Metawire.org Admin On OpenBSD Hosting

hext0r writes "Open Hosting provider metawire.org administrator Daniel Selans recently wrote an informative article for the OpenBSD Journal about the difficulties and successes in running a free hosting provider using OpenBSD. It's an informative read for anyone considering starting any type of hosting company using free technologies."

Re:Nitpick

[TheLink]

For network servers or personal machines I don't see FreeBSD being much less secure than OpenBSD. Dunno much about NetBSD except that it runs on tons of things and the NetBSD devs are pretty savvy security-wise.

For machines shared/used by untrusted users perhaps OpenBSD might be more secure, however I personally think that giving untrusted users an account on your machine is almost the same as giving them root. This is true for most popular operating systems and environments.

Show me an O/S that is architecturally secure and it's probably an O/S that doesn't run most of the stuff that people want.

What I like about FreeBSD is
1) Documentation - you can do man wi and you get docs on the wifi driver, do man dc and you get docs on the dec nic driver. Then there's the handbook.
2) Ports/packages. Installing Bugzilla on FreeBSD is mostly just:
cd /usr/ports/devel/bugzilla
make install
Then a bit of configuration.

Whereas on say RH Linux, you have to download bugzilla, various Perl modules, MySQL, and all the other stuff by yourself. FreeBSD's port system downloads all the dependencies.

Same thing goes for other stuff like say squirrelmail.

You could use binary packages if you want to, or even build your own from the ports (to redistribute to machines where CPU is slow or at a premium).

3) IPFW does the stuff I want (netfilter doesn't seem to be able to). And does other stuff I want in simpler ways.

4) Ease of being reasonably sure that a system is fully up to date with the latest stable stuff. With stuff like RH Linux and many other distros (except maybe Gentoo) things could get screwed up - binaries could get overwritten and you are no longer sure if the system is up to a consistent and recent patch level. I suppose with RH you could reinstall all the RPMs - that might fix all binaries.

If you want to compile everything by hand you can. But for FreeBSD, lots of stuff is in the ports.

OpenBSD is supposedly more secure than FreeBSD, but in terms of direct remote root exploits, they're just about the same as FreeBSD- both use Openssh which hasn't had that great a security track record. OpenSSH appears to be developed and maintained by the OpenBSD team. Whether OpenSSH's security/quality is representative of the rest of the OpenBSD team's work is up to you to figure out.

Performance? your mileage may vary. OpenBSD generally doesn't scale as well as FreeBSD/NetBSD or Linux 2.4/2.6. FreeBSD 4.9 is very competitive with Linux 2.4 (IIRC faster in some stuff, slower in others).