[olug] *BSDs - Free, Open, Net

Sean Kelly smkelly at zombie.org
Tue Sep 30 00:04:58 UTC 2003


On Sat, Sep 27, 2003 at 01:26:25PM -0500, Jeff Hinrichs wrote:
> What about the following statements:
> 1) OpenBSD is the most secure
> 2) FreeBSD is the most stable
> 3) NetBSD runs on the widest range of hardware

These statements are fairly accurate, but not really descriptive enough to
make a real decision from.

OpenBSD: Sure, it is secure out of the box. However, the security of a
system is not measured by how secure it was when it was installed. It is
measured by how secure it is after you get all your software, drivers, etc
installed and running. Besides, you'll find that major security benefits
from OpenBSD find their way back into the other BSDs. Look at OpenSSH. It
started off as an OpenBSD project. Also look at OpenSSH in the last month
to see that OpenBSD is not some holy grail when it comes to security. In my
opinion, it is a bit overhyped.

NetBSD: I don't have very much experience with this platform, but I know a
little about it from what I've seen in the FreeBSD Project and from talking
with others who have used it. It is designed to be very easy to port to new
platforms. For example, this was one of the operating systems that was
ported to the Sega Dreamcast's SH-4 processor. I believe it is pretty
barebones, but I may be misinformed. Again, many of NetBSD's benefits find
their way back into the other BSDs. For example, NetBSD's /etc/rc.d/
framework (now dubbed rcNG) have been integrated into FreeBSD 5. Many
device drivers have been sucked in from NetBSD as well. Even the lukemftp
of NetBSD has been put into the FreeBSD source tree.

FreeBSD: It is what I would suggest you run if you will be using x86 or
Alpha. The 4.x-STABLE (RELENG_4) branch really is stable. All the issues
with FreeBSD 4.9 have been worked out with PAE causing instability. FreeBSD
4.9 will be rolling out soon, and FreeBSD 5.3 (the first stable 5.x?) is
currently tentatively scheduled for March 2004. I am running FreeBSD
5.1-CURRENT on my desktop system with no problems, though wouldn't
recommend doing so on a production system. As I said above, many of the
plusses of the other BSDs find their way back into FreeBSD. As Phil already
noted, FreeBSD supports older versions for quite a long time. FreeBSD also
has several release branches one can follow:
     * Current: The development branch. (HEAD)
     * Stable: Only small and tested features/fixes end up here. (RELENG_4)
and now there are new branches for critical security updates only. If you
install a FreeBSD 4.8 system, you can track the RELENG_4_8 branch where you
will only receive necessary and critical updates. No new features that
could break your critical system.

Somebody also pointed out that OpenBSD has chrooted named setup by default.
FreeBSD 5.x also comes configured with the ability to do chrooted named.
However, currently the 4.x branch does not support this out of the box it
seems. All recent FreeBSD versions come packaged with named in the base.
Currently, this is bind8 due to stability and testing concerns. By FreeBSD
5.3-STABLE, it is currently thought that bind9 will be "ready" for the
tree.

FreeBSD also supports its native ipfw firewalling, Darren Reed's ipfilter,
and the OpenBSD pf firewalling package is now in the ports tree. The ports
tree also makes configuring and installing things like PHP very easy. To
install PHP, you are just given a nice menu which asks you which bits of
PHP you want (gettext, sockets, imap, gd, etc). It builds and installs it
for you.

-- 
Sean Kelly         | PGP KeyID: D2E5E296
smkelly at zombie.org | http://www.zombie.org


More information about the OLUG mailing list