[buug] ideal

Mark Handley mjh at aciri.org
Sun Dec 10 20:30:16 PST 2000 

>begin Mark Handley quotation:
>
>> Personally right now I think that Linux is a better desktop OS, and a
>> worse server OS than FreeBSD.  They're both stable, and perform well,
>> but Linux systems are more popular targets for crackers than FreeBSD
>> systems, so if reliability is your main concern, then you might prefer
>> FreeBSD.
>
>Statistical illusion generated by the greater quantity of clueless
>sysadmins and unmaintained systems on Linux.  If you limit the
>comparison to systems maintained by competent, moderately paranoid
>sysadmins, there is no inherent security difference.  Which isn't
>surprising, given that the userspace daemons are literally identical,
>and the kernels are in many ways similar.

I agree the security difference is small.  But the userspace daemons
are not identical - for example the recent statd vulnerability
is specific to Linux:
  http://www.cert.org/advisories/CA-2000-17.html

But I think that the popularity of Linux with crackers (as an
operating system they're familiar with) does have an effect.  The
difference though is not something that would by itself make me choose
one over the other.

>(Also, here you make an argument, if anything, for OpenBSD more than you
>do for FreeBSD.)

Agreed.  If security is your top concern above all others, then
OpenBSD is definitely the one for you.  However, FreeBSD also has had
a large code audit that's still underway, and also often benefits from
it's kinship with OpenBSD.  FreeBSD is better if you want support for
a particular piece of hardware.

>> The fact that the whole system (kernel + userspace) is developed
>> and shipped together means that the whole process just seems well
>> thought out.
>
>Myth.  I respect the FreeBSD maintainer process mightily, but it has no
>magic channel to (e.g.) the Apache team, any more than the other
>platforms do.

Agreed, but that wasn't my point.  There's more heterogeneity in
Linux, and this leads to faster development at the occasional expense
of rock-solid reliability.  Witness all the recent argument over
Redhat 7 shipping with an experimental compiler.  Linux userspace
truely is a bazaar - this has both its good points and its bad points.

>> In general the FreeBSD development process seems to favor stability
>> over features whereas Linux seems the other way round.
>
>Misleading.  Again, any *ix server run by a competent sysadmin,
>regardless of *ix flavour, will end up being pared down to eliminate
>unnecessary code -- and the stability argument is now largely obsolete,
>except in two or three areas (NFS, virtual memory, scheduler quality),
>and even in those areas, the comparison is now close enough to be nearly 
>consigned to religious devotion, rather than rational comparison.

Again this isn't completely true.  For example Linux 2.4 includes TCP
SACK.  This is a *good* thing - this is a more advanced TCP than ships
with FreeBSD and should lead to better perforance in a range of
networking conditions.  But the fact that Linux code incorporates new
features faster than FreeBSD doesn't encourage me to believe it's more
stable.  Perhaps TCP SACK in Linux is rock-solid, perhaps not.  But
the very rate of change of Linux does make it harder to be really
really stable.

>> If any of the journalling filesystems for Linux ever become
>> rock-solid, this may tilt the balance in favor of Linux for some
>> server uses, but they're not quite there yet.
>
>And that is the other FreeBSD mantra.  Again, I respect mightily
>McKusick's soft updates technique, despite the patent encumbrance that
>leads me to decline to use it.  And theoretically, FFS's treatment of
>metadata is safer than ext2's (expecially with soft updates enabled),
>blah blah blah, but, in the real world, which is what really matters,
>the theoretically always-impending catastrophic losses do not, in fact,
>actually occur.

Actually you missed my point.  Soft updates, good though they are, are
not a true journalling filesystem.  I was saying that once a true
journalling filesystem is in Linux, and once it's really solid, then
for applications that really want such a function, Linux will have a
definite advantage because there's no true journalling filesystem for
FreeBSD.

For my purposes though, either soft updates or ext2 are fine.


Anyway, the point of my message wasn't to trash Linux - merely to
point out that it may not be the only (or even best) solution for the
particular problem he's trying to solve.  Properly configured, Linux
makes a good stable, secure platform.  I just happen to believe that
properly configured, FreeBSD has a fractional edge for the task he's
trying to solve.


>> But software availability may make the choice for you.
>
>That should not be an issue, if he accurately reported his needs.

Hopefully not.  But Linux is a little better supported than FreeBSD
for some tasks/hardware, and so this may tip the decision in favour of
Linux.

I think mostly we're in agreement - the skill of the sysadmin is
likely to make much more difference than the choice of operating
system.

Cheers,
	Mark

More information about the buug mailing list