OPNsense Forum

English Forums => General Discussion => Topic started by: xinnan on October 17, 2017, 04:13:16 pm

Title: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 17, 2017, 04:13:16 pm
I'm thinking about switching from pfsense to opnsense.

There is no emotion involved in this, I just feel I'm going to either be forced to buy new hardware to replace hardware that is working fabulously or get left in a situation where no updates are available.

Before I do that, I just want to check and see if opnsense is on the same path as pfsense or is it going to offer legacy support.

So, are there any plans to scrap 32-bit support for opnsense or to make AES-NI mandatory for install?  Or are there any other arbitrary changes planned that would hasten the demise of my hardware unnecessarily?

Are there any other plans in the works that would force me to scrap x86 hardware with more than enough ram and cpu to run opnsense or to attempt to twist my arm to buy hardware from a friendly vendor when my current hardware works just fine?

I don't feel that machines sporting four fast cores, 4gb of ram, intel gigabit nics and ssd drives should be headed for the scrap heap.  Thats all.
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: monstermania on October 17, 2017, 05:13:17 pm
In a short word: No  ;)
For AES-NI look at this thread: https://forum.opnsense.org/index.php?topic=5097.0
For 32 bit Franco wrote somerwhere into the board, that the support will go up to OPNsense 19.x
Of course 32 Bit support must come to an end one day. Maybe when OPNsene official supports arm (RPI, BPI) ist a good time to end 32 Bit... 



Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 17, 2017, 05:30:07 pm
Looks like I'm not the only one who is worried about unnecessary obsolescence.
I'm not against buying hardware from vendors who work with opnsense.  It's smart in many cases.

However, I'm not going to buy any hardware from anyone who manage to turn new features such as AES-NI into a reason to break all my current deployments. 

I will install opensense starting with my X86 hardware and expand to all my hardware if it works well.

I see this whole debacle at pfsense as an opportunity for opnsense to grab a ton of users when peoples pfsense boxes cease to be supported. 

As far as when to end support for 32 bit boxes.  I think when the resources needed in terms of memory go beyond 4GB ram, or CPUs lack the processing power to keep up or BSD itself abandons 32 bit.  For me, those seem like the good reasons to drop 32 bit support.  We are nowhere near that point.  Matter of fact my old machines are more capable than most of the brand new official hardware being sold out there by every measure other than power consumption.  We just haven't hit the point when x86 and non-AES-NI processors can't hack it yet.
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 17, 2017, 06:47:27 pm
Hi,

The current end of the road for i386 is when we adopt HardenedBSD 12, which could be 2019 or possibly later. It's not easy to tell as FreeBSD needs to move first, then HardenedBSD and then us... It's debatable if it remains beyond that point, but we would rather see a low power, high performance ARM(64) platform in its stead. There have been many such threads.

The Nano image will note share the fate of i386, there are no plans to remove it and it's naturally the image type that we need for ARM as well. ;)

We try not to cause fuss or do stunts on the back of the community.... we do have all our code out in the open, so if we try something stupid please punish us with forks. It's a good control mechanism if you think about it.

I don't see this as an opportunity to grab users. We've been here a long time building upon principles long established before others took over pfSense. We have original licensing. We try to think ahead and improve security, code quality and nurture a productive and friendly community culture. We would wish to continue this trend with both the users who have helped to shape this project and I thank every one of them for sticking with us in the easy and also hard times, and also with the users who are new and curious about this approach.

Some things that we have to decide eventually: leave OpenSSL behind and only use LibreSSL. How far we are willing to go in adopting HardenedBSD. How many binary packages are provided and when do we have too many. Which plugins really don't fit and should not be merged. What will be the masterplan in 2018 in terms of product evolution, in 2019, in 2020.... :)

Cheers,
Franco
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 17, 2017, 07:09:27 pm
Two years or more?  I'll take it. 
You may not see it as an opportunity to pick up new users, but in my case that is exactly what is happening.

I don't know too much about HardenedBSD.  I will take a look.

OK - Done reading about HardenedBSD.  Seems like I may have seen the name "Franco" mentioned there as well.
Wearing a lot of hats are we?  Looks like a nice project.  Going to need more people though.  It will be overwhelming for just a few people to manage such an ambitious project. 
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 17, 2017, 07:58:25 pm
When OPNsense started there was a valid argument about "we don't need a fork for the sake of it, if OPNsense was OpenBSD it would make sense" so gradually HardenedBSD offered that benefit as added security hardening. Shawn has been helping out with this migration, and nowadays I help with within their ports infrastructure.

The point is growing together is more manageable. :)


Cheers,
Franco
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 17, 2017, 07:59:38 pm
PS: Welcome!
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 17, 2017, 08:10:54 pm
Keep up the good work.  I'm sure more people will flock in as it grows.
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 18, 2017, 04:40:52 pm
Speaking again of HardenedBSD -

They could use a Wikipedia page. 
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 19, 2017, 07:29:32 am
To be honest and frank, HardenedBSD has 3 Wikipedia mentions, while OPNsense has only 2 and a deleted page. We are not listed on either the M0n0wall or pfSense page, which is the work of Netgate affiliates rampaging every new mention of OPNsense since 2015.

One of the many reasons why we know the fork was the right thing to get away from those people. ;)
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: MasterXBKC on October 22, 2017, 10:04:16 pm
To be honest and frank, HardenedBSD has 3 Wikipedia mentions, while OPNsense has only 2 and a deleted page. We are not listed on either the M0n0wall or pfSense page, which is the work of Netgate affiliates rampaging every new mention of OPNsense since 2015.

One of the many reasons why we know the fork was the right thing to get away from those people. ;)

Perhaps its time for this to be remedied.
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 23, 2017, 05:08:41 pm
It's not so easy. All it takes is one individual to strip all of OPNsense mentions from Wikipedia without repercussions for two years plus:

https://en.wikipedia.org/wiki/Special:Contributions/Mr.hmm

And to be stripping OPNsense from both m0n0wall and pfSense pages while also obviously editing pro-pfSense is a despicable business practice and harmful not only OPNsense but the BSD and open source community as a whole.


Cheers,
Franco
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: chemlud on October 23, 2017, 05:55:06 pm
...abuse of Church of Wikipedia by pfSense is really a shame. Trump-times...
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: franco on October 24, 2017, 09:04:44 pm
Apparently, he is actively stalking this forum and thinks that reverts made for his reverts are coordinated, planned, "targeted abuse".

Isn't it ironic, I thought that would also fit what he's been doing for two years for no apparent reason other to hurt OPNsense anonymously. ::)
Title: Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
Post by: xinnan on October 24, 2017, 10:10:00 pm
And I thought I needed to go get a life...  Mr.hmm needs a GF or something.