide permissive use of our source code.

We're leading Redis into its next phase of development as a real-time data platform with a unified set of clients, tools, and core Redis product offerings. The Redis source code will continue to be freely available to developers, customers, and partners through Redis Community Edition. Future Redis source-available releases will unify core Redis with Redis Stack, including search, JSON, vector, probabilistic, and time-series data models in one free, easy-to-use package as downloadable software. This will allow anyone to easily use Redis across a variety of contexts, including as a high-performance key/value and document store, a powerful query engine, and a low-latency vector database powering generative AI applications. [...]

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code. These agreements will underpin support for existing integrated solutions and provide full access to forthcoming Redis innovations. In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license. At the same time, all the Redis client libraries under the responsibility of Redis will remain open source licensed. Redis will continue to support its vast partner ecosystem -- including managed service providers and system integrators -- with exclusive access to all future releases, updates, and features developed and delivered by Redis through its Partner Program. There is no change for existing Redis Enterprise customers.

Linux

How Does FreeBSD Compare to Linux on a Raspberry Pi? (0x.no) 71

Klaus Zimmermann (a self-described "friendly hacker") recently posted a "State of the Distro" post, choosing his favorite distributions for things like portable installation from a USB drive (Alpine Linux) and for a desktop OS (Debian Linux or Devuan).

But when it comes to a distro for the Raspberry Pi, (at least until the 4), Zimmerman argues that FreeBSD's performance is "unlike any other Linux distribution I've ever seen, even with cpupower activated and overclocking." Nope, no match — FreeBSD's performance on the Pi is still way better, even without overclocking. You can browse a modern web, have things scroll smoothly, watch videos and even play some 3D games like Quake with it! And if you overclock it a little (2GHz) you can even make it run that gargantua MS Teams.

But what about all that lackluster driver support? WiFi drivers still on the 802.11g standard and all? Surely you can't be serious about it when Linux offers all that support out of the box, right? Wrong, actually. For starters, the drivers provided for the Pi's hardware are often half-assed proprietary blobs... I no longer think FreeBSD is really at fault if the driver support for the hardware is not helpful to begin with. Even drivers you find for Linux are shaky at best.

So yes, I will keep using FreeBSD on the Pi. As a desktop. With USB WiFi and audio adapters for those services, because the existing hardware is sort of moot even otherwise. And with those USB adapters — and FreeBSD — the Pi works really well, truly desktop-like.

I'd be curious to hear from Slashdot's readers about their own experiments with Linux (and FreeBSD) on a Raspberry Pi. Zimmerman's final winner, for the "Server" category, was Debian — though of his two servers, one is just an XMPP server set up on a Raspberry Pi. "I found that using Debian on the Pi is a real joy. Easy and simple to set up, familiar environment and all. So I'm keeping it.

"This concept is about to be overshadowed, however, by my growing like of FreeBSD lately..."


Thanks to long-time Slashdot reader walterbyrd for sharing the article.
Open Source

FreeBSD 14 Released 38

Mononymous writes: FreeBSD 14 has been officially released. You can get it from FreeBSD.org, or via freebsd-update and source update methods for existing systems. Some highlights:
- OpenSSH version 9.5p1
- OpenSSL version 3.0.12, a major upgrade from OpenSSL 1.1.1t in FreeBSD 13.2
- OpenZFS release 2.2
- The bhyve hypervisor now supports TPM and GPU passthrough

This version will now create user home directories in /home by default, instead of the traditional /usr/home. More information on the release and changes can be found via the release announcement page.
Open Source

OpenBSD 7.4 Released (phoronix.com) 8

Long-time Slashdot reader Noryungi writes: OpenBSD 7.4 has been officially released. The 55th release of this BSD operating system, known for being security oriented, brings a lot of new things, including dynamic tracer, pfsync improvements, loads of security goodies and virtualization improvements. Grab your copy today! As mentioned by Phoronix's Michael Larabel, some of the key highlights include:

- Dynamic Tracer (DT) and Utrace support on AMD64 and i386 OpenBSD
- Power savings for those running OpenBSD 7.4 on Apple Silicon M1/M2 CPUs by allowing deep idle states when available for the idle loop and suspend
- Support for the PCIe controller found on Apple M2 Pro/Max SoCs
- Allow updating AMD CPU Microcode updating when a newer patch is available
- A workaround for the AMD Zenbleed CPU bug
- Various SMP improvements
- Updating the Direct Rendering Manager (DRM) graphics driver support against the upstream Linux 6.1.55 state
- New drivers for supporting various Qualcomm SoC features
- Support for soft RAID disks was improved for the OpenBSD installer
- Enabling of Indirect Branch Tracking (IBT) on x86_64 and Branch Target Identifier (BTI) on ARM64 for capable processors

You can download and view all the new changes via OpenBSD.org.
Operating Systems

NetBSD 9.3: A 2022 OS That Can Run On Late-1980s Hardware (theregister.com) 41

Version 9.3 of NetBSD is here, able to run on very low-end systems and with that authentic early-1990s experience. The Register reports: Version 9.3 comes some 15 months after NetBSD 9.2 and boasts new and updated drivers, improved hardware support, including for some recent AMD and Intel processors, and better handling of suspend and resume. The next sentence in the release announcement, though, might give some readers pause: "Support for wsfb-based X11 servers on the Commodore Amiga." This is your clue that we are in a rather different territory from run-of-the-mill PC operating systems here. A notable improvement in NetBSD 9.3 is being able to run a graphical desktop on an Amiga. This is a 2022 operating system that can run on late-1980s hardware, and there are not many of those around.

NetBSD supports eight "tier I" architectures: 32-bit and 64-bit x86 and Arm, plus MIPS, PowerPC, Sun UltraSPARC, and the Xen hypervisor. Alongside those, there are no less than 49 "tier II" supported architectures, which are not as complete and not everything works -- although almost all of them are on version 9.3 except for the version for original Acorn computers with 32-bit Arm CPUs, which is still only on NetBSD 8.1. There's also a "tier III" for ports which are on "life support" so there may be a risk Archimedes support could drop to that. This is an OS that can run on 680x0 hardware, DEC VAX minicomputers and workstations, and Sun 2, 3, and 32-bit SPARC boxes. In other words, it reaches back as far as some 1970s hardware. Let this govern your expectations. For instance, in VirtualBox, if you tell it you want to create a NetBSD guest, it disables SMP support.

Operating Systems

FreeBSD 13.1 Released (phoronix.com) 26

FreeBSD 13.1 has been released today. Some of the new features include UEFI boot improvements for AMD64, a wide variety of hardware driver improvements, and support for freebsd-update to allow creating automated snapshots of the boot environment to try to make operating system updates foolproof. Phoronix reports: Some of the other changes with FreeBSD 13.1 include enabling Position Independent Executable (PIE) support by default on 64-bit architectures, a new "zfskeys" service script for the automatic decryption of ZFS datasets, NVMe emulation with Bhyve hypervisor, chroot now supports unprivileged operations, various POWER and RISC-V improvements, big endian support improvements, support for the HiFive Unmatched RISC-V development board, updating against OpenZFS file-system support upstream, and many other changes throughout this BSD open-source ecosystem. Downloads and the full change-log for FreeBSD 13.1 can be found here.
Unix

OpenBSD 7.1 Released with Support for Apple M1, Improvements for ARM64 and RISC-V (openbsd.org) 26

"Everyone's favorite security focused operating system, OpenBSD 7.1 has been released for a number of architectures," writes long-time Slashdot reader ArchieBunker, "including Apple M1 chips."

Phoronix calls it "the newest version of this popular, security-minded BSD operating system." With OpenBSD 7.1, the Apple Silicon support is now considered "ready for general use" with keypad/touchpad support for M1 laptops, a power management controller driver added, I2C and SPI controller drivers, and a variety of other driver additions for supporting the Apple Silicon hardware.

OpenBSD 7.1 also has a number of other improvements benefiting the 64-bit ARM (ARM64) and RISC-V architectures. OpenBSD 7.1 also brings SMP kernel improvements, support for futexes with shared anonymous memory, and more. On the graphics front there is updating the Linux DRM code against the state found in Linux 5.15.26 as well as now enabling Intel Elkhart Lake / Jasper Lake / Rocket Lake support.

The Register notes OpenBSD now "supports a surprisingly wide range of hardware: x86-32, x86-64, ARM7, Arm64, DEC Alpha, HP PA-RISC, Hitachi SH4, Motorola 88000, MIPS64, SPARC64, RISC-V 64, and both Apple PowerPC and IBM POWER." The Register's FOSS desk ran up a copy in VirtualBox, and we were honestly surprised how quick and easy it was. By saying "yes" to everything, it automatically partitioned the VM's disk into a rather complex array of nine slices, installed the OS, a boot loader, an X server and display manager, plus the FVWM window manager. After a reboot, we got a graphical login screen and then a rather late-1980s Motif-style desktop with an xterm.

It was easy to install XFCE, which let us set the screen resolution and other modern niceties, and there are also KDE, GNOME, and other pretty front-ends, plus plenty of familiar tools such as Mozilla apps, LibreOffice and so on....

We were expecting to have to do a lot more work. Yes, OpenBSD is a niche OS, but the project gave the world OpenSSH, LibreSSL, the PF firewall as used in macOS, much of Android's Bionic C library, and more besides.... In a world of multi-gigabyte OSes, it's quite refreshing. It felt like stepping back into the early 1990s, the era of Real Unix, when you had to put in some real effort and learn stuff in order to bend the OS to your will — but in return, you got something relatively bulletproof.

BSD

OpenBSD 7.0 Released (openbsd.org) 12

Long-time Slashdot reader ArchieBunker writes: Everyone's favorite security focused operating system OpenBSD released version 7.0 Thursday. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added.
It's 26 years old, and still chugging along. One interesting feature highlighted by Phoronix: Improving the ARM64 platform support with improved drivers for the Apple Silicon / Apple M1 but still not considered ready yet for end-users. OpenBSD 7.0 improvements on the Apple M1 include support for installing on a disk with a GPT and various Apple driver improvements for USB, GPIO, SPMI, NVMe storage, and other Apple M1 hardware components.
Also check out the 7.0 Song: "The Style Hymn" (part of an archive of all the OpenBSD release songs).
Open Source

FreeBSD's Close Call: How Flawed Code Almost Made It Into the Kernel (arstechnica.com) 60

"40,000 lines of flawed code almost made it into FreeBSD's kernel," writes Ars Technica, reporting on what happened when the CEO of Netgate, which makes FreeBSD-powered routers, decided it was time for FreeBSD to enjoy the same level of in-kernel WireGuard support that Linux does. The issue arose after Netgate offered a burned-out developer a contract to port WireGuard into the FreeBSD kernel (where Netgate could then use it in the company's popular pfSense router distribution): [The developer] committed his port — largely unreviewed and inadequately tested — directly into the HEAD section of FreeBSD's code repository, where it was scheduled for incorporation into FreeBSD 13.0-RELEASE. This unexpected commit raised the stakes for WireGuard founding developer Jason Donenfeld, whose project would ultimately be judged on the quality of any production release under the WireGuard name. Donenfeld identified numerous problems...but rather than object to the port's release, Donenfeld decided to fix the issues. He collaborated with FreeBSD developer Kyle Evans and with Matt Dunwoodie, an OpenBSD developer who had worked on WireGuard for that operating system...

How did so much sub-par code make it so far into a major open source operating system? Where was the code review which should have stopped it? And why did both the FreeBSD core team and Netgate seem more focused on the fact that the code was being disparaged than its actual quality?

There's more to the story, but ultimately Ars Technica confirmed the presences of multiple buffer overflows, printf statements that are still being triggered in production, and even empty validation function which always "return true" rather than actually validating the data. The original developer argued the real issue is an absence of quality reviewers, but Ars Technica sees a larger problem. "There seems to be an absence of process to ensure quality code review." Several FreeBSD community members would only speak off the record. In essence, most seem to agree, you either have a commit bit (enabling you to commit code to FreeBSD's repositories) or you don't. It's hard to find code reviews, and there generally isn't a fixed process ensuring that vitally important code gets reviewed prior to inclusion. This system thus relies heavily on the ability and collegiality of individual code creators.
Ars Technica published this statement from the FreeBSD Core Team: Core unconditionally values the work of all contributors, and seeks a culture of cooperation, respect, and collaboration. The public discourse over WireGuard in the past week does not meet these standards and is damaging to our community if not checked. As such, WireGuard development for FreeBSD will now proceed outside of the base system. For those who wish to evaluate, test, or experiment with WireGuard, snapshots will be available via the ports and package systems.

As a project, we remain committed to continually improving our development process. We'll also continue to refine our tooling to make code reviews and continuous integration easier and more effective. The Core Team asks that the community use these tools and work together to improve FreeBSD.

Ars Technica applauds the efforts — while remaining concerned about the need for them. "FreeBSD is an important project that deserves to be taken seriously. Its downstream consumers include industry giants such as Cisco, Juniper, NetApp, Netflix, Sony, Sophos, and more. The difference in licensing between FreeBSD and Linux gives FreeBSD a reach into many projects and spaces where the Linux kernel would be a difficult or impossible fit."
KDE

KDE Plasma 5.19 Released (kde.org) 18

jrepin writes: The KDE community has released Plasma 5.19, the popular free and open-source desktop environment. "In this release, we have prioritized making Plasma more consistent, correcting and unifying designs of widgets and desktop elements; worked on giving you more control over your desktop by adding configuration options to the System Settings; and improved usability, making Plasma and its components easier to use and an overall more pleasurable experience," reads the announcement. For a complete list of what's new, you can visit the Plasma 5.19 changelog.
Bug

OpenBSD Mail Server Bug Allowed Remotely Executing Shell Commands As Root (zdnet.com) 39

This week a remotely-exploitable vulnerability (granting root privileges) was discovered in OpenSMTPD (OpenBSD's implementation of server-side SMTP).

ZDNet notes that the library's "portable" version "has also been incorporated into other OSes, such as FreeBSD, NetBSD, and some Linux distros, such as Debian, Fedora, Alpine Linux, and more." To exploit this issue, an attacker must craft and send malformed SMTP messages to a vulnerable server... OpenSMTPD developers have confirmed the vulnerability and released a patch earlier Wednesday -- OpenSMTPD version 6.6.2p1...

The good news is that the bug was introduced in the OpenSMTPD code in May 2018 and that many distros may still use older library versions, not affected by this issue. For example, only in-dev Debian releases are affected by this issue, but not Debian stable branches, which ship with older OpenSMTPD versions.

Technical details and proof of concept exploit code are available in the Qualys CVE-2020-7247 security advisory.

Hackaday has a more detailed description of the vulnerability, while the Register looks at the buggy C code.

Interestingly, Qualys researchers exploited this vulnerability using a technique from the Morris Worm of 1988.

Slashdot Top Deals