Hands-on Review: FreeBSD 11

It's often fun to think of myself as some bold pioneer for running the bleeding-edge, fresh-from-Subversion, hours-old version of an operating system.  Terms like "kernel panic" and "data loss" (even an occasional "kill your puppy") abound in the tutorials and instructions for individuals who run FreeBSD's most current development code, designated appropriately enough as -CURRENT.

In reality, however, in my 3+ years of indulging this habit on some of my workstations, it's very rarely been a problem.  Sure, there was that little foobar in early 2015 where the RNG had been badly broken for months and I had to regenerate all of my private keys.  That's really the only major issue that I can recall, though, from multiple years of running the latest development branch of code.  Not too shabby, methinks.

That being said, why would I do this to myself at all?  Well, there is a certain level of excitement to being able to try the latest features and improvements before they roll off of the presses.  While some might consider running -CURRENT on a production workstation to be risky, I find it much safer than other adrenaline-rush options.  Base jumping, for instance.

So, what's cooking for the next major release of FreeBSD?  You can see a relatively complete list here, but the following are some of my personal highlights from the upcoming 11.0, scheduled for release in mid-2016:
  • Bhyve1 now supports loading specially-built firmware binaries, incl. a UEFI implementation.
  • There's now a FreeBSD port of Docker.
    • No, that's not a joke.  Yes, it's amazing.  
    • It integrates tightly with ZFS and jails, and can run either native FreeBSD docker images or those based on CentOS 7 or earlier, using... (wait for it)...
  • 64-bit Linux binary compatibility
  • Netmap is now supported by libpcap.  This allows e.g. user-land network traffic analysis by existing tools on par with that of ntop's PF_RING driver for Linux, including a zero-copy mode!
  • If you're a Xen fan, early support is now available for running FreeBSD as dom0.
    • Update: this is available in 10-STABLE, and looks slated to be included with 10.3 when that version ships.
  • KMS / DRM2 now includes early support for Intel's Haswell-generation integrated graphics
  • Support for 64-bit mode on ARM CPUs that support it is coming along nicely, with the first target hardware being the Cavium ThunderX server.
  • Initial reference implementation for running CloudABI binaries.
    • This is a truly cross-platform binary interface that will run as-is, no recompilation necessary, on any supporting *nix platforms.  Several BSDs offer support at the moment, and patches for the Linux kernel are in early testing stages.
  • The bundled version of xz has been updated, supporting multi-threaded compression out of the box.
  • Clang and libcompiler_rt continue to make significant progress on non-x86 platforms.2
  • Both IPX and AppleTalk have finally been yanked.3
  • Some networking performance improvements (a.k.a. SR-IOV) for FreeBSD on Amazon EC2
  • Capsicum capabilities are moving out to protect more utilities, including ping.
Those are just a few of the more exciting developments to me, but suffice it to say that users of 10.x and earlier versions have a lot about which to be excited this year.  If you're feeling adventurous, you could check it out now.

I might be biased, but I suspect that 11.0 will be one of the most game-changing releases in recent memory, on par with or even surpassing the legendary 7.0 release of 2008.

Coming soon: an early review of HardenedBSD

1 - FreeBSD's native hypervisor
2 - Sorry, GCC folks.  I like the compiler and tool chain better.  I'm a convert.  Hate me if you like.
3 - Ancient layer 3 networking protocols with virtually no presence in the modern world