Everyone (and their mother) have been trying to convince me that I should use one of my less loaded servers to be a Fediverse node. However, all Fediverse software packages I checked only support being installed on complicated systemd + Docker machines. My servers don’t have either of those, because neither systemd nor Docker even exist on OpenBSD and illumos.
I know that it would be possible to manually install (e.g.) Lemmy, assuming that I won’t ever need official support, but I wonder why the world outside a limited subset of the Linux ecosystem is - at most - an afterthought for Fediverse developers.
How can I help to change that?
I wonder why the world outside a limited subset of the Linux ecosystem is - at most - an afterthought for Fediverse developers.
I hate to break this to you, but OpenBSD is an antiquated OS masquerading as a modern one, and OpenBSD’s lack of willingness to support modern standards results in the difficulty you’re having.
OpenBSD feels like it’s been duct taped together for decades. Anything “new” seems to just be, “sorry, not possible.” The OpenBSD kernel doesn’t support WiFi 5GHz. The OpenBSD kernel doesn’t support even the minimum subset of isolation features in order for Docker to function properly. Why? Because OpenBSD refuses to add these features to their kernel. There are very likely other syscalls and basic features any given open source project needs, even if it’s not being run in Docker, that simply do not exist under OpenBSD due to the very limited kernel it provides.
You’re upset because open source projects don’t support a platform that is old and developer-hostile. Turn your frustrations on OpenBSD - these projects would gladly support OpenBSD if they could.
I hate to break this to you, but OpenBSD is an antiquated OS masquerading as a modern one, and OpenBSD’s lack of willingness to support modern standards results in the difficulty you’re having.
Ok, let us assume for a moment that “modern” is the same thing as “great”: why do people still use Linux’s terminal, which emulates an actual 70s line printer, although there have been superior input capabilities since the 80s?
That’s irrelevant to this discussion. I was talking about OpenBSD’s lack of kernel features and driver support.
As for the Linux vs OpenBSD terminal comment, I feel like you’re grasping. What does OpenBSD’s terminal do better? We have had augmentations on top of the Linux terminal for years, adding things like auto complete and syntax suggestions that the 80’s could never have dreamed of.
80/20 rule.
When you are creating something like Lemmy, where you want wide uptake, you need to pander to the masses.
The /r/selfhosted surveys show around half of self-hosters mostly or exclusively use docker. A significant portion of the rest can use docker if needed.
If you’re in the 20% that isn’t covered by the most common setup, then it can be frustrating. But supporting that 20% takes as much effort as supporting the other 80% (see 80/20 rule), and when things are new it’s just not where the effort should be focused.
So you have all those servers, but why can’t you install debian or ubuntu server on one of them?
You could also get a $2/month VPS and run it on that. Beehaw is run on something similar (though apparently $12 a month, but a lot more users).
It’s “annoyingly hard” because you’re not using modern tooling. If Docker is unavailable on your preferred OS, then that OS is stuck in the past. Simple as that.
Docker makes it easy to install a program, including all its dependencies, in a repeatable way. Since you’re familiar with BSD, it’s similar to jails except with better isolation, fewer security holes/issues, and the software you want to run is preinstalled. Docker containers are essentially mmutable which makes upgrades easy - just throw away the old container and replace it with the new version. (persistent files are stored separately, in “volumes”)
You can of course manually install the same software by looking at the Dockerfile and manually performing the same steps, but there’s no guarantee that it’d work well on an unsupported OS.
It’s “annoyingly hard” because you’re not using modern tooling.
Calling Docker “modern” is a stretch, as it’s not much more than glorified Solaris Zones, but please enlighten me: Which feature of a federated web application requires modern tooling?
Since you’re familiar with BSD, it’s similar to jails
OpenBSD does not have jails.
except with better isolation
How so?
fewer security holes/issues
Actually, not using Docker prevents a number of security holes/issues.
and the software you want to run is preinstalled.
If you grab an image with it. You could as well just grab a tar archive with it… with less side effects.
Docker containers are essentially mmutable which makes upgrades easy
And security patches impossible.
Calling Docker “modern” is a stretch, as it’s not much more than glorified Solaris Zone
And yet the OS you’re using doesn’t support it. Hmm.
OpenBSD does not have jails.
Sorry, I didn’t realise that these are FreeBSD-specific (I guess? I’m not too familiar with BSD)
Which feature of a federated web application requires modern tooling?
Deployment. All web apps and APIs are moving towards containerization - Docker for smaller scale deployments, and Kubernetes for large-scale deployments.
except with better isolation How so?
I didn’t think jails had CPU, memory, or process limits similar to what
cgroup2
provides, but it looks like this functionality was added to FreeBSD at some point. Sorry for the incorrect information.Actually, not using Docker prevents a number of security holes/issues.
Sure, Docker has had a few issues, but overall it’s more secure to run your apps in Docker containers. If an app gets compromised, the attacker will generally be stuck inside the Docker container rather than getting access to your entire system. If you’re worried about (very rare) container escape security holes, using unprivileged containers helps - You can run the app inside the container as an unprivileged user, and you can also run the entire Docker container as an unprivileged user on the host system.
And security patches impossible.
Security patches are easier than if you used a tar archive to install the software. With a tar archive you threw into
/opt
or whatever, the app and its config/data are often stored together, so you need to be mindful of things like not overriding customized config files. Since Dockers containers are immutable and all the actual data is stored elsewhere, it’s always safe to delete the container and replace it with a patched version.And yet the OS you’re using doesn’t support it.
It would, but Docker doesn’t support it. I’m not sure how this means that the OS was worse.
Sorry, I didn’t realise that these are FreeBSD-specific
They are, including its descendants (that includes the FreeBSD 4.8 fork DragonFly BSD).
Deployment.
How is “run this black box of arbitrary software, requiring a kernel module and numerous services” a superior deployment than
tar xf application.tgz
? Just because people do it, people could still do the wrong thing. Not every website is Facebook.Sorry for the incorrect information.
No problem. I was genuinely curious.
Sure, Docker has had a few issues, but overall it’s more secure to run your apps in Docker containers.
Docker imposes additional attack vectors to the underlying system, a (for example) backdoored PHP application running inside an OpenBSD
chroot
(OpenBSD runs its built-in web server insidechroot
by default, so web applications can never reach anything outside the web folder anyway) does not, if I understand you correctly. I know that you consider the 1979 technologychroot
to be not modern, but I wonder which security feature is missing.Since Dockers containers are immutable and all the actual data is stored elsewhere, it’s always safe to delete the container and replace it with a patched version.
What if nobody maintains the container anymore, although the software itself is still maintained?
Docker is used by a ton of projects and makes installation very easy in most cases
I’d highly recommend moving to a different distro that has docker
There are no OpenBSD “distros” with Docker.
That’s an interesting question. The percentage of servers (with the exception of routers, and other consumer appliances) that run OpenBSD (and variants) is actually extremely low when compared to the amount of servers running Linux. That being said you CAN set it up yourself, rust can easily compile to a binary that works with openbsd by using the target x86_64-unknown-openbsd.
As another commenter said here, *BSD is very far behind the developments of Linux, when compared to developer experience. And realistically, unless you’re a huge organization that can dedicate a team of engineers just to manage your system, or you’re someone who likes getting into the weeds, there is no reason to ever use *BSD in a modern system.
And realistically (…) there is no reason to ever use *BSD in a modern system.
In my very personal opinion, there are a few not entirely unimportant advantages to using OpenBSD over Linux (and I suppose users of the other free BSDs have similar lists, but I no longer use any other free BSD):
- Culture. Basically, “shut up and hack”. Not wasting the time of project members with dissolute thoughts about social interference, but devoting themselves exclusively to improving the technology so far, leads to the fact that (much like NetBSD) all sorts of technical achievements came out of OpenBSD, including OpenSMTPD, OpenSSH and LibreSSL. Linux to me often seems more like a support group than a technical project.
- Predictability. The Linux community seems to constantly need new completely different approaches to everyday things. The systemd debacle with numerous reports of computers no longer starting (or shutting down) is not yet over, and there is already debate about the now-but-really future of the desktop. Many Linux distributions do not know anything like an “upgrade”, the normal approach to a new version is “download the installation DVD and start it”. In OpenBSD it is essentially three commands (
sysupgrade
,reboot
,sysmerge
) - and it has never happened to me that after rebooting I was suddenly sitting in front of a completely different system. Yes, all this may not be cool - but predictability seems to me to be a not entirely irrelevant feature (also and especially for large companies). - History. Linux is a clone of Minix, which is itself essentially a clone of BSD, which was not yet free software in 1991. You might as well use the original, right? ;-)
edit: See also my previous answer for further advantages.
If 386BSD had been available when I started on Linux, Linux would probably never had happened.
The GPL licence is not a free licence, rather the opposite. But let’s assume that the licence debate is actually relevant: Why should a company that needs to make money selling software be “antiquated” simply because (for example) some of its algorithms are trade secrets?
Indeed, each system bears its distinctive advantages and drawbacks, and the optimal choice often hinges on the specific requirements of the task at hand. Nonetheless, I believe that OpenBSD’s utility is limited in contemporary scenarios.
Culture
It’s undeniable that OpenBSD has spawned important technologies under its “shut up and hack” mantra, cultivating an environment conducive to technical breakthroughs. Conversely, the Linux ecosystem too has been a breeding ground for major projects, Docker and Git being just a couple of examples. The ethos within each community can differ considerably, contingent upon the project or distribution. The widespread popularity of Linux may attract a varied spectrum of users, some less technically adept than the typical OpenBSD user. However, that doesn’t mean it’s short on technologically adept contributors.
Predictability
I’ve chosen to make peace with systemd, seeing it as a necessary compromise, as it has become the preferred choice amongst the developer community. Unless one fancies rewriting systemd .unit files each time something needs to be installed (which I don’t), the practical choice is to work with it.
Concerning the upgrading process, many Linux distributions today offer smooth upgrades without necessitating a complete reinstall. Your encounter may rely on the particular distribution you’re using. Perhaps it’s been a while since you last used Linux. I haven’t come across a distro that requires a complete overhaul in quite some time. Rolling release distros are now increasingly prevalent and are even suggested for novices.
With nixos, which is my distribution of choice for the foreseeable future, I have an attribute that your OpenBSD system lacks: reproducibility. I can transfer a handful of configuration files to a brand new computer and replicate my system precisely, encompassing all my installed packages and configurations, including those in $XDG_CONFIG_HOME. It will literally recreate the same exact environment.
History
And both of them are inspired by Unix, what’s your point? :P
Why should a company that needs to make money selling software be “antiquated” simply because (for example) some of its algorithms are trade secrets?
I think we’re not gonna agree on this, but I believe that all code that matters should be FOSS, there is no reason for a company to keep their algorithms as trade secrets, and if anything being open source can only improve the world, not hinder it.
Unless one fancies rewriting systemd .unit files each time something needs to be installed (which I don’t), the practical choice is to work with it.
The last Linuces I deliberately played with :-) were Gentoo and Void, both being non-systemd distributions by default. The point is that, if Linux was about choice (at least that’s what I’m told rather often than not), a particular init system should not be a component on which other components depend.
At least none of the services on my servers demanded systemd just yet. Maybe I’m a minority.
I can transfer a handful of configuration files to a brand new computer and replicate my system precisely, encompassing all my installed packages and configurations, including those in $XDG_CONFIG_HOME. It will literally recreate the same exact environment.
Sounds like a glorified rsync to me. I can imagine how this could come in handy if you have a whole set of identical machines that should serve the exact same purpose. I never had this situation in my own environments yet.
And both of them are inspired by Unix, what’s your point? :P
The D in BSD means distribution. BSD was Unix until the early 90s. Admittedly, today’s BSD is quite a different piece of software than 4.xBSD, especially given that both macOS and OpenBSD started with (a version of) it.
I believe that all code that matters should be FOSS
So do I, and the BSD license is a FOSS license. That does not necessarily mean that you are allowed to sell my code - or that I must not sell mine. Nobody said that FOSS requires “free of charge”. And if you spend quite a lot of money, I’m even sure that Microsoft will gladly sell you the Windows code. I a way, all code is free - it only depends on your bank account.
The point is that, if Linux was about choice (at least that’s what I’m told rather often than not), a particular init system should not be a component on which other components depend.
I mostly agree with this, but there is nothing I (or anyone) can do to change that without significantly hindering my user experience, and the benefits are minor. That’s akin to saying that you prefer gopher as a protocol, so you won’t use HTTP. Gopher is better according to some, but the world has decided on their protocol of choice already, there is no reason to fight it.
Sounds like a glorified rsync to me. I can imagine how this could come in handy if you have a whole set of identical machines that should serve the exact same purpose. I never had this situation in my own environments yet.
Come on man, that’s not what it is, I may have explained it wrong, but imagine being able to define the entire structure of your OS (including every tool installed, with your preferences) in a simple config file.
So do I, and the BSD license is a FOSS license. That does not necessarily mean that you are allowed to sell my code - or that I must not sell mine. Nobody said that FOSS requires “free of charge”. And if you spend quite a lot of money, I’m even sure that Microsoft will gladly sell you the Windows code. I a way, all code is free - it only depends on your bank account.
I knew we weren’t gonna agree on this, haha.
I agree on one thing, free doesn’t mean free of charge. It’s my firm belief that one ought to contribute financially to open-source projects from which one derives substantial benefits. However, I also maintain that code should be open and accessible to all, without any monetary charge.
In the case of windows, for example I would want the code to be open and available to anyone. I would even accept a situation where the code is completely available, albeit under a highly restrictive license. This license could permit you to study and learn from the code, but prohibit any actions such as creating your own version or selling it. This way, open-source principles are upheld, while Microsoft’s rights are protected.
Gopher is better according to some, but the world has decided on their protocol of choice already, there is no reason to fight it.
Yet, Gopher is still relevant. There are more than two operating systems for a reason. I know, “Worse is better” (I presume that you know that essay). People who need more than macOS and Windows are a minority. Which minority inside that minority is “the world”?
imagine being able to define the entire structure of your OS (including every tool installed, with your preferences) in a simple config file.
That sounds useful, indeed.
there is no reason to ever use *BSD in a modern system.
Pfsense/OPNsense has been running on my router for… I can’t even remember how long ago I built it. The BSD family of OSs are great pieces of opensource software and they absolutely have niches they excel at. Use the best tool for the job, and don’t fall prey to marketed loyalty.
I didn’t use docker. I went from scratch. You need to be able to compile rust and run nginx or similar
I feel you, I tried to install lemmy on the server on which I already run 7 other services (Matrix, PeerTube, my website with rails, Mastodon, another three websites with PHP, Nextcloud, Rainloop, some static HTML websites, and probably more). It’s a really small server so not much resources left but everything is working fine sharing one instance of Nginx and one instance of Postgresql.
Lemmy also uses Nginx and Postgresql so I thought great, let me reuse those. But nope, after 4 days of trying I had to give up and get a new Server just for lemmy. I tried the install from scratch, there lemmy would just not compile. Then I tried to reuse the docker-compose but to connect the existing Nginx and Postgresql but nope, Postgresql didn’t want to work with it because of a extension which was installed but somehow I couldn’t get it to work. And then Nginx with the example config file didn’t work at all.
Anyway on the new server it almost worked, the only thing which didn’t work were the websockets because the example didn’t set up anything for them. But I figured this last part out for myself and now I have to pay 5 EUR more each month to run Lemmy.
The vast majority of servers run Linux and the simplest way to deploy services is with containers. Unix and Windows are much less supported and even running outside containers is fading away.
If you are interested, it may be simpler to spin up a small Linux VM.
Most of these projects are FOSS, so you have two options. Either ask the devs for OpenBSD support (but try installing everything on OpenBSD to see what goes wrong). Or try modifying the program yourself to add OpenBSD support.
Developers of these projects often target Linux, since it is by far the most used server kernel/OS. *BSD is not nearly as common.
The only way to potentially change that industry wide is to have enough people stubbornly use *BSD and help implement *BSD support for Linux specific tools they use.
Official support is often only provided with a docker setup as it standardizes bundled libraries and other needed blobs. This makes it easier to support many Linux distros.
There is no “official support” for this. Is FOSS. You are on your own to run it. If my instance breaks I can’t just run to the Devs of the project to help fix it. It’s on me.
It’s a project run by two people. And to be fair to them they chose one of the most OS agnostic methods to help build it. You don’t need to use a specific distro, just tools.
You can port what’s needed over to BSD and do a PR to merge it, even if it’s just a BSD_Jails.md file. But it’s gonna take some know how.
Building a Lemmy instance on pretty much any Linux box is fairly easy and well documented though.
On a personal note, imho it does no good to be an OS evangelist. It’s as true for MacOs or Windows as it does for BSD. Use a tool for its strengths. I have BSD running my firewalls and even some storage, Linux running stuff, windows for things it excels at, and macos for stuff it works for.
Ugh, I wanted to make a few sublemmys but if it’s that much work, forget it. One thing that’s lacking around here are the shitposting subreddit equivalents. r/Copypasta, r/shittyaskreddit, r/okbuddyretard, that kind of thing.
As far as I understand, you can make a new community (“sublemmy”) on any server, it will be federated.
You can only create a community on the server that you’re on, but you could just make another account and then appoint your account on the foreign server as mod :)
Lemmy.ml lets every user create communities
Exactly, bring in the shitposting and porn subs and Lemmy will flourish.
Porn is kinda difficult. There are probably few people who want to moderate and more importantly be liable for pornographic content hosted on their servers. Many Hoster also explicitly forbid adult content.
Not impossible but someone would have to do it ^^
I could also totally see something like
naughtyverse.xxx
as domain name.Will probably be defederated though.
Right. Lemmy would need at least an option for admins to not show content from certain instances in the All feed. And overall more sophisticated tools for moderating remote content (e.g. side wide mods that aren’t as powerful as admins but still can remove federated posts)
@nachtigall @tux0r Mastodon has quite a bit of functionality that makes life easier in regards to modding. I don’t know how Lemmy performs there.
On /kbin you can flag your content as 18+/NSFW when adding it. You can also flag your magazine (equivalent of Lemmy community) the same way, when creating it.