Linux vs OpenBSD vs FreeBSD

[Chooco]

ok me gots a delema here. i want to run the most powerful, fastest and most stable OS for my game server and website (and to learn basic Unix stuff on)
the questions that i want answered are:
-can FreeBSD run the same things Linux can? by that i mean if i see a thing that says 'Linux distribution' and it comes as a tar.gz file but no make file, it's just an extract and play program...will it work on FreeBSD or no?
-is FreeBSD faster and more powerful than Linux?
-is OpenBSD faster or more powerful than FreeBSD?

everybody raves over how great FreeBSD is but i'm keeping away from the edge because i don't know if it has the support that Linux has.

 

[Nothinman]

-can FreeBSD run the same things Linux can? by that i mean if i see a thing that says 'Linux distribution' and it comes as a tar.gz file but no make file, it's just an extract and play program...will it work on FreeBSD or no?

Generally yes.

-is FreeBSD faster and more powerful than Linux?

Depends.

-is OpenBSD faster or more powerful than FreeBSD?

Depends.

With all the 3 the stability and speed are pretty much in your hands.

 

[Sunner]

This is sorta how I look at it:

OpenBSD, great OS for stuff like firewalls, webservers, or perhaps your workstation if that floats your boat.
Cons, not SMP capable, limiting it's scalability, not nearly as large a userbase as FreeBSD and Linux, but mirc@openbsd is a very helpful list as long as you ask intelligent questions.

FreeBSD, doesn't feel quite as high quality is OpenBSD, but still, very robust, great software selection, big userbase, makes a great low-mid end server OS, or a great workstation OS.
Somewhere in between Linux and OpenBSD to me, LinuxBSD perhaps? 🙂

Linux, the "can do pretty much anything juggernaut", good SMP scalability, huge loads of support, both in the form of commercial support(RedHat, SuSE, IBM, etc etc), and in the form of the biggest userbase of the three, by a huge margin.
Cons, most distro's come with heaps of stuff unless you specifically deselect it, and also, lots of services are generally turned on by default.

Either will do fine really IMO, but if you're new to *NIX and intend to put up a public server, I'd go with OpenBSD if your software works on it, simply cause it's the most secure by default, so not knowing how to tighten it likely wont result in you getting rooted within the hour.

 

[TheOmegaCode]

If you enable Linux binary support, then yes, it should work. For what you want, they are all comperable. The big difference between FreeBSD and OpenBSD is the security. OpenBSD comes shipped with alot more security Daemons, which makes your box more secure, but also tends to slow down the machine. I like FreeBSD because it is secure enough, and it's kept up in a very professional manner. Also remember that FreeBSD is limited to two platforms, but I doubt that will make a difference in your case.

 

[Nothinman]

OpenBSD comes shipped with alot more security Daemons, which makes your box more secure, but also tends to slow down the machine

It doesn't come with 'security daemons', it just comes with most things turned off. Funny thing is once you enable something not in the default install their security guarantees go out the window.

The only OpenBSD security daemons are the OpenBSD dev team...

 

[BDawg]

Originally posted by: Nothinman

OpenBSD comes shipped with alot more security Daemons, which makes your box more secure, but also tends to slow down the machine

It doesn't come with 'security daemons', it just comes with most things turned off. Funny thing is once you enable something not in the default install their security guarantees go out the window.

The only OpenBSD security daemons are the OpenBSD dev team...

I think you're ignoring the system-wide source auditing that the OpenBSD team performs.

 

[Nothinman]

I think you're ignoring the system-wide source auditing that the OpenBSD team performs.

System-wide only means the kernel, base user-space tools and ssh. They don't audit any of the ports, apache or any other '3rd' party software. Which basically means you get a firewall.

 

[n0cmonkey]

Originally posted by: Nothinman

OpenBSD comes shipped with alot more security Daemons, which makes your box more secure, but also tends to slow down the machine

It doesn't come with 'security daemons', it just comes with most things turned off. Funny thing is once you enable something not in the default install their security guarantees go out the window.

The only OpenBSD security daemons are the OpenBSD dev team...

Most things are turned off, but not all. They admit that having a machine that has nothing running is useless. So they audit the system (and you can get quite a usable system with what is installed by default) so that you can turn things on. I respectfully disagree with the bolded part especially.

Originally posted by: Nothinman

I think you're ignoring the system-wide source auditing that the OpenBSD team performs.

System-wide only means the kernel, base user-space tools and ssh. They don't audit any of the ports, apache or any other '3rd' party software. Which basically means you get a firewall.

I thought they auditted apache... They do audit BIND and sendmail, so you can also have a mailserver or dns server.

 

[Nothinman]

So they audit the system (and you can get quite a usable system with what is installed by default) so that you can turn things on. I respectfully disagree with the bolded part especially.

They specifically say 'in the default install', which includes basically a firewall and Apache/SSL. Sendmail and bind are there but not started I don't think. Once you install and start a non-default daemon the 'default install' portion isn't applicable any more and neither is there 'no remote exploits' tag line.

I thought they auditted apache... They do audit BIND and sendmail, so you can also have a mailserver or dns server.

Perhaps they do, but I think with Apache's background it's not a terribly involved job =) If they do sendmail and bind I'd be surprised, even more so if they're doing bind 9 or even bind 8.

 

[n0cmonkey]

Originally posted by: Nothinman

So they audit the system (and you can get quite a usable system with what is installed by default) so that you can turn things on. I respectfully disagree with the bolded part especially.

They specifically say 'in the default install', which includes basically a firewall and Apache/SSL. Sendmail and bind are there but not started I don't think. Once you install and start a non-default daemon the 'default install' portion isn't applicable any more and neither is there 'no remote exploits' tag line.

Yes, their tagline is 4 years without a remote vulnerability in the default install." Its true. But it doesnt do anything really. Its a great start, but the OpenBSD guys dont rely on that little bit of publicity.

I thought they auditted apache... They do audit BIND and sendmail, so you can also have a mailserver or dns server.

Perhaps they do, but I think with Apache's background it's not a terribly involved job =) If they do sendmail and bind I'd be surprised, even more so if they're doing bind 9 or even bind 8.

Apache has had its problems, but Im sute its less work than BIND and sendmail. They still have BIND 4 because the developers thought BIND 8 wasnt good enough. They dont have time to fix everything 😉

They do audit sendmail. It is in the system on a default install.

Anyhow, I dont want to get into a flame war about this. Linux would be fine. FreeBSD would be fine. OpenBSD may be ok for you, but apparently security auditting isnt worth the time and effort.

 

[Nothinman]

They still have BIND 4 because the developers thought BIND 8 wasnt good enough. They dont have time to fix everything

That's well and good but, bind 9 supports things like dynamic updates and dnssec which are necessary in a lot of places. I think the idea of OpenBSD doing DNS is a good idea, better than some other platforms, but if I start to implement AD I can't do use it or if I just want to use dhcp and keep DNS automagically updated to my clients IPs I can't do that. Well I can but I lose the benefit of the OpenBSD auditing and that's one of their biggest selling points.

OpenBSD may be ok for you, but apparently security auditting isnt worth the time and effort.

It's worth the effort, but when you spend all of your available time on it you miss out on a lot of things, SMP for instance. Add basic SMP support to SMP and boom a whole slew of new potential problems arise and the auditing has to start over to catch all the race conditions and add decently granular locking. Nothing against the OpenBSD team but we don't need 10 guys auditing 5 projects for problems, it's a good start but in the long run little or no progress is made because new programmers are born every day that know nothing about programming with security in mind, we really need better programming teachers and better documentation on why certain things are bad.

Or we could just rewrite everything in a 'safe' language like Java =)