Hi Stuart, Thanks for the respectful reply. I am a little bewildered by the degree of unwarranted hostility the original post met, but whatever, when in Rome... I believe as of now most commercially available small business or home LAN routers / WAN gateways are 32 bit MIPS or ARM based (as opposed to enterprise, c.f. the 64 bit MIPS Octeon Edge Router). I understand your comment about the larger 64 bit address space being more secure because it is such a vaster space better able to be randomised, but I am not sure how much this really matters practically. For example, have journal studies shown that in the real world 32 bit routers are actually hacked or 'pwned' at a higher rate (after accounting for market share) than 64 bit based machines?
On 8/28/18, Stuart Henderson <s...@spacehopper.org> wrote: > On 2018/08/28 18:21, Z Ero wrote: >> Hello Stuart, >> >> Yes it is correct that the Intel atom is 32 bit i386. Just out of >> curiosity why would you not recommend it for a router / internet >> appliance application? Not everybody needs 10G Ethernet or AC wifi on >> their home or office LAN. Is it a security issue, a performance issue, >> or a lack of developer attention issue (i.e. there are more eyes / >> there is more focus on the 64 bit code base than the 32 bit code base >> at this time)? >> >> Here is the Intel info on these N280 processors in these thin clients. >> https://ark.intel.com/products/41411/Intel-Atom-Processor-N280-512K-Cache-1_66-GHz-667-MHz-FSB >> >> If it is a perfomance issue I beg to differ. This machine more than >> capable for normal LAN use for a home or small business assuming one >> is not generating massive continuous traffic. Compare to microtik >> routers, for example. Many if not most routers are 32 bit MIPS based >> even today. If it is a security issue due to W^X or something about >> memory / execution protection are there not similar issues on other >> platforms used in routers such as MIPS or not? If your firewall rules >> / open ports are prudent shouldn't that prevent remote execution >> anyway? Is the Atom effected by Meltdown? >> >> I use this machine myself as my home router, although I guess maybe >> that is not saying much because I also use a ten year old Thinkpad as >> my daily driver machine...kind of stuck in 2008 I guess lol. But I >> really don't think most home or business applications really need >> anything more than 1G ethernet or 802.11n wireless it is like 1080p vs >> 4k in HD TV. At a certain point the marginal returns to increased >> capability diminish, and diminish at an accelerating rate. >> >> Last year I was using a 128mb RAM 200 mhz Soekris based router. I >> could watch HD Youtube videos on that without issue. >> >> Not trying to flame. Just conversing. >> >> >> On 8/28/18, Stuart Henderson <s...@spacehopper.org> wrote: >> > On 2018-08-28, Z Ero <zerotetrat...@gmail.com> wrote: >> >> I have a bunch (about 50) of atom based HP T5740 thin clients that >> >> work great as an OpenBSD based VPN gateway, router, firewall, print >> >> server, wifi or other network appliance. >> > >> > Those are i386 (32-bit) only aren't they? >> > >> > I think I would not recommend i386 for any new installations >> > at this point .. >> > >> > >> > > > In recent times the Intel compatible architectures have proved to be > quite high-maintenance. I can't imagine it will have been much fun for > people working on fixes for the various speculative execution related > bugs to do that on one architecture let alone porting fixes to a second, > especially when as time goes on there are fewer really useful x86 > machines that are 32-bit only, and at the same time other architectures > are getting a lot more interesting with respect to performance. > > Security-wise disregarding any other features, the small address space > is a problem by itself. There's little room for allocation randomness, > the % of the address space that can be left unmapped is minuscule > compared to 64-bit architectures. > > Ports-wise the small address space is also a problem. Things like browsers > and rust need various hacks to get them to build at all (rust is now a > dependency of large parts of the ports tree via librsvg - currently the > old C version of this is still viable but that won't last). Developers > of this type of software generally expect cross-compiling from a larger > architecture for 32-bit systems, which is not how OpenBSD works. > > Given the rather limited number of developers working on low-level parts > of the system I think what remaining interest there is, is going to move > elsewhere. > > For small routers etc with limited packets-per-second flows those > machines just about work for now, but it's getting tight and I'd rather > not build anything new on something which is already on borrowed time > when I can make a fair guess that it's going to need tearing out before > too much longer. > >
