Re:How does NetBSD compare to OpenBSD?
on
NetBSD 2.0 RC5 Tagged
·
· Score: 4, Interesting
First, here are a few fundamental differences between the two operating systems, all the while I will list perceived pros and cons of NetBSD and OpenBSD in random spots.
OpenBSD broke from the NetBSD base over 9 years ago, that is nine years of code divergence in small ways even in the most similar of parts of the codebases.
NetBSD has a great deal of platforms that are supported, including architectures untouched by most other operating systems. OpenBSD supports only 14 platforms, with several discontinued ones as well. NetBSD's supported platforms however are not up to the same standard as OpenBSD's; OpenBSD requires that the port be compilable on it's given platform and many of NetBSD's cannot. This makes the overall codebase of NetBSD more portable and stable at the price of properly supporting it's platforms.
OpenBSD has in the past audited the codebase for it's entire system in order to remove as many programming errors as possible, this has lead to increased security as well as stability.
OpenBSD has in the past removed system tools and ports that it deems to be too insecure or bug ridden. NetBSD does not have this policy. Such as rlogin.
OpenBSD has in the past fought over licenses which they do not believe in having within their system; trying to relicense or replace code which does not conform with their level liberal code. NetBSD does not find this to be a priority. Such things include SSH/OpenSSH, IPF/PF, XFree86/X.org and GnuTAR/TAR.
OpenBSD integrates security minded protection into it's system whenever possible. NetBSD does not. Stack protection; stackghost on Sparc and propolice on I386 as well as taking them to other platforms in the future.
I honestly see no major pros to using NetBSD over OpenBSD on any of the overlapping platforms, but NetBSD is on more platforms.
No, from what I've seen Theo does not like people that use inferior software; that is why only sendmail is a part of the system, Theo supports sendmail.
Besides sendmail is the better mail transfer agent out there, so why would anyone need anything else?
I don't really look on people that do things I think foolish in a positive light, why would someone else?
You misunderstand me. I was saying your opinion expressed in your post was completely incorrect, not that you were making your opinion known to Theo.
Either way, you make it seem as though your MTA was not sendmail. If that is the case then Theo would likely look down on you for using an poorer program.
Well, I suppose Mach sits in the grey. It had parts of the BSD release taken and used to make a system around the kernel as well as code from BSD to make parts of the kernel (why reinvent the wheel), however it did not stay remotely in line with BSD, it went completely on it's own tangent.
The use of BSD tools in the system though is irrelevant; it is the kernel that is involved here.
To me it is like calling the last encombered BSD release a Unix, it really wasn't anymore. It's like calling Linux a BSD, it has bits, but is not a BSD as far as I am concerned.
Darwin is not made as a complete release, it just isn't. It needs additions to it to make it a complete system. GNU/Darwin and OpenDarwin aren't around as competing products to Apple's Darwin operating system. They are projects to complete and extend what Apple has released.
Not prejudice, just the way I have observed things.
No, you are completely wrong. In anything that deals with a product, you do not talk shit about the person in charge of the production of it.
If I am looking at various programming languages, I do not say that you should avoid using Python because the creator is a jackass (he isn't, but I simply picked a language to use as the example). I don't say that D is a great language and could easily replace C++ because it is vastly superior, but I think the creator is ugly so you should not use it (once again, just a random language).
Being told that you're an idiot by someone that is extremely smart does not make the one who is smarter than you suddenly evil; did you read up prior to making your opinion known? That is how most people get on Theo's bad side. I find that Theo is reasonable to everyone that is well informed and not just spewing uninformed opinions at him, perhaps looking into things before talking to a guy who is very busy would help you to stay on his good side.
Were you saying that OpenBSD's sendmail was not supporting some of the crap you like? You can always compile your own mail program if you want to.
Once again, your opinion is completely wrong. It is never correct to bring in the opinions of a person over another person when dealing with a product associated with that person.
This is one man spewing invalid opinions and using outdated information. He hits hard on NetBSD and OpenBSD as though they were evil or the spawns of some demon's loins.
He says of NetBSD, "...its desktop and production applications are so limited as to be nonexistent...," yet this is a foolish and downright insulting thing to say. Desktop applications are not dependant on Linux or FreeBSD as much as they are on X. The issue of production applications are a problem with companies, not the system itself. And even then there are means to emulate other systems to allow most programs for Linux to run on NetBSD.
Of OpenBSD he says: "Sticking with Intel and compatible chips is a safe bet as its Alpha and PowerPC ports are still in their infancy." I find this once again rediculous. The macppc and alpha ports are better than what FreeBSD has to offer and are pretty much comparable to the NetBSD ones (what with the code sharing). He also takes a personal slam at Theo de Raadt himself, not at all something to make his opinion more valid or acceptable.
Of Darwin he speaks as though it were a complete system and not an incomplete husk of one. He even calls it a Unix, while it is not. His views seem tainted and hazed by his own prejudices.
He does not even touch on DragonFlyBSD, a system which I find to be far more a BSD than Darwin considering Darwin uses Mach and not BSD for a kernel.
That one IT Director is incorrect in his analogy, a correct one would be a government medical agency hiring a scientist that designed a highly infections, but only annoying, virus and then set him to creating cures to other more dangerous viri.
I can see this happening, because if the man is skilled enough to design such a virus as viral as that, it is a good bet they can come up with ways to deal with similar viri.
A corresponding computer analogy to the one said one IT Director gave would be hiring a cracker that made a virus that burns out the computers and leaves them entirely a pile of ash. I have yet to see that one, though it would be pretty cool.
I prefer ftp; the one supplied with OpenBSD is able to do ftp and http and it is so much nicer than the one that comes with the Redhats. The guys that did the revamping of the OpenBSD ftp deserve some mad props.
As we were discussing OpenBSD in this article, the good exploit you refer to is a buffer overflow, I will point out that such buffer overflows don't work on OpenBSD. They just kill the daemon off. That's what the stack protection in OpenBSD is for.
Yet you first need to be using a user that is in the wheel group to make use of this *1* password, if the user you are already logged in as is not in wheel you cannot become root. So instead it is that you need *2* passwords and that *1* of them must be to a user with specific permisssions.
Even then, you need to know the name of the first user that is in wheel before you can get in and try to become root.
I am not seeing a security problem, because it is not a single point of failure as you describe.
I think it is supposed to be for more equality and fairness between Linux and BSD.
There is a Redhat, Debian, SuSE, Novell and Caldera icon, then there is a BSD icon. I'd think would it nice to have a Horde, Charlie, Puff and Fred icon for these guys.
pdksh currently has the ksh88 usability as well as additions. It can function in the same way as ksh88 if you want, or it can function like pdksh (and depending on what operating system you are using it will have different default behaviour if a package or part of the base).
Nothing is perfect, but for a shell it has all the functionality anyone really needs. I have seen people asking before on mailing lists why BSDs don't have bash as the default, all Linux users checking it out and curious I guess. But that has always made me equally curious, why do people assume they need it? For a.bash script I can understand needing bash, but I cannot see why everyone asks about it for the default shell.
Why do you feel you need bash as the default, or even the shell used on this system? pdksh has almost all the functionality; it has all the useful functionality.
Just noticed I messed that up, this makes more sense.
Sorry to break it to you, but zebra is hardly a
good daemon. It acted up regularly on the boxes we had them on, enough network issues were caused by it that we are in the process of removing it from the machines and just using regular routing.
It would randomly remove ip addresses from 'routers' and change their block sizes other times. Hardly something an ISP wants on their network.
There is a good reason it has not reached 1, that implies stability.
Sorry to break it to you, but zebra is hardly a good daemon. It acted up regularly on the boxes we had them on, enough network issues were caused by it that we are in the process.
It would randomly remove ip addresses from 'routers' and change their sizes other times. Hardly something an ISP wants.
There is a good reason it has not reached 1, that implies stability.
You say fragmentation is bad, yet it seems to be working well so far for Linux distrobutions and other projects.
How many 'user-friendly' Linuxes do we have? How many of those are just Redhat? How many are just Debian? You speak of splitting the community being bad, yet the Linuxes seem to devide more rapidly than cancer, and it looks to be working for them.
How many webservers are there? How many mail servers? DNS servers? I am not talking about how many are popular, I am talking how many are out there. There are a great many, and increasing in number all the time. How greatly hurt has sendmail been by the creation of qmail and postfix?
Honestly, I would prefer that people like the ekkoBSD, MirBSD and MicroBSD Projects just contribute to OpenBSD instead of going off on their own, but it isn't hurting OpenBSD. I don't see NetBSD being dead because OpenBSD was started. I hardly see DragonFlyBSD killing FreeBSD.
I don't really like this kind of contstant trolling on about the BSDs on Slashdot, considering things like OpenSSH, CARP and now OpenBGPD and OpenNTP come out of just one of these projects, you'd think that Linux fans would like them more.
Hardware isn't the only thing that uses a six month production cycle, OpenBSD has been doing it for a while now.
Honestly, technology does advance fast enough in some fields to support this kind of cycle. It's kind of hard to do it in a more matured area, like automobiles or household appliances, but when the technology behind digital cameras is constantly improving it only makes sense to push it out quickly; before that new technology is made obsolete.
Why the hell did you post this on a movie related article? The least you could do is make it in some way relevent. Why not say the first eleven people to eloquently bash the MPAA gets one?
And how big is your kernel? Does your compiler use stack protection? Perhaps your kernel is smaller and your compiler faster, though I don't think your hardware was faster.
Theo would love the plan9 compiler, if it wasn't so poorly licensed.
I don't really see any reason to have brought up the plan9 c compiler really, it's a dead issue until the owners actually open it up.
I agree, Dillon looks to be making serious work and serious progress with DragonFly, whereas Micro, Mir, ekko and Pico all appear to be goalless, understaffed and the staff they have do not seem to be as talented as the likes of Dillon or de Raadt.
The way I see it there are still going to be only three major BSDs though:
FreeBSD, the way I see it at least, will eventually be an ix86/amd64 only system with everything Linux does in it as well. Definately good for cheapservers right now, headed more for the desktops and laptops.
DragonFlyBSD, as ever as I see it, takes the servers. The direction they are heading in is likely to be some damned good SMP, something that would be great for a server.
OpenBSD, still how I see it, will continue expanding into the trenches of ISP warfare. They're solid and perform well, they are soon going to be able to completely replace a Cisco and they are devoted to making the system as secure as possible.
Now, what of NetBSD you say? I say that they are slowly loosing appeal, many of their supporters call Net equally as secure as Open, but it's not. The system runs on damned near everything, but why? Who is running a Dreamcast or Atari? Any significant platforms supported by Net can be ported to Open. I think that Net will eventually die out, gloomy as it is, the goal of being on every platform is hardly a thing to unite a project in my mind. Though, as I've said a few times as a chant against flamming, that is just my opinion.
Slashdot Mirror
OpenBSD broke from the NetBSD base over 9 years ago, that is nine years of code divergence in small ways even in the most similar of parts of the codebases.
NetBSD has a great deal of platforms that are supported, including architectures untouched by most other operating systems. OpenBSD supports only 14 platforms, with several discontinued ones as well. NetBSD's supported platforms however are not up to the same standard as OpenBSD's; OpenBSD requires that the port be compilable on it's given platform and many of NetBSD's cannot. This makes the overall codebase of NetBSD more portable and stable at the price of properly supporting it's platforms.
OpenBSD has in the past audited the codebase for it's entire system in order to remove as many programming errors as possible, this has lead to increased security as well as stability.
OpenBSD has in the past removed system tools and ports that it deems to be too insecure or bug ridden. NetBSD does not have this policy. Such as rlogin.
OpenBSD has in the past fought over licenses which they do not believe in having within their system; trying to relicense or replace code which does not conform with their level liberal code. NetBSD does not find this to be a priority. Such things include SSH/OpenSSH, IPF/PF, XFree86/X.org and GnuTAR/TAR.
OpenBSD integrates security minded protection into it's system whenever possible. NetBSD does not. Stack protection; stackghost on Sparc and propolice on I386 as well as taking them to other platforms in the future.
I honestly see no major pros to using NetBSD over OpenBSD on any of the overlapping platforms, but NetBSD is on more platforms.
AMD doesn't make their own wireless.
No, from what I've seen Theo does not like people that use inferior software; that is why only sendmail is a part of the system, Theo supports sendmail.
Besides sendmail is the better mail transfer agent out there, so why would anyone need anything else?
I don't really look on people that do things I think foolish in a positive light, why would someone else?
You misunderstand me. I was saying your opinion expressed in your post was completely incorrect, not that you were making your opinion known to Theo.
Either way, you make it seem as though your MTA was not sendmail. If that is the case then Theo would likely look down on you for using an poorer program.
Well, I suppose Mach sits in the grey. It had parts of the BSD release taken and used to make a system around the kernel as well as code from BSD to make parts of the kernel (why reinvent the wheel), however it did not stay remotely in line with BSD, it went completely on it's own tangent.
The use of BSD tools in the system though is irrelevant; it is the kernel that is involved here.
To me it is like calling the last encombered BSD release a Unix, it really wasn't anymore. It's like calling Linux a BSD, it has bits, but is not a BSD as far as I am concerned.
Darwin is not made as a complete release, it just isn't. It needs additions to it to make it a complete system. GNU/Darwin and OpenDarwin aren't around as competing products to Apple's Darwin operating system. They are projects to complete and extend what Apple has released.
Not prejudice, just the way I have observed things.
No, you are completely wrong. In anything that deals with a product, you do not talk shit about the person in charge of the production of it.
If I am looking at various programming languages, I do not say that you should avoid using Python because the creator is a jackass (he isn't, but I simply picked a language to use as the example). I don't say that D is a great language and could easily replace C++ because it is vastly superior, but I think the creator is ugly so you should not use it (once again, just a random language).
Being told that you're an idiot by someone that is extremely smart does not make the one who is smarter than you suddenly evil; did you read up prior to making your opinion known? That is how most people get on Theo's bad side. I find that Theo is reasonable to everyone that is well informed and not just spewing uninformed opinions at him, perhaps looking into things before talking to a guy who is very busy would help you to stay on his good side.
Were you saying that OpenBSD's sendmail was not supporting some of the crap you like? You can always compile your own mail program if you want to.
Once again, your opinion is completely wrong. It is never correct to bring in the opinions of a person over another person when dealing with a product associated with that person.
This is one man spewing invalid opinions and using outdated information. He hits hard on NetBSD and OpenBSD as though they were evil or the spawns of some demon's loins.
He says of NetBSD, "...its desktop and production applications are so limited as to be nonexistent...," yet this is a foolish and downright insulting thing to say. Desktop applications are not dependant on Linux or FreeBSD as much as they are on X. The issue of production applications are a problem with companies, not the system itself. And even then there are means to emulate other systems to allow most programs for Linux to run on NetBSD.
Of OpenBSD he says: "Sticking with Intel and compatible chips is a safe bet as its Alpha and PowerPC ports are still in their infancy." I find this once again rediculous. The macppc and alpha ports are better than what FreeBSD has to offer and are pretty much comparable to the NetBSD ones (what with the code sharing). He also takes a personal slam at Theo de Raadt himself, not at all something to make his opinion more valid or acceptable.
Of Darwin he speaks as though it were a complete system and not an incomplete husk of one. He even calls it a Unix, while it is not. His views seem tainted and hazed by his own prejudices.
He does not even touch on DragonFlyBSD, a system which I find to be far more a BSD than Darwin considering Darwin uses Mach and not BSD for a kernel.
Am I the only one that suddenly thought that Maxis had finally gone too far in it's crazy game ideas when they first skimmed the title?
That one IT Director is incorrect in his analogy, a correct one would be a government medical agency hiring a scientist that designed a highly infections, but only annoying, virus and then set him to creating cures to other more dangerous viri. I can see this happening, because if the man is skilled enough to design such a virus as viral as that, it is a good bet they can come up with ways to deal with similar viri. A corresponding computer analogy to the one said one IT Director gave would be hiring a cracker that made a virus that burns out the computers and leaves them entirely a pile of ash. I have yet to see that one, though it would be pretty cool.
I prefer ftp; the one supplied with OpenBSD is able to do ftp and http and it is so much nicer than the one that comes with the Redhats. The guys that did the revamping of the OpenBSD ftp deserve some mad props.
As we were discussing OpenBSD in this article, the good exploit you refer to is a buffer overflow, I will point out that such buffer overflows don't work on OpenBSD. They just kill the daemon off. That's what the stack protection in OpenBSD is for.
Even then, you need to know the name of the first user that is in wheel before you can get in and try to become root.
I am not seeing a security problem, because it is not a single point of failure as you describe.
As I said, that is how I interpreted his post, may not be what he actually means, but I agree with what I think he said.
There is a Redhat, Debian, SuSE, Novell and Caldera icon, then there is a BSD icon. I'd think would it nice to have a Horde, Charlie, Puff and Fred icon for these guys.
Nothing is perfect, but for a shell it has all the functionality anyone really needs. I have seen people asking before on mailing lists why BSDs don't have bash as the default, all Linux users checking it out and curious I guess. But that has always made me equally curious, why do people assume they need it? For a .bash script I can understand needing bash, but I cannot see why everyone asks about it for the default shell.
Why do you feel you need bash as the default, or even the shell used on this system? pdksh has almost all the functionality; it has all the useful functionality.
OpenBSD comes with lynx by default.
Just noticed I messed that up, this makes more sense. Sorry to break it to you, but zebra is hardly a good daemon. It acted up regularly on the boxes we had them on, enough network issues were caused by it that we are in the process of removing it from the machines and just using regular routing. It would randomly remove ip addresses from 'routers' and change their block sizes other times. Hardly something an ISP wants on their network. There is a good reason it has not reached 1, that implies stability.
It would randomly remove ip addresses from 'routers' and change their sizes other times. Hardly something an ISP wants.
There is a good reason it has not reached 1, that implies stability.
How many 'user-friendly' Linuxes do we have? How many of those are just Redhat? How many are just Debian? You speak of splitting the community being bad, yet the Linuxes seem to devide more rapidly than cancer, and it looks to be working for them.
How many webservers are there? How many mail servers? DNS servers? I am not talking about how many are popular, I am talking how many are out there. There are a great many, and increasing in number all the time. How greatly hurt has sendmail been by the creation of qmail and postfix?
Honestly, I would prefer that people like the ekkoBSD, MirBSD and MicroBSD Projects just contribute to OpenBSD instead of going off on their own, but it isn't hurting OpenBSD. I don't see NetBSD being dead because OpenBSD was started. I hardly see DragonFlyBSD killing FreeBSD.
I don't really like this kind of contstant trolling on about the BSDs on Slashdot, considering things like OpenSSH, CARP and now OpenBGPD and OpenNTP come out of just one of these projects, you'd think that Linux fans would like them more.
Honestly, technology does advance fast enough in some fields to support this kind of cycle. It's kind of hard to do it in a more matured area, like automobiles or household appliances, but when the technology behind digital cameras is constantly improving it only makes sense to push it out quickly; before that new technology is made obsolete.
Shit man, it's kinda hard to be more off topic.
Theo would love the plan9 compiler, if it wasn't so poorly licensed.
I don't really see any reason to have brought up the plan9 c compiler really, it's a dead issue until the owners actually open it up.
The way I see it there are still going to be only three major BSDs though:
FreeBSD, the way I see it at least, will eventually be an ix86/amd64 only system with everything Linux does in it as well. Definately good for cheapservers right now, headed more for the desktops and laptops.
DragonFlyBSD, as ever as I see it, takes the servers. The direction they are heading in is likely to be some damned good SMP, something that would be great for a server.
OpenBSD, still how I see it, will continue expanding into the trenches of ISP warfare. They're solid and perform well, they are soon going to be able to completely replace a Cisco and they are devoted to making the system as secure as possible.
Now, what of NetBSD you say? I say that they are slowly loosing appeal, many of their supporters call Net equally as secure as Open, but it's not. The system runs on damned near everything, but why? Who is running a Dreamcast or Atari? Any significant platforms supported by Net can be ported to Open. I think that Net will eventually die out, gloomy as it is, the goal of being on every platform is hardly a thing to unite a project in my mind. Though, as I've said a few times as a chant against flamming, that is just my opinion.