# Oldest version of FreeBSD still in current use



## Paul Floyd (Apr 26, 2020)

A quick straw poll

Currently [April 2020], what is the oldest version of FreeBSD that you are using?

In particular, is anyone still using FreeBSD 10 and older?


----------



## mark_j (Apr 26, 2020)

I've just retired our old pentium running 5.4 - it was our old home firewall, proxy and general blocker of all things "social" media. It's now in the storage area waiting for a trip to the e-recycler.

I loved the simplicity of 5.4, it was far less complicated, less commands and so, obviously, closer to the original 4.4BSD than FreeBSD 12 + is. Oh, and it only had a few hundred ports. (You couldn't build from ports now as most of the source links are broken but the packages are still all available).


----------



## zirias@ (Apr 26, 2020)

I wonder what's the point? There are people running 7.x, for "some" reason ... and I've even seen a posting in some other forum recently where someone was looking for help with a 4.x (!) release.

But anyone running an EOL system (of *any* brand, not just FreeBSD) acts grossly negligent, at least if this system has *any* connection to the internet or access to any pluggable media.


----------



## rootbert (Apr 26, 2020)

4.7 on my 486 notebook with 11MB RAM ... just for the fun


----------



## mark_j (Apr 26, 2020)

Zirias said:


> I wonder what's the point? There are people running 7.x, for "some" reason ... and I've even seen a posting in some other forum recently where someone was looking for help with a 4.x (!) release.
> 
> But anyone running an EOL system (of *any* brand, not just FreeBSD) acts grossly negligent, at least if this system has *any* connection to the internet or access to any pluggable media.


If that's a veiled attempt to critique me, then you're so far from wrong that it's funny.

If you don't have any skill then it's quite easy to assume a new OS will protect you, when in fact any OS connected to the outside world is vulnerable if you don't know what you're doing. Case in point, Windows (any version).

This machine was running FreeBSD since 3.x and never has it been hacked. It's been attacked and survived, plenty of times. It didn't have needless ports or services open. It was a great multi-homing, squid proxy, mail and firewall device. The kernel was MUCH more simpler with less chance of bugs. Its uptime was measured in years!
Drivers were limited and again, less chance of bugs. Anyone knows, the increase in complexity adds a propensity for bugs to increase. It ran a simple old Pentium with 1GB RAM.

Compare that to modern CPUs which require mitigation to stem the tide of ever growing breaches. Makes you think just how secure your modern OS is, surely?


----------



## zirias@ (Apr 26, 2020)

I didn't reply to your posting in particular, and if you think bad of my "skill", that's your personal point of view I'm not interested in and won't discuss.


----------



## kpedersen (Apr 26, 2020)

I know it is generally frowned upon in these forums to run an old version of FreeBSD. Most questions regarding it are swiftly pointed to a post about EOL versions. In some ways though I suspect this is so that us members can give better advice rather than deciphering subtle version differences so I am fine with this.

... However if you block all ports apart from incoming SSH, unless there is a crucial issue in SSH daemon in the older version, you will be just as protected on the old version as one that is fully up to date.

Certainly Linux has this issue much more than FreeBSD but the dropping of hardware support because it is no longer "popular" is also a good reason to run an old version.

For me personally, the oldest BSD I still currently run in production/development is OpenBSD 5.9 for the Linux emulation (was dropped in 6.0) so that it can run the Linux-only Perforce client (it acts as a gateway between version control systems). That said, now it could be updated because the Perforce client was finally released open-source a year back.

I did also run FreeBSD 8 for a long time because I was fairly fond of Gnome 2 and wasn't quite ready to move to a different desktop environment once it was killed.

The oldest alternative operating system I run as a build machine is Windows 8. Released in 2012 (FreeBSD 9 era).


----------



## zirias@ (Apr 26, 2020)

kpedersen said:


> ... However if you block all ports apart from incoming SSH, unless there is a crucial issue in SSH daemon in the older version, you will be just as protected on the old version as one that is fully up to date.


Keep in mind SSH uses (Open)SSL, so this statement might have to be reconsidered -- at least, you'll have to do some extra work, so your sshd won't expose any well-known flaws.

That said, sure there are ways to run EOL systems in a secure way. It's just that's not what you find most of the time with people running them.



kpedersen said:


> The oldest alternative operating system I run as a build machine is Windows 8. Released in 2012.


Which is still supported.


----------



## shkhln (Apr 26, 2020)

What do we have there? "Real men patch remote exploits in old software by their pure awesomeness." Ah, ok then.

I'll show myself out now.


----------



## Paul Floyd (Apr 26, 2020)

I didn't want to start a security flame war 

I've been setting up a few VirtualBox VMs, going back as far as FreeBSD 9.3 (which was fairly difficult). It doesn't look like its worth going back any further, even though it sounds like there are still users ov very old versions.


----------



## dave01 (Apr 26, 2020)

I remember coming across a firewall appliance running 4.3 when 8.0 was bleeding edge.  The supplier was still selling them.


----------



## kpedersen (Apr 26, 2020)

pyret said:


> New York City's subway still uses OS/2 Warp, as well as some bank ATMs.  And if enterprises weren't still using OS/2, then Arca Noae wouldn't have a business model to stay in open.



I believe the DECOR french air traffic control (non-safety critical) still uses Windows 3.1 
https://www.zdnet.com/article/a-23-year-old-windows-3-1-system-failure-crashed-paris-airport/
Since 2015, I believe they are still using it.


----------



## neel (Apr 26, 2020)

Paul Floyd said:


> I didn't want to start a security flame war
> 
> I've been setting up a few VirtualBox VMs, going back as far as FreeBSD 9.3 (which was fairly difficult). It doesn't look like its worth going back any further, even though it sounds like there are still users ov very old versions.



I actually installed FreeBSD 6.2 on a old early-Pentium 4 PC for kicks late last year, and yesterday 7.2 in VirtualBox. And I only started using FreeBSD daily with 9.0.

I have never been able to try 5.x or below successfully.

Although for day-to-day use I use 13-CURRENT on desktops and 12.1 on servers/routers.


----------



## drhowarddrfine (Apr 26, 2020)

We were using Windows XP at Subway till just about five years ago. While everyone else had already moved to Windows 8, we were able to finally go to Windows7 with appropriate all new, needed hardware upgrades. Bumping up to Windows 8, shortly after, wasn't too awful but, again, going to Windows 10 required all new hardware and several weeks before anything worked properly.


----------



## mark_j (Apr 27, 2020)

kpedersen said:


> I know it is generally frowned upon in these forums to run an old version of FreeBSD. Most questions regarding it are swiftly pointed to a post about EOL versions. In some ways though I suspect this is so that us members can give better advice rather than deciphering subtle version differences so I am fine with this.
> 
> ... However if you block all ports apart from incoming SSH, unless there is a crucial issue in SSH daemon in the older version, you will be just as protected on the old version as one that is fully up to date.
> 
> ...


I think if people come here looking for help on, say FreeBSD 8, then they shouldn't be running it. If you don't understand how to lock down a system, then you shouldn't be exposing any of it to the outside world. Perhaps too many here think running FreeBSD 12.1 will protect them from the meanies on the internet?

However, as you rightly point out, sometimes old systems run something you like and have no alternative.

In my case, we've been using (up until last year) this old FreeBSD box as our gateway. It's been super reliable (a testament to the pre-6 series OSs) and crash free. It runs only what is required, opens only what ports are needed and is more secure than most people's PCs they connect to the internet on.


----------



## mark_j (Apr 27, 2020)

Paul Floyd said:


> I didn't want to start a security flame war
> 
> I've been setting up a few VirtualBox VMs, going back as far as FreeBSD 9.3 (which was fairly difficult). It doesn't look like its worth going back any further, even though it sounds like there are still users ov very old versions.


No, it's just people speaking from a level of ignorance. They assume an old system equals a leaky system. Nonsense.

There's probably no point or benefit intentionally going backwards, if other than for some educational merit. There's plenty of benefit in keeping an older system running. Mind you, with the old 5.4 box, it was intended I replace it about 4 years ago, but I just never got around to it. Why? Well it just worked. Shame on it and me!


----------



## ralphbsz (Apr 27, 2020)

```
> uname -a
FreeBSD example.com 4.10-RELEASE-p22 FreeBSD 4.10-RELEASE-p22 #5: Thu Feb 28 02:46:42 PST 2008 someone@example.com:/build/obj/build/src/sys/BIGSYS  i386
> uptime
10:00PM  up 156 days, 20:51, 1 user, load averages: 0.05, 0.10, 0.08
```
There must have been a big power outage 156 days ago; usually this machine gets rebooted every few years.

This is a commercial multi-user machine, operated by an ISP, in current production; I removed the name. It is dead nuts reliable, and still performs billing and administration for the ISP. Coincidentally, the ISP is located in Berkeley, and the person who configured this machine worked at UCB on the BSD project.


----------



## mickey (Apr 27, 2020)

FreeBSD 10.3 on my old ThinkPad 600 notebook. I was recently thinking about updating it to 12.1, but then again -- what for?


----------



## zirias@ (Apr 27, 2020)

Oh, I *do* see quite some ignorance about the topic, for sure.

Nobody ever claimed that running a supported system on the latest patch level automatically protects you against any threat. But it's an important prerequisite, at least as soon as this system gets any "untrusted" data to operate on.

E.g. at some point, your system will have to expose some service (and if it's "only" ssh) to be useful. If it is exposed only in some "trusted" LAN, that's still a risk, but depending on the circumstances, it might be acceptable. If it is exposed to the internet, you're doomed. The same holds for any other data/input from untrusted sources, but the network is the most obvious one.

So, of course there are scenarios where running EOL systems doesn't hurt. Those are rare, and I bet most people operating such an EOL system actually overlook something. Very often, when talking about stability and uptime, these are just lame excuses for avoiding the work to upgrade the system. And once you're more than one major release behind, this work piles up to something that isn't manageable easily any more.

Yes, for (larger) organizations, the upgrade "blocker" are often applications that don't work with the new release -- this especially happens in Windows environments, but not only.


----------



## mark_j (Apr 27, 2020)

It seems it's too easy to conflate old systems with security risk. Potentially, every new system becomes a security risk as soon as you plug it in. Intel mitigations have seen to that.

Exposing a service to the internet does not spell the end of the world; that's why we have firewalls. Hell, even someone sitting on a Windows 95 computer has zero risk if they don't use a browser (and probably can't now anyway). Why? They're likely behind a NAT and firewall.

If one's not knowledgeable enough to lock down a system and just open up ports and services like a drunken carefree sailor, then it truly is curtains; eventually and deservedly.

I personally work with systems 15+ years old, running old versions of their applicable OS, that function fine and even are connected to the internet. It's a fact of life in business.

Anyway, this is diverting a long way away from the topic.


----------



## richardtoohey2 (Apr 27, 2020)

Zirias said:


> Keep in mind SSH uses (Open)SSL, so this statement might have to be reconsidered


I don't think that is right.  OpenSSH and OpenSSL are two completely different things.


----------



## richardtoohey2 (Apr 28, 2020)

pyret said:


> Compiling OpenSSH No Longer Requires Linking in OpenSSL circa 2014.


Thanks; I was trying to make things clearer but only muddied the waters.  They are two different things, but TIL not as very separate as I thought.  And seeing this thread is about older versions, the OpenSSL part is very relevant.  Back under my rock!


----------



## kpedersen (Apr 28, 2020)

richardtoohey2 said:


> I don't think that is right.  OpenSSH and OpenSSL are two completely different things.



OpenSSL or LibreSSL are dependencies of OpenSSH. If there is a flaw in OpenSSL, that flaw could be exploitable within OpenSSH.


----------



## Datapanic (Apr 28, 2020)

I have a BSDi 3.0 i386 system running as a guest on ESXi 5.5.  It's not good for much more than nostalgia at this time and not even very interesting, but I still have it!


----------



## kpedersen (Apr 28, 2020)

Datapanic said:


> I have a BSDi 3.0 i386 system running as a guest on ESXi 5.5.



What system C compiler does that setup provide? I cannot seem to find out when GCC was introduced to replace the more original UNIX ones.


----------



## Datapanic (Apr 28, 2020)

kpedersen said:


> What system C compiler does that setup provide? I cannot seem to find out when GCC was introduced to replace the more original UNIX ones.



The default /usr/bin/cc is gcc version 1.42


----------



## kpedersen (Apr 28, 2020)

Oh wow. So BSD adopted GCC that early? For some reason I thought that GCC entered at BSD 4.4 Lite to replace one that was potentially patent encumbered.

Edit: Whilst doing some history fact finding, turns out iXsystems *is* BSDi (https://en.wikipedia.org/wiki/IXsystems). I had absolutely no idea. That's pretty cool. I knew they were very active in the BSD community but didn't know they had that legacy.


----------



## ralphbsz (Apr 29, 2020)

kpedersen said:


> ... turns out iXsystems *is* BSDi (https://en.wikipedia.org/wiki/IXsystems).


Well, sort of. iXsystems is the successor to BSDi (or BSDI, both spellings exist). But the thing that (to me) created BSDi was the people; a company founded and run by Kirk McKusick, Bill Jolitz, Keith Bostic, Rob Kolstad, Mike Karels, and a few others I forgot. None of those people have been involved with iXsystems in the last 10 or 15 years, as far as I know. Staff wise there was a significant break between 1998 and 2005.


----------



## Datapanic (Apr 29, 2020)

I was going to install a FreeBSD 1.0-RELEASE but got discouraged  Setting up the floppies


----------



## Jose (Apr 29, 2020)

Oldest CDROMs I can find. I should try to install one of them on an old box sometime.


----------



## George (May 5, 2020)

bsdstats reports one version 0.8.6 this month, but this might be fake.

http://bsdstats.org/bt/releases.html


----------



## FreeBSDArcade (Apr 22, 2022)

I tried to install desktop environements on 5.5 but didn't worked.


----------



## mark_j (Apr 23, 2022)

The ones included with 5.5 will work. You have zero chance with 99% of the latest packages.


----------



## FreeBSDArcade (Apr 23, 2022)

I installed everything with the disc 1 and disc 2 but i got a syntax error or something like that.


----------



## grahamperrin@ (Apr 24, 2022)

George said:


> *BSD Usage Statistics: Releases Stats



Hmm





I guess that most people either (a) no longer participate; or (b) are not aware. I'm an (a) person.


----------



## oed (Apr 27, 2022)

Not *Free*BSD, but I've got 4.4BSD permanently running in an gxemul:
`$ uname -a
4.4BSD *****.*******.** 4.4BSD-Lite 4.4BSD-Lite #6: Mon Jun 13 21:52:19 MET DST 1994     oscar@*****.******.**:/sys/compile/BSD  DEC
$ uptime
 4:35PM  up 12 days, 17:48, 1 user, load averages: 0.00, 0.00, 0.00`

The host is running FreeBSD 13.0, but the oldest boot environment it has is 10.0-RELEASE.


----------



## neel (Apr 29, 2022)

I have run 4.x and 5.x on a Pentium 4 Gateway and Pentium III Dell Optiplex, both which I bought for the purpose of retrocomputing.

Being much younger myself, I didn't realize how painful XFree86 configuration was, I grew up with Xorg autoconfiguration.


----------



## Jose (Apr 29, 2022)

neel said:


> I have run 4.x and 5.x on a Pentium 4 Gateway and Pentium III Dell Optiplex, both which I bought for the purpose of retrocomputing.
> 
> Being much younger myself, I didn't realize how painful XFree86 configuration was, I grew up with Xorg autoconfiguration.


Oh man, you just brought back some bad memories about struggling with dotclocks and modelines.

I found this video on how those old monitors worked fascinating:




_View: https://www.youtube.com/watch?v=3BJU2drrtCM_

They show how modern LED TVs draw too. I wish they'd done a plasma TV. I still have one of those.


----------

