What are some features you wish your OS had, that other OS' have - or what are some features you wish other OS' had, that your OS has?
Having used FreeBSD since the early 2000s, I wish more systems would have containers as secure as jails and would impliment dtrace or something as powerful for debugging.
Networking
I wish Linux had the feature of having actually useful and not shit software like other OSs do
>containers
systemd nspawn
>>58041703
The BSD netstack is pretty great, yeah. It's even used on the two Mars rovers, courtesey of Wind River Systems formerly known as part of freebsdmall.com.
>>58041750
Not quite the same thing and also not as secure, also involves systemd which is something I intend to avoid like the plague.
>>58042078
>not as secure
How are jails more secure?
>involves systemd
An alternative would be LXC containers.
>>58042092
>How are jails more secure?
Aside from having been designed with security in mind, rather than security as an afterthought, here's a few things:
systemd-nspawn only impliments filesystem virtualization and process seperation, not user (and more importantly, superuser) seperation. Jails are effectively a whole guest OS that's indistinguishable from a host OS, except the kernel itself.
And it's a matter of record that not only has noone escaped from a jail yet, but the developer of jails is very interested in having people do so.
Also, there's plenty interesting to read about the philosophy behind it, specifically what a lot of linux containers miss: http://queue.acm.org/detail.cfm?id=1017001
>An alternative would be LXC containers.
Has the same problems of other containers on linux, that they're not designed with security in mind from the beginning.
Incidentally, that seems to be a very common thing with Linux stuff, that security is an afterthought.
Also, it seems to me as if systemd-nspawn isn't necessarily intended to persist across reboots, whereas jails are. All my servers with public-facing processes run in jails, so even if someone uses an exploit to get access to the jail, I can quickly revert it to its last known-good state (yay zfs and snapshots) and patch the exploit with a diff. Even forkbombing can be prevented with rctl.
Onto the topic at hand, I wish FreeBSD would impliment W^X like OpenBSD has - I know it's something that's being looked into, but it may take quite a while before we get it.
>>58042240
>except the kernel itself.
It should be noted that the kernel isn't present in the jail.
>>58042240
Thanks for the info.
>Also, it seems to me as if systemd-nspawn isn't necessarily intended to persist across reboots, whereas jails are. All my servers with public-facing processes run in jails, so even if someone uses an exploit to get access to the jail, I can quickly revert it to its last known-good state (yay zfs and snapshots) and patch the exploit with a diff. Even forkbombing can be prevented with rctl.
Snapshots are supported with BTRFS. You can pair them with systemd-nspawn.
>>58042268
Yes, but unless you want just a mirror, I'd recommend staying the fuck away from BTRFS.
>>58042294
>I'd recommend staying the fuck away from BTRFS
Why? I'm using it on my laptop. Of course, I do backups.
>>58042311
Here's why: https://btrfs.wiki.kernel.org/index.php/RAID56 - https://www.mail-archive.com/[email protected]/msg55161.html has more info from when it was discovered.
>>58042318
Yeah, I know RAID5/6 is broken, I'm not using RAID at all.
Oh, another thing I want in FreeBSD, from Solaris this time, is their sharecifs per-dataset property which makes samba sharing effortless.
>>58042335
Ah, so you're just using it for mirroring? Please don't tell me you're striping your data without redundancy.
>>58042356
>sharecifs per-dataset property
In ZFS, naturally. It was added after Oracle un-CDDL'd ZFS, I believe.
>>58042335
Completely off-topic, but how long did it take you to generate that tripcode? It's pretty great.