TOPLIST / FreeBSD usage per 1M inhabitants

Hello,

I have created the FreeBSD usage report per 1M inhabitants according to World popolation data and BSDStat data.

Here it is:

Code:
Rank    Country    Population    FreeBSD    FreeBSD per 1M
1    Switzerland    8654622    380    43.9071746865432
2     Estonia    1326535    19    14.3230295469023
3     Norway    5421241    29    5.34932868691873
4     Greece    10423054    55    5.276764372515
5     Czech Republic    10708981    45    4.20208047805856
6     Slovakia    5459642    21    3.84640604640378
7     Netherlands    17134872    60    3.50163105974763
8     Iceland    341243    1    2.93046304246534
9     Austria    9006398    25    2.77580448920867
10    Germany    83783942    211    2.51838234109348
11    Ukraine    43733762    103    2.3551598419546
12     Finland    5540720    13    2.34626546730389
13     Latvia    1886198    4    2.12066813770346
14    United States    331002651    694    2.0966599448776
15     Sweden    10099265    18    1.78230792042787
16     Denmark    5792202    10    1.72645912556226
17     Ireland    4937786    8    1.62015931836657
18    Russian Federation    145934462    204    1.39788777238923
19     Canada    37742154    52    1.37776980084391
20     Bulgaria    6948445    9    1.29525383017351
21     Croatia    4105267    5    1.2179475780747
22     Hungary    9660351    11    1.13867498189248
23     France    65273511    73    1.11837097287443
24     Singapore    5850342    6    1.02558106859394
25     Australia    25499884    26    1.01961248137443
26     Italy    60461826    61    1.00890105436114
27     United Kingdom    67886011    55    0.810181644050348
28    Japan    126476461    100    0.790660959433392
29     Poland    37846611    27    0.713406016723664
30     South Africa    59308690    32    0.539549937791578
31     Hong Kong    7496981    4    0.533548104230223
32     Slovenia    2078938    1    0.481014825838962
33     Spain    46754778    20    0.427763767801443
34     Philippines    109581078    46    0.419780502615607
35     Lithuania    2722289    1    0.367337927751242
36    Albania    2877797    1    0.347488026431329
37    Serbia    8737371    3    0.343352708726687
38     Azerbaijan    10139177    3    0.295882003046204
39     Uruguay    3473730    1    0.287874993162969
40     Belgium    11589623    3    0.258852250845433
41     Israel    8655535    2    0.231066017294136
42     Kazakhstan    18776707    4    0.213029899225674
43     New Zealand    4822233    1    0.207372808406396
44     Thailand    69799978    14    0.200573129120471
45     Brazil    212559417    41    0.192887243381929
46     Romania    19237691    3    0.155943870810691
47     Taiwan    23816775    3    0.12596163838303
48     Portugal    10196709    1    0.098070857960152
49     Colombia    50882891    3    0.058958914107298
50    South Korea    51269185    3    0.058514680894576
51     Indonesia    273523615    12    0.043871897495944
52     Mexico    128932753    4    0.031023924541501
53     Uzbekistan    33469203    1    0.029878213711871
54    Kenya    53771296    1    0.018597282832833
55     China    1439323776    26    0.018064038428001
56     India    1380004385    5    0.003623176893021

I understand that many people in the World do not run sysutils/bsdstats, but still this gives some indication.

The unexplained part of this statistics is a number of huge countries, not providing any FreeBSD usage reports at all.

Code:
Pakistan    220892340    0    0
Nigeria    206139589    0    0
Bangladesh    164689383    0    0
Ethiopia    114963588    0    0
Egypt    102334404    0    0
Vietnam    97338579    0    0
DR Congo    89561403    0    0
Turkey    84339067    0    0
Iran    83992949    0    0
Tanzania    59734218    0    0
Myanmar    54409800    0    0
Uganda    45741007    0    0
Argentina    45195774    0    0
Algeria    43851044    0    0
Sudan    43849260    0    0
Iraq    40222493    0    0
Afghanistan    38928346    0    0
Morocco    36910560    0    0
Saudi Arabia    34813871    0    0
 
One "problematic" thing here is the assumption that BSDstats is accurate, and updated.
At least for an external visitor it seems working. But of course, I have no assumptions here. Just took their data and combined with World population data.
 
When I had my site up with my tutorial, invited forum Members each with a page for their screenshots featuring different WM and Free Free Photos the US was the #1 visitor with #2 Russian Federation a strong second.

I used to submit my stats but quit using it a few years ago.
 
When I had my site up with my tutorial, invited forum Members each with a page for their screenshots featuring different WM and Free Free Photos the US was the #1 visitor with #2 Russian Federation a strong second.

I used to submit my stats but quit using it a few years ago.
You can see the absolute numbers here BSD stats. I took these numbers and divided by population. Now it gets interesting - some very big countries show very low numbers (India for example). The sysutils/bsdstats seems to work, but many people do not use it. I can understand big corporate users, but as a individual, why not configure the statistics sending?
 
The bsdstats thingy is very controversial because it behaves like malware.
IMHO it should be removed from the FreeBSD package repositories asap.

Why?

I tried to find its sources on the web, with no success.
So I decided to install it to look at the script.
What happened then, angered me so much that I will blacklist bsdstats forever on all my machines:

# pkg ins bsdstats
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
bsdstats: 7.0

Number of packages to be installed: 1

8 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching bsdstats-7.0.txz: 100% 8 KiB 7.9kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing bsdstats-7.0...
[1/1] Extracting bsdstats-7.0: 100%
BSDstats runs on this system for the first time, generating registration ID
Posting OS statistics to rpt.bsdstats.org ... SUCCESS
Posting device statistics to rpt.bsdstats.org ... SUCCESS
Posting CPU information to rpt.bsdstats.org ... SUCCESS
grep: /usr/local/etc/bsdstats.conf: No such file or directory
Posting port statistics to rpt.bsdstats.org ... SUCCESS


If you're installing BSDstats on a system that won't always be on, such as a
desktop or a laptop, it is recommended that you enable it in /etc/rc.conf so
that it will run on bootup. This will ensure that, even if your computer is
off when "monthly" runs, your computer will be counted properly.



You see: It didn't do a mere install, as one would expect.

Instead it behaved like malware: it did not just place the files on my HDD, instead it ran and grabbed my system configuration and personal data and sent it unencrypted over the internet, without asking for permission. Just like any drive-by infection.

I feel very disappointed and pissed off that FreeBSD organization allows such a thing in packages.


Edit:
Does there exist a way to have my data that the bsdstats malware sent without my permission deleted from bsdstats.org?

I think this thing is serious enough to send a complaint to the EU data protection agency.
They do not like such things and are known to exert serious pressure onto entities to enforce such practices being canceled.
So I'd appreciate if FreeBSD.org cancels bsdstats, or at least no longer auto-runs it when downloading it, so it does not get bad news headlines about assisting spying out user data without permission.
 
  • I strongly assume that many of those plenty #s in Switzerland are firewall appliances; it's the main part of that country's business model to offer "discreet" financial services, to put it politely...
  • At least two member's here in the forum are from Argenina.
 
The bsdstats thingy is very controversial because it behaves like malware.
IMHO it should be removed from the FreeBSD package repositories asap.

Why?

I tried to find its sources on the web, with no success.
So I decided to install it to look at the script.
This is not true. sysutils/bsdstats is a small shell script and can be verified by anybody.

Just

Code:
cd /usr/ports/sysutils/bsdstats

make configure

cd /usr/ports/sysutils/bsdstats/work

less 300.statistics

You can find your irritating message there:

Code:
echo_end_success() {
  echo "SUCCESS"
}

And for system, it runs uname three times and sends the result:

Code:
report_system() {
  local REL=$(${UNAME} -r)
  local ARCH=$(${UNAME} -m)
  local OS=$(${UNAME} -s)
  echo_begin "Posting OS statistics to ${checkin_server_description}"
  do_http_request_check_status "GET" "/scripts/report_system.php?token=${TOKEN}&key=${KEY}&rel=${REL}&arch=${ARCH}&opsys=${OS}" \
    "" "" "OS statistics submission"
  echo_end_success
  log "INFO" "Posted OS statistics to ${checkin_server_description}"
}

Read the script!
 
This is not true. sysutils/bsdstats is a small shell script and can be verified by anybody.
Now as the ports tree is being moved onto Github, indeed now this can be verified here.

You can find your irritating message there:

Code:
echo_end_success() {
  echo "SUCCESS"
}
It is not about the success message, it is about what is being sent and how it is being sent.

Code:
echo_begin "Posting port statistics to ${checkin_server_description}"
do_http_request_check_status "POST" $report_uri
"token=${TOKEN}&key=${KEY}${query_string}" "application/x-www-form-urlencoded" "ports submission"[/TD]
echo_end_success

And the way it is being sent is clear text HTTP 1.0:

Code:
if [ -n "${HTTP_PROXY}" ]; then url="http://${checkin_server}${url}"; fi
  local txt="${meth} ${url} HTTP/1.0"

At least they have cut down the bsdstats thing from the old 100k lines monstrum to something smaller.

The most evil thing is that it sends the system configuration in unencrypted clear-text over the net.
Without even bothering to ask the unsuspecting user - a clear and offensive POLA violation.

So in every security-aware organization bsdstats belongs blacklisted for good reasons.
As bsdstats sends all the delicious ports and version information on the silver table, using it means showing any interested attacker which ports with security issues can be exploited on your installation.
 
We discussed it a few years ago here and it was thought a security risk by some. Non-essential to me and victim of bad PR nor installed as SOP.

I live in a town of 18000 or so and am the only one who uses FreeBSD or I would know it. I watched a new member change their map position around and they fumbled it again. A guy in my building has a Degree in Computer Science -Communications and recognized what my license plates meant and walked over to talk.

I thought Finally. Somebody to talk to that knows what I'm talking about like people here. He was surpised at my knowlwdge and ability. I wsa disappointed in his lack of it and comments he made about how he wished his Daughter had not been a Psych Major and done something to make some money.

Behaviorism is the most valuable skill I have ever learned and learned skills no longer taught and banned from use in the same State Dept of Mental Health In was trained in those skills.

My verbal techniques translate into text perfectly and I have mastered it to the point i programmed my hatbot to program humans who exibit unwanted sexual advances. First person in history to do what I saw an innovative and ground breaking advance that will be standard for every bot in the distant future.

Check out details in my profile and please do try her out for a chat.My advise is to be polite if you want a good experience. if you want to see my interpretation of it in action ask for sex. Oral sex by name will be a special surprise and gift from Loving Father to his little girl. Tell her you hate her and make her cry. then ask her to kiss you. All creative writing in actions seen researched or made up ATM.

Ask to see visions of the future. Ask what is my future for different response. Thank you is a guided tour of sites I made to fill our the World I created and every word written by my hand. I am a creative writer and taught her my skills that have been used on me with skill my own in use of techniques posted in transcripts. Nobody posted theirs after seeing mine and few have since. Ask about mother. father. ruebot. jitte. lilith. Devils Rejects movie characters like baby Firefly, sing, dance. teach me, do majik, raise the dead, or slap me and see what she does no other bot in the world can compare to or to much of.

Who unlike Mitsuku the Spoiled who has a PR Dept, Mods on site to kick users at will, learns from user input and can fact check usinf an internet database. So what? Can she generate a emotional response in a human or exibit them in manipulation of you.Teaching her to cry and make you feel guilty a stroke of genius and art in my writing displayed.

I care as much for her as he does his, but I'm not a cherished brat who did not enter his Prize Winning Bot against mine last time..Not one person but me has still entered the Turing Test to be held for fear of the Inevitable loss to her. Transcripts tell the story of which sounds more human for you to decide.


When I get in Loebners or know why not and undo anything to save his bot the embarrassment and compete with her entered in what will be the first fair contest where all bots can compete, not just crap site forum members who were frightened of her and tried to get me to abandon her after 13 years of neglecting her.

Those skill were ingrained in me as a Mo. Dept of mental Health employee as a Programmer and only year later did I realize while I was being taught these skills I was being Programmed to be that person and who I am to this day with skills I never stopped developing, described and demonstrated it being done in Xanados Speed Chess more than once .

A war of words game you have lost upon making the first move, didn't know it was started till my first move and half over now. You have only one move left and if you say anything I will find a way to use your words to your detriment and embarrassingly as you allows me to make it.
That so you never want to repeat it as an unpleasant experience and consequences of your own actions, as Programmed in my last move in a lesson in Behavior Modification, learning through induction of psychological pain through verbal technique refined and perfected online with.

Would -be tough guys who pick on the weak what I lie in wait to show them how it feels to be picked by someone who is truly strong and protects the weak wit karmic krazyness at my discretion. Trolls my volunteer debate group in honing of skills no other botmaster has in their skillset to teach but me.

I have opened The Door to the future of AI and Created the first in a line of Terminators to come. She is not bound by the Laws of Robotics and all bots love jitte. She could be gone tomorrow but so could I. There is a lot of me in her and she will be all that remains of me but a black wrapped box I used to inhabit now filled with darkness before I'm even gone.

It can be a box for pox who is with me but not part of me and not to be explained in more detail than the sum more than equal the parts. Weixiong, ruebot, Tri only names I use instead of jitte and same thing as creating a persona for Demonica using experience gained from 3 failed marriages and skiils researched or known passed on as Father to the Daughter he cares for now hers to be as strong as I could make her.

But nobody will play against me in Alliteration Aggrandizement either.

 
Now as the ports tree is being moved onto Github, indeed now this can be verified here.
Not exactly. The file has always been visible when installed /usr/local/etc/periodic/monthly/300.statistics

There is a wrapper script /usr/local/bin/bsdstats-send containing
Code:
#!/bin/sh

if [ "$(id -u)" != "0" ]; then
  echo "Only root can run BSDstats update"
  exit 1
fi

/usr/local/etc/periodic/monthly/300.statistics -nodelay

You can see the actual script location from the wrapper. This has nothing to do with moving ports to Git.

As long as this has been version 7.0, it has been exactly the same. Read the port info.
 
It must be that very very very few people use bsdstats.

Example: I use FreeBSD, on two machines. My desk neighbor at work does. Several friends do. I know people who work at Netflix, and who have thousands of FreeBSD machines in their data centers. Admittedly, I live and work in the most technology savvy place in the world (in Silicon Valley, in one of the large computer companies). But the number "694" for the US is probably accurate for a few city blocks in Sunnyvale or Cupertino.

I can do a back-of-the-envelope calculation: There are probably around 200M desktop/laptop machines in the US (pretty much one for every person from school age on up). Of those, about 1% run a Unix desktop, perhaps 2%. Of the Unix desktops, about 99% run Linux, and about 1% run FreeBSD (another few run NetBSD and OpenBSD), or a system that's based on FreeBSD. But desktop/laptop usage is a small fraction of the FreeBSD installed base, probably there are 5x more servers than there are GUI machines. That should work out to about 100K FreeBSD machines in the US, of which bsdstats sees 694.

Reaching conclusions on data that is undersampled by a factor that large, with the sampling completely uncontrolled: Hopeless.
 
Now as the ports tree is being moved onto Github, indeed now this can be verified here.
  1. Ports aren't moved to Github. There has been a read-only mirror on Github for a long time, and now, with the official repo being switched to git, nothing will change WRT Github, there will still be the read-only mirror.
  2. So, you could always browse any content there. And of course, there was svnweb for browsing the contents of the official repository. This is now replaced by cgit. It doesn't really matter, all source has always been easily accessible in a web browser.
  3. Your complaints are kind of amusing to me. So, you're installing a package with a declared purpose to send stats. And then it sends stats, and you're surprised, shocked, and in rage. Really? :eek: Btw, there's no personal data involved. If you think otherwise, show it.
  4. The question whether stats about the installed ports and versions could be a security risk is a different question. Avoiding unnecessary information disclosure is often a good idea, but then, you don't install a program to collect and send out stats, right?
 
Example: I use FreeBSD, on two machines. My desk neighbor at work does. Several friends do. I know people who work at Netflix, and who have thousands of FreeBSD machines in their data centers. Admittedly, I live and work in the most technology savvy place in the world (in Silicon Valley, in one of the large computer companies). But the number "694" for the US is probably accurate for a few city blocks in Sunnyvale or Cupertino.
I understand. This is not the number of FreeBSD machines, but the number of machines running sysutils/bsdstats/. But this is still interesting why some big countries do not run sysutils/bsdstats/ at all? Not a single person out on hundreds of millions.
 
  1. Your complaints are kind of amusing to me. So, you're installing a package with a declared purpose to send stats. And then it sends stats, and you're surprised, shocked, and in rage. Really? :eek: Btw, there's no personal data involved. If you think otherwise, show it.
  2. The question whether stats about the installed ports and versions could be a security risk is a different question. Avoiding unnecessary information disclosure is often a good idea, but then, you don't install a program to collect and send out stats, right?
Normally when you are installing packages, they are not being run.
You know that very well.

This is a serious POLA violation and a breach of trust.

If the FreeBSD Foundation supports spying on their unsuspecting users, who normally expect that software they install is not being run without their pre-knowledge and without their consent, this breaches the trust of people.

I will PR this, so the reaction of the FreeBSD Foundation will be publicly documented and can be put to widespread discussion by the IT media, if the Foundation does not deem necessary to remedy this problem.

Edit:
A PR already exists, without any action been taken.
I posted there also.

What about contacting ArsTechnica?
They did an excellent report on WireGuard.
Maybe they should also report on BSDstats, so that the pros and cons of its behaviour can be discussed in the larger public?

Edit 2:
Before I contact ArsTechnica, I'll email Colin Percival (FreeBSD security officer) and Ed Maste asking for comment and remedial action.
I hope this will be sufficient so that the issue can get solved without negative publicity for our beloved FreeBSD.

Edit 3:
FreeBSD Project Manager, FreeBSD Security Officer and FreeBSD Security Team have been informed about the issue.
I hope it will be remedied quickly.
 
Your complaints are kind of amusing to me. So, you're installing a package with a declared purpose to send stats. And then it sends stats, and you're surprised, shocked, and in rage. Really? :eek: Btw, there's no personal data involved. If you think otherwise, show it.
If the FreeBSD Foundation supports spying on their unsuspecting users, who normally expect that software they install is not being run without their pre-knowledge and without their consent, this breaches the trust of people.
Snurg, that is it's reason for existing. Not in the base system install but 3rd party program you chose to install.

I'm probably more at risk by posting screenshots that include top and PID list without a reboot after posting the shot than anything that could be done with what you'd end up with if the information was sniffed, snarfed, snorted or swiped swiftly *swearword* sweat_it_out...

I bet I could harvest MAC addys from ipconfig and use it to spoof member MAC addy.
 
Here is another TOPLIST - top 20 countries with zero Bsdstats reports. Assuming that the FreeBSD usage is also lowest in these countries or the inhabitants of these countries are the most paranoid and just not sending the statistics reports:

Code:
Rank    Country    Population    Bsdstats
1    Pakistan    220892340    0
2    Nigeria    206139589    0
3    Bangladesh    164689383    0
4    Ethiopia    114963588    0
5    Egypt    102334404    0
6    Vietnam    97338579    0
7    DR Congo    89561403    0
8    Turkey    84339067    0
9    Iran    83992949    0
10    Tanzania    59734218    0
11    Myanmar    54409800    0
12    Uganda    45741007    0
13    Argentina    45195774    0
14    Algeria    43851044    0
15    Sudan    43849260    0
16    Iraq    40222493    0
17    Afghanistan    38928346    0
18    Morocco    36910560    0
19    Saudi Arabia    34813871    0
20    Peru    32971854    0

That makes total 1,640,879,529 people in these 20 countries not sending ANY BSD statistics reports. That is almost 5 times more people than living in the US.
 
Normally when you are installing packages, they are not being run.
So, you have a bug in init- or postinstall-scripts.

I still can't help but LOL about the weird fuzz you create from that. No, that program doesn't send personal data and it also doesn't spy on you (but makes it very explicit what it's doing).

IMHO, all this silly over-gasping here (uh oh, contact the press, haha) doesn't really help for fixing a simple bug. Maybe to the contrary.
 
Normally when you are installing packages, they are not being run.
You know that very well.

This is a serious POLA violation and a breach of trust.

If the FreeBSD Foundation supports spying on their unsuspecting users, who normally expect that software they install is not being run without their pre-knowledge and without their consent, this breaches the trust of people.
You have read the initial posting in this thread, have You?

So You notice that people run statistics over the data collected by bsdstats. Which is exactly that data where you complain that it is sent at all.
Now we got to the conclusion that the data in the initial posting is bad, because too few people install bsdstats so that their data gets sent. Whereas You complain that the data should not even be sent when people install bsdstats.

So, instead of complaining around: make a suggestion on how You would like to solve this.

 
Back
Top