Hacker News new | ask | show | jobs
by nelsonic 34 days ago
FreeBSD has the same roots as OpenBSD but the former has a “compatibility” focus whereas the latter has the security focus. Having a background in security, the choice was obvious for me. But each person/org should decide based on their needs. Haven’t had any issues running it on all major hardware (Dell, HP, Lenovo, Apple, etc) the UI isn’t as pretty as macOS on Desktop, but it runs Firefox & Chrome, etc. so you can do everything you need. If you have an older Lenovo or Mac lying around collecting dust, dive in!
3 comments
wang_li 34 days ago
There was FreeBSD and NetBSD. NetBSD supporting many platforms while FreeBSD supported just x86. There was some contention between NetBSD developers and Theo and crew left to create OpenBSD. They all more or less have common ancestry being derivatives of 386BSD.
link
mxuribe 34 days ago
Yeah, i knew there was some aspects of decendancy across the different BSDs.

And, I mentioned NetBSD for embedded stuff...but really, i *think* its that NetBsd is simply installed on tons of different hardware....so not only embedded....i kinda remembered that about NetBSD.

But, its the other BSDs - in particular FreeBSD vs OpenBSD - that i always forget the differences...but got it now. Thanks!

link
Brian_K_White 34 days ago
freebsd = utility

openbsd = security

netbsd = portability

freebsd: performance, features, drivers, software compat - closest to linux in utility & usability though unlike linux in execution

openbsd: safety for exposed services

netbsd: portable across many cpu & hardware platforms - big-endian powerpc sun, hitachi sh3 jornada, etc, easiest to port to a new arch

link
Melatonic 34 days ago
Can FreeBSD be stripped down to be more like OpenBSD security wise while still keeping the performance benefits ?
link
Brian_K_White 34 days ago
It can be customized just like linux where you can compile a custom kernel omitting unneeded features and then also ship a small userspace around it, and the core userspace tools are generally a little less feature rich than linux's already.

But it's not a matter of surface area that makes openbsd solid, it's the priorities while writing that affects how every little thing has been written over time.

You can write 10 different versions of a function that all work and are all nominally perfectly free of security gaps.

Yet they will all still be 10 different levels of robust. Some versions will fail as soon as some assumption is violated, and some make fewer assumptions and remain safe even when varying amounts and forms of "that can't happen" happens.

It's not just cosmic ray bit flips either, or a hacker trying to do power glitch attacks or rowhammer etc, stuff that makes the hardware violate it's promises. But stuff like a different developer updating something 15 years later who is not the original and does not realize every single facet of how it works and just how the current implimentation covers all possible edge cases, and so doesn't realize how their change opened up an edge case that was covered before. With fragile code, the new code simply has the new security gap until someone discovers it the hard way. With robust code, it's more likely to still be safe. The edge case maybe makes it fail to function, but not in a way that anyone can use productively.

Not that freebsd is exactly swiss cheese. These are all relative. I would and do rely on freebsd any day.

link
mxuribe 34 days ago
Oh this is a wonderful and succinct summary; thanks!
link
JdeBP 33 days ago
It's also superficial and wrong, and as bad as dividing people up by hair colour into blondes, brunettes, and redheads.

The way that the BSDs differentiate cannot be reduced in this way, not least because there is a lot of what Justin C. Sherrill (of the DragonFly Digest) calls 'cross-pollination' amongst the BSDs.

A case in point:

Superficially, and erroneously, one might observe that OpenBSD, NetBSD, and FreeBSD have nvi, and only DragonFlyBSD has nvi2. In fact there was a three-way fork of actual Bostic nvi, all of them making revisions and leaving the original behind, and then things got really complex with nvi2 taking from OpenBSD's nvi, and FreeBSD's nvi taking from nvi2; not even getting into the existence of nvi-m17n along the way and how there are nvis in base and nvis in ports. (https://news.ycombinator.com/item?id=48132452) One cannot divide the BSDs up into those that have nvi2 versus those that have nvi.

The split is complex in other areas, too.

link
mxuribe 33 days ago
Yes, you're not at all wrong! However my goal is not to definitively 100% know the exact differences between the BSDs...i merely wanted to seek out a quick/easy starting point (the very high level diffs)...so that i can start *somewhere* and hopefully avoid my paralysis by analysis. :-)
link
Brian_K_White 33 days ago
It is a generalization of the essentials, and not wrong.

You know even though I said the execution is unlike linux, in fact, there are many many details that are just like linux! What a freaking ignorant liar eh? There's like 100 things like that you could say. No wait, no way it's exactly 100. There's obviously some other number like 105 or 612 things like that. So superficial and wrong!

link
riedel 34 days ago
Actually that is mostly current HW compat. NetBSD would be I guess the one for legacy HW compat.
link
cestith 34 days ago
OpenBSD does support some older hardware already not supported by, say, most Linux distributions. As an example MacPPC has’t had support from most Linux distributors since IBM Power went little-endian, but OpenBSD runs fine on it.

NetBSD is, however, the gold standard for an OS that runs on just about anything. Their (maybe unofficial) slogan has been “Of course it runs NetBSD!”. Their logo has a flag in it because they “plant their flag” on so many platforms.

https://wiki.netbsd.org/ports/

link
mxuribe 34 days ago
Yeah, thanks that helps! Its the old convenience vs security balancing act :-)
link
nelsonic 34 days ago
100%. I put off learning/using OpenBSD for a decade until a breach at a client (we weren’t responsible for DevOps/SysAdmin) made me pick it up because I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them. Wish I’d done it sooner. Lost at lot of time on Linux, Docker, K8s, etc. that I could have skipped completely with OpenBSD. Our servers are an order of magnitude simpler now, just single services per VM and I sleep better. ;-)
link
mxuribe 34 days ago
> ...I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them...

Very salient comment there! And, while not the only reason for me, but what you noted is sort of one reason that's triggering the itch in me to go back to playing with the BSDs. Don't get me wrong, I still do love fiddling around with some areas of linux once in a while....but then, there are other uses/areas where i just want a server to do its thing, and for my maintenance to be a little less (at least less than some linux distros require). So maybe i'm not the only one? :-)

link
nelsonic 34 days ago
Yeah, time is finite and fleeting and the older I get the faster it seems to go!

As a teen I had infinite time to compile Linux and debug stuff. Now I just want to spend time with family/outdoors and not be stuck in a windowless room negotiating with a black box. ;-P

link
mxuribe 34 days ago
Its like you're reading my mind!!! lol :-D
link