Re: New messages after updating from r365443 to r365738
Ruslan Garipov wrote: Hi! After I had updated my FreeBSD 13.0-CURRENT r365443 amd64 to r365738 the following messages started to appear on the console/log: $ egrep "not implemented|async_" /var/log/messages | fgrep "Sep 18" Sep 18 08:19:05 {host_name} kernel: __pm_runtime_resume not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_mark_last_busy not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: __pm_runtime_suspend not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_get_if_in_use not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: kmem_cache_shrink not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: register_oom_notifier not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: register_acpi_notifier not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: async_schedule is dodgy -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_set_autosuspend_delay not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: __pm_runtime_use_autosuspend not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: async_synchronize_cookie not implemented -- see your local kernel hacker What do they mean? Should I provide more information on my system? These are not something new and been there for ages coming from linuxkpi + your favorite drm/kms module, intended as a reminder on unimplemented functionality. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
New messages after updating from r365443 to r365738
Hi! After I had updated my FreeBSD 13.0-CURRENT r365443 amd64 to r365738 the following messages started to appear on the console/log: $ egrep "not implemented|async_" /var/log/messages | fgrep "Sep 18" Sep 18 08:19:05 {host_name} kernel: __pm_runtime_resume not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_mark_last_busy not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: __pm_runtime_suspend not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_get_if_in_use not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: kmem_cache_shrink not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: register_oom_notifier not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: register_acpi_notifier not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: async_schedule is dodgy -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: pm_runtime_set_autosuspend_delay not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: __pm_runtime_use_autosuspend not implemented -- see your local kernel hacker Sep 18 08:19:05 {host_name} kernel: async_synchronize_cookie not implemented -- see your local kernel hacker What do they mean? Should I provide more information on my system? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020, 11:55 PM Cy Schubert wrote: > In message <451538de-9427-4584-987b-8e4aa26c2...@freebsd.org>, Daniel > Eischen w > rites: > > > > > > > On Sep 17, 2020, at 11:20 AM, Maxim Sobolev > wrote: > > > > > > Re: removing HTTP client please no!!! The current drive to "outlaw" > HTTP > > > coming from companies who see all world via web browser. Totally > ignoring > > > the fact that HTTP != HTTPS in particular in cases where reliability > and > > > lower complexity of the system takes precedence over on-the-wire > protocol > > > security. For example, many internal APIs of AWS EC2 are HTTP. > > > > Agree. And remember the mantra: tools, not policy. > > Since there are so many I'll pick this email to reply to. > > libfetch should be designed to call plugins. An https plugin, http plugin, > ftp plugin, sftp plugin, and so on. New protocols are added as needed, > preferably to ports before they are mainstream. Old protocols are removed > and moved to ports. People who still need to use old protocols can install > the port which plugs into libfetch. When a protocol becomes stale it's > forgotten, no longer maintained and simply disappears into the ether. > Thinking in this way, very soon we need to remove TCP, UDP, IP and the list growing, they are all stale. > Given that pkgbase will become a reality at some point the line between > base and ports will blur. I expect at some point some of what we see in > base to simply become ports. As a developer of both base and ports, ports > are much easier to maintain than importing into base. > > That's my vision. > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: https://FreeBSD.org > NTP: Web: https://nwtime.org > > The need of the many outweighs the greed of the few. > > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
In message <0ab6a75e6b821058a2b939447a8e499196ec2388.ca...@freebsd.org>, Ian Le pore writes: > On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote: > > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > > > cy.schub...@cschubert.com> > > > > wrote: > > > > > > > > > I've been advocating removing FTP (and HTTP) from libfetch as > > > > > well. > > > > > People > > > > > should be using HTTPS only. > > > > > > > > > > > > > Isn't this a bit too much? I often find myself in need to > > > > download > > > > something starting with "http://"; or "ftp://"; and use fetch for > > > > this. > > > > > > Indeed, we have products which rely on this ability in libfetch and > > > we > > > have to keep supporting them for many many years to come. > > > > > > I hate it when someone imperiously declares [For security reasons] > > > "People should/shouldn't be using __". You have no idea what > > > the > > > context is, and thus no ability to declare what should or shouldn't > > > be > > > used in that context. For example, two embedded systems talking to > > > each other over a point to point link within a sealed device are > > > not > > > concerned about man in the middle attacks or other modern internet > > > threats. > > > > And I really dislike when people want to make sure that their unique > > case that less than a percent of people would every hit blocks the > > security improvements for the majority of people... > > > > I've given up on a number of security improvements in FreeBSD because > > of this attitude... > > > > Good. Because what you call "improvements" I would probably call > "Imposing policy rather than providing tools." We as developers, here, on the job, or elsewhere, apply policy all the time when we make decisions regarding the software we write/maintain. When you think of it, I don't have the time for _ is also a policy decision. My former manager's 80/20 rule, as much as I didn't like it at the time (but now see the wisdom), was also a policy decision. A business decision. > > I've don't complain about making defaults the safest choices available. > I complain about removing options completely because they're unsafe in > some circumstances according to some people. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Plans for git
Kyle Evans: > > > This is probably better for a separate thread, but any idea if there > > > > I'm going to regret asking, but what would you need this feature > > for? > > It's not necessarily that bad -- I used to use it for a poor > substitute for git-worktree before I learned about that, for local > projects that I had no intention of pushing back to the remote so I > saved myself the overhead of hitting the network. Got uses "bare" repositories from which you check out as many worktrees as you want. And you can just keep local changes on a local branch. -- Christian "naddy" Weisgerber na...@mips.inka.de ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Plans for git
On Thu, Sep 17, 2020 at 4:15 PM Christian Weisgerber wrote: > > Kyle Evans: > > > > FWIW, I just committed a Got port (devel/got). > > > > This is probably better for a separate thread, but any idea if there > > are plans to eventually support local filesystem cloning in got? > > I wouldn't know. > > I'm going to regret asking, but what would you need this feature > for? > No worries, thanks for the port! =) It's not necessarily that bad -- I used to use it for a poor substitute for git-worktree before I learned about that, for local projects that I had no intention of pushing back to the remote so I saved myself the overhead of hitting the network. For the things I'd specifically be using got for, I can generally live without it easily enough. Thanks, Kyle Evans ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Plans for git
Kyle Evans: > > FWIW, I just committed a Got port (devel/got). > > This is probably better for a separate thread, but any idea if there > are plans to eventually support local filesystem cloning in got? I wouldn't know. I'm going to regret asking, but what would you need this feature for? -- Christian "naddy" Weisgerber na...@mips.inka.de ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: r365488 page faults on AMD Ryzen 9 3950X
I am also having this problem. Have you resolved it? Mine is a Ryzen 5 2400G On 9/12/20 5:22 AM, Rainer Hurling wrote: Since r365488 (and above until recent) my box breaks with the following error when starting: Fatal trap 12: page fault while in kernel mode cpuid = 31; apic id = 1f fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0x808f452b stack pointer = 0x28:0x81711800 frame pointer = 0x28:0x81711800 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 0 (swapper) trap number = 12 panic: page fault cpuid = 31 time = 1 Some infos about the system, the page fault occurs: CPU: AMD Ryzen 9 3950X 16-Core Processor (3493.50-MHz K8-class CPU) Origin="AuthenticAMD" Id=0x870f10 Family=0x17 Model=0x71 Stepping=0 Features=0x178bfbff Features2=0x7ed8320b AMD Features=0x2e500800 AMD Features2=0x75c237ff Structured Extended Features=0x219c91a9 Structured Extended Features2=0x44 XSAVE Features=0xf AMD Extended Feature Extensions ID EBX=0x108b657 SVM: (disabled in BIOS) NP,NRIP,VClean,AFlush,DAssist,NAsids=32768 TSC: P-state invariant, performance statistics real memory = 68717379584 (65534 MB) avail memory = 66756149248 (63663 MB) Event timer "LAPIC" quality 600 #cat /etc/sysctl.conf security.bsd.map_at_zero=1 kern.module_path=/boot/kernel;/boot/modules;/usr/local/modules kern.evdev.rcpt_mask=6 kern.maxfiles=49312 kern.ipc.shm_allow_removed=1 kern.ipc.maxsockbuf=16777216 vfs.usermount=1 net.inet.tcp.rfc1323=1 net.inet.tcp.sack.enable=1 net.inet.tcp.sendbuf_auto=1 net.inet.tcp.recvbuf_auto=1 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 net.inet6.ip6.use_tempaddr=1 net.inet6.ip6.prefer_tempaddr=1 net.local.stream.recvspace=65536 net.local.stream.sendspace=65536 Please let me know, if I should provide more info or test something. Thanks in advance, Rainer ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Plans for git
On Thu, Sep 17, 2020 at 3:05 PM Christian Weisgerber wrote: > > On 2020-09-02, Mason Loring Bliss wrote: > > > Just to throw it out there, https://gameoftrees.org/ would be interesting > > to explore for this. > > FWIW, I just committed a Got port (devel/got). > This is probably better for a separate thread, but any idea if there are plans to eventually support local filesystem cloning in got? Thanks, Kyle Evans ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Plans for git
On 2020-09-02, Mason Loring Bliss wrote: > Just to throw it out there, https://gameoftrees.org/ would be interesting > to explore for this. FWIW, I just committed a Got port (devel/got). -- Christian "naddy" Weisgerber na...@mips.inka.de ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On 9/17/20 12:49 PM, John-Mark Gurney wrote: Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < cy.schub...@cschubert.com> wrote: I've been advocating removing FTP (and HTTP) from libfetch as well. People should be using HTTPS only. Isn't this a bit too much? I often find myself in need to download something starting with "http://"; or "ftp://"; and use fetch for this. Indeed, we have products which rely on this ability in libfetch and we have to keep supporting them for many many years to come. I hate it when someone imperiously declares [For security reasons] "People should/shouldn't be using __". You have no idea what the context is, and thus no ability to declare what should or shouldn't be used in that context. For example, two embedded systems talking to each other over a point to point link within a sealed device are not concerned about man in the middle attacks or other modern internet threats. And I really dislike when people want to make sure that their unique case that less than a percent of people would every hit blocks the security improvements for the majority of people... I've given up on a number of security improvements in FreeBSD because of this attitude... while i tend to agree with you here - i would say that in this case there is a very large use case where preservation of http is very important to a wide base of users: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html https://cloud.google.com/compute/docs/storing-retrieving-metadata https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service regarding the main topic tho - dropping ftpd from base seems like a good iteration in clearing out cruft from the code base so we can focus on things with much larger user bases. fortunately we have an excellent ports/pkg infrastructure to service this need if it arises. -pete -- Pete Wright p...@nomadlogic.org @nomadlogicLA ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote: > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > > cy.schub...@cschubert.com> > > > wrote: > > > > > > > I've been advocating removing FTP (and HTTP) from libfetch as > > > > well. > > > > People > > > > should be using HTTPS only. > > > > > > > > > > Isn't this a bit too much? I often find myself in need to > > > download > > > something starting with "http://"; or "ftp://"; and use fetch for > > > this. > > > > Indeed, we have products which rely on this ability in libfetch and > > we > > have to keep supporting them for many many years to come. > > > > I hate it when someone imperiously declares [For security reasons] > > "People should/shouldn't be using __". You have no idea what > > the > > context is, and thus no ability to declare what should or shouldn't > > be > > used in that context. For example, two embedded systems talking to > > each other over a point to point link within a sealed device are > > not > > concerned about man in the middle attacks or other modern internet > > threats. > > And I really dislike when people want to make sure that their unique > case that less than a percent of people would every hit blocks the > security improvements for the majority of people... > > I've given up on a number of security improvements in FreeBSD because > of this attitude... > Good. Because what you call "improvements" I would probably call "Imposing policy rather than providing tools." I've don't complain about making defaults the safest choices available. I complain about removing options completely because they're unsafe in some circumstances according to some people. -- Ian ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Rodney W. Grimes wrote this message on Thu, Sep 17, 2020 at 10:53 -0700: > > FTP is firewall unfriendly. > > Passive mode solved that decades ago. Requires that the server not be behind a firewall or port forwarding as well.. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > cy.schub...@cschubert.com> > > wrote: > > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. > > > People > > > should be using HTTPS only. > > > > > > > Isn't this a bit too much? I often find myself in need to download > > something starting with "http://"; or "ftp://"; and use fetch for this. > > Indeed, we have products which rely on this ability in libfetch and we > have to keep supporting them for many many years to come. > > I hate it when someone imperiously declares [For security reasons] > "People should/shouldn't be using __". You have no idea what the > context is, and thus no ability to declare what should or shouldn't be > used in that context. For example, two embedded systems talking to > each other over a point to point link within a sealed device are not > concerned about man in the middle attacks or other modern internet > threats. And I really dislike when people want to make sure that their unique case that less than a percent of people would every hit blocks the security improvements for the majority of people... I've given up on a number of security improvements in FreeBSD because of this attitude... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Warner Losh wrote this message on Thu, Sep 17, 2020 at 10:08 -0600: > On Thu, Sep 17, 2020 at 8:05 AM Cy Schubert > wrote: > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. (libfetch could support a plugin that might be > > supplied by a port should someone be inclined to write one.) > > The project isn't going to do that. "tools not policy" dictates that > anything like that should be done in fetch(1) and likely only as a command > line option for people that require a secure connection (or that can > tolerate an insecure one). Do we have a way for the admin/root to set fetch's policy to block FTP and HTTP? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 04:46:19PM +0200, Kurt Jaeger wrote: > Hi! > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > > should be using HTTPS only. > > > Isn't this a bit too much? I often find myself in need to download > > something starting with "http://"; or "ftp://"; and use fetch for this. > > It's a bit too much. Deprecating it, 'add --really if you really > want to use http/ftp' would be more useful for the common > sys-admin 8-) Doesn't pkg/freebsd-update use libfetch? If I'm right and they do, http is widely used, then. signature.asc Description: PGP signature
Re: Deprecating ftpd in the FreeBSD base system?
In message <202009171753.08hhrjbj014...@gndrsh.dnsmgr.net>, "Rodney W. Grimes" writes: > > In message c > > om> > > , Ed Maste writes: > > > FTP is (becoming?) a legacy protocol, and I think it may be time to > > > remove the ftp server from the FreeBSD base system - with the recent > > > security advisory for ftpd serving as a reminder. > > > > > > I've proposed adding a deprecation notice to the man page in > > > https://reviews.freebsd.org/D26447 to start this off. There are a > > > number of ftp servers in ports, and if we're going to remove the base > > > system one we can create a port for it first, as well. > > > > > > Any comments or concerns, please follow up in the code review or in email > her > > > e. > > > > We should also deprecate the FTP client. > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. (libfetch could support a plugin that might be > > supplied by a port should someone be inclined to write one.) > > All the world is NOT the internet, there are far to many > uses and places that do not need or warrant https, or sftp > to make this type of move. > > It is already become very annoying that certain infustructure > now only supports https for what is data that has no security > concern. > > Please do NOT remove the ftp client, or the ability of fetch > to use ftp or http protocols. > > > > > FTP is firewall unfriendly. > > Passive mode solved that decades ago. Not always, when you have dueling firewalls. When the local firewall allows passive and the remote firewall expects port ftp, i.e. denies ingress data port, you're stuck. I see this all the time. Switching from passive to port ftp will resolve the instance. I see this all the time. Usually due to NAT of ftp to a bastion in the DMZ. Even worse, Checkpoint is doing some funky things with various protocols. FTP-like protocols, like rexec, ftp, and oracle's tns listner are a royal PITA. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 08:55:26AM -0700, Cy Schubert wrote: > In message <451538de-9427-4584-987b-8e4aa26c2...@freebsd.org>, Daniel > Eischen w > rites: > > > > > > > On Sep 17, 2020, at 11:20 AM, Maxim Sobolev wrote: > > > > > > Re: removing HTTP client please no!!! The current drive to "outlaw" > > > HTTP > > > coming from companies who see all world via web browser. Totally ignoring > > > the fact that HTTP != HTTPS in particular in cases where reliability and > > > lower complexity of the system takes precedence over on-the-wire protocol > > > security. For example, many internal APIs of AWS EC2 are HTTP. > > > > Agree. And remember the mantra: tools, not policy. > > Since there are so many I'll pick this email to reply to. > > libfetch should be designed to call plugins. An https plugin, http plugin, > ftp plugin, sftp plugin, and so on. New protocols are added as needed, > preferably to ports before they are mainstream. Old protocols are removed > and moved to ports. People who still need to use old protocols can install > the port which plugs into libfetch. When a protocol becomes stale it's > forgotten, no longer maintained and simply disappears into the ether. > > Given that pkgbase will become a reality at some point the line between > base and ports will blur. I expect at some point some of what we see in > base to simply become ports. As a developer of both base and ports, ports > are much easier to maintain than importing into base. And for install plugin from ports use HTTP AWS API installed from ports? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
> In message om> > , Ed Maste writes: > > FTP is (becoming?) a legacy protocol, and I think it may be time to > > remove the ftp server from the FreeBSD base system - with the recent > > security advisory for ftpd serving as a reminder. > > > > I've proposed adding a deprecation notice to the man page in > > https://reviews.freebsd.org/D26447 to start this off. There are a > > number of ftp servers in ports, and if we're going to remove the base > > system one we can create a port for it first, as well. > > > > Any comments or concerns, please follow up in the code review or in email > > her > > e. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) All the world is NOT the internet, there are far to many uses and places that do not need or warrant https, or sftp to make this type of move. It is already become very annoying that certain infustructure now only supports https for what is data that has no security concern. Please do NOT remove the ftp client, or the ability of fetch to use ftp or http protocols. > > FTP is firewall unfriendly. Passive mode solved that decades ago. > > The F5 gateway at $JOB does not support FTP. When we still worked at the > office I had to take my $JOB laptop to the coffee shop to use their > wireless to download patches from Broadcom's FTP site. Now that I WFH (we > won't ever go back to the office) I download while disconnected from the > VPN. I believe this is mis-information on F5 gateways, I know that at least some of them can be configure to support ftp. Any gateway/firewall that can not be configure to support passive mode ftp is.. um... broken. > Then move the removed bits to ports, which I think we already have in tnftp > and tnftpd. > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: https://FreeBSD.org > NTP: Web: https://nwtime.org > > The need of the many outweighs the greed of the few. > > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > -- Rod Grimes rgri...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 09:01:57AM -0600, Ian Lepore wrote: > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > cy.schub...@cschubert.com> > > wrote: > > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. > > > People > > > should be using HTTPS only. > > > > > > > Isn't this a bit too much? I often find myself in need to download > > something starting with "http://"; or "ftp://"; and use fetch for this. > > > > Indeed, we have products which rely on this ability in libfetch and we > have to keep supporting them for many many years to come. > > I hate it when someone imperiously declares [For security reasons] > "People should/shouldn't be using __". You have no idea what the > context is, and thus no ability to declare what should or shouldn't be > used in that context. For example, two embedded systems talking to > each other over a point to point link within a sealed device are not > concerned about man in the middle attacks or other modern internet > threats. > +1 My small FreeBSD-based HPC cluster is deattached from the internet. -- Steve ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On 9/17/20 8:04 AM, Cy Schubert wrote: We should also deprecate the FTP client. I've been advocating removing FTP (and HTTP) from libfetch as well. People should be using HTTPS only. (libfetch could support a plugin that might be supplied by a port should someone be inclined to write one.) As an aside, are there any plans to remove the word "ftp" from the FreeBSD download sites. e.g. https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.1/ ? -- Rebecca Cran ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 8:05 AM Cy Schubert wrote: > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) > The project isn't going to do that. "tools not policy" dictates that anything like that should be done in fetch(1) and likely only as a command line option for people that require a secure connection (or that can tolerate an insecure one). Warner ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
In message <451538de-9427-4584-987b-8e4aa26c2...@freebsd.org>, Daniel Eischen w rites: > > > > On Sep 17, 2020, at 11:20 AM, Maxim Sobolev wrote: > > > > Re: removing HTTP client please no!!! The current drive to "outlaw" HTTP > > coming from companies who see all world via web browser. Totally ignoring > > the fact that HTTP != HTTPS in particular in cases where reliability and > > lower complexity of the system takes precedence over on-the-wire protocol > > security. For example, many internal APIs of AWS EC2 are HTTP. > > Agree. And remember the mantra: tools, not policy. Since there are so many I'll pick this email to reply to. libfetch should be designed to call plugins. An https plugin, http plugin, ftp plugin, sftp plugin, and so on. New protocols are added as needed, preferably to ports before they are mainstream. Old protocols are removed and moved to ports. People who still need to use old protocols can install the port which plugs into libfetch. When a protocol becomes stale it's forgotten, no longer maintained and simply disappears into the ether. Given that pkgbase will become a reality at some point the line between base and ports will blur. I expect at some point some of what we see in base to simply become ports. As a developer of both base and ports, ports are much easier to maintain than importing into base. That's my vision. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On 17/09/20 11:04, Cy Schubert wrote: In message , Ed Maste writes: FTP is (becoming?) a legacy protocol, and I think it may be time to remove the ftp server from the FreeBSD base system - with the recent security advisory for ftpd serving as a reminder. I've proposed adding a deprecation notice to the man page in https://reviews.freebsd.org/D26447 to start this off. There are a number of ftp servers in ports, and if we're going to remove the base system one we can create a port for it first, as well. Any comments or concerns, please follow up in the code review or in email her e. We should also deprecate the FTP client. I've been advocating removing FTP (and HTTP) from libfetch as well. People should be using HTTPS only. (libfetch could support a plugin that might be supplied by a port should someone be inclined to write one.) FTP is firewall unfriendly. The F5 gateway at $JOB does not support FTP. When we still worked at the office I had to take my $JOB laptop to the coffee shop to use their wireless to download patches from Broadcom's FTP site. Now that I WFH (we won't ever go back to the office) I download while disconnected from the VPN. Then move the removed bits to ports, which I think we already have in tnftp and tnftpd. pkg still uses HTTP ❯ sudo pkg -d update -f Password: DBG(1)[78228]> pkg initialized Updating FreeBSD repository catalogue... DBG(1)[78228]> PkgRepo: verifying update for FreeBSD DBG(1)[78228]> Pkgrepo, begin update of '/var/db/pkg/repo-FreeBSD.sqlite' DBG(1)[78228]> Fetch: fetching from: http://pkgmir.geo.freebsd.org/FreeBSD:13:amd64/latest/meta.conf with opts "i" Fetching meta.conf: 100%163 B 0.2kB/s00:01 DBG(1)[78228]> Fetch: fetching from: http://pkgmir.geo.freebsd.org/FreeBSD:13:amd64/latest/packagesite.txz with opts "i" Fetching packagesite.txz: 100%6 MiB 6.5MB/s00:01 ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
> On Sep 17, 2020, at 11:20 AM, Maxim Sobolev wrote: > > Re: removing HTTP client please no!!! The current drive to "outlaw" HTTP > coming from companies who see all world via web browser. Totally ignoring > the fact that HTTP != HTTPS in particular in cases where reliability and > lower complexity of the system takes precedence over on-the-wire protocol > security. For example, many internal APIs of AWS EC2 are HTTP. Agree. And remember the mantra: tools, not policy. -- DE ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Re: removing HTTP client please no!!! The current drive to "outlaw" HTTP coming from companies who see all world via web browser. Totally ignoring the fact that HTTP != HTTPS in particular in cases where reliability and lower complexity of the system takes precedence over on-the-wire protocol security. For example, many internal APIs of AWS EC2 are HTTP. -Max On Thu., Sep. 17, 2020, 7:04 a.m. Cy Schubert, wrote: > In message > om> > , Ed Maste writes: > > FTP is (becoming?) a legacy protocol, and I think it may be time to > > remove the ftp server from the FreeBSD base system - with the recent > > security advisory for ftpd serving as a reminder. > > > > I've proposed adding a deprecation notice to the man page in > > https://reviews.freebsd.org/D26447 to start this off. There are a > > number of ftp servers in ports, and if we're going to remove the base > > system one we can create a port for it first, as well. > > > > Any comments or concerns, please follow up in the code review or in > email her > > e. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) > > FTP is firewall unfriendly. > > The F5 gateway at $JOB does not support FTP. When we still worked at the > office I had to take my $JOB laptop to the coffee shop to use their > wireless to download patches from Broadcom's FTP site. Now that I WFH (we > won't ever go back to the office) I download while disconnected from the > VPN. > > Then move the removed bits to ports, which I think we already have in > tnftp > and tnftpd. > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: https://FreeBSD.org > NTP: Web: https://nwtime.org > > The need of the many outweighs the greed of the few. > > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > > ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Hi. > On Sep 17, 2020, at 11:05 AM, Cy Schubert wrote: > In message om> > , Ed Maste writes: >> FTP is (becoming?) a legacy protocol, and I think it may be time to >> remove the ftp server from the FreeBSD base system - with the recent >> security advisory for ftpd serving as a reminder. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) I usually evaluate the possibility to interact with legacy stuff as a feature and then this would make FreeBSD shine less. The associated security improvement could be done in many different ways and this one is one of the worsts. Maybe a warning during use or a flag to disable/enable it when desired or needed? And among all the security measures the project can take to improve FreeBSD security, this one is on the bottom of my list for sure. FTPD not even comes enabled by default. -- rollingbits — 📧 rollingb...@gmail.com 📧 rollingb...@terra.com.br 📧 rollingb...@yahoo.com 📧 rollingb...@globo.com 📧 rollingb...@icloud.com ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 06:43:16PM +0400, Gleb Popov wrote: > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert > wrote: > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. > > > > Isn't this a bit too much? I often find myself in need to download > something starting with "http://"; or "ftp://"; and use fetch for this. Yes, let's remove access to instance metadata on several (hundred-?)million AWS instances. -- Brooks signature.asc Description: PGP signature
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 07:04:41AM -0700, Cy Schubert wrote: > In message om> > , Ed Maste writes: > > FTP is (becoming?) a legacy protocol, and I think it may be time to > > remove the ftp server from the FreeBSD base system - with the recent > > security advisory for ftpd serving as a reminder. > > > > I've proposed adding a deprecation notice to the man page in > > https://reviews.freebsd.org/D26447 to start this off. There are a > > number of ftp servers in ports, and if we're going to remove the base > > system one we can create a port for it first, as well. > > > > Any comments or concerns, please follow up in the code review or in email > > her > > e. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) > That that and we can throw away half of the ports tree ;) Best regards, Bapt signature.asc Description: PGP signature
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > cy.schub...@cschubert.com> > wrote: > > > I've been advocating removing FTP (and HTTP) from libfetch as well. > > People > > should be using HTTPS only. > > > > Isn't this a bit too much? I often find myself in need to download > something starting with "http://"; or "ftp://"; and use fetch for this. > Indeed, we have products which rely on this ability in libfetch and we have to keep supporting them for many many years to come. I hate it when someone imperiously declares [For security reasons] "People should/shouldn't be using __". You have no idea what the context is, and thus no ability to declare what should or shouldn't be used in that context. For example, two embedded systems talking to each other over a point to point link within a sealed device are not concerned about man in the middle attacks or other modern internet threats. -- Ian ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
In message , Gleb Popov writes: > --28da0a05af83697d > Content-Type: text/plain; charset="UTF-8" > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert > wrote: > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. > > > > Isn't this a bit too much? I often find myself in need to download > something starting with "http://"; or "ftp://"; and use fetch for this. Nope. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
Hi! > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. > Isn't this a bit too much? I often find myself in need to download > something starting with "http://"; or "ftp://"; and use fetch for this. It's a bit too much. Deprecating it, 'add --really if you really want to use http/ftp' would be more useful for the common sys-admin 8-) -- p...@opsec.eu+49 171 3101372Now what ? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert wrote: > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. > Isn't this a bit too much? I often find myself in need to download something starting with "http://"; or "ftp://"; and use fetch for this. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Deprecating ftpd in the FreeBSD base system?
In message , Ed Maste writes: > FTP is (becoming?) a legacy protocol, and I think it may be time to > remove the ftp server from the FreeBSD base system - with the recent > security advisory for ftpd serving as a reminder. > > I've proposed adding a deprecation notice to the man page in > https://reviews.freebsd.org/D26447 to start this off. There are a > number of ftp servers in ports, and if we're going to remove the base > system one we can create a port for it first, as well. > > Any comments or concerns, please follow up in the code review or in email her > e. We should also deprecate the FTP client. I've been advocating removing FTP (and HTTP) from libfetch as well. People should be using HTTPS only. (libfetch could support a plugin that might be supplied by a port should someone be inclined to write one.) FTP is firewall unfriendly. The F5 gateway at $JOB does not support FTP. When we still worked at the office I had to take my $JOB laptop to the coffee shop to use their wireless to download patches from Broadcom's FTP site. Now that I WFH (we won't ever go back to the office) I download while disconnected from the VPN. Then move the removed bits to ports, which I think we already have in tnftp and tnftpd. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"