OR, THREE DEMONS AND A PENGUIN
Hi there, and welcome back to the
industry’s 216th most influential Unix column. Over the next few
months, we’ll be taking an in-depth look at each of the various Freenixes and
why your ISP may want to consider them. But right now, it’s time to get
familiar with the four big players. How can you tell the Freenixes apart, and
which of them is right for your ISP?
BSD Unix, having grown out of work
on the original AT&T Unix code at UC-Berkeley, has been around for about 20
years. Only in the early-to-mid 1990s (after a series of nasty lawsuits) was
the BSD project’s code freed up for use in free Unixes. The BSD development
model centered around a “core group” that handled work on the code, and the
free BSD Unix movement quickly splintered into three main groups, each with a
different focus.
The BSD groups tended to disdain
the pseudo-Leninist rantings of Richard Stallman’s GNU/TAISR (GNU’s Not Unix/This Acronym Isn’t
Self-Referential) camp, and used the “BSD” software license, which held sort of
a middle ground between commercial software and free software. The BSDs
attracted a following of (relatively) old-school sysadmins and hackers – the
sort of people who generally disdain pine
and elm as “too user friendly.”
Partially as a result, development for these OSes tended towards optimizing
them for server use, and neglecting support for consumer-oriented devices (like
IDE drives, fancy video cards, etc.).
Meanwhile, a Finnish computer
science student, Linus Torvalds … blah blah blah. I’ll skip this part, since if
you haven’t heard the story of Linux already, you probably should put down Boardwatch and go pick up a copy of the Yahoo! Internet Life special edition on how to turn off your computer safely.
Anyway, Linux’s development model encouraged code warriors and wackos alike to
develop for the OS under the GNU Public License (GPL), and attracted the loving
attention of the GNU project itself. Before long, Linux had emerged with a big
stack of available software, and a large corps of devoted developers. Its more
decentralized model not only encouraged people to write drivers for consumer
(rather than server) oriented devices, but also bred a following of experienced
admins as well as young geeks-in-training. Therein lay the difference.
These young Linux zealots were, by
and large, the force that popularized Linux. They had a fanatical love for
their OS that was unmatched except for Macintosh users (who, during the mid
‘90s, had largely retreated to living in caves and praying for someone to port
a game to their OS besides Solitaire). Linux became cool . Zealous advocates led to press coverage, which led to
more developers, which led to better code and greater device support, which led
to more new and more fanatical users … leading to the Linux love-fest currently
underway.
So, where were the BSDs?
Generally, they quietly went about their way, still running their servers and
occasionally poking their heads in on Linux-advocacy-oriented (but useful to
all *nix users) news site Slashdot.org, offering “(Score 1: Insightful)”
comments and not rocking the boat. FreeBSD reacted to the surge in Linux
development with remarkable grace, building in a Linux binary compatibility
module and sidestepping a potential war over developers. But lately, some BSD
users have started agitating for more attention to the BSDs … and BSD partisans
have become bolder about advocating their *nix of choice.
For the three or four of you who
are still reading, let’s take a dive into each of the various Freenixes:
Focus: Unix everywhere, for everyone, as both a server OS and a
desktop OS.
Platform/CPUs: You name it. I’m surprised they don’t have an Atari 2600
port yet.
What’s Good for ISPs: If you’re relatively new to Unix, if you’re after ease of
use, or if you’re looking for an Internet server platform that can run on
almost any hardware and offers a wide range of cool applications, Linux is your
choice.
Of all *nixes, Linux is the most
oriented towards ease of use and administration. Linux has the widest user
base, and the most active development community – meaning that a lot of new
device drivers and third-party applications will be out for Linux first (and
maybe only for Linux). Linux’s heavy consumer usage has also led to its being the *nix for cool new free graphical shells (like KDE or
GNOME/Enlightenment) and administration utilities. Fruits of this wide
developer base (both commercial and free) include excellent solutions for
dialup authentication, webserving (including third-party ASP support, Real and
QuickTime streaming, Cold Fusion, etc.), mail servers, commercial database
packages, firewalls, AppleTalk or SMB networking, security tools and others.
Linux is gradually joining Solaris as “the” Unix for commercial developers.
Linux has the most support
options, as well. In addition to the usual free online user community support,
many Linux distributions offer installation and technical support (for example,
if you pay $90 for convenient Red Hat install CDs, they’ll give you 30 days of
installation support and 90 days of technical support). There is an abundance
of books about installing, running and administering Linux. Of all Freenixes,
Linux is also the most “ready for prime time” in terms of corporate deployment:
a number of companies from Red Hat to LinuxCare offer enterprise-ready tech
support packages. Plus, with its press coverage, and vendors from Intel to IBM
standing behind Linux, it’s closest to being the Freenix that is easiest to
explain to your “cloobie” boss.
But Linux isn’t just for new
users. Linux is second only to (yech) Windows NT in terms of tuning for
high-end multiprocessor systems. It’s a safe bet that there will be a solid
Linux for Intel’s IA-64 architecture before 64-bit NT is even in public beta.
And Linux’s wide developer base makes it likely to catch up rapidly in those
performance areas where it’s currently behind.
What’s Bad for ISPs: Linux may be spreading itself thin.
The more devices you try to
support with an OS, the fatter (and more bug-prone) your code becomes and the
more your stability is likely to suffer. Of course, the open-source,
open-development nature of Linux is designed to fix these bugs quickly; but it’s still an issue. It’s
relatively easy with Linux to pare down your kernel (the “core” OS software
that interfaces between the hardware and applications) to support only the
devices and services you need. But a default installation is likely to contain
more than you need – and the inexperienced users Linux is most popular
with are the least likely to be able to properly configure their OS. And the
time spent by developers on writing a driver so that Linux can use 5 1/4”
floppy drives is time that theoretically
might have gone towards tuning it better for more common uses.
Also, the wide variety of Linux
distributions can sometimes make software installation confusing. All Linux
distributions are based on one of the “Linus-approved” stable kernels; but the
specific kernel (and version of the code libraries to support applications)
they include sometimes vary widely. Some distributions (most notably Red Hat)
are more anxious to move to upgraded (and potentially less stable) versions of
these libraries than others. Some Linux software is beginning to appear which
is dependent upon (or at least tuned to) a specific distribution, fragmenting
the Linux community.
The much-vaunted user-friendliness
of Linux is also a relative term. Compared to MacOS or even Windows, Linux
still has miles to go in terms of developing a fairly “idiot-proof” interface.
Of course, this is a fault of all Unixes – any OS essentially written by
programmers, for programmers is going to have a big gap between its developers’
idea of “user-friendly” and its actual users (who programmers refer to as
“morons”).
Lastly, Linux simply lacks the
time that the BSDs have had to improve the maturity of its code base. There are
still plenty of things missing in Linux (like the much-lamented lack of a true
multi-threaded TCP/IP stack) that the BSDs implemented long ago. As a result,
if your main interest is network performance on a single-processor machine (and
you aren’t dependent on any of the Linux-specific software), Linux is simply
not going to be your first choice.
Focus: The ultimate Internet server for x86 hardware – with
Linux emulation for consumer/hobbyist users.
Platform/CPUs: The Intel x86 architecture, first and foremost. A port
for Alpha is also available. Theoretically, Darwin (the open-source part of Mac
OS X Server) is largely tied to FreeBSD for its code base, and might be
considered to be a PowerPC port of the OS, running on top of the Mach
Microkernel. Or maybe I’m just nitpicking.
What’s Good for ISPs: FreeBSD is the server performance-leading BSD Unix for
the x86 architecture. (Note for BSDI users: BSD/OS is well-tuned for this purpose, but it’s expensive, and I’m a
cheap person, so we won’t discuss BSD/OS here.)
If what you really care about is fast networking performance running Apache,
Sendmail or other common apps on cheap x86 hardware, FreeBSD is your OS. End of
story. The *BSD model (with a small team of experienced developers rather than
a horde of free-for-all developers like Linux) tends to generate more bug-free
code right out of the gate (although I wouldn’t necessarily run anything more
mission-critical than Xtetris on FreeBSD-current).
FreeBSD's TCP/IP stack is the reference code base on which so many other network stacks have been based. FreeBSD has a fairly impressive set of users, including Yahoo, Xoom, ftp.cdrom.com, some parts of Hotmail (Hey, kids! Can you say ‘failed NT conversion?’ Good.”) the IMDB and others. On top of all this, FreeBSD includes a very good Linux binary compatibility module, and they’ve been very good about supporting “Linux-first” development with it instead of igniting a Freenix developer-choice war. FreeBSD also includes compatibility modules for SCO, NetBSD, and BSD/OS.
FreeBSD’s ports collection is a
fantastic way of finding new software and upgrading old versions. Also, if
you’re willing to get your hands dirty (read: no GUI) and make the source
updates for FreeBSD, their upgrade process is very slick and relatively painless.
What’s Bad for ISPs: All of the BSDs share some common problems. First is that
they’ve fallen out of commercial favor, and they lack the third-party
application support of “hip” Unixes like Linux or Solaris. The FreeBSD Linux
compatibility layer is great, but isn’t a “first-choice” solution (e.g., if you
depend on mission-critical software for which there is a Linux port but not one
for FreeBSD, you may think twice). Add to this the problem that the *BSD
development model leads to higher-quality code but slower development.
None of the BSD Unixes are an optimal choice (at least compared with Linux) for new Unix users; it’s best reserved for people who are either willing to take on its steep learning curve, or have learned Unix already. Also, finding good printed documentation on *BSD systems is like finding a network engineer with a hot blonde girlfriend.
FreeBSD (like most other *BSDs)
currently suffers from an identity crisis: is it the work of part-time
developers or an OS to compete with commercial *nixes? FreeBSD’s developers
occasionally seem to be caught between saying “it’s enterprise-ready software
you can depend on” and saying “look, we’ll fix that when we have time, what do
you expect for free?” It’s excellent software, but sometimes little things
(like full POSIX threads support) may get broken and not be fixed for weeks or
months. FreeBSD (like the other BSDs) also isn’t as tuned for multiprocessor
machines and high-end hardware as Linux is. Lastly, if you’re the corporate
type looking for commercial support, your options with any free BSD are far more limited than with Linux.
Focus: Bringing a solid BSD to as many platforms as possible
Platform/CPUs: x86, Alpha, Motorola m68k, PowerPC, SPARC, MIPS, ns32k,
arm32, VAX (with varying degrees of stability and support)
What’s Good for ISPs: NetBSD shares the attractiveness of Linux in that you can
probably pick up any old (or new) computer and get it to run. NetBSD has the
advantage (and disadvantage) of sharing the other BSDs’ code maturity and
development philosophy, but with the ability to run well on a wide range of
platforms.
If you’re already familiar with
BSD Unix and you want to use it on non-x86 hardware (or you want to standardize
on one OS across multiple platforms), NetBSD is your first choice (and,
depending on your target platform, maybe your only choice). If you are looking
for *BSD’s proven performance with networking, and you want to use it on any
platform, NetBSD is the way to go.
What’s Bad for ISPs: NetBSD’s strength is also its weakness. It sits in sort
of a middle position among BSDs, being widely available but not optimized for
any one task. In a way, it’s sort of a “jack of all trades, master of none.”
It’s unclear, for example, whether you’d get better network performance on a
PowerPC machine with NetBSD or with LinuxPPC, which has spent a great deal of
time optimizing its OS for that CPU architecture. Therefore, it likely won’t be
your first choice of OS for platforms which other Freenixes tune themselves to.
Also, the various NetBSD platforms
are each supported to a greater or lesser degree (depending on the activeness
of their development team), and you may be left at your development team’s
mercy while waiting for a critical upgrade. NetBSD shares the common faults of
the other BSDs as well, and its mission has left it as sort of the “forgotten”
BSD among the others which are more optimized for a given task.
Focus: Unix for security junkies.
Platform/CPUs: x86, Alpha, Motorola m68k, MIPS, some PowerPC designs, SPARC
(plus some other platforms which aren’t “officially” supported but for which a
port exists)
What’s Good for ISPs: OpenBSD is about security: it also considers security and
software quality to be one and the same. Plus, they’re based out of Canada, and
can therefore bypass some of the US’s bizarre federal cryptography/security
laws.
In the OpenBSD team’s view, here's
how it works. Buggy software can lead to security vulnerabilities – buffer
overruns, sloppy system calls, poor management of root (administrator)
privileges and so on. The OpenBSD developers started an audit (two years and
still going) of the source code and found thousands of bugs. Some were
security-related, or might have been exploited in combination with other bugs;
but most were not. Their end goal is not only a more secure OS, but also one
that's “more reliable and trustworthy.” Of course, since the *BSD codebase is
largely similar, other BSDs are able to benefit from the security fixes made by
OpenBSD.
Another important aspect of
security is the "secure by default" configuration as shipped on the
OpenBSD CD-ROM releases and weekly snapshots. OpenBSD's default installation
doesn’t enable potentially risky protocols without the consent of the
administrator. This is very important for experienced admins on a busy schedule
who don’t want to play detective with netstat and ps -auxw to
secure a new server; on the other hand, if you don’t know how to enable fingerd and you want it, then you’re pretty much stuck.
OpenBSD's integrated cryptography
can help an ISP that’s looking to differentiate itself through its security.
First, the built-in implementation of the emerging IP Security (IPsec) standards allow you to offer virtual private networks
(VPNs) to corporate clients. OpenBSD's IPsec interoperates with implementation
from major vendors. Second, ISPs can securely access remote POPs, even for root
logins. Third, OpenBSD supports (among other cryptographic tools) SSL (Secure
Sockets Layer) for secure https Web
servers almost “out of the box.” To enable it, sysadmins just need to download
one shared library file to get around the RSA patent restrictions.
What’s Bad for ISPs: While OpenBSD can incorporate the code improvements made
by the other BSDs, it has a smaller full-time development team than any of the
other Freenixes (the average McDonald’s has more people working on Chicken
McNuggets than OpenBSD has on full-time development), and thus upgrades may
come slower. Security comes at the expense of rapid development, and hardware
or software may not be supported for months (if at all) after Linux or FreeBSD
can.
OpenBSD of course shares the
common faults of the *BSD family. Also, for experienced sysadmins who are
confident that they can handle their own OS security (or simply don’t care),
OpenBSD lacks both the x86 performance optimization of FreeBSD and some of the
platform availability of NetBSD or the other benefits of Linux. Simply put, if
you care more about performance or third-party application support than
security, OpenBSD is probably not for you.
So … where does this leave this ISP looking for a free Unix? Probably, it leaves them with a headache, since it’s becoming more and more difficult to find an unbiased and rational comparison of the OSes involved. To sum up: Linux is relatively immature, but it has the most active developer community, it runs on almost any hardware, it’s the most user-friendly Unix for novices, and it has the best third-party application support. FreeBSD concentrates on optimizing BSD Unix for the x86 platform, and it shows in its networking performance. NetBSD concentrates on bringing stable BSD to a wide variety of platforms. If your primary concern is security, OpenBSD is the Freenix for you.
What do you think? Send questions, comments and lavish praise to jcarl@servint.com. Hate mail should be
addressed to John Dvorak.