FreeBSD is issuing TRIM in ZFS and UFS2 for quite a while.
When I was researching the topic, I learned that how TRIM is implemented on the drives, issuing it in bulk is more efficient than individually, so perhaps that's why the tool was added? Although looking at ZFS at least it looked like it also collects blocks that supposed to be TRIMmed and issues it periodically.
TRIM has been available in FreeBSD for mounted ZFS filesystems for quite a while, since ~Sep 2012 in 10-CURRENT[1]. I believe this is just a user space command for manually TRIM'ing in cases where it doesn't have explicit filesystem support.
Support for TRIM in ZFS, UFS (kernel), or fsck (userspace) has been in place for years, but there was no easy way to tell “TRIM all this whole device now”.
FreeBSD is amazing, and a major reason for that is how well it is managed. I would find it very hard to name three other open-source projects of comparable size that are so well-organized and have consistently delivered for this long. Here's a warm shoutout to the FreeBSD Foundation, as well as your reminder to donate: https://www.freebsdfoundation.org/donate/
My train of thought went "hmm, I wonder if FreeBSD would be good to use in production for running some Docker containers" and I stumbled across this https://wiki.freebsd.org/Docker
He/she is talking about being able to deploy a `Dockerfile` or use `docker-compose` / `docker-machine` on FreeBSD.
It's very common in backend development to run a Dockerized version of Redis/Postgres for local testing/development. A lot of developers develop Go/Python/Rust/node.js/etc. on a Mac, then deploy it to nix. They would need to deploy the same Docker containers built locally (or in CI/CD) to BSD, which seems unsupported given the comments.
I see, but I thought the selling point of docker was reproducibility, which was thanks to the image. The Dockerfile is not truly reproducible, and the image once created it is typically created with linux binary.
I think docker is a glorified zip file, but if that would help popularize FreeBSD more I wouldn't mind that feature. I guess linux compatibility layer could help here as well.
Tons of examples where it works on developer's computer, but doesn't in production or someone's elses computer.
Dockerfile is not ensuring that build is fully reproducible, it's just list of steps to build the image. There are many issues with it, but biggest offender is due network access, if you're updating your package repo or downloading a file, there's a high chance that the resulting image is different every time. Dockerfile is as reproducible as a bash script. The only thing that's reproducible is the resulting image, but at that point so is a zip file.
Try this experiment. Build an image from a non-trivial Dockerfile today. Then make another image from the same Dockerfile in another couple of months and see if it is identical to today's image.
Docker became popular over FreeBSD jails the same way MySQL became popular over PostgreSQL in the 2005-ish. Not based on technical merit but because of ease of use. In case of MySQL it was a Windows installer which made for a low barrier of entry. However MySQL didn't do ACID transactions, views, etc. at that time, all things PostgreSQL had.
Similarly Docker was easy to use with images but security was a mess. The first couple of years Docker stance was actually that their container wasn't to be considered a security boundary and being able to access the host system "wasn't a bug". This in total contrast to FreeBSD jails which were always regarded as a hard boundary.
Docker in FreeBSD is not as simple as you might think. FreeBSD has a Linux ABI compatibility layer in order to be able to run Linux binaties (just like WINE is a Windows ABI compatibility layer). Docker itself, the CLI application, the API, etc. is probably the easiest part.
Back then I chose MySQL because of php-myAdmin. That and the fact there were so many more tutorials for it were the main drivers of the decisions. Proper foreign keys and transactions were nice, but who knows if this app would go anywhere anyways (it didn't).
Is there a Docker equivalent for FreeBSD? Jails are only part of the equation. I can orchestrate networking/volumes all while accessing a breadth of remote images through Docker/docker-compose
Maybe combining jails with something like Ansible for building images and automating configuration would be close to good enough? Though more boilerplate? I wonder
I suspect there is but I dont know about it (I use SmartOS / Triton). There is a small list of jail management tools [1]. If it doesnt exist it should be really easy to make since FreeBSD jails (usually) sit on ZFS you can easily use "ZFS send" to create a image of the ZFS dataset. All that one would need to add is some (minor) tooling.
On the more "heavy side" I know that for example Project Fifo has experimental FreeBSD support [2] in case you want to host multiple FreeBSD machines with jails on them.
In 201709 I tried to install FreeBSD, and could not find any reasonably practical way to verify the CD image PGP seal, nor clear pertinent documentation.
On the official IRC chat some people tried to help, however this patently is not a common issue. How weird. Who wants to install an OS without being able to verify the image seal? Downloading through HTTPS may be MITM'ed, or the image replaced on the server.
I reported the problem. Somebody also reported it more than a year afterwards.
More than 2 years after my initial report... the ticket remains open. At best the BTS seems neglected.
Everyone involved probably thinks there are more important things to do. I don't complain, as nobody "has to" do anything upon this matter.
My point is that such a way to handle this may reveal that most FreeBSD "hacktivists" just aren't willing to do such menial but necessary onboarding-facilitating job, which would IMHO be useful.
It may be part of the reasons why FreeBSD has way less users than it could and should. In a way it is related to "ease of use", however this "image sealing" is more fundamental than bells, whistles and porcelain.
> It may be part of the reasons why FreeBSD has way less users than it could and should.
I would like to gain understanding as to why the BSD maintainers + developers invest the time they do into their projects. They are awesome projects, but... who are they for? The 0.1% of people who lie to themselves saying "FreeBSD makes a great desktop/laptop?" Mac OS X makes a great laptop, that's why it is in every coffee shop around the world. Linux must beat BSD server usage 10:1, if not 100:1. I'm sure somebody below will prove me wrong but I strongly feel it's just the echo chamber effect of reddit/Hacker News. I can't think of any good reasons somebody would use *BSD over Linux and "their man pages are great + the clib is written in the same repo as the kernel + userland utilities" isn't good enough of a response for me.
> I can't think of any good reasons somebody would use *BSD over Linux
Well one reason could be that you are a commercial company and you make a proprietary appliance. FreeBSD's license (3 clause BSD) is way easier in that case then the GPLv2, let alone GPLv3 (which a lot of userland is licensed in most Linux distro's). Examples of some high profile appliances running FreeBSD: Sony's Playstation 4 and Juniper's Junos OS which runs on their firewalls and routers.
Ubiquiti is getting a lot of flak for not being GPL compliant and the only thing I can think of when I hear this is: "Why did they use Linux if they wanted to make a proprietary product? They wouldn't be in this mess if they had used FreeBSD.".
Another reason could be FreeBSD ships ZFS out of the box because combining the CDDL + BSD licenses is not a problem. However GPLv2 (Linux kernel) + CDDL is a problem.
And this shows in lots of places, from gaming (Linux is nowhere, meanwhile the most popular console runs FreeBSD) to enterprise routers (Juniper) or NAS (NetApp).
I've used FreeBSD on my production systems instead of Linux since I started this whole bit 15 years ago. Linux surprises me. FreeBSD, for example, does not. I do not walk away from production FreeBSD systems and have them fall over for reasons other than hardware failure. Full stop.
> How weird. Who wants to install an OS without being able to verify the image seal? Downloading through HTTPS may be MITM'ed, or the image replaced on the server.
While it should be fixed I think your overstating the importance here.
99.999% of the world doesn't care about that; No one who installed Windows verified the image. No one who installed macOS verified the image. No one who gets a notebook from a store verifies the install. Let alone everyone who runs stuff in the cloud on a VM, those people have no way at all to verify the OS they are actually running.
> It may be part of the reasons why FreeBSD has way less users than it could and should.
Linux became popular over BSD mostly due to the unix wars [1].
> could not find any reasonably practical way to verify the CD image PGP seal
There is no easy or obvious solution here. You can not verify anything PGP unless you can directly (!) obtain the public key from the person in question. So-called Web of Trust is a theoretical construct.
> Who wants to install an OS without being able to verify the image seal?
Well, for example, Ubuntu downloads (and checksums) were available exclusively over plain http until 2018 or so. Flavors are still http.
I was sad to see that in the release notes, I had not heard. I remember Kurt from the Old Days, when I went to some open houses at UUNET and attended Usenix conferences.
I believe it was imported so that it could be used by code-verification bits in the boot loader and exec calls. I'm pretty sure those aren't turned on by default yet, but my understanding is that Juniper uses them.
Been running Linux servers for years. FreeBSD is what gave me back the passion to run servers.
It's such a well structured operating system. The documentation is just great and Jails are a really nice way to get lightly isolated environments to run different web services.
Thanks to all the people who make FreeBSD possible!
I hear you. TBH, most popular Linux distros feels very bloated nowadays. The other day I created a VM and there I installed FreeBSD for the first time. The process was really quick. It felt like a breath of fresh air. Much much simpler than what I had imagined. Everything felt very logical. I have thought about this before but since I already knew Linux I was hesitant to take the time to learn another Unix-like OS. But now I feel that I want to carve out some more free time to get more acquainted with FreeBSD. I’m quite sure it will pay off in the end.
Is there a 300-page or less book that can teach practical usage of FreeBSD? Like the C book or the UNIX programming environment book. I have it installed on one of my laptops but never got around to use it.
Thanks. I'm aware of that handbook but somehow I find web-based books lack the charm of a real book but eventually once I know my way around it, I'm sure I'll come to it.
55 comments
[ 2.0 ms ] story [ 125 ms ] threadIs this replacing an older utility or is FreeBSD way behind on supporting SSDs?
Presumably, this utility is useful for disks that are not ZFS formatted.
When I was researching the topic, I learned that how TRIM is implemented on the drives, issuing it in bulk is more efficient than individually, so perhaps that's why the tool was added? Although looking at ZFS at least it looked like it also collects blocks that supposed to be TRIMmed and issues it periodically.
[1]: https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/all-ab...
> Docker's currently broken.
that leads to this: https://reviews.freebsd.org/D21570
Jails and Docker are different, but they are both used for process isolation.
It's very common in backend development to run a Dockerized version of Redis/Postgres for local testing/development. A lot of developers develop Go/Python/Rust/node.js/etc. on a Mac, then deploy it to nix. They would need to deploy the same Docker containers built locally (or in CI/CD) to BSD, which seems unsupported given the comments.
I think docker is a glorified zip file, but if that would help popularize FreeBSD more I wouldn't mind that feature. I guess linux compatibility layer could help here as well.
What makes you say that?
Dockerfile is not ensuring that build is fully reproducible, it's just list of steps to build the image. There are many issues with it, but biggest offender is due network access, if you're updating your package repo or downloading a file, there's a high chance that the resulting image is different every time. Dockerfile is as reproducible as a bash script. The only thing that's reproducible is the resulting image, but at that point so is a zip file.
Similarly Docker was easy to use with images but security was a mess. The first couple of years Docker stance was actually that their container wasn't to be considered a security boundary and being able to access the host system "wasn't a bug". This in total contrast to FreeBSD jails which were always regarded as a hard boundary.
Docker in FreeBSD is not as simple as you might think. FreeBSD has a Linux ABI compatibility layer in order to be able to run Linux binaties (just like WINE is a Windows ABI compatibility layer). Docker itself, the CLI application, the API, etc. is probably the easiest part.
On the more "heavy side" I know that for example Project Fifo has experimental FreeBSD support [2] in case you want to host multiple FreeBSD machines with jails on them.
[1] https://mwl.io/archives/2291 [2] https://docs.project-fifo.net/docs/freebsd
On the official IRC chat some people tried to help, however this patently is not a common issue. How weird. Who wants to install an OS without being able to verify the image seal? Downloading through HTTPS may be MITM'ed, or the image replaced on the server.
I reported the problem. Somebody also reported it more than a year afterwards.
More than 2 years after my initial report... the ticket remains open. At best the BTS seems neglected.
The FreeBSD maintainers probably agree upon the relative importance of those seals, because they publish them at https://www.freebsd.org/releases/12.1R/signatures.html , however this is neglected in documentation ( https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/b... ). BTW I just noticed that the signing key isn't in the strongset ( https://pgp.cs.uu.nl/mk_path.cgi?FROM=8D12403C2E6CAB086CF64D... )
Everyone involved probably thinks there are more important things to do. I don't complain, as nobody "has to" do anything upon this matter.
My point is that such a way to handle this may reveal that most FreeBSD "hacktivists" just aren't willing to do such menial but necessary onboarding-facilitating job, which would IMHO be useful.
It may be part of the reasons why FreeBSD has way less users than it could and should. In a way it is related to "ease of use", however this "image sealing" is more fundamental than bells, whistles and porcelain.
The ticket: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222044
I would like to gain understanding as to why the BSD maintainers + developers invest the time they do into their projects. They are awesome projects, but... who are they for? The 0.1% of people who lie to themselves saying "FreeBSD makes a great desktop/laptop?" Mac OS X makes a great laptop, that's why it is in every coffee shop around the world. Linux must beat BSD server usage 10:1, if not 100:1. I'm sure somebody below will prove me wrong but I strongly feel it's just the echo chamber effect of reddit/Hacker News. I can't think of any good reasons somebody would use *BSD over Linux and "their man pages are great + the clib is written in the same repo as the kernel + userland utilities" isn't good enough of a response for me.
Well one reason could be that you are a commercial company and you make a proprietary appliance. FreeBSD's license (3 clause BSD) is way easier in that case then the GPLv2, let alone GPLv3 (which a lot of userland is licensed in most Linux distro's). Examples of some high profile appliances running FreeBSD: Sony's Playstation 4 and Juniper's Junos OS which runs on their firewalls and routers.
Ubiquiti is getting a lot of flak for not being GPL compliant and the only thing I can think of when I hear this is: "Why did they use Linux if they wanted to make a proprietary product? They wouldn't be in this mess if they had used FreeBSD.".
Another reason could be FreeBSD ships ZFS out of the box because combining the CDDL + BSD licenses is not a problem. However GPLv2 (Linux kernel) + CDDL is a problem.
Any other use cases other than licensing that would make somebody want to use *BSD instead of Linux/Mac?
I've used FreeBSD on my production systems instead of Linux since I started this whole bit 15 years ago. Linux surprises me. FreeBSD, for example, does not. I do not walk away from production FreeBSD systems and have them fall over for reasons other than hardware failure. Full stop.
While it should be fixed I think your overstating the importance here.
99.999% of the world doesn't care about that; No one who installed Windows verified the image. No one who installed macOS verified the image. No one who gets a notebook from a store verifies the install. Let alone everyone who runs stuff in the cloud on a VM, those people have no way at all to verify the OS they are actually running.
> It may be part of the reasons why FreeBSD has way less users than it could and should.
Linux became popular over BSD mostly due to the unix wars [1].
[1] https://en.wikipedia.org/wiki/Unix_wars
There is no easy or obvious solution here. You can not verify anything PGP unless you can directly (!) obtain the public key from the person in question. So-called Web of Trust is a theoretical construct.
> Who wants to install an OS without being able to verify the image seal?
Well, for example, Ubuntu downloads (and checksums) were available exclusively over plain http until 2018 or so. Flavors are still http.
Exciting. Is it being used for anything yet?
It's such a well structured operating system. The documentation is just great and Jails are a really nice way to get lightly isolated environments to run different web services.
Thanks to all the people who make FreeBSD possible!
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/