Ars Technica article focused on Wireguard regarding FreeBSD

sidetone

Daemon

Reaction score: 719
Messages: 1,571


This article is kind of negative, but I don't know what to make of it. The title says it's about FreeBSD, but it's really focused on something related to Wireguard for criticisms of FreeBSD. Overall, Wireguard wasn't implemented into FreeBSD 13.0 Release. It's weighing heavily on something that almost happened.

Is it supposed to be about code quality and software related issues or veer off from that as well?

It writes about code quality of an implementation of Wireguard: that it printed odd character output on router consoles, authentication always returned true, and that there were buffer overflows.

It says it's a drastic problem of how GPL2 code was almost committed to the FreeBSD 13.0 kernel. As for FreeBSD base, GPL2 programs haven't been a problem for past use of GCC compiler, Binutils in base and modules. The difference of one piece of licensed code in the kernel as opposed to base or extra modules may be a big deal.


Ars Technica usually makes great and informative articles. However, it seems like it's leaning heavily on implementation of Wireguard's problems for something that didn't happen.

I normally wouldn't post something like this, except because it's from Ars Technica about FreeBSD. Negativity isn't good, but then again, it is something that may need to be seen from here.
 
Last edited:

Crivens

Moderator
Staff member
Moderator

Reaction score: 1,561
Messages: 2,457

There was also something on The Register about this.
 

tuaris

Active Member

Reaction score: 22
Messages: 185

Yes it seems that they painted FreeBSD in a very negative light with that 'news' piece. The quality and content of their articles has been on a decline for the last few years. They've become just like any another main stream outlet that's more interested in generating views instead reporting on the news, while not caring who they hurt in the process.

Also... does anyone else think Netgate sounds/looks too much like Netgear? I suspect there will be some conflict between those two in the future.
 

Beastie7

Aspiring Daemon

Reaction score: 471
Messages: 615

The article highlights issues with holes in the projects governance. A single committer (who happened to belong to a company with questionable business practices) manages to dump 40k lines of unvetted code into HEAD just on a whim. Something is wrong right there with that margin of freedom.

This is a sound article.
 

eternal_noob

Well-Known Member

Reaction score: 192
Messages: 355

A single committer (who happened to belong to a company with questionable business practices) manages to dump 40k lines of unvetted code into HEAD just on a whim.
A criminal (served 4 years and 4 month)
A coward (fled to Italy to avoid prosecution)
A misanthropist (attempting to illegally evict tenants from a building he had bought)
A psychopath (forged extremely threatening emails appearing to be from the tenants themselves)

I'd revoke his commit bit.
 

Zirias

Daemon

Reaction score: 1,318
Messages: 2,344

The article highlights issues with holes in the projects governance. A single committer (who happened to belong to a company with questionable business practices) manages to dump 40k lines of unvetted code into HEAD just on a whim. Something is wrong right there with that margin of freedom.

This is a sound article.
Agreed so far, what happened is shocking and FreeBSD was lucky this was spotted and (after some discussion) removed before 13.0-RELEASE.

Still I don't agree with the tone of the article. It's written in a way that just presumes there are severe structural problems (which would imply something about the general quality of FreeBSD), although it's impossible from the outside to judge how deep this issue reaches. It could just as well be a case of coincidental failure in multiple processes.
 

drhowarddrfine

Son of Beastie

Reaction score: 2,096
Messages: 4,109

Meh. Sort of.

Internal issue that was caught as it should have been and was designed to. No harm, no foul (sort of). The system worked. Didn't make it to RELEASE.

These online rags have to have something to stir up emotions whether they actually affect you or not. This affected no one outside of the development core. Interesting for FreeBSD developers and users only.
 

Zirias

Daemon

Reaction score: 1,318
Messages: 2,344

Internal issue that was caught as it should have been and was designed to. No harm, no foul (sort of). The system worked. Didn't make it to RELEASE.
You mean the very final stage worked. Code like this normally shouldn't even make it to a -BETA. Maybe stopping that in stable/13 would have been a normal thing.

So, see above, I agree something pretty worrying happened. I don't agree with the implicit conclusions made by ars.
 

kpedersen

Son of Beastie

Reaction score: 1,752
Messages: 2,622

I have noticed that Wireguard has been implemented in other operating systems very quickly considering the complexity of it. These are reported to be of a better quality but I would be surprised if there aren't issues further down the line for them.

If this weaker implementation wasn't spotted, would it of harmed FreeBSD 13? Or would issues only arise if you attempted to utilise Wireguard?
 

Zirias

Daemon

Reaction score: 1,318
Messages: 2,344

If this weaker implementation wasn't spotted, would it of harmed FreeBSD 13? Or would issues only arise if you attempted to utilise Wireguard?
To me, that's kind of the same, so I'd answer yes to both. Sure, you have to actually enable a wireguard interface to expose yourself to the problems, but they seem to include remote-exploitable in-kernel buffer overflows, so DoS is for sure, and remote intrusion is pretty likely. And if this code is there in a -RELEASE, someone will use it, because it's -RELEASE, right?
 

Phishfry

Beastie's Twin

Reaction score: 2,436
Messages: 5,347

Or would issues only arise if you attempted to utilise Wireguard?
Good point. Was the kernel module being built or just something sitting in the source tree.
Looking at the removed 45K lines it went very deep into the source code.

I have not seen the phab page for the review process on this. That must be interesting.
I did find this online:
and they have yet to submit their work through the normal FreeBSD Phabricator process for review.
 

Mjölnir

Daemon

Reaction score: 1,495
Messages: 2,114

A criminal (served 4 years and 4 month)
A coward (fled to Italy to avoid prosecution)
A misanthropist (attempting to illegally evict tenants from a building he had bought)
A psychopath (forged extremely threatening emails appearing to be from the tenants themselves)
Are you sure this is the very same person? I remember that I found two names sound similar, but are not the same when Phishfry posted a newspaper link about that guy. So this might be a mistaken identity?

On topic, I wonder why this stuff was not send off to be an external kernel module in the ports(7) tree right from the start, like e.g. pefs(8) or the DRM *-kmod.
 

Mjölnir

Daemon

Reaction score: 1,495
Messages: 2,114

What's interesting to note about that discussion on Phabricator is that some critical questions were simply ignored. EDIT Now I have strange thoughts about that "daylight saving timezone mismatch" that was communicated to be the reason for the delay of the scheduled Office Hours last week.
 

Phishfry

Beastie's Twin

Reaction score: 2,436
Messages: 5,347

Are you sure this is the very same person?
I am not. I pulled that link because it seems to me that people deserve a second chance. Getting too personal as well.

That phab review seems to be lacking the normal gurus you would see there like emaste or other top code crunchers.
The fact that two commiters passed it before rejection looks bad too.
 
OP
sidetone

sidetone

Daemon

Reaction score: 719
Messages: 1,571

It's odd that this publication hasn't ran any stories on FreeBSD, then it has two stories of FreeBSD and Wireguard before Release 13.0.

(Edits:

Referring to https://arstechnica.com/gadgets/202...on-its-way-to-freebsd-and-the-pfsense-router/ and https://arstechnica.com/gadgets/2021/03/freebsd-kernel-mode-wireguard-moves-forward-out-of-tree/

I was wrong about this claim of there being only two stories there, use "site:arstechnica.com/gadgets freebsd" in the webbrowser. There were more articles there about FreeBSD.)


I used to learn a lot about newer technologies from Ars Technica.

The author can make his points, but it seems biased. The author makes 1 good point, that standards can be improved. Aside from that, it seems like the author is going overboard by associating which didn't make it to a release with all of FreeBSD. It's overly blaming for something which didn't happen. Organizations and people make mistakes, and sometimes they're fatal. The tone is as if FreeBSD has been irresponsible and careless, which goes too far. FreeBSD has done a lot of things right.

I don't know if the committer had a conflict of interest. Also, Wireguard was being proposed to be put in near the last minutes. The right choice was made to postpone it, and I recognized this then. There was some fans of wanting to see it in FreeBSD. I thought it would have been cool, but I know the value of not rushing anything in at the last moment. Code being rushed in the last weeks or months isn't good, even without this current hindsight, because there can be mistakes not related to this. Before knowing about this problem, it was a right choice to move last minute software to a future release, but maybe not anymore.

Someone made a comment that PFSense kept Wireguard out when fans wanted it for a long time, but only brought it in, when it made an appearance into FreeBSD current. I haven't used PFSense, but it's harsh of the amount of fallout it will get from this problem.
 

Phishfry

Beastie's Twin

Reaction score: 2,436
Messages: 5,347

A single committer (who happened to belong to a company with questionable business practices) manages to dump 40k lines of unvetted code into HEAD just on a whim.
I want to disagree with this. Netgate 'sponsored' a FreeBSD commiter to author a Wireguard kernel implementation.

So while Netgate gets bashed all they did was pay a developer to bring a new feature to FreeBSD.
How they ended up as the culprit is beyond me. They were trying to get us faster speeds as the userland implementation is slow.
Imagine trying to contribute to a charity and getting bashed for it. That is what is happening.

I have no ties to them but I use both pfSense and OPNSense. I go back and forth between the two.
 

Zirias

Daemon

Reaction score: 1,318
Messages: 2,344

How they ended up as the culprit is beyond me.
Well, it's not like they forced FreeBSD to include the code, and tales about conflicting interest for some committers who are also employess are speculative, so: agreed on your reasoning.

Still, what they did is pull not-yet released code back into their product and sell it, and later complain when issues with the implementation were pointed out. That's probably not the best way to do it. Yep, "business value"…
 

Phishfry

Beastie's Twin

Reaction score: 2,436
Messages: 5,347

I know they have a checkered past but I still think we need to consider that they are a FreeBSD outfit.
They want the same thing we want.
They are a 'For Profit' business selling open source. That is a tough market.
True Jim has ruffled many feathers. Maybe that is why the review had few participants.
 

Trihexagonal

Daemon

Reaction score: 1,819
Messages: 2,390

Someone made a comment that PFSense kept Netguard out when fans wanted it for a long time, but only brought it in, when it made an appearance into FreeBSD current. I haven't used PFSense, but it's harsh of the amount of fallout it will get from this problem.
That's not the way I remember it. I was a member of the forums in 2014 and nothing was said about it back then.

They were faithfully following FreeBSD in pfSense v. 2.2 when I last used it. It wasn't till after I left word went round they were switching something about the OS, for the worse, and this must have been it.

You can tell which way the article is leaning by the image at top. The fact their "spectacular buffer overflow" features a pfSense installer and the question of who that makes look bad must be of question.
 
Top