Slashdot Mirror
Are the BSDs Dying? Some Security Researchers Think So (csoonline.com)
itwbennett writes: The BSDs have lost the battle for mindshare to Linux, and that may well bode ill for the future sustainability of the BSDs as viable, secure operating systems, writes CSO's JM Porup. The reason why is a familiar refrain: more eyeballs mean more secure code. Porup cites the work of Ilja von Sprundel, director of penetration testing at IOActive, who, noting the "small number of reported BSD kernel vulnerabilities compared to Linux," dug into BSD source code. His search 'easily' turned up about 115 kernel bugs. Porup looks at the relative security of OpenBSD, FreeBSD and NetBSD, the effect on Mac OS, and why, despite FreeBSD's relative popularity, OpenBSD may be the most likely to survive.
I won't believe it until Netcraft confirms it!
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
It is now official. Netcraft has confirmed: *BSD is dying One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test. You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying. Let's keep to the facts and look at the numbers. OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts. Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house. All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
So, um, does Netcraft confirm it?
...until Netcraft confirms it!
I think that this is a laughable idea. The *BSDs have the best mindshare possible. They have the mindshare of the most intelligent and forward-looking software developers, IT specialists, and executives.
Linux's mindshare is closer to that of Windows. It's not so much based on technical excellence or intelligence or foresight as it is based on hype and name recognition.
The mindshare that the *BSDs have is the best there is.
More like lin-sux is dying. Just look at the recent developments with failing SystemD and failing WaylanD. All the effort being put into lin-sux and it is going nowhere fast. Security failures, performance failures and a hyper religious adherence to communistic GPL license makes lin-sux obsolete. Super low energy.
I'd be more concerned about the effects of systemd on the Linux distributions. :)
The whole world does NOT revolve around accountants and their twisted view of progress.
n/t
There. Fixed it for you.
This post is the slashdot equivalent of pouring chum into shark-infested waters. Have fun trolling!
While not an "official" BSD, OS X is based on NeXT which is based on BSD and it uses the MACH kernel.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The authorities here on Slashdot have repeatedly said that right now was the golden age of BSD due to Debian's adoption systemd. There are no Linux users left. BSD is the only system that remains in widespread use.
FreeBSD is from 1993, when the potential number of eyeballs was just a fraction of what it is today: the world. Some kid in China who wasn't online in 1993, could be their next contributor. Even if their market share has gone done, the number of users has gone up dramatically.
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who put security first and foremost.
You could have two million "eyeballs" of offshore "programmers" in India looking at some code, and it will likely still end up being much less secure than code doing the same work but written by a couple of OpenBSD's developers.
Code quality doesn't come from the quantity of people looking at it. Code quality comes from the quality of the people working on it.
"Some" researchers are saying the BSDs are dying so it must be true, huh? "Read it on the internet, hot damn, must be true then." Bullshit! The BSDs have a large community that is passionate about their choice of operating system. I have been using OpenBSD since 1998 and I will only stop using it once the community completely collapses, development ceases, and the foundation folds. The day that happens, I will have to find another hobby altogether and just keep a smartphone and tablet handy. Learning and using OpenBSD has made me far more knowledgeable about computers, operating systems, networks, and security than any other platform out there. If it weren't for my college roommate introducing me to OpenBSD, I believe I would just be another Microsoft wanker. OpenBSD taught me how the internet works and opened a wealth of knowledge. OpenBSD turned me from a computer power user into a true System Administrator. Ever since that day when I asked my roommate just what the heck OpenBSD was, my life would never be the same.
Linux really doesn't have very high standards. The core Windows OS has higher standards.
Fix buggy pwrite(). There's a reason pwrite() to a file opened in append mode is supposed to go to the offset specified in the pwrite() call and not be appended to the end of the file like Linux does: so you have the option of doing atomic writes to a file that are either at the end or at the offset you specify.
Make fork() async-signal-safe like POSIX requires. Don't try to lobby the POSIX committee to remove fork() from the list of async-signal-safe functions because unthinking glibc developers added pthread_atfork() handlers to glibc itself, thus breaking fork(). Other OSes treat failure to meet POSIX as a bug, not a reason to try to lower the standards you have to meet.
Fix the God-awfully broken AUTH_SYS implementation that randomly picks which of your groups up to the max specified in RFC 5531 get used for authentication. If you're in more groups than the 16 that the RFC allows, Linux just silently truncates the list. Today you can access your files, tomorrow you can't! What a shithead implementation.
I used NetBSD long time ago and it was clean and fast. But now it is clean, fast and very very outdated. Almost no new features, no hardware support (despite "ofcourse it rns NetBSD"). It is as good as dead now, sadly :(
If it dies, he will have to go back to commenting on ESR’s poops!
The summary doesn't make a clear distinction...
> Darwin was based on Linux.
Obvious troll is obvlivious...
Yep, those cloud environments will be self sustaining on hopes and dreams, and never need anyone with experience in UNIX to touch them. Cloud services run on what, Windows Server yeah? NO. WORRIES. /s
IMO:
BSDs have a superior architecture in many respects. This is especially true since the systemd takeover.
Administration on BSD servers just makes more sense. Linux seems to be all over the map. I think there are over 1000 Linux distros. Many distros want to change around the directory structure. Simple things, like starting services on bootup, and setting up static IP, become difficult with Linux because everybody wants to pull Linux in different direction - often for no good technical reason.
Linux certainly has advantages over BSD. But I think BSD gets a lot of stuff right.
Again: all JMHO.
You remind me of those Firefox fanatics who claim that "Firefox is doing great", while at the same time Firefox's market share has dropped from 35% down to under 5%, Firefox's few remaining users are dreading each new release, and these users are expressing extreme displeasure with the direction Firefox is taking. Each release some of the last remaining users end up moving to some other browser, further decreasing Firefox's market share. Despite it being blatantly obvious that Firefox is sinking, fanatics like you keep on claiming that "all is good", thus accelerating the process of Firefox's eventual demise.
We are seeing the same thing happen to Linux. Systemd has been disastrous. Wayland has been disastrous. GNOME 3 has been disastrous. PulseAudio has been disastrous. NetworkManager has been disastrous.
Projects like those have ruined the reliability of Linux for so many users, as evidenced by the many bug reports and other complaints we've seen from users about them. We've also seen a distro like Debian, which was once the most cohesive and user-oriented Linux distro, pretty much torn apart by the strife that systemd caused within the Debian community. Now we see a shrinking, dying Debian project, along with offshoots like the amateurish Devuan project and other efforts to undo the damage that systemd caused to Debian GNU/Linux.
Then there are developments like Google's Fuchsia, which might very well remove Linux from the Android scene. This is important because Android is one of the few situations where the Linux kernel sees any significant usage.
Closing your eyes and covering your ears won't change the fact that recent developments within the Linux ecosystem are ruining the Linux experience for many of its users, and these users are now seeking alternatives. Some are going to Windows. Some are going to macOS. Some are going to the *BSDs. Regardless of what OS they move to, the important thing to remember is that they're no longer using Linux.
Linux's death will be a lot like Firefox's. It won't happen overnight. It will be a long, drawn-out process over the course of 5 to 10 years. Smart people already see what's happening, and that's why they're abandoning Linux as soon as they can. Now, not everybody is smart, of course. There are people like you who will deny the obvious right up until the very end. Then you'll be shocked when you finally realize what almost everybody else realized far earlier.
First off, I submit that BSD is finding its home in appliances. FreeNAS and pfSense are both fairly popular, and both BSD based. Commercially, the Nintendo Switch is based on BSD, and Cisco, McAffee, and Juniper all have appliances using BSD at their core. Also, as others have pointed out, OSX.
That said, there are so many copy/paste tutorials for Debian and its derivatives like Ubuntu and Raspbian. With BSD lagging behind severely, for every person who prefers BSD and can successfully use it to do what they need, there are five more less-technical users who are able to fall into the pit of success with a Bitnami or Turnkey Linux distribution.
BSD may well be superior for certain tasks, especially networking, but the fact of the matter is that expecting BSD to simultaneously be competitive in the numbers game against Linux when Linux has an ecosystem which BSD lacks. That ecosystem encourages users looking to get something done to use that product, rather than adhere to principles which otherwise have little effect on them. I know systemd is hated in these parts, almost universally, but if I need to spin up a Wordpress instance, it takes me ten minutes to grab Turnkey Linux and start addding my content, rather than the half hour or more it would take to spin up BSD, manually install an AMP stack, figure out the BSD equivalent of /var/www, Google all the MySQL commands to create the database at the CLI since I don't have Adminer or phpMyAdmin to do it, and then add Wordpress. As a non-developer and non-distributor, the BSD vs. GPL vs. MIT license situation affects me very little, so the fact that both Debian and BSD are free-as-in-beer means that they compete on how much of my time they take to spin up.
This is why I use pfSense and FreeNAS. It's also why most of my appliances are Turnkey Linux based.
BSD Obituary
BSD, 28, of Berkeley, CA died Monday, Sept. 19, 2005. Born July 3, 1976, it was the creation of a cluster of pot-smoking hippies who went to Illinois and came home with a reel of tape. Rather than smoke the tape, they uploaded it and hacked on it a little.
BSD was known for its C shell and early TCP/IP implementation. After being banished from UC Berkeley, it was ported to the x86 platform, where it fell into the hands of heavier pot-smokers who liked to argue. Soon, the project had splintered into 12 different Balkanized projects. Until its death, there was almost constant fighting in and amongst these groups, sometimes degenerating into out-and-out fistfights.
BSD is survived by its superior, Linux, as well as several commercial unix implementations. It may be missed by some who knew it, although most of them are said to be mere OS dilettante dabblers.
A funeral will be held at 2 p.m. Thursday, Sept. 22, at the Berkeley Chapel on the UC campus, with interment to follow via the burning of the original *BSD tapes and scattering of the ashes over the San Francisco Bay. The Rev. Lou "Buddy" Stubbs will officiate.
The family will receive friends from 7 to 8 p.m. Wednesday, Sept. 21, at the funeral home.
It's not like BSD users go around saying "I run BSD" or that they leave ports open so that they can be electronically surveyed.
My SNES Classic runs BSD. Lots of routers, firewalls and NAS devices run BSD.
The thing with BSD is it gets professionally used, not professionally blogged. Maybe BSD should consider a marketing team is it's really an issue for them.
Clickbait.
My FreeBSD hard drive died on me a couple of month ago, and I haven't been able to replace it yet. I really need to get to that though, because being on Linux for my primary desktop at home has been annoying the h*** out of me. FreeBSD is what I'm used to, it's what I prefer, and I really, really want to get back to it soon.
Maybe not totally, but for normal users? with cloud options being more and more useful, secure, simple to implement and overall better, the day of bearded uber geeks bashing away at command lines and grunting indecipherable phrases while wheezing heavily and forgetting to bathe is drawing to a close. And I, for one, am happy about it.
Wrong! We shower, shave, and speak more clearly now days. I've yet to move out of the basement though.
It's only failing is lack of Widevine support (no streaming videos.) Otherwise works great for everything.
Once again, the better, superior product is being outdone by the inferior, crappy one.
The BSDs don't need a marketing department because the BSDs don't really care if you use them.
The BSDs are developed primarily for BSD users. If they fit your needs and you can use them, then great. If not, and you don't, then that's great, too.
The more developers, the ore eyeballs that can find bugs. But a larger developer based is also much, much more difficult to coordinate and work with.
While i'm sure that Ilja van Sprundel is surely right that the discrepancy in number of kernel bugs between linux and BSD can be attributed to less developers looking at the code, i don't think that is the only reason and in his research doesn't seem to entirely prove his point.
More eyeballs means more scrutiny but it also means more chaos (chaos used here in the lay man sense of the word). I think the truth lay somewhere in the middle, less issues are found but less issues are created.
I don't know if BSD systems are here to stay or not, but i'm sure their end has been prophetized many times before, yet they are still around...
is that YOU again??
You should read up about the Shellshock bug that affected bash.
Once you do that, you'll learn that it was present in bash back in 1989.
When it was finally publicly announced in 2014, the bug had been present for around 25 years!
We aren't talking about an obscure piece of software here, either. Bash is probably among the most widely available and used open source software projects out there, and has been like this for a long time.
Brag about your "global oversight committee" all you want. It's clear that all of your beloved "eyeballs" couldn't find a very serious bug in one of the most widely used open source software applications.
If major bugs are overlooked in a project as significant as bash for a quarter of a century, then the situation is far worse for pretty much every other open source project out there.
All of these claims about "millions of eyeballs" are nonsense.
You know, some 20 years ago, I used to be a huge supporter of FreeBSD. I swore by the OS, and wouldn't touch anything else. A diehard fanboi. Then I asked for help with some legacy hardware and discovered the hostile elitism of BSD community.
They basically told me to make my own drivers and to fuck off. Yeah, not very helpful. I switched to Linux cuz it worked with my legacy hardware and never looked back.
Today I have zero respect for *BSD people and software. They can jump off a cliff and I'd just smile. I would sooner touch a Mac than a *BSD system. Treat people like shit, they might just be totally alienated from your offerings.
From Netcraft's September 2017 web survey:
...to get you to use OpenBSD.. because it's the BSD "Distro" that has the most government backdoors in it. https://www.cnet.com/news/report-of-fbi-back-door-roils-openbsd-community/
Xlock reveals screen when waking from SUSPEND.
How can Linux be secure when you can see what is on screen for a second
before the system completely wakes up from Suspend mode and engages
the lock screen?
There's a reason why companies use/used Solaris and Windows.
They can meet FIP standards, Linux can't.
Don't forget:
http://www.openbsdfoundation.org/
Left for Linux due to the fact that EC2 only supported it at the time (2005). Thank god those days are over. .. never going back
"BSD is a whore, who deserve to be f**ked and dropped"
I realize you are joking, but it's interesting that Linus is using Fedora, which was one of the first distros to switch to systemd, meaning he was one of the early systemd adopters.
Linus needs to use something with a lot of the popular bells and whistles, at least part of the time, so he can see what's fouled up. B-)
That means he needs to run some really baroque stuff - the better to keep it from being totally broke(n).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Yes, handicapped people need cars adapted to their handicap. Should everyone be forced to drive a car built for a quadriplegic?
... when you don't have the FreeDesktop or SystemD crowd, solving trivial projects in the most complex way to deal with weird use cases nobody has.
The Unix philosophy was meant to achieve a lot with little effort, and that's gradually getting lost on Linux.
Skill of the people, times number of skilled people.
Duh.
Dear Americans, please take a look at yourselves, and how you always fall for the binary thinking. Because as an outsider, it's very obvious and very obvious that this is harming you.
Whenever something like this arises, expand from (X XOR Y) to [X, Y, X&Y, null, unknown].
Then expand it from discrete to continuous, so that there's a gradient between all of it. With every value blurred into a Gaussian distribution or wavelet.
After that, expand from this one dimension to n dimensions. With both orthogonality and intensity of each dimension as factors.
Finally, turn the static set of values into a multi-dimensional function, parametrized by the context. (Like spacetime, resources, information, personality, etc.)
Then write your comment.
That way, we all can actually benefit from it, instead of fighting pointlessly, when everyone of us has in common, that we want to improve things (from our own POV, of course... which will be said context).
More eyeballs don't make bugs shallow, it's an old myth. Many OSS programs have in order of magnitude more bugs than the proprietary counterparts. BSDs may have less people but those people are much more professional and organized than most of the Linux developers. BSD kernel's and core libraries' implementation is consistent, tested and well thought whereas Linux is a mess resulted from itch scratching, changing for the sake of change, reinventing wheels etc. Sure, Linux gets new features faster but when they arrive in BSDs, they'll be rock solid. Companies such as Netflix who want very reliable servers use BSD. Even Google wants to abandon Linux kernel and replace it with Zircon.
You're deluded. In the real commercial world, Linux has never been stronger. Red Hat continues to grow (60 quarters of consecutive growth). No business of any significance are switching Linux servers to BSD or Windows.A few twats on /. moaning about systemd and pulseaudio continually is meaningless.Windows 10 is even driving some diehard Windows users to Linux to escape spyware and forced reboots. BSD is a sideshow.
Here is an article worth reading that explains that "The first person that should solve that issue, the one you wrote, should be no other than yourself."
Let me also share with you a few names behind well-known open source projects: Poul-Henning Kamp (FreeBSD, Varnish Cache) runs his own independent consulting business, Paul Vixie (Cron, BIND) likewise, Wietse Venema (TCP wrapper) was employed at Eindhoven, Daniel J. Bernstein (ed25519, qmail) was a professor also at Eindhoven. In all cases, they are paid to write the code either by a client or as part of their jobs. They shared the code in case it's useful for others.
The free in open source does not mean gratis, you know. So put money where your mouth is.
I once had a signature.
Very well put. Those are my feelings exactly.
Based on what I have read of previous discussions, though the user may add third-party kernel modules under an incompatible license to a private installation, a distributor is not allowed to distribute the combination. This is why third-party kernel modules available separately cannot be included in an install image distributed to the public, as the distributor of an install image has to distribute the combination.
Fragmentation of the BSD's as some guys decided to fork from FreeBSD and show off their "own" OS
Netflix runs on FreeBSD right now. It's awesome code. Documentation is there. It needs to be there it rocks.
PlayStation 4 is also FreeBSD 9.
c'mon troll editors. gfy