[mxuribe]

Have you tried such Openbsd installations vs FreeBSD? I forget the differences between OpenBSD and FreeBSD, so forgive the naivety. (I think NetBSD is more for embedded stuff, and Ghost and Dragonfly are more for conventional desktop use-cases if i recall correctly.)

I'm asking because i have not touched any BSD for over 2 decades...and I'm getting the itch to try some out...and was wondering if for server-type use cases (like you noted) whether OpenBSD is preferred over FreeBSD or the reverse, and why? Thanks in advance for any feedback you might provide!

[spauldo]

FreeBSD is a heavier, more capable system, suitable for large servers. It's got its own virtualization platform (bhyve), an LXC-ish container system (jails), native ZFS, dtrace, Linux emulation, and a bunch more. It makes for a decent workstation and has pretty decent hardware support.

NetBSD is small and simple. It's a lot like an old-school UNIX. It makes a decent platform for small services. I run bind and dhcpd on a NetBSD machine. The source code is very pleasant to read. It uses the pkgsrc software repository. It's my preferred platform for writing POSIX code.

OpenBSD still carries much of the general feel of NetBSD and can fill a similar niche on a network, but the security focus stands out in their documentation, subprojects (OpenSSH, LibreSSL, OpenNTPD, etc.), APIs (see pledge(8)), and policies. It makes for a great firewall. I'd say it also requires the most know-how.

All of them have excellent documentation (especially compared to Linux distros) and the base system is developed alongside the kernel, giving you a very consistent experience compared to Linux distros where everything is developed in isolation. If you write C, it's worth keeping a BSD system around just for the manpages and to make sure you're not letting Linuxisms creep into your codebase.

[mxuribe]

Thank you, this helped alot!

[tete]

> Linux emulation

Just to clarify. It's not emulation in the sense it's slower or something. They call it compatibility layer, which is better, but also nobody knows what it means.

This is simplifying a bit, but it's essentially "Linux is just a kernel" so the interface is just Linux syscalls, so the FreeBSD kernel when executing a Linux binary simply answers like Linux (so it has those system calls). How this is used in practice is that on your file system you have Ubuntu/RedHat/... "installed" (so the files and the file hierarchy are lying there) and you either directly or in a FreeBSD jail execute things in there or the binary you have.

I don't know how well it works in the present but in the past that means you could simply download the Unreal Tournament 2004 multiplayer demo or Enemy Territory or other games and just play them as if you were running Linux, 3D acceleration and all, without VM without real emulating, just the kernel providing what a Linux kernel would provide.

Also "heavy" is very very relative and subjective. You can totally have a tiny FreeBSD and a huge OpenBSD and one could argue OpenBSD is "heavy" because it comes with three window managers, an HTTP server, a full blown SMTPD server, ACME client and a ton of stuff that eg a server install of Debian or Ubuntu doesn't come with. But also if you run eg. ZFS things are heavy of course. FreeBSD has however had a time when it tried to strip a lot of stuff from the default install and make stuff either optional or make things available through ports/packages only.

And also there are surprises to be had with such overviews: Eg. your Lenovo laptop likely will give you a more "out of the box" experience on OpenBSD compared to FreeBSD with things like simple wifi setup, sound often doing the right thing (work, come out the right place, etc.) compared to FreeBSD. Also with stuff like HTTPD with ACME being available in a simple way after install I'd say OpenBSD is easier than FreeBSD.

FreeBSD to me feels a bit more like "it can be everything you want it to be". Ports and packages can be complicated if you just start out, compared to OpenBSDs "just use packages" stance. On OpenBSD things in my experience are more of a "it works or doesn't" and when it works often out of the box and/or with docs, while on FreeBSD it's more like it throws some tools into your direction you can build stuff (poudriere, jails, a build system with many options). So it's really cool if you want flexibility but a bit more like you have to figure out if it's possible and how. But that might simply be because of the use cases I used it for.

That said all of them are real general purpose systems, unlike eg. some Linux distributions. So it's not like "OpenBSD is for routers" even though it often seems like it. There are time when the GPU support is better on OpenBSD than FreeBSD's. But also FreeBSD has official NVIDIA drivers, so it's all not that clear cut.

[spauldo]

I don't have much to disagree with there, only that any survey answer is the difference between complex things is going to be simplified. I'm thumb typing here and no one's paying me to write a book.

I will defend my "heaviness" argument, though. Sure, you can run OpenBSD on large hardware, but it's not going to be able to take advantage of it like FreeBSD can. Which makes sense if you think about it - FreeBSD optimizes for heavy workloads. Conversely, if you set up minimal installs, OpenBSD will be smaller. Again, that makes sense, since OpenBSD focuses on security over features (plus the only truly secure code is the code that doesn't exist). There's a lot of overlap in the middle, of course.

I wouldn't use OpenBSD for a NAS, and I wouldn't use FreeBSD for a diskless firewall. Not because they can't do those things - they just each have their strengths and weaknesses.

[ch_123]

The "lightweight" nature of OpenBSD is a matter of perspective - if you are happy with OpenBSD's feature set, then it's a plus. On the other hand, FreeBSD has a lot of additional features, including ZFS, which may be of interest. The last I checked, FreeBSD was more performant in various benchmarks, particularly regarding multi-core performance.

[dijit]

FreeBSD has a bit more of a lax attitude historically to security[0] and seems to prefer being reasonably performant and "easy to use" (this is subjective, but they care about supporting packages outside of base very much, and bundle non-FreeBSD produced packages as part of their base).

OpenBSD on the other hand is perfectly happy to leave oodles of performance on the table for security. They were the first OS to completely drop Hyperthreading support for example, years before spectre/meltdown.

So with these things in mind, FreeBSD is a lot more performant.

[0]: https://vez.mrsk.me/freebsd-defaults

[nelsonic]

FreeBSD has the same roots as OpenBSD but the former has a “compatibility” focus whereas the latter has the security focus. Having a background in security, the choice was obvious for me. But each person/org should decide based on their needs. Haven’t had any issues running it on all major hardware (Dell, HP, Lenovo, Apple, etc) the UI isn’t as pretty as macOS on Desktop, but it runs Firefox & Chrome, etc. so you can do everything you need. If you have an older Lenovo or Mac lying around collecting dust, dive in!

[wang_li]

There was FreeBSD and NetBSD. NetBSD supporting many platforms while FreeBSD supported just x86. There was some contention between NetBSD developers and Theo and crew left to create OpenBSD. They all more or less have common ancestry being derivatives of 386BSD.

[mxuribe]

Yeah, i knew there was some aspects of decendancy across the different BSDs.

And, I mentioned NetBSD for embedded stuff...but really, i *think* its that NetBsd is simply installed on tons of different hardware....so not only embedded....i kinda remembered that about NetBSD.

But, its the other BSDs - in particular FreeBSD vs OpenBSD - that i always forget the differences...but got it now. Thanks!

[Brian_K_White]

freebsd = utility

openbsd = security

netbsd = portability

freebsd: performance, features, drivers, software compat - closest to linux in utility & usability though unlike linux in execution

openbsd: safety for exposed services

netbsd: portable across many cpu & hardware platforms - big-endian powerpc sun, hitachi sh3 jornada, etc, easiest to port to a new arch

[Melatonic]

Can FreeBSD be stripped down to be more like OpenBSD security wise while still keeping the performance benefits ?

[Brian_K_White]

It can be customized just like linux where you can compile a custom kernel omitting unneeded features and then also ship a small userspace around it, and the core userspace tools are generally a little less feature rich than linux's already.

But it's not a matter of surface area that makes openbsd solid, it's the priorities while writing that affects how every little thing has been written over time.

You can write 10 different versions of a function that all work and are all nominally perfectly free of security gaps.

Yet they will all still be 10 different levels of robust. Some versions will fail as soon as some assumption is violated, and some make fewer assumptions and remain safe even when varying amounts and forms of "that can't happen" happens.

It's not just cosmic ray bit flips either, or a hacker trying to do power glitch attacks or rowhammer etc, stuff that makes the hardware violate it's promises. But stuff like a different developer updating something 15 years later who is not the original and does not realize every single facet of how it works and just how the current implimentation covers all possible edge cases, and so doesn't realize how their change opened up an edge case that was covered before. With fragile code, the new code simply has the new security gap until someone discovers it the hard way. With robust code, it's more likely to still be safe. The edge case maybe makes it fail to function, but not in a way that anyone can use productively.

Not that freebsd is exactly swiss cheese. These are all relative. I would and do rely on freebsd any day.

[mxuribe]

Oh this is a wonderful and succinct summary; thanks!

[JdeBP]

It's also superficial and wrong, and as bad as dividing people up by hair colour into blondes, brunettes, and redheads.

The way that the BSDs differentiate cannot be reduced in this way, not least because there is a lot of what Justin C. Sherrill (of the DragonFly Digest) calls 'cross-pollination' amongst the BSDs.

A case in point:

Superficially, and erroneously, one might observe that OpenBSD, NetBSD, and FreeBSD have nvi, and only DragonFlyBSD has nvi2. In fact there was a three-way fork of actual Bostic nvi, all of them making revisions and leaving the original behind, and then things got really complex with nvi2 taking from OpenBSD's nvi, and FreeBSD's nvi taking from nvi2; not even getting into the existence of nvi-m17n along the way and how there are nvis in base and nvis in ports. (https://news.ycombinator.com/item?id=48132452) One cannot divide the BSDs up into those that have nvi2 versus those that have nvi.

The split is complex in other areas, too.

[riedel]

Actually that is mostly current HW compat. NetBSD would be I guess the one for legacy HW compat.

[cestith]

OpenBSD does support some older hardware already not supported by, say, most Linux distributions. As an example MacPPC has’t had support from most Linux distributors since IBM Power went little-endian, but OpenBSD runs fine on it.

NetBSD is, however, the gold standard for an OS that runs on just about anything. Their (maybe unofficial) slogan has been “Of course it runs NetBSD!”. Their logo has a flag in it because they “plant their flag” on so many platforms.

https://wiki.netbsd.org/ports/

[mxuribe]

Yeah, thanks that helps! Its the old convenience vs security balancing act :-)

[nelsonic]

100%. I put off learning/using OpenBSD for a decade until a breach at a client (we weren’t responsible for DevOps/SysAdmin) made me pick it up because I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them. Wish I’d done it sooner. Lost at lot of time on Linux, Docker, K8s, etc. that I could have skipped completely with OpenBSD. Our servers are an order of magnitude simpler now, just single services per VM and I sleep better. ;-)

[mxuribe]

> ...I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them...

Very salient comment there! And, while not the only reason for me, but what you noted is sort of one reason that's triggering the itch in me to go back to playing with the BSDs. Don't get me wrong, I still do love fiddling around with some areas of linux once in a while....but then, there are other uses/areas where i just want a server to do its thing, and for my maintenance to be a little less (at least less than some linux distros require). So maybe i'm not the only one? :-)

[nelsonic]

Yeah, time is finite and fleeting and the older I get the faster it seems to go!

As a teen I had infinite time to compile Linux and debug stuff. Now I just want to spend time with family/outdoors and not be stuck in a windowless room negotiating with a black box. ;-P

[mxuribe]

Its like you're reading my mind!!! lol :-D

[SanjayMehta]

OpenBSD is security focused while FreeBSD will remind you of older X-Windows workstations.

[mxuribe]

Thanks!

And, wow, do i miss the old X-window workstations...well, i should clarify that i LOVED those (I think they were Sparc?) workstations that ran Solaris or SunOS back in the day! Man, that takes me back some years...but i really loved those machines! :-)

[mghackerlady]

OpenBSD supports sparc very well and is compatible with old sunos stuff (iirc). Unfortunately no 68k anymore (okay, technically there's a niche flavour of 68k that still is supported because of a very dedicated man in Japan)

[brynet]

> OpenBSD supports sparc very well and is compatible with old sunos stuff (iirc)

No 32-bit sparc anymore (only UltraSPARC, aka sparc64).

No SunOS compatibility (despite Theo de Raadt inventing it for NetBSD, before being copied by other BSDs).

https://marc.info/?l=openbsd-tech&m=161435521906992&w=2

> Technically there's a niche flavour of 68k that still is supported because of a very dedicated man in Japan

luna88k, while related, is not 68k.

https://www.openbsd.org/luna88k.html

[ninjin]

Modern operating system booting on hardware that is closing in on 40 years old in just over three minutes, this is wild to see:

https://www.youtube.com/watch?v=btwiiZw3B2s

Kenji Aoyama truly is aligned with the best of the hacker spirit. As for getting your hands on a luna88k, I have no clue. The only thing I managed to find was a broken one that sold for ~USD 750 at an online auction.

[brynet]

If you're interested, you should check out Miod Vallat's Motorola 88k story.

http://miod.online.fr/software/openbsd/stories/m88k.html

One interesting bit of trivial is Luna-88k workstations were heavily used to implement CMU Mach (which would eventually be used by Apple).

[mghackerlady]

I must've read about the sunos thing somewhere and imagined it still existed.

>luna88k, while related, is not 68k

I misremembered it as being similar to the relationship between the 6502 and the 65C816

[JdeBP]

It's worth mentioning at this point that one can still get (Open)Solaris descendent operating systems: OmniOS, SmartOS, and Tribblix. The latter still has SPARC in its installation guide.

* https://tribblix.org/install-sparc.html

[mxuribe]

Oh wow, that's pretty cool! Thanks for sharing!

Another part of my nostalgia with those old workstations (besides the core OS) was the desktop environment, i think CDE or motif or something like that. Something about the look and feel of that DE i always thought was cool!