What’s your favourite new feature from the upcoming 14.0-RELEASE

[Cath O'Deray]

That is not what I am finding. …

Upgrade, or a new installation?

 

[Crivens]

Looks like a way to save a process to a file and restart it from that later, maybe even on a different host.

For reference, here is the man page.

 

[cy@]

It's an Acer M1. It was delivered with Windows 8.1 at the time. M.2 SSD and WiFi card are soldered to the MB.

I also have Acer (4752). Everything is replacable, including BIOS, which I've updated.

I think it's model dependent. The key is, take a FreeBSD USB stick or bootable USB disk and try it. I did when I bought mine. We didn't when we bought my wife's because she likes Windows (except for its reliability).

 

[astyle]

cy@ Please share the make/model of that thing as a warning to keep in mind. What changes the mind of a merchant the fastest is the sound of money walking by.

It's an Acer M1. It was delivered with Windows 8.1 at the time. M.2 SSD and WiFi card are soldered to the MB.

I'm not even finding that model when I try to do a quick Google search... I get hits for a Revo M1 (which is a desktop mini-cube) or Apple M1 or more recent Acer Nitro models...

 

[Crivens]

It's an Acer M1. It was delivered with Windows 8.1 at the time. M.2 SSD and WiFi card are soldered to the MB.

Are you sure it is an Acer M1 and not the Acre Mi which is sold from the trucks in the back alley of the chinese strip mall?

 

[cy@]

I'm not even finding that model when I try to do a quick Google search... I get hits for a Revo M1 (which is a desktop mini-cube) or Apple M1 or more recent Acer Nitro models...

It's not a currently available laptop anymore. But my comments remind us to be wary and make sure to test before we buy. I always do.

 

[Phishfry]

Upgrade, or a new installation?

Testing 14-RC4 Fresh Install.

 

[jardows]

Replying to the original post question, initially, there was not much announced that "excited" me about 14.0, though a few things that intrigued me for their potential, such as the improvements to bhyve. After updating my laptop to 14.0-RC4 from 13.2-RELEASE, I have found a very useful feature - SSL 3.0. Our university recently switched to a TLS certificate based authentication for Wi-Fi, any my laptop could not even see the new network as available. After updating to 14, the laptop now sees the network and tries to authenticate! I still can't get it to connect, but that's for it's own post.

 

[Cath O'Deray]

… to 14.0-RC4 from 13.2-RELEASE, I have found a very useful feature - SSL 3.0. …

+1

For branches that don't include version 3.⋯: the port gained the major upgrade in October <https://www.freshports.org/security/openssl/#history> however it's not yet in quarterly.

 

[skunk]

There was a great amount of work done to Suspend States in FreeBSD-14.

I would think that counts somewhat.

What's your favourite new feature?

S4 suspend and resume.

 

[Crivens]

S4 suspend and resume

+1

Also, the amount of asking about suspend/resume should tell something about FreeBSD on the desktop, don't you think?

 

[Cath O'Deray]

S4 suspend and resume.

+1 to wishful thinking

… should tell something …

For a very long time, the most commonplace requirement was not properly documented.

Now, the word wake does not exist in the FreeBSD Handbook.

 

[Crivens]

Now, the word wake does not exist in the FreeBSD Handbook.

So it either was removed, indicating defeat -or- it never was there, in which case not waking up after sleep is "implemented as specified". If only Mr Ledger or Mr Jackson had known.

But as people use it on laptops as their daily driver, they miss S3/S4.

 

[dclau]

For a second I was tempted to do a search, I'm relaxed now. Still smiling.

 

[Cath O'Deray]

… suspend to RAM (and resume) should be close to perfect. Please post details to a separate topic, ping me from there and I'll help you. Thanks.

'=_

 

[Barney]

Increased boot speed. And the
removal of outdated features (old drivers, telnetd).

This is hilarious. 30 years of scolding people for even mentioning telnet has resulted in the bold decision to remove it from the base OS (just making it more difficult for users to install it). There's nothing antiquated about it;. Is FTP antiquated? TFTP? Does anyone under 50 know what finger is?

When you're building lots of systems with the same IP there's no bigger pain in the butt than ssh

Meanwhile the DNS timeout is still 3 weeks when no dns request in the last 10 years has taken more than 3 seconds.

 

[astyle]

This is hilarious. 30 years of scolding people for even mentioning telnet has resulted in the bold decision to remove it from the base OS (just making it more difficult for users to install it). There's nothing antiquated about it;. Is FTP antiquated? TFTP? Does anyone under 50 know what finger is?

For Telnet, it's cannon fodder for script kiddies. These days, anyone can google for instructions on how to take advantage of security holes in Telnet and FTP.

For tFTP, it's still used for consumer grade router firmwares - the proprietary ones that come with brand-new devices by default, but not DD-WRT.

I'm under 50, but yes I know what finger(1) is...learned it in college, it was used to mess with some of my classmates who had no idea what it is

 

[Barney]

For Telnet, it's cannon fodder for script kiddies. These days, anyone can google for instructions on how to take advantage of security holes in Telnet and FTP.

For tFTP, it's still used for consumer grade router firmwares - the proprietary ones that come with brand-new devices by default, but not DD-WRT.

I'm under 50, but yes I know what finger(1) is...learned it in college, it was used to mess with some of my classmates who had no idea what it is

yeah, if you leave the ports wide open on an internet accessible server. If you do that there are probably 300 other ways to exploit the system

You don't need encryption on a local network. Your wireless data is encrypted. nobody is breaking into a wire between my desk and my server across the room.

 

[bakul]

You don't need encryption on a local network. Your wireless data is encrypted. nobody is breaking into a wire between my desk and my server across the room.

Do you have any IoT devices on your home network? Do you trust a 3rd party "router" (really, a bridge) + wifi device?

 

[Barney]

My modem is a NAT. You're conflating breaking into a network and being able to read traffic on the wire. If you telnet over the internet, someone *could* sniff the packets and see plain text passwords. On a local network nobody can do that. It has nothing to do with security on the system itself. Ports are firewall out so it doesnt matter if they're encrypted or not. SSH doesnt stop people from accessing a system on an open port. It just encrypts the data so it can't be read on the wire.

 

[Cath O'Deray]

With 14.0-RELEASE being so close to release, what are some of the new features that you are looking forward to use/have?

It's probably fair to say that people are enjoying the new features. Thanks again for starting this topic.

remove

Since 14.0-RELEASE became final, maybe you can start a new topic for the opposite of new features. Thanks.

 

[astyle]

You don't need encryption on a local network

Yeah, that does keep things simple, but that's not a Best Practice. Your own LAN is the best place to practice firewall rules, encryption, etc, just to get a handle on how these things even work, and where to look when network packets get stuck.

Your wireless data is encrypted

Do you use WPA2? 256 bits is a pretty standard thing in the realm of 802.11, but no, it's not the strongest encryption available.

WiFi Security: WEP, WPA, WPA2, WPA3 And Their Differences

Verify the encryption of your network with NetSpot and choose the best wireless security protocol to secure your WiFi. Get more information about possible security protocols: WEP, WPA, WPA2, and WPA3.

www.netspotapp.com

My modem is a NAT. You're conflating breaking into a network and being able to read traffic on the wire. If you telnet over the internet, someone *could* sniff the packets and see plain text passwords.

Read your modem's manual. Your modem does have a web-based interface with a default password (which you should change, BTW). If you consider exactly what it means to 'break into a network', what specific actions need to be taken, you'll realize that bakul 's comment is definitely not conflation. Barney , have you ever tried to unbrick a router? Exact same methods can be used to 'break into a network' - and once successful, yeah, that's what it takes to read the traffic that passes on a given interface on a given device that you broke into.

On a local network nobody can do that. It has nothing to do with security on the system itself.

Now that's just not true...

Ports are firewall out

In, as well. On a UNIX (or UNIX-like) system like FreeBSD, firewalls are built to filter ports and specific IP addresses. If you want application-specific (or anything but ports/IPv4/IPv6 addresses) filtering, use that application's .conf file, don't ask the firewall to deal with that.

 

[astyle]

Do you have any IoT devices on your home network? Do you trust a 3rd party "router" (really, a bridge) + wifi device?

I use DD-WRT on my Asus 1900 RT AC68U router, and I consciously avoid the 'modem + wifi router' devices.

 

[smithi]

+1 to wishful thinking

I've never had and never would have a laptop that didn't properly suspend and resume, starting C.2001 on a Compaq Armada C1500, albeit APM not ACPI. That machine ran 24/7 as server for 7 small domains, in the bush on solar power, until 2019.

Then C.2005 on my beloved IBM Thinkpad T23, which I'd bought 2ndhand as a 4y.o, precisely because it was the platform Nate Lawson used to develop FreeBSD suspend and resume, via the acpi@ list.

That laptop only died 2 years ago, though I'd bought a 6y.o Lenovo X200 C.2014, which was ~6 times faster, on just 1 of 2 CPUs. Still working well.

All of the then T and X series Thinkpads' suspend/resume worked flawlessly, AFAIK. So did various others while syscons was the console. vt() killed a lot of that, until KMS drivers picked it up again.

For a verylong time, the most commonplace requirement was not properly documented.

If you mean 'in the Handbook', well that's ongoingly true of many aspects; docs always follow code, and development occurs on lists, reviews etc.

That's why we need people like you who are so into docs, but there'll still always be timelags.

Now, the word wake does not exist in the FreeBSD Handbook.

Did it ever? It's always been called resume in FreeBSD:

https://docs.freebsd.org/en/books/handbook/config/#_suspendresume

We've never done S4 (suspend to disk) since some machines supported it in BIOS. Has 14.0 changed that?

 

[Cath O'Deray]

smithi thanks, we should probably take discussion of documentation to a separate topic.

S4: nothing new in 14.0-RELEASE.

For sleep and wake generally (not documentation):

Sleep resume - caveats and gotchas.

Having had some trouble to get my hardware to correctly sleep/resume (and failing a lot at it) I would like this place to collect some strange things which may happen. Model: Lenovo ThinkPad A485, Ryzen5, Vega gfx. Symptom: crash during resume. Reason: BIOS tamper protection triggers at EC...

forums.freebsd.org