Freenix Flavors (Three Demons and a Penguin)

By Jeffrey Carl

Boardwatch Magazine
Boardwatch Magazine, November 1999

Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.

Hi there, and welcome back to the industry’s 216th most influential Unix column. Over the next few months, we’ll be taking an in-depth look at each of the various Freenixes and why your ISP may want to consider them. But right now, it’s time to get familiar with the four big players. How can you tell the Freenixes apart, and which of them is right for your ISP?

BSD Unix, having grown out of work on the original AT&T Unix code at UC-Berkeley, has been around for about 20 years. Only in the early-to-mid 1990s (after a series of nasty lawsuits) was the BSD project’s code freed up for use in free Unixes. The BSD development model centered around a “core group” that handled work on the code, and the free BSD Unix movement quickly splintered into three main groups, each with a different focus.

The BSD groups tended to disdain the pseudo-Leninist rantings of Richard Stallman’s  GNU/TAISR (GNU’s Not Unix/This Acronym Isn’t Self-Referential) camp, and used the “BSD” software license, which held sort of a middle ground between commercial software and free software. The BSDs attracted a following of (relatively) old-school sysadmins and hackers – the sort of people who generally disdain pine and elm as “too user friendly.” Partially as a result, development for these OSes tended towards optimizing them for server use, and neglecting support for consumer-oriented devices (like IDE drives, fancy video cards, etc.).

Meanwhile, a Finnish computer science student, Linus Torvalds … blah blah blah. I’ll skip this part, since if you haven’t heard the story of Linux already, you probably should put down Boardwatch and go pick up a copy of the Yahoo! Internet Life special edition on how to turn off your computer safely. Anyway, Linux’s development model encouraged code warriors and wackos alike to develop for the OS under the GNU Public License (GPL), and attracted the loving attention of the GNU project itself. Before long, Linux had emerged with a big stack of available software, and a large corps of devoted developers. Its more decentralized model not only encouraged people to write drivers for consumer (rather than server) oriented devices, but also bred a following of experienced admins as well as young geeks-in-training. Therein lay the difference. 

These young Linux zealots were, by and large, the force that popularized Linux. They had a fanatical love for their OS that was unmatched except for Macintosh users (who, during the mid ‘90s, had largely retreated to living in caves and praying for someone to port a game to their OS besides Solitaire). Linux became cool . Zealous advocates led to press coverage, which led to more developers, which led to better code and greater device support, which led to more new and more fanatical users … leading to the Linux love-fest currently underway. 

So, where were the BSDs? Generally, they quietly went about their way, still running their servers and occasionally poking their heads in on Linux-advocacy-oriented (but useful to all *nix users) news site Slashdot.org, offering “(Score 1: Insightful)” comments and not rocking the boat. FreeBSD reacted to the surge in Linux development with remarkable grace, building in a Linux binary compatibility module and sidestepping a potential war over developers. But lately, some BSD users have started agitating for more attention to the BSDs … and BSD partisans have become bolder about advocating their *nix of choice.

For the three or four of you who are still reading, let’s take a dive into each of the various Freenixes:

Linux: The World’s Most Popular Unix

Focus: Unix everywhere, for everyone, as both a server OS and a desktop OS.

Platform/CPUs: You name it. I’m surprised they don’t have an Atari 2600 port yet. 

What’s Good for ISPs: If you’re relatively new to Unix, if you’re after ease of use, or if you’re looking for an Internet server platform that can run on almost any hardware and offers a wide range of cool applications, Linux is your choice.

Of all *nixes, Linux is the most oriented towards ease of use and administration. Linux has the widest user base, and the most active development community – meaning that a lot of new device drivers and third-party applications will be out for Linux first (and maybe only for Linux). Linux’s heavy consumer usage has also led to its being the *nix for cool new free graphical shells (like KDE or GNOME/Enlightenment) and administration utilities. Fruits of this wide developer base (both commercial and free) include excellent solutions for dialup authentication, webserving (including third-party ASP support, Real and QuickTime streaming, Cold Fusion, etc.), mail servers, commercial database packages, firewalls, AppleTalk or SMB networking, security tools and others. Linux is gradually joining Solaris as “the” Unix for commercial developers.

Linux has the most support options, as well. In addition to the usual free online user community support, many Linux distributions offer installation and technical support (for example, if you pay $90 for convenient Red Hat install CDs, they’ll give you 30 days of installation support and 90 days of technical support). There is an abundance of books about installing, running and administering Linux. Of all Freenixes, Linux is also the most “ready for prime time” in terms of corporate deployment: a number of companies from Red Hat to LinuxCare offer enterprise-ready tech support packages. Plus, with its press coverage, and vendors from Intel to IBM standing behind Linux, it’s closest to being the Freenix that is easiest to explain to your “cloobie” boss.

But Linux isn’t just for new users. Linux is second only to (yech) Windows NT in terms of tuning for high-end multiprocessor systems. It’s a safe bet that there will be a solid Linux for Intel’s IA-64 architecture before 64-bit NT is even in public beta. And Linux’s wide developer base makes it likely to catch up rapidly in those performance areas where it’s currently behind.

What’s Bad for ISPs: Linux may be spreading itself thin.

The more devices you try to support with an OS, the fatter (and more bug-prone) your code becomes and the more your stability is likely to suffer. Of course, the open-source, open-development nature of Linux is designed to fix these bugs quickly; but it’s still an issue. It’s relatively easy with Linux to pare down your kernel (the “core” OS software that interfaces between the hardware and applications) to support only the devices and services you need. But a default installation is likely to contain more than you need – and the inexperienced users Linux is most popular with are the least likely to be able to properly configure their OS. And the time spent by developers on writing a driver so that Linux can use 5 1/4” floppy drives is time that theoretically might have gone towards tuning it better for more common uses.

Also, the wide variety of Linux distributions can sometimes make software installation confusing. All Linux distributions are based on one of the “Linus-approved” stable kernels; but the specific kernel (and version of the code libraries to support applications) they include sometimes vary widely. Some distributions (most notably Red Hat) are more anxious to move to upgraded (and potentially less stable) versions of these libraries than others. Some Linux software is beginning to appear which is dependent upon (or at least tuned to) a specific distribution, fragmenting the Linux community.

The much-vaunted user-friendliness of Linux is also a relative term. Compared to MacOS or even Windows, Linux still has miles to go in terms of developing a fairly “idiot-proof” interface. Of course, this is a fault of all Unixes – any OS essentially written by programmers, for programmers is going to have a big gap between its developers’ idea of “user-friendly” and its actual users (who programmers refer to as “morons”).

Lastly, Linux simply lacks the time that the BSDs have had to improve the maturity of its code base. There are still plenty of things missing in Linux (like the much-lamented lack of a true multi-threaded TCP/IP stack) that the BSDs implemented long ago. As a result, if your main interest is network performance on a single-processor machine (and you aren’t dependent on any of the Linux-specific software), Linux is simply not going to be your first choice.

FreeBSD: BSD Performance for x86

Focus: The ultimate Internet server for x86 hardware – with Linux emulation for consumer/hobbyist users.

Platform/CPUs: The Intel x86 architecture, first and foremost. A port for Alpha is also available. Theoretically, Darwin (the open-source part of Mac OS X Server) is largely tied to FreeBSD for its code base, and might be considered to be a PowerPC port of the OS, running on top of the Mach Microkernel. Or maybe I’m just nitpicking.

What’s Good for ISPs: FreeBSD is the server performance-leading BSD Unix for the x86 architecture. (Note for BSDI users: BSD/OS is well-tuned for this purpose, but it’s expensive, and I’m a cheap person, so we won’t discuss BSD/OS here.)

If what you really care about is fast networking performance running Apache, Sendmail or other common apps on cheap x86 hardware, FreeBSD is your OS. End of story. The *BSD model (with a small team of experienced developers rather than a horde of free-for-all developers like Linux) tends to generate more bug-free code right out of the gate (although I wouldn’t necessarily run anything more mission-critical than Xtetris on FreeBSD-current). 

FreeBSD’s TCP/IP stack is the reference code base on which so many other network stacks have been based. FreeBSD has a fairly impressive set of users, including Yahoo, Xoom, ftp.cdrom.com, some parts of Hotmail (Hey, kids! Can you say ‘failed NT conversion?’ Good.”) the IMDB and others. On top of all this, FreeBSD includes a very good Linux binary compatibility module, and they’ve been very good about supporting “Linux-first” development with it instead of igniting a Freenix developer-choice war. FreeBSD also includes compatibility modules for SCO, NetBSD, and BSD/OS.

FreeBSD’s ports collection is a fantastic way of finding new software and upgrading old versions. Also, if you’re willing to get your hands dirty (read: no GUI) and make the source updates for FreeBSD, their upgrade process is very slick and relatively painless.

What’s Bad for ISPs: All of the BSDs share some common problems. First is that they’ve fallen out of commercial favor, and they lack the third-party application support of “hip” Unixes like Linux or Solaris. The FreeBSD Linux compatibility layer is great, but isn’t a “first-choice” solution (e.g., if you depend on mission-critical software for which there is a Linux port but not one for FreeBSD, you may think twice). Add to this the problem that the *BSD development model leads to higher-quality code but slower development. 

None of the BSD Unixes are an optimal choice (at least compared with Linux) for new Unix users; it’s best reserved for people who are either willing to take on its steep learning curve, or have learned Unix already. Also, finding good printed documentation on *BSD systems is like finding a network engineer with a hot blonde girlfriend.

FreeBSD (like most other *BSDs) currently suffers from an identity crisis: is it the work of part-time developers or an OS to compete with commercial *nixes? FreeBSD’s developers occasionally seem to be caught between saying “it’s enterprise-ready software you can depend on” and saying “look, we’ll fix that when we have time, what do you expect for free?” It’s excellent software, but sometimes little things (like full POSIX threads support) may get broken and not be fixed for weeks or months. FreeBSD (like the other BSDs) also isn’t as tuned for multiprocessor machines and high-end hardware as Linux is. Lastly, if you’re the corporate type looking for commercial support, your options with any free BSD are far more limited than with Linux.

NetBSD: BSD for the Masses

Focus: Bringing a solid BSD to as many platforms as possible

Platform/CPUs: x86, Alpha, Motorola m68k, PowerPC, SPARC, MIPS, ns32k, arm32, VAX (with varying degrees of stability and support)

What’s Good for ISPs: NetBSD shares the attractiveness of Linux in that you can probably pick up any old (or new) computer and get it to run. NetBSD has the advantage (and disadvantage) of sharing the other BSDs’ code maturity and development philosophy, but with the ability to run well on a wide range of platforms.

If you’re already familiar with BSD Unix and you want to use it on non-x86 hardware (or you want to standardize on one OS across multiple platforms), NetBSD is your first choice (and, depending on your target platform, maybe your only choice). If you are looking for *BSD’s proven performance with networking, and you want to use it on any platform, NetBSD is the way to go. 

What’s Bad for ISPs: NetBSD’s strength is also its weakness. It sits in sort of a middle position among BSDs, being widely available but not optimized for any one task. In a way, it’s sort of a “jack of all trades, master of none.” It’s unclear, for example, whether you’d get better network performance on a PowerPC machine with NetBSD or with LinuxPPC, which has spent a great deal of time optimizing its OS for that CPU architecture. Therefore, it likely won’t be your first choice of OS for platforms which other Freenixes tune themselves to.

Also, the various NetBSD platforms are each supported to a greater or lesser degree (depending on the activeness of their development team), and you may be left at your development team’s mercy while waiting for a critical upgrade. NetBSD shares the common faults of the other BSDs as well, and its mission has left it as sort of the “forgotten” BSD among the others which are more optimized for a given task.

OpenBSD: The Bugtraq Junkies’ Choice

Focus: Unix for security junkies.

Platform/CPUs: x86, Alpha, Motorola m68k, MIPS, some PowerPC designs, SPARC (plus some other platforms which aren’t “officially” supported but for which a port exists)

What’s Good for ISPs: OpenBSD is about security: it also considers security and software quality to be one and the same. Plus, they’re based out of Canada, and can therefore bypass some of the US’s bizarre federal cryptography/security laws.

In the OpenBSD team’s view, here’s how it works. Buggy software can lead to security vulnerabilities – buffer overruns, sloppy system calls, poor management of root (administrator) privileges and so on. The OpenBSD developers started an audit (two years and still going) of the source code and found thousands of bugs. Some were security-related, or might have been exploited in combination with other bugs; but most were not. Their end goal is not only a more secure OS, but also one that’s “more reliable and trustworthy.” Of course, since the *BSD codebase is largely similar, other BSDs are able to benefit from the security fixes made by OpenBSD.

Another important aspect of security is the “secure by default” configuration as shipped on the OpenBSD CD-ROM releases and weekly snapshots. OpenBSD’s default installation doesn’t enable potentially risky protocols without the consent of the administrator. This is very important for experienced admins on a busy schedule who don’t want to play detective with netstat and ps -auxw to secure a new server; on the other hand, if you don’t know how to enable fingerd and you want it, then you’re pretty much stuck.

OpenBSD’s integrated cryptography can help an ISP that’s looking to differentiate itself through its security. First, the built-in implementation of the emerging IP Security (IPsec) standards allow you to offer virtual private networks (VPNs) to corporate clients. OpenBSD’s IPsec interoperates with implementation from major vendors. Second, ISPs can securely access remote POPs, even for root logins. Third, OpenBSD supports (among other cryptographic tools) SSL (Secure Sockets Layer) for secure https Web servers almost “out of the box.” To enable it, sysadmins just need to download one shared library file to get around the RSA patent restrictions.

What’s Bad for ISPs: While OpenBSD can incorporate the code improvements made by the other BSDs, it has a smaller full-time development team than any of the other Freenixes (the average McDonald’s has more people working on Chicken McNuggets than OpenBSD has on full-time development), and thus upgrades may come slower. Security comes at the expense of rapid development, and hardware or software may not be supported for months (if at all) after Linux or FreeBSD can. 

OpenBSD of course shares the common faults of the *BSD family. Also, for experienced sysadmins who are confident that they can handle their own OS security (or simply don’t care), OpenBSD lacks both the x86 performance optimization of FreeBSD and some of the platform availability of NetBSD or the other benefits of Linux. Simply put, if you care more about performance or third-party application support than security, OpenBSD is probably not for you.

Conclusions

So … where does this leave this ISP looking for a free Unix? Probably, it leaves them with a headache, since it’s becoming more and more difficult to find an unbiased and rational comparison of the OSes involved. To sum up: Linux is relatively immature, but it has the most active developer community, it runs on almost any hardware, it’s the most user-friendly Unix for novices, and it has the best third-party application support. FreeBSD concentrates on optimizing BSD Unix for the x86 platform, and it shows in its networking performance. NetBSD concentrates on bringing stable BSD to a wide variety of platforms. If your primary concern is security, OpenBSD is the Freenix for you.

What do you think? Send questions, comments and lavish praise to [email protected]. Hate mail should be addressed to John Dvorak.