Which BSD for an Experienced Linux User?

Bruce C asks: "I'm a software developer with 28 years commercial experience. Although my day job is mostly on Windows software, I've been using SuSE Linux for 6 years at home. Before that I worked on HP/UX. I've no pressing plans to abandon Linux, but I am interested in experimenting with a BSD style operating system. My current motivation is largely curiosity. Of course, I might end up being converted, but that isn't my intention. I'm wondering which of the various *BSD systems would be the 'best' introduction for a person like me. The workstation I'm planning to use is a generic beige box: Celeron 1.2, 768Mb RAM, 120 Gb IDE, with about 80Gb free. It's on a LAN, behind a firewall. The live CDs for FreeBSD (Freebsie), DragnoflyBSD, and NetBSD all booted and started on it. I haven't tried an OpenBSD CDROM. Which BSD should I pick?"

All of them

[SilverspurG]

And find one that's right for you.

Re:PC competition for the I-Mini MAC?

Look, the word is "Mac" or "Macintosh", not "MAC". Additionally, the new computer is called "Mac Mini", not "I-Mini", and the company is called "Apple" not "MAC".

Re:OPENBSD!!!

Security != Least Exploited

Re:OpenBSD

[Just+Some+Guy]

I disagree. OpenBSD was a bear to install when I first tried several years ago. I gave it another shot last year after getting quite a bit of FreeBSD experience under my belt, and it was a breeze.

It defines "minimal", but if you can get used to the fact that the installer won't hold your hand in any way, then it's actually about the easiest you'll find. Seriously. It's just not that bad for an experienced user.

hardware is usally the deciding factor for me

[josepha48]

NetBSD usually has pretty good hardware support. It usualy recgonizes most network cards. Especially wireless support in NetBSD is better IMHO. FreeBSD used to lock up my laptop with my netgear ma301 wifi nic, while NetBSD runs pretty nicely.

Configuring things to start up on the BSD's is all done in the /etc/rc.conf file, so once they are installed they are all very similar. Kernel is in /usr/src/sys and they have no GUI kernel config like Linux does (AFAIK). So if you have ever manually edited a .config for Linux you'll be right at home.

FreeBSD seems to have more software in the ports than netbsd does. I'm not sure about OpenBSD. OpenBSD never like my hardware. NetBSD actually recgonized my sound card better than Linux or FreeBSD on my laptop so that makes is more desirable.

If you need to use framebuffer programs that use svgalib or want to use them, and not run X windows, then FreeBSD is the choice. FreeBSD has a framebuffer that does graphics, fairly easily, while NetBSD does not.

NetBSD's SMP support is newer than FreeBSD, but it did no sound like that was an issue.

My suggestion is number them 1(NetBSD), 2(FreeBSD), 3(OpenBSD) and create a random number generator that picks it for you. Pretty much once you install one of them, the others are pretty close and easy to learn where things are.

Re:Mac OS X doesn't count as *BSD???

[davez0r]

i was just using the author's metric. he didn't seem to include osx in his list of possible choices. also, it would be tricky for him to run it on a celeron. perhaps i should have said that it wouldn't count for him.

on a side note, when you [sic] someone, please make sure you're not the one making the mistake.

Re:What do you want?

[molnarcs]

However, Apache isn't auditted.

Do you know what you are talking about? It seems more and more likely you don't. OpenBSD devs had a number of problems with the apache project. One was licencing issues, so they don't have apache2 included in the base system (you are still free to install it via ports). The other gripe was (and this is quite well known for it was publicized a few times even here on ./) that apache.org was slow/reluctant to include all the security fixes the openbsd project submitted - after auditing the code. The apache 1.3.x version is a security enchanched version of the normal 1.3-release.

And that was just one example of your ignorance. Now, would you be so kind as to stop posting crap please? There is a difference between the security of say linux (or even FreeBSD) and OpenBSD. OpenBSD isn't completely secure, no one claims that. It is more secure by default even if you allow services. Not to mention the fact that pf eats iptables for breakfast (now also part of FreeBSD's base system).

Re:OPENBSD!!!

[dohcvtec]

It's also one of the most useless OS's in the world with an unmodified install!
Not really... have you ever run NetBSD? NetBSD doesn't even configure your network interfaces by default - so it's actually more secure by default than OpenBSD, because it has no network connectivity.
Seriously, the "all services off by default" is why OpenBSD can make the claim you made.
Actually, a default install of OpenBSD does have a few daemons running through inetd - but they are so thoroughly audited that they no longer pose an ominous threat. Besides all that, OpenBSD is really one of the easisest OSs to turn into a full (and secure) web/mail/file server - just change a few lines in /etc/rc.conf and you're there.

Re:OpenBSD

[peacefinder]

Bah. OpenBSD is not hard to install. My first three *nix OS installs ever were OpenBSD. Twice on old salvaged PCs, and then on a headless Soekris 4801. It's not like I'm some superbrain guru either... I had nearly zero experience with any *nix flavor at the time. All that was requred was to read the online manpages. Never mind the FUD, it's just not that hard.

Buy the CD, and it's a snap. It's slightly harder with the floppy/ftp install, but not much.

Re:What do you want?

However, Apache isn't auditted. DHCP isn't auditted. The FTP server, I'm fairly sure isn't auditted.

Apache is practically forked because of all the security patches that have been applied to the OpenBSD version. henning@ cleaned, audited and rewrote much of dhcpd and ftpd has been audited and privilege separated. But, don't let easily discovered facts get in the way of your uninformed rant...

Re:What do you want?

[Homology]

However, Apache isn't auditted. DHCP isn't auditted. The FTP server, I'm fairly sure isn't auditted. Nothing they don't actually write themselves. If you install an OpenBSD machine on the internet and actually turn on services, you'll have just as many security problems as anyone running Linux. OpenSSH has it's fair share of security problems (written by pretty much the same people who wrote OpenBSD). Although with priveledge separation it should have even fewer problems that are actually exploitable to become root.

You entire post shows that you know very little about OpenBSD. Everything that is part of the base install is audited, and that includes programs like Apache httpd, BIND, Sendmail, DHCP and SSH. For the 3.6 release, the DHCP server and client underwent a major cleanup to improve security. In addition there are security enhancments as well (like privilege separation, chroot).

While it probably has a more secure kernel, most exploits out there in the world involve exploiting a user process that is running as root.

Very few deamons are running as root on OpenBSD. Most are running under their own unique, chrooted and privilege separated if possible.

The OpenBSD team has done alot to lessen the impact of exploits. Yes, even programs running on OpenBSD can be exploited, but there is a difference. An attempt to exploit a buffer overflow on OpenBSD is likely to just induce a crash, and thus not work.

Re:OSX

[vrai]

I'm waiting for someone to find a way of combining Mac and Nintendo zealotry with insulting Sony, Real, Microsoft, SCO, Sun, the whole concept of big iron computing over generic boxes, .NET, C++, Qt's windows license, and any form of DRM.

I honestly don't think Slashcode will be able to cope with 1e16 'Insightful' mods.