FreeBSD 4.3-RELEASE is now available from all the usual mirrors in both source code and binary forms. This is the perfect time for all you linux users to burn an ISO image onto a CD and start using a real operating system. ;)

I'd use OpenBSD over FreeBSD......

JTY, could you let me know why you prefer OpenBSD over FreeBSD? I'm currently trying to decide which of these OSes (one of the BSDs) to install. Was there some specific reasons (or was it merely that you're familiar with OpenBSD)?

Thanks!

OpenBSD is the undisputed leader for security. If you're building a firewall, OpenBSD is the obvious choice.

FreeBSD, however, is somewhat less limited in its capabilities: Because new code can be added to FreeBSD without a several-year-long security audit, FreeBSD has many more features (eg, multi-processor support) which are lacking in OpenBSD. FreeBSD is also more user-friendly than OpenBSD.

NetBSD, of course, is designed to run on anything. If you need an operating system for your toaster oven, for your lawn mower, or for your car, NetBSD is the right choice.

If I were you, I'd start with FreeBSD, and only after you're completely familiar with it consider if you want to switch to OpenBSD -- unless, of course, you need the cross-platform support of NetBSD or the paranoia of OpenBSD right now.

cperciva, thank you for your information.

I'm not too worried about user-friendliness, since I am accustomed to using and programming Linux. My concern is actually looking for a secure OS for web server purposes. Looks like I should give OpenBSD a shot...

By the way, I wonder - do you have any specific examples of in what way OpenBSD is more secure than FreeBSD? I find it difficult to find such information anywhere.

Thanks. :)

Using linux probably won't prepare you well for OpenBSD. Go ahead, but don't say I didn't warn you.

OpenBSD's security comes from two sources. The first is a matter of configuration: "secure by default". Where other (*cough* Redhat *cough*) operating systems install all sorts of services on the hypothesis that users might want them and by pre-installing them they are saving the user some time, OpenBSD starts with a *very* minimal set of services. For example, sendmail isn't running be default. In addtion, configurations are set up so that even when you do enable those services, they are chrooted, run under other uids, etc. as much as possible. In the case, for example, of the ftpd globbing buffer overflow, while ftpd was insecure on Free, Open, and Net BSDs, on OpenBSD it could not lead to a root compromise, while on FreeBSD and NetBSD it could.

The second cause of OpenBSD's security is a very detailed security audit. Every line of code included in OpenBSD has been inspected several times by different people to make sure that bugs don't get through; while many Linux advocates point out that "given enough eyes, all bugs are shallow", OpenBSD alone actually ensures that enough eyes look at code before it is included. A common phrase on cross-platform security mailing lists is "OpenBSD fixed this six months ago": the ongoing OpenBSD security audits tend to find and correct bugs long before anyone works out that there is actually a security hole. As an example of this, OpenBSD now randomizes IP packet IDs, not because there is any known vulnerability which could result from sequential IDs, but instead because there *could* be one discovered in the future.

In the end, you have to understand that security isn't measured as a number of open security holes. All reputable operating systems have patches released soon after any security hole is found, and so under more or less any operating system you can create a system with "zero known security holes". Security is measured by the probability that new security holes will be discovered in the future, and by thoroughly auditing existing code, and limiting the possible impact of security holes should they occur, OpenBSD is far more secure than any other operating system readily available.

Does that answer your question? I hope so, since I have no intention of challenging Tim Greer for the title of "most verbose poster". ;)

I would highly suggest freebsd as your first jaunt into unix land. Its a lot easier to use and install then openbsd... Just my 2 cents, both are very secure compared to linux.

Originally posted by cperciva
Using linux probably won't prepare you well for OpenBSD. Go ahead, but don't say I didn't warn you.

[ ... lots of useful stuff ... ]

Does that answer your question? I hope so, since I have no intention of challenging Tim Greer for the title of "most verbose poster". ;)

Yes - thanks for all your information. It was most helpful! (Don't worry about the long post, it has the sort of information I was looking for.) :)

Thanks also for your warning about Linux not preparing me for OpenBSD :) It's okay. I've got lots of time to learn the stuff. I'm preparing for something like 6 months to a year down the road when my sites outgrow a shared server and when I find that it'd be cheaper to move them all to a dedicated (unmanaged) server.

In case you're curious: I'll probably go for OpenBSD, as soon as I have time to download the stuff. From your description, it really sounds like it's the sort of thing I'm looking for (security-wise). Hopefully setting up isn't any worse than the old days of Linux (back in kernel version 0.99.9 or so) when I had to do lots of stuff manually (including compiling, configuring sendmail, etc).

[ Now if I can only find a CDROM of OpenBSD in my local stores. They only sell Linux and Windows stuff these days... ]

Originally posted by fatman

[ Now if I can only find a CDROM of OpenBSD in my local stores. They only sell Linux and Windows stuff these days... ]

You can order OpenBSD CDs online for $30 USD, but most people just install over FTP. Unfortunately there aren't any official ISO images available (the $30 CDs help to cover the out-of-pocket expenses of the OpenBSD team), but the FTP install is pretty easy so I doubt that you'll find any need for a CD.