# One major difference that I found between Linux and FreeBSD || How frequently do you install updates ?



## john_rambo (Feb 22, 2022)

After moving from Arch Linux to FreeBSD 13.0-RELEASE-p7 one major difference that I found was the fact that under all Linux distros there is only one update mechanism which updates both the base and user land packages. For example under Debian/Ubuntu you need to run only `sudo apt update && sudo apt upgrade -y` and that's it. Both the base and user installed packages are updated. But under FreeBSD there's `freebsd-update fetch install` for the base and `pkg update && pkg upgrade` for the user installed packages.

I know it sounds crazy but I run `freebsd-update fetch install` and `pkg update && pkg upgrade` everyday without a miss.

So I am curious. How frequently do you install updates ?
Also why these 2 separate ways ? Why not only I command for the base and userland ?


----------



## SirDice (Feb 22, 2022)

john_rambo said:


> So I am curious. How frequently do you install updates ?


Sign up for the freebsd-announce mailing list. Then you'll get notified if there are patches for the base OS. If there are no patches there's no reason to run freebsd-update(8). 

As for packages, keep an eye on pkg-audit(8). With the quarterly packages (set as default) there's not really a reason to update unless pkg-audit(8) complains about something. Do at least a package upgrade once every three months when the quarterly repositories are updated.


----------



## john_rambo (Feb 22, 2022)

SirDice 
Okay I will sign up for the freebsd-announce mailing lists.

But I don't understand the every three months policy. Within this short perioud of using FreeBSD I have received new updates after 15 days. I didn't note down the exact package names but I have received new package updates in 15 days.


----------



## zirias@ (Feb 22, 2022)

john_rambo said:


> under all Linux distros there is only one update mechanism which updates both the base and user land packages.


There is no "base" in Linux. Linux is just a kernel, calling a whole OS "Linux" is sloppy, but commonplace. As a consequence you _need_ a "distribution" to use "Linux", and these distributions use the same packaging for any software component (including Linux, the kernel, itself).


john_rambo said:


> I know it sounds crazy but I run `freebsd-update fetch install` and `pkg update && pkg upgrade` everyday without a miss.


For base: You can check the status on the FreeBSD homepage or read the -announce mailinglist. I only update base when I see there's a SA or EN affecting my system.

For packages: It depends very much on what you use. With "latest" packages, you'll have upgrades all the time, with "quarterly" you'll only get security updates. Checking every day *might* make sense, it just depends...


john_rambo said:


> Also why these 2 separate ways ? Why not only I command for the base and userland ?


This distinction is wrong, it's "base and 3rd-party". Base is a complete OS, consisting of kernel _and_ userland.

Base follows a release management scheme, with supported releases that just receive security updates and fixes for severe bugs.

Ports/Packages in FreeBSD are "rolling release", you can continuously follow their current state or use quarterly snapshots that only get updated for security fixes etc.


----------



## SirDice (Feb 22, 2022)

john_rambo said:


> But I don't understand the every three months policy.


The quarterly ports/packages are updated once every three months. In that three month period it only receives security or stability updates. But the change-over between Q1 and Q2 for example can be quite massive.


----------



## john_rambo (Feb 22, 2022)

SirDice said:


> As for packages, keep an eye on pkg-audit(8).


This is what I am getting 


```
# pkg audit
p7zip-16.02_3 is vulnerable:
  p7zip -- usage of uninitialized memory
  CVE: CVE-2018-10115
  WWW: https://vuxml.FreeBSD.org/freebsd/942fff11-5ac4-11ec-89ea-c85b76ce9b5a.html

1 problem(s) in 1 installed package(s) found.
```

What should I do ?


----------



## sko (Feb 22, 2022)

john_rambo said:


> under all Linux distros there is only one update mechanism which updates both the base and user land packages


because there is no "base" for linux. Linux is a kernel - nothing more, which is the reason why linux has/needs "distros" in the first place. Everything besides the kernel (even the default C library!) is up to the maintainers of a distro to cobble together and that's also why most things feel quite 'hacky' and inconsistent compared to FreeBSD, which is a complete, orchestrated and fully featured OS ('base') which can be extended by additional (3rd party) software from ports/packages. Both (base / 3rd party) are also cleanly separated with everything* that isn't part of the OS usually going to /usr
The base os is always updated via `freebsd-update`, all additional and manually installed software is either updated via pkg or by rebuilding the port(s). This is IMHO much more convenient and sane as you always have a consistent and working base OS (as long as you are following one of the official branches and don't custom build the base system) and then can add whatever you like (pkg) even with your own options (ports).

Regarding the question about update frequencies:
It depends.
On a system that isn't critical and/or accessible to the outside world (or anyone else but me), I usually follow quarterly and update pkgs every once in a while and the base system whenever I feel the urge to do that (or the running release goes/went EOL).
For critical/edge systems that are publicly accessible or used/accessible by many people, one should follow at least the security mailing list and act whenever there is something that might affect those systems.
For both this can lead to either having to update several times in one week or you don't need to update for multiple weeks or months at all.


----------



## SirDice (Feb 22, 2022)

john_rambo said:


> What should I do ?


Uninstall it. It's deprecated and has been removed from the ports tree already.


```
DEPRECATED=	Unmaintained for years and has known vulnerabilities
EXPIRATION_DATE=2022-01-01
```


----------



## john_rambo (Feb 22, 2022)

SirDice said:


> Uninstall it. It's deprecated and has been removed from the ports tree already.
> 
> 
> ```
> ...


Done. Thanks.


----------



## john_rambo (Feb 22, 2022)

SirDice
Done !



> Hi, this is the Mlmmj program managing the <freebsd-announce@FreeBSD.org>
> mailing list.
> 
> Thank you for confirming your subscription. You have now been added to the
> normal version of the list.


----------



## SirDice (Feb 22, 2022)

It's a fairly low volume mailing list. You only get official announcements about new versions, security/errata issues and other important notifications.


----------



## zirias@ (Feb 22, 2022)

john_rambo said:


> What should I do ?


In general: Check whether there's an update. If there's none, either uninstall it or wait for an update (your decision). Of course, for a deprecated package, just uninstall it.

BTW, this clear distinction between base and ports is a huge benefit for me, it enables something I can't have with any Linux dist: A rock-solid and well-tested base system going through release engineering (like e.g. Debian's "stable" does), combined with "bleeding-edge" third-party software. I wrote a text about my reasons to use FreeBSD quite some time ago: https://sekrit.de/webdocs/freebsd/advocacy.html


----------



## Profighost (Feb 22, 2022)

For me it's one of the top main reasons why I use FreeBSD:
NO AUTOMATIC UPDATES by default

I really hate it, if there eventually popping up unasked windows, telling you everyday second day, sometimes more often "new updates are available" and then keep nagging you until you've installed them (with reboot) or just reboot all by themselves; always extremly important, very urgent and always security issues..."if you do not install this update immediately your computer will die a horrific death!" -  and very likely something is changed in the look and feel, or your settings are resetted to default... because patches, updates und upgrades are wildely mixed up.
One cannot imagine how I hate that.

FreeBSD is very flexible and extremely modular, I decide, what I want, when I want it, how I want it.

The second benefit of FreeBSD against Linux is:
Installation/updates are not only very easy, either by ports or pkg, but it works!
So many times I've tried to install something under Linux...always the same:
...grind...grind....grind...grind...Warning - Warning - Warning - Error - Error - Error - Aborted. 

And then there a different packaging tools depending on what Linux... in fact that's what a Linux distri is primarly all about:
Which packaging tool you're using.

Do not underestimate the next point:
Under FreeBSD I also can _downgrade_.
There are situations where for what reasons ever the new version is not working properly, or something else is not working anymore....
On other systems you'll just face the decision: wait for other updates (and hope it will work then) or do a complete new reinstallation of your complete system - execpt the not wanted to be updated package 
(okay, I admit: I waisted way too much time with Windows... )
On FreeBSD I just say: downgrade, and I can stick with my old versions until there are better (or all) updates.
Because FreeBSD seeks to have consistent versions of system and packages.
Under Linux I often have the feeling there are many different vast mobs of anarchists and anybody does what he likes, when he's in the mood, or not - chaos!

However, one may discuss about, what software needs to be updated and who wants to stay with obsolete version or even what obsolete is.
In my opinion anything with internetconnection needs to be always at the newest version available, but for the rest: keep your touchy fingers off my stuff!
For example for some purposes I use xfig. A great tool. No updates since... 1873 a.D. ..? Doesn't matter. It's perfect the way it is, has not internetconnection, so what I need updates for?
But however who sees it, under FreeBSD after all it is not my *responsibilty* what happens on my machine only, but it's also my *decision*.

 I am the master over my slave the machine. Not vice versa!

Sorry for becoming a bit off topic, but I'm always a little bit worried when people compare FreeBSD with other systems, and of course this wasn't the actual point here, but I just wanted to emphasize:
"Don't try to change FreeBSD in some kind of another Linux. Let it be as is is!"


----------



## john_rambo (Feb 22, 2022)

Profighost said:


> I really hate it, if there eventually popping up unasked windows, telling you everyday second day, sometimes more often "new updates are available" and then keep nagging you until you've installed them


There are some distros which have implement automatic updates. Auttomatic updates in these distros doesn't only mean notifications. If I remember correctly you can configure Ubuntu to download and install security updates automatically which I never enabled.

But the notifications about availability of new updates is something I actually like. It helps lazy users who don't check for updates in a timely manner maintain their systems.

GhostBSD has this feature.


----------



## zirias@ (Feb 22, 2022)

Talking about automation, there's another thing that's IMHO very relevant:

Many "Linux" package managers attempt to automatically restart services/daemons on upgrades. FreeBSD's `pkg` tool does nothing like that. And IMHO, that's a good thing, you don't want a service to go down "whenever". It's your job as an administrator to restart services as appropriate.


----------



## sko (Feb 22, 2022)

john_rambo said:


> But the notifications about availability of new updates is something I actually like.


That's what the daily/weekly (security) run outputs are for. You should adjust them to your needs and forward mail to root to a monitored mailbox to keep track of those outputs.


----------



## SirDice (Feb 22, 2022)

sko said:


> That's what the daily/weekly (security) run outputs are for. You should adjust them to your needs and forward mail to root to a monitored mailbox to keep track of those outputs.


In the daily security email you can find these for example:

```
Checking for packages with security vulnerabilities:
Database fetched: Sat Feb 19 03:31:57 UTC 2022
mariadb104-server-10.4.22
mariadb104-client-10.4.22
```
(Don't worry I have since updated, this is an older message)


----------



## hardworkingnewbie (Feb 22, 2022)

john_rambo said:


> But the notifications about availability of new updates is something I actually like. It helps lazy users who don't check for updates in a timely manner maintain their systems.


At its core FreeBSD is a server OS, and targeted at experienced administrators which want to be in control over their system, and not to get plagued with tons of update notifications. 

Aside that - and this is interesting that nobody has mentioned it yet - there's periodic security (periodic(8)). 

This can be enabled, will run once a day and will generate an email to you if some package has tainted security and therefore should be updated.


----------



## zirias@ (Feb 22, 2022)

hardworkingnewbie said:


> At its core FreeBSD is a server OS


It isn't, it's a general purpose OS. Read the very first paragraph on freebsd.org 

I guess it's the slogan "the power to serve" that lead to a lot of confusion about this ... it just refers to the popularity of FreeBSD for servers. BSD heritage goes back to times when the distinction was meaningless because you just used (serial) terminals.



hardworkingnewbie said:


> and targeted at experienced administrators which want to be in control over their system, and not to get plagued with tons of update notifications.


Of course, _this_ is still true


----------



## Profighost (Feb 22, 2022)

I'd like to complement hardworking newbie's post by recommend to subscribe to one or another mailinglist.
You'll receive informations about bugs, problems, and especially about security issues quickly and up to date.


----------



## zirias@ (Feb 22, 2022)

To explain a bit more about my previous post:

For BSD "heritage", of course, back then, everything was technically a "server" if it wasn't a terminal. The concept of "fat clients" didn't exist yet.
It might even be true that the server usecase is still the "most important" one for FreeBSD, e.g. some parameters are, by default, tuned to workloads that are more typical for a server.
But: The _design_ of the system is general-purpose, it can support any kind of workload. Dedicated "server" systems at least have a clear "mission statement" (like, Windows Server xxx), or simply can't support any desktop/workstation workloads, as was the case for e.g. Novell Netware.


----------



## kpedersen (Feb 22, 2022)

I like to think that FreeBSD is a server OS. "It serves us".

Unlike Windows where "we serve it"

or macOS where "they serve themselves"


----------



## zirias@ (Feb 22, 2022)

A rather unconventional definition that's probably worth a golden  – I like it!


----------



## mer (Feb 22, 2022)

Periodic is enabled by default, the default config is to try and send email to local root account.
If you look in /etc/defaults/periodic.conf you find lots of good tunables that you put in /etc/periodic.conf (same concept as /etc/defaults/rc.conf and /etc/rc.conf).
I configure things so that instead of email the output goes to log files, simply because it's more convienient to me.  

But circling back to the OP:  frequency of updates vs stability of the system is always a tradeoff.  We've seen/heard the "Windows Update" that requires 12 reboots  before it's done or the update that breaks your system.  Linux distros sometimes wind up in update chain where you wind up updating 90% of the system.  Sometimes all the updates you wind up with maybe new security issues, or something that doesn't work anymore.

I agree with others on preferring the default behavior of the RELEASE branches (including packages), it gives me a level of confidence in the system, smaller less frequent changes make it easier to understand why something changed.


----------



## forquare (Feb 22, 2022)

It kinda surprises me that no Linux distros have taken made concept of base/3rd-party-packages more concrete.
Every Linux distro I have used seems to have some loose concept of a "base", it's what you got when you installed the system.  It might "just" be a collection of third party packages "cobbled together" with the kernel - but that's not _so_ different to FreeBSD where the project pulls in third party packages such as OpenZFS.  

I think some Linux distro could benefit from the separation of "here is what I gave you when you installed the system" and "here's the stuff that you've done to the system post-install".  Of course FreeBSD has the upper hand in tying the base userland utilities to the kernel, but as a user one of the obvious big wins this separation brings to me is that I can see how I've modified the system (in terms of installed software, and configuration if I use /usr/local/etc) and with ports-mgmt/pkg I can look up what I have explicitly installed vs what has been installed as dependencies.


----------



## SirDice (Feb 22, 2022)

forquare said:


> It might "just" be a collection of third party packages "cobbled together" with the kernel - but that's not _so_ different to FreeBSD where the project pulls in third party packages such as OpenZFS.


The big difference is that if you remove the OpenZFS import you're still left with a functional OS.



forquare said:


> I think some Linux distro could benefit from the separation of "here is what I gave you when you installed the system" and "here's the stuff that you've done to the system post-install".


Does "minimal install", "server install" and "desktop install" constitute the "base" in this case? What if I added that desktop install after I did a minimal install? Which part is considered "base" and what is being added post-install?


----------



## forquare (Feb 22, 2022)

SirDice said:


> The big difference is that if you remove the OpenZFS import you're still left with a functional OS.


Very true, the same for many (any?) Linux distros that package it.  I've never tried, but does FreeBSD build and work if you remove all of /contrib ?  I.e. all software being developed outside of the FreeBSD project?



SirDice said:


> Does "minimal install", "server install" and "desktop install" constitute the "base" in this case? What if I added that desktop install after I did a minimal install? Which part is considered "base" and what is being added post-install?


In my idea, that would be up to the hypothetical distro.  If I build FreeBSD myself and remove some components but add an equivalent from the Ports tree, then there is still a clear separation of base and third party packages.
My guess, in this hypothetical and off-thread situation, would be that if you did a "minimal install" and later installed a desktop from the same source as "desktop install" would have used then it would still be considered base.  In the same idea that I could instal FreeBSD without lib32, but could install later.  However, if you installed the desktop from a different source (e.g. the equivalent of "ports") that wouldn't be part of the base, it might be newer, might not have been customised in the same way, and woudn't have been integration tested as the one provided with "base" had. 

Basically, the hypothetical distro would have to set its boundaries, which would probably look more arbitrary that FreeBSD's boundaries.  And they still wouldn't have the deep integration between userland and kernel.  But having some easy method of saying "these things have been curated, maybe patched, to work together in a particular way" and "these things are extra, moving at a different pace to the base" would be very nice, IMO.

EDIT: I should probably add that my perspective here is very much as a home user where I appreciate a stable and somewhat slow moving OS, but like having more bleeding edge packages on top of it - both on my personal servers and desktops.  I understand that "enterprisey" entities may have different views.


----------



## muthuh (Feb 22, 2022)

sko said:


> feel quite 'hacky' and inconsistent


Never miss an opportunity ..


sko said:


> compared to FreeBSD


.. for that 'feeling' 


forquare said:


> not _so_ different


I see it that way too.


----------



## astyle (Feb 22, 2022)

forquare said:


> It kinda surprises me that no Linux distros have taken made concept of base/3rd-party-packages more concrete.
> Every Linux distro I have used seems to have some loose concept of a "base", it's what you got when you installed the system.  It might "just" be a collection of third party packages "cobbled together" with the kernel - but that's not _so_ different to FreeBSD where the project pulls in third party packages such as OpenZFS.
> 
> I think some Linux distro could benefit from the separation of "here is what I gave you when you installed the system" and "here's the stuff that you've done to the system post-install".  Of course FreeBSD has the upper hand in tying the base userland utilities to the kernel, but as a user one of the obvious big wins this separation brings to me is that I can see how I've modified the system (in terms of installed software, and configuration if I use /usr/local/etc) and with ports-mgmt/pkg I can look up what I have explicitly installed vs what has been installed as dependencies.


Gentoo and Debian, Slackware and Arch come close. But Gentoo was inspired by FreeBSD in the first place  . Debian, Gentoo, and Arch do have 3rd party repos.
--
As for replying to the topic of this thread - I think the updating is a bit messed up in the Open Source world. If you don't pay attention to the git branch of what you're running, something will eventually break at a bad time, forcing a complete reinstall thanks to dependency hell. One reason I like FreeBSD - yeah, it's complicated to do it right, but at least FreeBSD does give you pretty complete control, and no harassment.


----------



## freezr (Feb 22, 2022)

john_rambo 

If you are on the latest branch you receive updates more often!


----------



## grahamperrin@ (Feb 22, 2022)

john_rambo said:


> 1 command











						PkgBase
					

… how to safely update the system (regardless of how far out of date) reliably. …   Let's assume that PkgBase is the way forward.   and so on.  https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase  In addition to the list, there's sometimes discussion of PkgBase in IRC for FreeBSD...




					forums.freebsd.org
				




<https://forums.freebsd.org/82120/posts/557311>


----------



## grahamperrin@ (Feb 22, 2022)

john_rambo said:


> … I don't understand the every three months policy. …



For the ports collection, branching occurs quarterly. A reminder: <https://forums.freebsd.org/posts/552517> and FYI <https://cgit.freebsd.org/ports/log/?h=2022Q1>


----------



## Profighost (Feb 22, 2022)

forquare said:


> It kinda surprises me that no Linux distros have taken made concept of base/3rd-party-packages more concrete.



Don't slip: Between Linux Distributions there is not cooperation only, but much more competition.
Many Linux distris are the result of groups splitting up, sometimes even being mad at each other, aiming for completely different targets.....

One may know this graph: Linux distris

Thus weakening not Linux only but the credit in the concept of open source at all.
So far ubuntu is a brownie point in so far because it's the first open source OS at least I know that's really completely foolproof totally automated usable for not-in-computers-really-interested-users. It
looks like an exploded candy shop, nagging frequently with updates, demote the user with gibberish talk ... - anybody coming from Windows feels at home directly... 

In my former post I forgot to mention another, very important benefit of FreeBSD:
The FreeBSD license. Most likely comparable with the MIT license. Both are practically usable licenses.
Wherelse most people talk about the GNU-license, which is actually not always the best choice for professional use.  Starts with the point that there is no such thing as _the_ GNU-License. There are many of them. And their diversity is a jungle almost as colorful as the number of Linux distris


----------



## grahamperrin@ (Feb 23, 2022)

Profighost said:


> … Many Linux distris are the result of groups splitting up, sometimes even being mad at each other, aiming for completely different targets.



Existence of different targets is natural. Madness is sometimes a lack of self-control; human nature.



> … One may know this graph: Linux Distributions Timeline



I never saw that timeline before today. Interesting, thanks.



> Thus weakening not Linux only but the credit in the concept of open source at all. …



If you'll prevent (or discourage) people from going their own way, with distros or whatever: it'll be less open. Less freedom. 

A Wayback Machine capture of an Apple page: MkLinux: Linux for the Power Macintosh. I bookmarked <https://www.mklinux.org/> in 2010, probably during one of the periods when I tried (failed) to get a usable open source desktop environment on available hardware. From archived documentation: 



> … OS X is based on the Mach 3.0 microkernel, designed by Carnegie Mellon University, and later adapted to the Power Macintosh by Apple and the Open Software Foundation Research Institute (now part of Silicomp). This was known as osfmk, and was part of MkLinux (http://www.mklinux.org). Later, this and code from OSF’s commercial development efforts were incorporated into Darwin’s kernel. Throughout this evolutionary process, the Mach APIs used in OS X diverged in many ways from the original CMU Mach 3 APIs.


----------



## drr (Feb 23, 2022)

john_rambo said:


> Done. Thanks.



archivers/7-zip has replaced p7zip as runtime dependency in KDE's archivers/ark package. I think 7-zip is now used in other archive manager packages like archivers/xarchiver too.


----------



## john_rambo (Feb 23, 2022)

tgl said:


> john_rambo
> 
> If you are on the latest branch you receive updates more often!


I don't necessarily want the latest version of every package. My main focus is security which is why I check for updates everyday and install them asap. If my FreeBSD install is secure using the stable branch I will keep using it. No need for latest branch.


----------



## freezr (Feb 23, 2022)

john_rambo said:


> I don't necessarily want the latest version of every package. My main focus is security which is why I check for updates everyday and install them asap. If my FreeBSD install is secure using the stable branch I will keep using it. No need for latest branch.



If your main goal is security maybe you should opt for OpenBSD.

For what I understood FreeBSD aims more for stability for that reason you have quarterly updates, if you want security having newer versions increase your security since discovered flaws are more prone to be fixed.


----------



## john_rambo (Feb 23, 2022)

tgl said:


> If your main goal is security maybe you should opt for OpenBSD.
> 
> For what I understood FreeBSD aims more for stability for that reason you have quarterly updates, if you want security having newer versions increase your security since discovered flaws are more prone to be fixed.


I had used OpenBSD in the past. Like FreeBSD OpenBSD too offer 2 ways for updating.
`syspatch` is for updating the base & `pkg_add -uvi` for updating userland packages. Problem is after a new version of OpenBSD is released you get absolutely zero package updates meaning suppose OpenBSD version : xyz has Firefox 97 in the repos you have no choice but to use FF 97 for the entire support period of that release of OpenBSD. The only way to get the next version of Firefox is to wait for a new version of OpenBSD.

I asked in reddit why OpenBSD don't release updates for packages. I was told that the OpenBSD project faces a severe lack of man power.

So in short OpenBSD offers a super secure base (as per their claim) with out of date, vulnerable packages including the web browser. No matter how many times you run `pkg_add -uvi` you don't receive any updates at all.
^^ This is my opinion about OpenBSD aftre using it for 6 months.


----------



## richardtoohey2 (Feb 23, 2022)

john_rambo said:


> The only way to get the next version of Firefox is to wait for a new version of OpenBSD


Or run snapshots. But getting off-topic for FreeBSD Forums. Most open source projects are under-resourced.


----------



## sko (Feb 23, 2022)

Given the pace they ruin firefox and remove useful/working features and add annoying and non-working stuff, usually you DON'T want the latest version. Even ESR is moving way too fast IMHO and is constantly breaking stuff that has been working for years.
E.g. webrender is still a steaming pile of garbage and beta-quality at best, yet they already forced it even on the 91-ESR branch and completely ruined the performance. 'gfx.webrender.force-disabled=true' and 'layers.acceleration.force-enabled=true' re-enables OpenGL which 'just works'™ on every system, yet overall performance is still _much_ worse than with 78-ESR.
If it weren't for the dependency-nightmare I'd still use the 78-ESR firefox...


----------



## john_rambo (Feb 23, 2022)

sko said:


> Given the pace they ruin firefox and remove useful/working features and add annoying and non-working stuff, usually you DON'T want the latest version. Even ESR is moving way too fast IMHO and is constantly breaking stuff that has been working for years.
> E.g. webrender is still a steaming pile of garbage and beta-quality at best, yet they already forced it even on the 91-ESR branch and completely ruined the performance. 'gfx.webrender.force-disabled=true' and 'layers.acceleration.force-enabled=true' re-enables OpenGL which 'just works'™ on every system, yet overall performance is still _much_ worse than with 78-ESR.
> If it weren't for the dependency-nightmare I'd still use the 78-ESR firefox...


Yes but still I see no option but to update coz Mozilla pushes both feature updates and security updates through one single channel so either you update or you fall behind in terms of security.


----------



## john_rambo (Feb 23, 2022)

tgl richardtoohey2 
Have you used HardenedBSD ? I avoided it coz someone in this forum told me that its unstable and updates often breaks stuff.


----------



## muthuh (Feb 23, 2022)

Profighost said:


> Linux distris (..) groups splitting up (..) mad at each other (..) completely different targets (..) Thus weakening (..) the credit in the concept of open source


Funny ain't it?


> former NetBSD developer (..) after disagreements (..) culminated (..) asked to resign (..) created a fork [OpenBSD]


I hope the existence of OpenBSD hasn't '_weakened the credit in the concept of open source_'*. Heck, I'd say, it helped to popularize and strengthen the world of open source** .
--
* ? ** Like Linux.


----------



## Profighost (Feb 23, 2022)

grahamperrin said:


> If you'll prevent (or discourage) people from going their own way, with distros or whatever: it'll be less open. Less freedom.


That's not what I said, neither what I want nor what I wanted to suggest or even I'm capable of.
I just told how it is.

Fact is, individual ways increase diversity thus ensures existence by more adaptivity.
But it's also a law of nature the more branches the fewer the power per branch thus weakening each one.
Those are the two sides of the same coin. 
Not bad, not good, just a law of nature.

But one of my main reasons I'v chosen FreeBSD instead of Linux is with FreeBSD there is a system of having a consistent OS by _preventing uncontrollable growth_.

That exactly makes the difference between many experimental Linux branches nobody really uses anymore, even died a long time ago, and the successful ones such like Suse, Debian or ubuntu. Not even the difference between Linux and all others.

This does not mean I am against uncontrollable growth or even growth at all.
Absolutely not!
We need growth, experiments and even uncontrollable growth - if this stays in limits, and not rampanting into other areas.
Without it there would be no progress.

But we also need reliable, stable systems.
Namely for the use.

You see it from the point of view from of an OS expert.
For developers of new OS, admins/roots and some enthusiasts there is a big danger to think of the OS itself would be the whole point at all.
It's not.
The OS - as the choice which one to use - is extremely important, because it provides many, many important jobs, does a buttload of work... and takes most of the responsibility - no question there.
But the OS is neither the main actor nor the director, even not the plot or especially not the movie.
The Users are, their work, and applications.
You don't need to think of a better filesystem if there is no data to be stored on.

We need both:
experimental growth and  stable, reliable... - _controlled_ - systems.
The first one for progress, the second for use.

Wildely growing, experimental OS are not a good choice for the actual daily use.
Just because for the single fact only that their future is not reliably for sure.

Especially if you are not into OS development you just want to use the computer only.
For that you need is a OS you don't need to care about much - the less, the better.
That does not mean FreeBSD should become another turnkey OS - absolutely not! Complete contrary!
(Obviously one really has to look out for not willfully being misunderstood.)

Having a mature, stable, reliable, consistent, complete... system does not necessarily mean it has to be a foolproof fully automated tunkey OS.
The point of turnkey OS or modularity is a complete other question.
Those are also just two sides of the same coin:
Either you have to stay with a preconfigurated turnkey OS or have to make efforts.
But that's completely independend of the question experimental or practical suitable.
(Of course a modular system is way better fo development, but that's also another point.)

I've chosen FreeBSD knowing that this ain't no effortless turnkey OS on the silver plate, because I wanted to learn and understand the OS I am using and found the best match of my personal compromise of reliable usage, control, self-paced configration and learning effort.
But - and that is very important to me - FreeBSD is neither a wild growing experiment with an uncertain future, nor is it aiming to become one.
It's a principled OS.
That is the base of a practically usable, ....reliable, mature,... serious, genuine, authentic... real OS.

Trying to change that may bring progress - but for other systems, because this would actually kill this one.
Series production goods are not for experimentation.
(That's why Microsoft sponsors open software projects such as Linux.)
That doesn't mean I want to prevent progress.


----------



## kpedersen (Feb 23, 2022)

grahamperrin said:


> A Wayback Machine capture of an Apple page: MkLinux: Linux for the Power Macintosh.


That's quite cool. Gosh, I really do wonder what happened to Apple over the years. How did they become such controlling scumm in such a short time?


----------



## eternal_noob (Feb 23, 2022)

Jobs made the mistake to hire PepsiCo CEO John Sculley. After that, things went down the drain.


----------



## hardworkingnewbie (Feb 23, 2022)

eternal_noob said:


> Jobs made the mistake to hire PepsiCo CEO John Sculley. After that, things went down the drain.


Nope, you forgot Mike Spindler, the CEO who came after Sculley. Under his reign Apple had for the first and last time officially licensed clones. Some of the clones, like Umax Pulsar, were even better than Apple's original machines.


----------



## eternal_noob (Feb 23, 2022)

But Sculley betrayed Jobs and because of him, Jobs got fired.


----------



## bsduck (Feb 23, 2022)

john_rambo said:


> Problem is after a new version of OpenBSD is released you get absolutely zero package updates meaning suppose OpenBSD version : xyz has Firefox 97 in the repos you have no choice but to use FF 97 for the entire support period of that release of OpenBSD. The only way to get the next version of Firefox is to wait for a new version of OpenBSD.


Not exactly zero, you do get some security updates. On fixed releases it's recommended to use Firefox ESR, which is always kept up to date. OpenBSD-current has much more up to date packages (including latest Firefox), although nowhere as good as FreeBSD "latest" pkg repository. Unlike FreeBSD you can't have latest packages on a fixed release, it's either all fixed or all rolling, like in Linux world.



tgl said:


> if you want security having newer versions increase your security since discovered flaws are more prone to be fixed


... and new flaws more prone to be introduced as well. As long as you get security updates for known vulnerabilities, newer or older versions don't make much difference in that matter.


----------



## john_rambo (Feb 23, 2022)

bsduck
I didn't know that I was suppose to use the ESR. I wrote zero coz during the 6 months that I used OpenBSD I ran `pkg_add -uvi`from day 1 to the last day. Its not only Firefox but I didn't receive a single update for all the other apps that I was using like Pidgin, VLC, mpv, KeePassXC, etc.

But the base received updates using the command `syspatch`.


----------



## bsduck (Feb 23, 2022)

In http://ftp.openbsd.org/pub/OpenBSD/7.0/packages-stable/amd64/ you can see all updates which were made available for 7.0 users since its release (October 2021). Most aren't typical desktop applications.


----------



## astyle (Feb 23, 2022)

john_rambo said:


> bsduck
> I didn't know that I was suppose to use the ESR. I wrote zero coz during the 6 months that I used OpenBSD I ran `pkg_add -uvi`from day 1 to the last day. Its not only Firefox but I didn't receive a single update for all the other apps that I was using like Pidgin, VLC, mpv, KeePassXC, etc.
> 
> But the base received updates using the command `syspatch`.


When I was using OpenBSD, I did notice that in the name of security, they did insist on auditing third-party packages before allowing them into repos. And should those packages have updates - the updates get audited as well. That took up so much time and effort (There's a LOT of those desktop-oriented packages to go through, after all) that OpenBSD-cleared stuff was just  WAY behind everything else. That made me think that maybe I should just use FreeBSD, and be sensible about my activities on the Internet. There's no such thing as "perfect security" or "useful and completely bug-free code".


----------



## grahamperrin@ (Feb 23, 2022)

sko said:


> they ruin firefox



ORLY


----------



## freezr (Feb 23, 2022)

john_rambo said:


> tgl richardtoohey2
> Have you used HardenedBSD ? I avoided it coz someone in this forum told me that its unstable and updates often breaks stuff.



I heard about it but all the things that have hard anywhere in their name usually end up very badly....


----------



## richardtoohey2 (Feb 23, 2022)

astyle said:


> When I was using OpenBSD, I did notice that in the name of security, they did insist on auditing third-party packages before allowing them into repos. And should those packages have updates - the updates get audited as well.


I've been using OpenBSD since the 2.x days and so far as I know they've not audited third party code unless it's going into base.

The message is always been clear - core focus is security of the base install, and you're on your own with ported software but anything with a really bad security record won't be ported (e.g. some FTP servers or web admin control panels).

I use both OpenBSD and FreeBSD - both have strengths and weaknesses.  As do Windows, Mac, Linux, etc.  No silver bullet, no one tool for every job, etc.


----------



## john_rambo (Feb 28, 2022)

SirDice
I am running 13.0-RELEASE-p7. I want to get email notification at least 15 days prior to the EOL of 13.0-RELEASE-p7. Is this possible ?

Edit: When 13.0-RELEASE-p7 reaches its EOL is it possible to do an "in place upgrade" ? Or should I download the new ISO and do a fresh install. During my many years of using Linux I have done only one in place upgrade of Ubuntu.


----------



## SirDice (Feb 28, 2022)

Can't tell yet. 13.0-RELEASE will be EoL three months _after_ the release of 13.1-RELEASE. As that hasn't been released yet we can't tell you exactly when this will be. Assuming the schedule is correct does give you an educated guess, the schedule names 26 April 2022 as the release date. Which means the EoL of 13.0 is probably somewhere around 26 july 2022.









						FreeBSD 13.1 Release Process
					

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.




					www.freebsd.org
				




So, keep an eye on the release date of 13.1-RELEASE. Three months later 13.0-RELEASE will be EoL.


----------



## eternal_noob (Feb 28, 2022)

john_rambo said:


> is it possible to do an "in place upgrade" ?


Yes. An upgrade from 13.0 to 13.1 should be easy.


----------



## john_rambo (Feb 28, 2022)

SirDice
Honestly speaking this is one thing that I don't like about FreeBSD. This "three months _after_ the release of 13.1-RELEASE" is too confusing not only for newbies like me but experienced users like you.

Why do you think the FreeBSD team doesn't announce a date ? I am not expecting the day but we should get to know at least the year and month.

For example the LTS releases of Ubuntu is supported for 5 years so 20.04 will be supported until April 2025.

eternal_noob
26 july 2022 is too early. I just installed. Most Linux distro forums discourage users to do an in place upgrade coz in most cases it introduces instabilities of various kinds. What's the situation with FreeBSD ? *Can I do an in place upgrade to preserve my system config and expect a smooth transition  to the new release ?*


----------



## eternal_noob (Feb 28, 2022)

john_rambo said:


> Most Linux distro forums discourage users to do an in place upgrade coz in most cases it introduces instabilities of various kinds. What's the situation with FreeBSD ?


FreeBSD is not Linux and you even can upgrade from much older versions. Like 10.0 to 13.1 without problems.


----------



## zirias@ (Feb 28, 2022)

FreeBSD doesn't have a simple LTS scheme but instead releases from STABLE branches, which are supported for a long time. As they never introduce breaking changes, upgrading from one minor release to the next is pain- and riskless.

So, instead of complaining, better try to first understand how the scheme works.








						LTS support and version clarifications
					

Hello everybody, I have read the documentation for a while but have not been able to clarify my doubts. I will try to be as short as possible. At present according to this table: https://www.freebsd.org/security/#sup the latest LTS version is Stable 12. So if I wanted to have a long support I...




					forums.freebsd.org


----------



## SirDice (Feb 28, 2022)

john_rambo said:


> For example the LTS releases of Ubuntu is supported for 5 years so 20.04 will be supported until April 2025.











						FreeBSD Security Information
					

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.




					www.freebsd.org
				




It's simple really. A major version is supported for at least 5 years. But only the latest minor version of a major branch is supported. The expected EoL of the _entire_ 13 major branch is January 31, 2026.



john_rambo said:


> Can I do an in place upgrade to preserve my system config and expect a smooth transition to the new release ?


Yes. I have systems that have been progressively upgraded from 9.0-RELEASE (when I first installed them, many years ago) all the way to 12.3-RELEASE what they're running now.


----------



## john_rambo (Feb 28, 2022)

Zirias 


> There is no "LTS", and there's no need for one because every major release is supported for a long term (AFAIK 5 years). This still means you must follow the minor releases (12.0 → 12.1 → 12.2 → [...]). Each minor release will reach EOL 3 months after the successor is released. BUT: Minor releases use the same ABI, so upgrades are pain- and riskless.


Understood. 
Q) How can I know that the my installed version is no longer supported and that its time for upgrading ?
Will `freebsd-update fetch install` and `pkg update/upgrade` fail ?


----------



## eternal_noob (Feb 28, 2022)

john_rambo said:


> How can I know that the my installed version is no longer supported and that its time for upgrading ?


You'll get a message when you try to upgrade.


----------



## SirDice (Feb 28, 2022)

john_rambo said:


> Will `freebsd-update fetch install`


It will tell you there are no patches to download and tell you you have an unsupported version.



john_rambo said:


> and `pkg update/upgrade` fail ?


pkg(8) may complain about mismatched kernel version, and the installed packages _could_ fail because they've been built for a _newer_ version than you currently have. That's assuming you are using the official FreeBSD repositories. If you build your own repository you could build specifically for your EoL version, but you may run into various other issues.


----------



## astyle (Feb 28, 2022)

SirDice said:


> It will tell you there are no patches to download and tell you you have an unsupported version.
> 
> 
> pkg(8) may complain about mismatched kernel version, and the installed packages _could_ fail because they've been built for a _newer_ version than you currently have. That's assuming you are using the official FreeBSD repositories. If you build your own repository you could build specifically for your EoL version, but you may run into various other issues.


This is why I stick to ports, rather than packages. FWIW, I like 13.0-RELEASE, it took to my hardware like a champ.


----------



## john_rambo (Mar 1, 2022)

eternal_noob SirDice
I just received this email so I don't have to rely on the output of `freebsd-update fetch install` when my install reaches EOL. This mailing list thing is really useful.


----------



## grahamperrin@ (Mar 1, 2022)

SirDice said:


> Sign up for the freebsd-announce mailing list. …



☑ This should be an *essential* for *anyone* who uses, or takes an interest in, FreeBSD.

(I'm surprised that it's not a rule; there's general advice about lists, but nothing to steer a person towards essential announcements.)



john_rambo said:


> … this email …



<https://lists.freebsd.org/archives/freebsd-announce/2022-March/000018.html>


Announcement-related lists

*freebsd-announce* <https://lists.freebsd.org/subscription/freebsd-announce>
*freebsd-ops-announce* <https://lists.freebsd.org/subscription/freebsd-ops-announce>
*freebsd-ports-announce* <https://lists.freebsd.org/subscription/freebsd-ports-announce>
*freebsd-snapshots* <https://lists.freebsd.org/subscription/freebsd-snapshots>

More

ctm-announce exists, but the last announcement was more than five years ago.

Ports and Packages for Supported Releases | The FreeBSD Project

⚙ D34402 Website: Ports and Packages for Supported Releases Update


----------



## eternal_noob (Mar 1, 2022)

grahamperrin said:


> I'm surprised that it's not a rule


I don't like email and if FreeBSD would force me to subscribe to mailing lists, i'd rather use Linux.


----------



## john_rambo (Mar 1, 2022)

grahamperrin 
I want to get notified about two things. (a) When to run `freebsd-update fetch install` and (b) when to upgrade to a new point release. I can understand that its not possible to notify user about when to run `pkg upgrade` coz that depends on the specific packages installed which differs from user to user.


----------



## SirDice (Mar 1, 2022)

john_rambo said:


> I can understand that its not possible to notify user about when to run `pkg upgrade` coz that depends on the specific packages installed which differs from user to user.


periodic(8) is enabled by default. It will do a daily, weekly and monthly scan. The daily security run includes running pkg-audit(8). I highly recommend configuring your systems to send the periodic emails to a centralized mailbox. 

The security run will, for example, contain:

```
Checking for packages with security vulnerabilities:
Database fetched: Mon Feb 28 03:21:51 CET 2022
db5-5.3.28_8: Tag: expiration_date Value: 2022-06-30
db5-5.3.28_8: Tag: deprecated Value: EOLd, potential security issues, maybe use db18 instead
```

So you're notified if something important comes up.


----------



## john_rambo (Mar 1, 2022)

SirDice said:


> I highly recommend configuring your systems to drop their mail to a centralized mailbox.


This I have never done before so I will search for a tutorial online but thing I want to ask.
Q) Isn't running `pkg update` / `package upgrade` ultimately the same thing instead of checking a local mail ? I mean this mail needs to be checked using CLI right ? So instead of checking a mail if I run `pkg update` & `pkg upgrade` on a regular basis I am doing the same thing.


----------



## SirDice (Mar 1, 2022)

john_rambo said:


> I mean this mail needs to be checked using CLI right ?


My servers all mail to a central mailbox, and I read that with a webmail client or Thunderbird. But if you want to keep it locally, yes. 



john_rambo said:


> So instead of checking a mail if I run `pkg update` & `pkg upgrade` on a regular basis I am doing the same thing.


Sure. But that just updates everything. You should also regularly check pkg-audit(8). Sometimes security issues are reported but the port/package hasn't been updated yet. It's good to know where any potential issues might be hiding, you might be able to mitigate them without updating/patching. I solved the issue from the example I posted by simply eliminating that db5 dependency (I didn't need it anyway).


----------



## john_rambo (Mar 1, 2022)

SirDice said:


> Sure. But that just updates everything. You should also regularly check pkg-audit(8). Sometimes security issues are reported but the port/package hasn't been updated yet. It's good to know where any potential issues might be hiding, you might be able to mitigate them without updating/patching. I solved the issue from the example I posted by simply eliminating that db5 dependency (I didn't need it anyway).


So you choose not to install all the updates offered ? You pick particular packages and leave the rest ? Is there a reason for that ? Like avoiding breakage ? In the short period that I have FreeBSD I have updated everything but nothing broke.

Now suppose after running `pkg-audit` I find a vulnerable package say Thunderbird and there is no update available. What do I do then ? I can't uninstall Thunderbird. I need it.


----------



## SirDice (Mar 1, 2022)

john_rambo said:


> I find a vulnerable package say Thunderbird and there is no update available. What do I do then ? I can't uninstall Thunderbird. I need it.


Knowing there's a vulnerability is half of the battle. Like I said, sometimes you can take mitigating steps to prevent that bug from becoming a problem. And in other cases the best course of action is to stop using it until it gets fixed.


----------



## astyle (Mar 1, 2022)

SirDice said:


> Knowing there's a vulnerability is half of the battle. Like I said, sometimes you can take mitigating steps to prevent that bug from becoming a problem. And in other cases the best course of action is to stop using it until it gets fixed.


There's also the issue of actually executing those mitigation steps, figuring out how to do it correctly, and figuring out if it's worth your time. It can be as deep of a rabbit hole as you make it, that's the deep, far-ranging allure of the Digital Ocean


----------



## grahamperrin@ (Mar 1, 2022)

eternal_noob said:


> I don't like email



People can use web browsers, e.g.






Feeds, and the FreeBSD Project home page





Unfortunately, the newsflash <https://www.freebsd.org/news/feed.xml>:

includes things that would be better in quarterly reports
omits more important, time-sensitive announcements



grahamperrin said:


> Much of what's _flashed_ is not truly news flash-worthy. Critically:
> 
> if *every* item of news is treated (or mistreated) as flashy, it can become difficult for an average reader to *discern, at a glance, things that are of special or critical importance*.


----------



## Deleted member 30996 (Mar 4, 2022)

Profighost said:


> Under Linux I *often have the feeling* there are many different vast mobs of anarchists and anybody does what he likes, when he's in the mood, or not - chaos!





forquare said:


> Every Linux distro I have used *seems to have* some loose concept of a "base", it's what you got when you installed the system. It might "just" be a collection of third party packages "cobbled together" with the kernel - but that's not _so_ different to FreeBSD where the project pulls in third party packages such as OpenZFS.


I _seem to have the feeling_ neither statement was based on research of documented fact. I'll do a Hermetic Tarot card Celtic Cross spread reading on it later. The Norns willing.

Presently, the precognitive dream directed Debian doc I dug up relative to Debian-based Kali GNU/Linux rolling-release boxen being mine applies:


> 1.3. What is Debian GNU/Linux?
> 
> The combination of Debian's philosophy and methodology and the GNU tools, the Linux kernel, and other important free software, form a unique software distribution called Debian GNU/Linux. This distribution is made up of a large number of software packages. Each package in the distribution contains executables, scripts, documentation, and configuration information, and has a _maintainer_ who is primarily responsible for keeping the package up-to-date, tracking bug reports, and communicating with the upstream author(s) of the packaged software. Our extremely large user base, combined with our bug tracking system ensures that problems are found and fixed quickly.
> *snip*
> ...



I can run:
`sudo apt update
sudo apt upgrade`
upgrade from one Kali Linux version bump to the next and it upgrade all my pkg in the process.

With the installation of the 3rd party programs debsums, apt-listbugs, apt-listchanges, apt-list-versions and needrestart it will alert me during the update process to any programs using old libraries that might need restarted, after it's done tell me that a new kernel being installed and I might want to restart and maintain a database similar to me running `pkg audit -F` that makes me feel all warm and fuzzy inside knowing it cares and was unaware of till given a chance  to broaden my horizons with a vacation.

Half my boxen now running Kali Linux on metal:

```
┌──(jitte㉿itachi)-[~]
└─$ cat /etc/os-release                   
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2022.1"
VERSION_ID="2022.1"
VERSION_CODENAME="kali-rolling"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
                                                                                       
┌──(jitte㉿itachi)-[~]
└─$
```


----------



## Vull (Mar 5, 2022)

eternal_noob said:


> I don't like email and if FreeBSD would force me to subscribe to mailing lists, i'd rather use Linux.


Likewise. I simply use `freebsd-update fetch` and it's worked okay for me for years.

Many people seem to think that their way is the best way or only way, but there's usually more than one way to skin every cat.

Still it can be interesting to compare notes sometimes.


----------



## George (Mar 5, 2022)

On desktops, updates usually introduce new issues, like program A no longer compiles, program B crashes because dependency issues, program D is not maintained and has an yet unknown issue, driver F no longer supports my old graphics card...

Somehow I gave up on updates.


----------



## grahamperrin@ (Mar 5, 2022)

George said:


> … updates usually introduce new issues … Somehow I gave up on updates.



The impact of updates is usually *much* more positive than negative. 



> … like program A no longer compiles, program B crashes because dependency issues, program D is not maintained and has an yet unknown issue, driver F no longer supports my old graphics card...



FYI: 









						Ports Management Team
					

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.




					www.freebsd.org


----------



## getopt (Jun 5, 2022)

sko said:


> Given the pace they ruin firefox and remove useful/working features and add annoying and non-working stuff, usually you DON'T want the latest version. Even ESR is moving way too fast IMHO and is constantly breaking stuff that has been working for years.


So true. I had FF76-esr pkg-locked until a few days ago but was forced now to "upgrade" to FF91-esr, knowing that to revert/disable the old and the new crap (Mozilla calls them features) would cost me hours to spend. FF91 with default configuration ruined performance on i386 to a level no more suitable for work. This is usually the point when users start de-installing and looking for alternatives. But Firefox still is highly configurable and therefore I prefer living with the monster I know good enough for privacy configurations.


----------



## getopt (Jun 5, 2022)

richardtoohey2 said:


> Most open source projects are under-resourced.


My impression is that FreeBSD is loosing manpower also. If I were good enough in git I could probably prove that port maintainers dropping maintainership are outnumbering those taking maintainership. The timeline would draw a nice chart over time.


----------



## getopt (Jun 6, 2022)

sko said:


> webrender is still a steaming pile of garbage and beta-quality at best, yet they already forced it even on the 91-ESR branch and completely ruined the performance.
> 'gfx.webrender.force-disabled=true' and 'layers.acceleration.force-enabled=true' re-enables OpenGL which 'just works'™


While I'm just documenting these findings I stumbled across what is lurking next:


> From Firefox 93 onward, Firefox users can't disable WebRender anymore as options to do so are no longer included in that version of the web browser. The only option that Firefox users have when they encounter rendering issues is to switch WebRender to software.











						Mozilla plans to enable WebRender in Firefox 92 - gHacks Tech News
					

Firefox 92 will be the first version of Firefox which has WebRender enabled on all supported platforms.



					www.ghacks.net
				




Perhaps it makes sense to start a new thread. Any suggestions for a thread title?

Making Firefox usable again?


----------

