On 2018/08/28 18:21, Z Ero wrote: > Hello Stuart, > > Yes it is correct that the Intel atom is 32 bit i386. Just out of > curiosity why would you not recommend it for a router / internet > appliance application? Not everybody needs 10G Ethernet or AC wifi on > their home or office LAN. Is it a security issue, a performance issue, > or a lack of developer attention issue (i.e. there are more eyes / > there is more focus on the 64 bit code base than the 32 bit code base > at this time)? > > Here is the Intel info on these N280 processors in these thin clients. > https://ark.intel.com/products/41411/Intel-Atom-Processor-N280-512K-Cache-1_66-GHz-667-MHz-FSB > > If it is a perfomance issue I beg to differ. This machine more than > capable for normal LAN use for a home or small business assuming one > is not generating massive continuous traffic. Compare to microtik > routers, for example. Many if not most routers are 32 bit MIPS based > even today. If it is a security issue due to W^X or something about > memory / execution protection are there not similar issues on other > platforms used in routers such as MIPS or not? If your firewall rules > / open ports are prudent shouldn't that prevent remote execution > anyway? Is the Atom effected by Meltdown? > > I use this machine myself as my home router, although I guess maybe > that is not saying much because I also use a ten year old Thinkpad as > my daily driver machine...kind of stuck in 2008 I guess lol. But I > really don't think most home or business applications really need > anything more than 1G ethernet or 802.11n wireless it is like 1080p vs > 4k in HD TV. At a certain point the marginal returns to increased > capability diminish, and diminish at an accelerating rate. > > Last year I was using a 128mb RAM 200 mhz Soekris based router. I > could watch HD Youtube videos on that without issue. > > Not trying to flame. Just conversing. > > > On 8/28/18, Stuart Henderson <s...@spacehopper.org> wrote: > > On 2018-08-28, Z Ero <zerotetrat...@gmail.com> wrote: > >> I have a bunch (about 50) of atom based HP T5740 thin clients that > >> work great as an OpenBSD based VPN gateway, router, firewall, print > >> server, wifi or other network appliance. > > > > Those are i386 (32-bit) only aren't they? > > > > I think I would not recommend i386 for any new installations > > at this point .. > > > > > >
In recent times the Intel compatible architectures have proved to be quite high-maintenance. I can't imagine it will have been much fun for people working on fixes for the various speculative execution related bugs to do that on one architecture let alone porting fixes to a second, especially when as time goes on there are fewer really useful x86 machines that are 32-bit only, and at the same time other architectures are getting a lot more interesting with respect to performance. Security-wise disregarding any other features, the small address space is a problem by itself. There's little room for allocation randomness, the % of the address space that can be left unmapped is minuscule compared to 64-bit architectures. Ports-wise the small address space is also a problem. Things like browsers and rust need various hacks to get them to build at all (rust is now a dependency of large parts of the ports tree via librsvg - currently the old C version of this is still viable but that won't last). Developers of this type of software generally expect cross-compiling from a larger architecture for 32-bit systems, which is not how OpenBSD works. Given the rather limited number of developers working on low-level parts of the system I think what remaining interest there is, is going to move elsewhere. For small routers etc with limited packets-per-second flows those machines just about work for now, but it's getting tight and I'd rather not build anything new on something which is already on borrowed time when I can make a fair guess that it's going to need tearing out before too much longer.