2022-04-13

According to the FreeBSD 13.1 release schedule, the team is close to putting out the 13.1-RELEASE. I found the page and have been looking through the notes that are there so far to see what is of interest to me.

On my desktop and laptop I have been running 13 STABLE, albeit blindly to what has changed, so it is nice to see the team put together a document with what is upcoming for the release itself.

I already have plans to move my personal server over within the first week or two of release, in which I hope to create another post documenting my upgrade process from 13.0 → 13.1 for my jails which I wrote about before. Additionally, I’ll be doing some VPS upgrades and retiring some hardware, so migrating to 13.1 will be a perfect opportunity to move away and also fix my old design mistakes.

So now, with my rambling done, let’s move on to what interests me.

Mmmmm, PIE

The page states that they are enabling PIE, or Position Independent Executable.

For 64-bit architectures, the base system is now built with Position Independent Executable (PIE) support enabled by default. It may be disabled using the WITHOUT_PIE knob. A clean build is required. 396e9f259d96

What is this? This basically means that instructions can be positioned anywhere in virtual memory and be executed properly. And, software in memory will not be in the same memory address each time it is loaded. This means it is harder to execute certain exploits, like Return Orieinted Programming attacks since the attacker no longer knows the memory addresses of functions, and those locations will be different each time the process is restarted, so if they find what they want once, they’ll have to find it again if the process is restarted.

zfskeys

here is a new zfskeys rc(8) service script, which allows for automatic decryption of ZFS datasets encrypted with ZFS native encryption during boot

I haven’t used ZFS’s encryption yet, but I think it’s neat that it’s possible now to automatically decrypt ZFS datasets. This was actually one of the reasons why I hadn’t yet used this feature of ZFS.

SSH

A few things that interest me with the SSH update is the bump to v8.8p1. 2 Features I’m interested in:

  1. scp gaining support for replacing rcp protocol with sftp. It says this is experimental, which is understandable since OpenSSH 9.0 is said to be the release that fully transitions to sftp by default. In the meantime with 8.8, if you use scp -s it will enable sftp mode

    Seems you can’t do any ~ for path expansion
  2. u2f keys. Don’t use one for my SSH stuff, but it’s cool FreeBSD FINALLY has a release that supports this in base.

iwm(4) updates

I’m happy to see more work is being put into better WiFI support in FreeBSD. This has probably been the worst part about FreeBSD for me. I haven’t done a speed test since running STABLE, but soon I hope to, and see if maybe they’ll be backporting more of what’s being dumped into 14-CURRENT into the 13 branch…​if not, 14 is I’m guessing about a year off. Really, I just want something better than the 25Mbps I cap at.

Boot Time

In the notes, they write:

Performance improvements have been made to loader(8), nvme(4), random(4), rtsold(8), and x86 clock calibration, which collectively yield a significant speedup in system boot time.

I have to say, this is one thing I have noticed since running the stable branch. I run rtsold and boot off NVMe and it certainly has been faster than when I booted FreeBSD in the past.

Wrapping Up

This seems like it’s going to be another cool release. I like that FreeBSD steadily and reliably improves the operating system and I am excited to see what more they do in the future too!