[HN Gopher] Technical reasons to choose FreeBSD over GNU/Linux (... ___________________________________________________________________ Technical reasons to choose FreeBSD over GNU/Linux (2020) Author : truth_seeker Score : 235 points Date : 2022-08-06 15:59 UTC (7 hours ago) (HTM) web link (unixsheikh.com) (TXT) w3m dump (unixsheikh.com) | GekkePrutser wrote: | That link has been posted here many times already. | | I use FreeBSD as a daily driver on my desktop. Very happy with | it. My reasons to choose it were more that I feel like Linux has | become a toy of big tech. If you look at the kernel | contributions, most of them are from people working for all the | big names. Linux has become Big Business and each company is | trying to safeguard their interests in it. Linus is still in | charge of the kernel officially but all the steering groups are | dominated by big tech. Look at the Linux Foundation for instance: | https://www.linuxfoundation.org/board-of-directors/ . These are | not the kind of people you'd expect to lead 'free software', | these are all boardroom types. Maybe Linux has outgrown the | beardy hacker culture but I have not :P | | Of course, Linux is not much worse for it... Yet. I think this is | for 2 reasons: Linus' benevolent dictatorship, and the fact that | they won't be able to agree on much given that these guys are all | competitors. But in the long term I'm sure this will take its | toll. For example, would these guys ever have approved the GPL-3? | Everyone in business is pretty universally against it. | | And in fact it's the very BSD license that makes big business | shun FreeBSD. Which I think is a good thing. FreeBSD still feels | like a grassroots development and as such I feel more in control. | The excellent and consistent documentation and friendly community | is another plus for me. And the combination of stable OS with | rolling third-party software (but this is something that was also | mentioned in the article). ZFS on Root is another one (though | Ubuntu is now catching up to that). | ahepp wrote: | > If you look at the kernel contributions, most of them are | from people working for all the big names | | Like hardware manufacturers? I thought getting commercial users | to contribute to the kernel was desirable? | | > For example, would these guys ever have approved the GPL-3? | | Didn't Torvalds himself reject GPL-3? | | > And in fact it's the very BSD license that makes big business | shun FreeBSD | | Now I'm really confused. Why would businesses not like the BSD | license? And they don't like GPL-3 either? Is GPL-2 the | goldilocks license for them? | GekkePrutser wrote: | > Like hardware manufacturers? I thought getting commercial | users to contribute to the kernel was desirable? | | Contribute to drivers, yes. Steer development of the kernel, | no, IMO. The more they contribute, the more influence they | gain. And a lot of the contributions are not hardware related | at all. | | > Didn't Torvalds himself reject GPL-3? | | I don't know, I didn't follow this as I don't follow Linux | news that closely anymore. I thought it was mainly about the | way that it was introduced. But I think it's a much better | license than GPL-2. | | > Now I'm really confused. Why would businesses not like the | BSD license? And they don't like GPL-3 either? Is GPL-2 the | goldilocks license for them? | | Businesses hate the BSD license because any code derived does | not have to be open at all. So that means anything they | contribute can be taken by their competitors and used in | closed-source software. That's totally OK. Because of this | there's only a few companies involved in BSD. Notably | Netflix, the former Skype (before it was acquired by MS), and | some smaller orgs like Netapp and iX that makes | freenas/truenas. | | Companies hate GPL-3 because their license gets revoked if a | company uses its patents to attack GPLd software. It also | stipulates some other things like that devices running GPL-3 | software must also be open (e.g. no locked bootloaders etc). | Very good things IMO. A lot of GPL-3's stipulations were | triggered by real-world exploitation of free software. | Examples: By TiVo (hence the name "anti-TiVoisation clause" | for the open hardware thing). And the anti-patent clause was | a _direct_ result of Microsoft 's patent attacks on Linux. No | wonder Steve Ballmer hated the GPL-3 so much. | | This is why Microsoft and most of the others hate it so much, | they love giving open source lip service, but are not really | open source companies. The GPL-2 gives them enough loopholes | to get away with this. Many companies avoid GPL-3 licensed | software at all costs, it was the driving force for bash not | being updated (and replaced by zsh) on macOS for example. | | Personally I think it would be better if FreeBSD was GPL-3d | but BSD is not bad for me as a use that doesn't want too much | corporate influence. After all, if a company makes a closed- | source fork it doesn't impact me in any way. I won't use it | anyway. | josephcsible wrote: | > Didn't Torvalds himself reject GPL-3? | | Was the GPLv3 ever formally rejected? Isn't the problem that | the Linux kernel was GPLv2 only before the GPLv3 existed, and | by the time it did come out, there were too many contributors | for there to be any hope of getting it changed? | ahepp wrote: | Some googling around the issue suggests Linus pretty | clearly rejects the principles of GPLv3. | | https://www.linux.com/news/why-torvalds-sitting-out- | gplv3-pr... | josephcsible wrote: | I know he isn't a fan of it. My point is just that his | dislike of it isn't why Linux can't use it today. | pleb_nz wrote: | I really like the idea and would live to give it a go, but as | someone who develops across web, xamarin, .netcore, docker and | wants good first support for these tools so I'm not wasting | time/money it looks like I would be hard pressed to swap without | dedicating a lot money to the effort. Also, does freebsd run on | m1/m2 hardware yet? | | Happy if I'm wrong and someone can point me in the right | direction. But the few times I've looked into it it doesn't seem | worth the expenditure. | hkgjjgjfjfjfjf wrote: | rubyist5eva wrote: | I use FreeBSD on servers instead of Linux for one reason: ZFS. | It's really that much better than anything that is currently | available on Linux. BTRFS is not even close. | | Yes I know it's available on Ubuntu but everything else about | Ubuntu is just so messy. | stjohnswarts wrote: | but you can use ZFS on linux? | rubyist5eva wrote: | Yes but it's clunky. ZFS on FreeBSD is smooth as silk. Ubuntu | is the only distro that I would say has good integration with | ZFS but I don't like anything else about Ubuntu. | Asdrubalini wrote: | I think NixOS has an even better ZFS implementation, | compared to Ubuntu. | cyberpunk wrote: | what linux server distro are you using if not ubuntu lts? | Im not a massive fan either but i run thousands of the | bastards (k8s hosts) and cant imagine an other... | | just disable snap and you're good ;) | rubyist5eva wrote: | At $CURRENT_JOB we run our postgres database on a massive | bare-metal dedicated server running FreeBSD, our | container hosts are Alma Linux 8 and the base images are | typically debian-slim, though some are alpine or even | scratch. | freedomben wrote: | I don't think comparing FreeBSD to GNU/Linux is a fair | comparison. since FreeBSD is looked at as a whole operating, it | should probably be compared to Fedora or Ubuntu or RHEL, etc. | Particularly the complaints about how some follow "the Debian | way" and other don't. If you're going to say that, you invite | criticism about things that work on FreeBSD but not on OpenBSD. | sgarland wrote: | Not shown: the bewildering choices made for various tools. | | sed | | * The `-i` flag - In the absence of a file extension given, I | should not have to specify with `''` that I want the original | file over-written. The flag is called in-place for a reason. | | * BSD sed doesn't support ANSI-C escape sequences, so you have to | fall back to your shell quoting them for you. | | xargs | | * Why is there no `-d` flag for BSD? | | There are others I've found over the years, but those come to | mind as annoyances. | GekkePrutser wrote: | They're just different. It's a different OS. I agree some | things don't make sense but some things on Linux don't make | sense either. It's just a long heritage of things that have | organically grown. Consider 'dd' for example, with its 'if=xxx' | whereas other tools would use the format '-if xxx'. | | But it's a different OS. Solaris tools were different from the | GNU toolset. HP-UX' tools were very different (try compiling | something on HP-UX CC lol). MacOS' tools are also different. | | If you expect things to be GNU, use GNU/Linux. Or Hurd :) Or | install GNU coreutils. | sgarland wrote: | > Consider 'dd' for example | | This is a fair point, and I suppose something I just have | grown used to, similar to how I can type `tar xvzf` without | any `-` at all, and it works. | | > MacOS' tools are also different. | | Tbf when I talk of using BSD tools, I'm talking about using | MacOS tools - I don't have any BSD installations, I just | recognize that MacOS includes mostly (?) BSD tools by | default. | | I do in fact install coreutils, and either alias them or move | PATH priority so they get called first. | toast0 wrote: | > Tbf when I talk of using BSD tools, I'm talking about | using MacOS tools - I don't have any BSD installations, I | just recognize that MacOS includes mostly (?) BSD tools by | default. | | It's not inaccurate, but somewhat unfair to use MacOS tools | and call them BSD tools. They are ports of BSD tools, but | Apple rarely refreshes them from the original sources, so | it's kind of a time capsule to 2000. If you dropped 2000 | era Linux userland on someone today, there would be a lot | of complaints and concerns. On some tools, command flags | added in GNU coreutils do get added to FreeBSD, although I | did not check your list of specifics. | cpeterso wrote: | IIRC, Apple periodically merges some kernel bits from | FreeBSD and user space utilities from NetBSD. (Though I | can't find a source mentioning NetBSD, atm.) I don't know | why Apple would choose NetBSD utilities instead of | FreeBSD if they are also using FreeBSD kernel bits. | | I understand why Apple doesn't bother to contribute to | upstream FreeBSD or NetBSD, but I'm curious why they | aren't eager to merge updates from them more frequently. | toast0 wrote: | > I'm curious why they aren't eager to merge updates from | them more frequently. | | I suspect it's because the merge isn't easy to do; which | is partially a self-fulfilling property of how infrequent | it's done, but likely also has a lot to do with the | pretty large differences in system design. A lot of the | kernel bits are old as heck too; last I checked, at least | the Darwin open source kernel doesn't have any protection | against syn floods, which FreeBSD first addressed in | kernel 4.5 (released January 29, 2002) | trasz wrote: | >This is a fair point, and I suppose something I just have | grown used to, similar to how I can type `tar xvzf` without | any `-` at all, and it works. | | So for a while GNU tar didn't support automatic compression | detection, and you had to manually specify 'z' or 'j' every | time. Quite annoying when you are used to bsdtar, which | does this for you. | rrix2 wrote: | Yeah, BSD coreutils are so frustrating to use... | 1500100900 wrote: | > The flag is called in-place for a reason. | | What's the reason? Surprisingly, the file is never edited in | place. | sgarland wrote: | OK, I'll give you that the underlying sycscalls are in fact | creating a temporary file. But the abstract result to the | user is an in-place edit. | MontyCarloHall wrote: | I agree that BSD coreutils are extremely feature poor (e.g. no | PCRE in grep) and have some odd syntax choices as you point | out, but you can always install the GNU coreutils. Of course, | you then have to prefix everything with "g" (e.g. ggrep, gsed) | which can get annoying. | | That said, this is why I've always given up on BSD every time | I've tried it--all of the low-level technical benefits touted | in the article never actually make a difference in my day-to- | day usage, whereas little annoyances with the userspace really | add up. | sebow wrote: | For people (semi-rightfully) complaining about the feasibility of | FreeBSD as a desktop OS (or a workstation purposed OS), the fact | that it isn't easy to install through the graphical interface is | both a blessing in disguise and a legitimate point for slow | install + config times. To that end I say to the less | keyboard/terminal focused (which should be a paradox when it | comes to developers but whatever) : try some of the general- | purposed graphical "flavors" of FreeBSD: MidnightBSD, GhostBSD, | NomadBSD. MacOS users who want to seek the same experience but on | a less closed unix(Still FreeBSD): helloSystem(from an ex-Apple | if I recall correctly) & ravynOS (previously 'airyx'). | | Of course there is also netbsd + openbsd, but imo those are | really far behind FBSD when it comes to being mainstream and | usable as daily drivers. One of the main reasons I personally | can't daily drive FBSD on my laptop is the lack of proper drivers | (I know about 'running' the linux ones). Still a more than decent | choice for any desktop unless running very obscure hardware or | needing specific requirements (think cuda,cudnn,rt and similar | proprietary software/libs) | alberth wrote: | I'm a huge fan of FreeBSD, though I have to admit - when I was | looking at the Vulnerability Statistics chart I wondered to | myself "are there fewer identified FreeBSD vulnerabilities | because there are way fewer FreeBSD users (than Linux)". | deano wrote: | As a long time Linux and BSD user I agree with you. You still | have to enable basic things that are not turned on by default - | i.e. stack protection. A lot of this is enabled by default on | OpenBSD. | | https://vez.mrsk.me/freebsd-defaults.html | 1-6 wrote: | You can find a Linux distro for everything these days though. | werid wrote: | can't believe that openbsd dude is still updating that page. | | he seems to be obsessed with an os he doesn't use. | Gud wrote: | As a long time FreeBSD user it makes me sad to see so many | GNU/Linux users dismiss FreeBSD and it's way of doing things. | Jails? Pfft. We have docker. Since everyone else is using Docker, | surely it must be the superior technology? And so on. | ooneeks wrote: | Too bad BSD has such obscure hardware support, anyone running BSD | over GNU/Linux is going to lose performance and responsiveness | having to run everything through layers of code and emulation. | Also, due to squalid support, it's only really usable without GUI | - bad scaling and graphical acceleration, or the lack hereof, as | well as poor support just means that most GUI solutions for BSD | look worse than Windows 3.0.I've yet to see anyone make BSD look | agreeable, the only viable solutions being KDE and XFCE, both of | which suck. Surely that'll take away from productivity as well, | but that's just me. The poor support is the worst offender, also | because it seems to me that a lot of the lacking hardware support | stems not from a lack of users, but a general apathy towards | doing anything on your computer that isn't just using emacs or | compiling. The lack of wifi support is most baffling and | contributes to the fact that doing anything with BSD on a laptop | that isn't owned by one of the developers themselves, will result | in sluggish or subpar performance. I have the same opinion on | desktop BSD users as I do with GNU/Hurd users. You do you. But as | soon as you start talking about the perceived sufficiency and/or | supremacy of your deprecated, wet 80's FOSS fever dream of an OS, | it becomes impossible to communicate. | johnklos wrote: | The article hits the nail on the head about Linux' "mismatches". | When distros need to be different gratuitously, you can no longer | get a book on Linux that meaningfully applies across multiple | distros. Heck, even an Ubuntu book would be irrelevant after a | few changes (16 -> 18, 18 -> 20). | | The same people who respond in the community to questions about | changes often respond to defend the changes, but rarely respond | with answers to the technical questions about them. It's | frustrating. | [deleted] | Koshkin wrote: | > _distros need to be different gratuitously_ | | I, on the other hand, tend to think of distributions as | operating systems in their own right, so the difference between | them is something I welcome - otherwise what's the point? | baskethead wrote: | The main reason to use Linux is because almost everyone else is. | If you're only installing it on your own servers at home, then | that's okay. But in a business environment, the minor differences | or improvements with FreeBSD are simply not worth the lack of | familiarity for most people over Linux. | | I used FreeBSD starting in 1999-ish and I still have the original | Design and Implementation of the 4.4 BSD Operating System on my | shelf. I used FreeBSD exclusively for years, but it has | completely lost to Linux and Linux frankly is good enough. | gabereiser wrote: | >On FreeBSD you'll notice right away that you're dealing with a | "complete operating system", a system that has been put together | very well. | | Ugh, this argument is long in the tooth. It's not a complete | operating system. It never will be, and neither will GNU/Linux. | To be "complete" you need to support all the hardware. You can't. | | Also, a base install of FreeBSD is missing the port tree | sources... so complete... | efortis wrote: | Heterogeneous infrastructure was my main motivator to learn | FreeBSD. | | Without this diversity, in face of a security issue, you can only | shut-down or take the risk. | | On the other hand, when there's a bug or suspicious activity on | FreeBSD servers, you can turn off only those servers, while the | problem is patched, and viceversa. | trelane wrote: | Earlier revision discussion: | https://news.ycombinator.com/item?id=22852316 | lnxg33k1 wrote: | I think the mismatch thing doesn't really make sense, as you | should consider freebsd as a complete OS rather than just the | kernel, and archlinux as the same. Dragonflybsd and pcbsd for | example have the same freebsd kernel, do they follow the freebsd | way too? | | The rest is about preference with the exception of DTrace that is | imho superior , but I am not going to pick freebsd over Linux | only for DTrace, as Linux has better compatibility and support | with software and hardware in general imho | | Edit ps: I use gentoo so I see the power of ports but I can match | it with the wider support of Linux | trasz wrote: | DragonflyBSD absolutely does not use the same kernel. It | literally split off FreeBSD over kernel architecture | differences. | 5e92cb50239222b wrote: | Let me pick and choose a few points since replying to everything | will necessitate a similar 40-page post. FreeBSD | has great engineering and release management practices When | someone gets an idea and develops something new, it first gets | peer technical reviews | | The recent WireGuard debacle left a bad taste about this. As it | actually turns out, sometimes there is zero technical review for | very important patches and a few blessed developers can (and | sometimes do) just throw their stuff directly into trunk. | Unlike on Linux, the ZFS filesystem is a first class citizen on | FreeBSD | | ZFS has first-class support on Ubuntu and is compiled into the | kernel. FreeBSD also supports boot environments | | Including this one IIRC. Jails | | Well... linux has containers, and if all you need is isolation | there's this: https://news.ycombinator.com/item?id=29976096 | | systemd is not required (all the heavy lifting is done by the | kernel using the same features employed by containers), but it's | available almost everywhere and makes this easy. | security | | I actually think it's worse in this regard because of the link | above. Most services on my machines are heavily locked down and | isolated from each other since systemd makes this very easy (add | a few key-value pairs to an .ini file and it's done). On FreeBSD | the developer must add capsicum support (which is not easy to say | the least), or you have to setup jails for each and every | application manually. Capsicum | | Excluding the usual boring stuff like seccomp-bpf, we now also | have this: https://lwn.net/Articles/859908 | | It's pretty much unveil for Linux. I think it kind of flew under | the radar. | | I don't believe there's anything like capcisum, though. | DTrace | | https://www.brendangregg.com/dtrace.html#Linux | | There's also real DTrace on Oracle Linux if you're ready to sell | your soul: | | https://docs.oracle.com/en/operating-systems/oracle-linux/dt... | bhyve | | Not sure if this counts as a particular advantage. | Firewall | | I find nftables to be pretty enjoyable to work with. It has a | similar syntax, removes duplication of rules (supporting both | ipv4 and ipv6 at the same time), etc. I actually removed | firewalld from many RHEL servers and went with nft directly. | Security Event Auditing | | Uhm... so like auditd? | cperciva wrote: | _The recent WireGuard debacle left a bad taste about this. As | it actually turns out, sometimes there is zero technical review | for very important patches and a few blessed developers can | (and sometimes do) just throw their stuff directly into trunk._ | | This seems like a misunderstanding of the FreeBSD development | model. Yes, immature code landed in HEAD, but _it was removed | before the next release_. | | In general in FreeBSD there's no expectation that HEAD is | always usable. Sometimes it won't even build! It's a place | where code can land in the _hope_ that it will be ready by the | time the next release rolls around, but "remove code which | isn't ready for prime time" isn't an exceptional case. | | FreeBSD has a very strong history of _post_ -commit code | review, largely because every FreeBSD committer gets email when | commits go into the tree -- that's a lot of eyeballs. We're | moving towards increased _pre_ -commit review thanks now that | better tools are available for that, but that's a separate | matter. | | (Yes, Netflix runs FreeBSD HEAD. I think they're nuts.) | aaron_m04 wrote: | > (Yes, Netflix runs FreeBSD HEAD. I think they're nuts.) | | Sounds like chaos engineering to me ;) | cperciva wrote: | Oh, they absolutely justify it on the basis that if a CDN | node is unstable they'll just fail traffic across to | another node. And as a FreeBSD developer I have to say that | it's great having the OS (or at least the parts Netflix | uses) stress tested -- you can't reproduce "1/3 of all | internet traffic" in a test lab. | | The reason I think they're nuts isn't _stability_ but | rather _security_. I guess since they 're shipping these | boxes around the world there's nothing _really_ sensitive | on them; but still, if I were in their shoes I would be | worried about security bugs being introduced. | 5e92cb50239222b wrote: | Thanks for clarification. Although IIUC the "bad" WireGuard | implementation was stopped from being released _just barely_ | : | | https://lwn.net/Articles/850098 | | It was rushed because a particular vendor wanted to have it | as soon as possible. If not for Jason Donenfeld's diligence | it looks like we would have out there in the open, full of | bugs and all. | | Doesn't seem like a normal occurrence though, seeing how much | noise it made. | cperciva wrote: | The WG code was introduced unusually late, I agree. Usually | experimental stuff like that lands soon after a .0 release | so that there's a year to iron out details before the next | release. But this is a quantitative difference -- how close | to the next release do you push experimental code into the | tree -- not a qualitative difference. | | And fundamentally the system worked! The code was deemed to | not be ready and was yanked before the release. | claudiojulio wrote: | https://arstechnica.com/gadgets/2021/03/buffer-overruns- | lice... | Lapsa wrote: | > The three replaced almost all of Macy's code in a mad | week-long sprint. | | damn.... | | > Sleep to mitigate race conditions | | ouch... | | > Validation functions which simply return true | | da f* | | > strange hexadecimal output spamming the root console of | their router | | :D | pdimitar wrote: | > _Most services on my machines are heavily locked down and | isolated from each other since systemd makes this very easy_ | | Do you have a guide handy? A quick Google search only showed | generic nonsense. I'll appreciate a recipe-like pointer. Been | curious about this for a while. | prmoustache wrote: | > Keep in mind that Oracle is the copyright holder of ZFS. So | you (and Ubuntu) are violating Oracle's license terms. Would | be realy interesting to see what happens if Oracle decides to | sue an Ubuntu user. Would Ubuntu step in to help? | | There is nothing in the CDDL that prevent a user to use ZFS | with a kernel under GPL license and no leverage for Oracle to | sue the end user for this. The end user is not distributing | the software. Ubuntu or possibly an hosting provider or a | company incorporating ubuntu in its product does. | 5e92cb50239222b wrote: | I haven't seen any decent articles on this (doesn't mean | there aren't any) that mention anything besides most basic | flags. | | Have a gander at the comment I linked | (https://news.ycombinator.com/item?id=29976096). | | --- | | Probably the easiest way to start is to create your unit file | as usual, copy the list from the comment into it, and then | run: $ systemd-analyze security unit-name | | It prints a huge list of suggestions along with a short | description of each one. Look up their names in here: | $ man systemd.directives | | and look at the man linked there. Usually it's one of | $ man systemd.exec $ man systemd.resource-control | | I think the starter list should get you 95% there (I use it | for most applications with minor variations in paths and | flags like MemoryDenyWriteExecute that breaks JIT compilers). | | --- | | If you want to keep your configuration as short as possible, | the list with the most bang for your buck would look | something like this: User=non-root-username | # disable privilege escalation through SUID binaries | NoNewPrivileges=yes CapabilityBoundingSet= # | removes access to /home ProtectHome=yes # | makes most paths read-only ProtectSystem=strict | # opens read-write access only to paths your application | needs ReadWritePaths=/var/lib/foo /var/lib/bar | | If your application follows FHS and writes stuff to | /var/whatever, prefer: | RuntimeDirectory=appname StateDirectory=appname | CacheDirectory=appname LogsDirectory=appname | ConfigurationDirectory=appname | | instead of RuntimeDirectory=/var/run/appname | StateDirectory=/var/lib/appname | CacheDirectory=/var/cache/appname | LogsDirectory=/var/log/appname | ConfigurationDirectory=/etc/appname | pdimitar wrote: | Thanks a bunch! I'm absolutely bookmarking your comment and | will go back to it. | jsiepkes wrote: | > ZFS has first-class support on Ubuntu and is compiled into | the kernel. | | And Ubuntu is also the only distribution which has ZFS. Using | ZFS on any other distribution (for example RHEL, Rocky Linux, | etc.) is a pain. Every update is Russian roulette in which it | can break. | | And everyone except Ubutunu thinks it's a violation of the | CDDL. Keep in mind that Oracle is the copyright holder of ZFS. | So you (and Ubuntu) are violating Oracle's license terms. Would | be realy interesting to see what happens if Oracle decides to | sue an Ubuntu user. Would Ubuntu step in to help? | | > There's also real DTrace on Oracle Linux if you're ready to | sell your soul: | | I can't run Ubuntu (for ZFS) and Oracle Linux (for DTrace) at | the same time. Besides, like you said; Why would anyone want to | use Oracle's Unbreakable Linux? | | > Well... linux has containers, and if all you need is | isolation... | | No that's not all I need. I need things like virtual networking | between my containers. | | > I actually think it's worse in this regard because of the | link above. | | Depends. If you put them in a FreeBSD jail they are probably | better isolated then only using systemd. | djbusby wrote: | It's not "only Ubuntu". I'm using ZFS (not for boot or root | partition) on Gentoo for some time. It's a separate package | from kernel, and has to rebuild after a kernel upgrade but it | works as expected. | presto8 wrote: | To add another anecdote: I use ZFS on NixOS for all of my | partitions, including an encrypted boot partition. It has | been rock solid for me. | spindle wrote: | Not only rock solid but also very easy! | jen20 wrote: | > Keep in mind that Oracle is the copyright holder of ZFS. So | you (and Ubuntu) are violating Oracle's license terms. | | If anything IS a problem here it is violating the terms of | the GPL, not the CDDL. | | So no, no one is violating Oracles licensing terms - and if | they were, they'd have been sued in 2016 when this shipped. | Do you really think ORACLE of all people is just holding back | out the goodness of their hearts? | | Complete FUD. | josephcsible wrote: | > If anything IS a problem here it is violating the terms | of the GPL, not the CDDL. | | How so? Aren't the GPL and CDDL both copyleft? | | > So no, no one is violating Oracles licensing terms - and | if they were, they'd have been sued in 2016 when this | shipped. Do you really think ORACLE of all people is just | holding back out the goodness of their hearts? | | No, Oracle is holding back because they want more money. If | they sue a little guy now, then everyone else will | immediately stop using ZFS-on-Linux. They're waiting until | someone with really deep pockets starts to use it before | they sue. | trasz wrote: | >How so? Aren't the GPL and CDDL both copyleft? | | They are, but GPL is (tl;dr) incompatible with anything | that's not a subset of GPL. That's because GPL is viral, | and CDDL isn't. And that's why in the Open Source world | you can't get license incompatibility without throwing | GPL in the mix. | | So, yeah, it's GPL that's possibly being violated; CDDL | is fine with whatever license there is. Oracle could sue | you if they relicensed ZFS under GPL, but can't with CDDL | because of implicit protection CDDL contains. | josephcsible wrote: | Isn't the whole reason that the CDDL is a problem that it | is viral too? Otherwise you could just distribute the | whole bundle of ZFS+Linux as GPL and be fine. | jsiepkes wrote: | > If anything IS a problem here it is violating the terms | of the GPL, not the CDDL. | | The CDDL terms are violated because you can't re-license | code that is under the CDDL (in contrast to for example the | BSD licenses). The GPLv2 is a strong copy-left license that | puts the CDDL files under GPLv2. | | Even the creators of the CDDL themselves have stated that | the CDDL is probably incompatible with the GPL [1]. | | [1] https://lwn.net/Articles/114840/ | Eleison23 wrote: | I'm 50 years old, now, so in college I had hands-on experience | with a 3B2 running real live SVR3. There was also an academic VAX | running 4.3BSD. And being closely tied to the UC system myself, I | gradually became a BSD fanboy. | | I started by putting Minix on my 286 at home, but I longed to run | 386BSD. I eventually realized my dream with some nice OpenBSD | installs. I was a partisan, not entirely a bigot, but I'd also | seen Linux grow from infancy and considered it a toy or | plaything, compared to mature BSD codebases. And truly, Linux was | a hobbyist's choice for ages, but many hobbyists grow up to be | professionals, don't they? | | In 1999 (to prove I wasn't a bigot) I installed Linux on the old | 386. It was either Slackware or Debian, and the reason I chose it | was to support the floppy-tape controller that was unsupported by | BSD. | | I continued to use OpenBSD as a daily driver, alongside Windows, | until 2004. Then a trusted sysadmin friend listened to my pleas | for help with audio and assorted hardware, and simply directed me | to Ubuntu. Since then I've been BSD-free (including no Apple | devices.) | | My needs over the decades have reduced from "godlike control- | freak sysadmin" to "power user" to "does ordinary consumerist | stuff on a Windows laptop". BSD has great technical reasons and | use cases. If you still use BSD, more power to you! BSD's dual | legacy for the world, even after the OS itself has evaporated, | will be MacOS X and BSD's corporate-profit-friendly licensing | terms. | Keyframe wrote: | How are things these days with graphics (well, NVIDIA and maybe | intel, I don't care about amd) drivers, CUDA, ML? How's support | in general for latest hardware like CPUs, mobos/wifi? | loeg wrote: | Basic usage with Nvidia drivers works ok. Nvidia disables CUDA | and NVENC/NVDEC on FreeBSD. CPUs/motherboards work great, at | least in x86 (arm64 probably works well, too, but I'm less | familiar). Wifi is very behind the curve. If you have a | supported card (including some 802.11AC cards), 802.11N | probably works -- but last I heard, AC does not. | Keyframe wrote: | Alright as expected then, Nvidia thing a bit unexpected. So, | people do not do ML on FreeBSD? | loeg wrote: | > So, people do not do ML on FreeBSD? | | I think that's essentially correct. Certainly, not using | CUDA. | mshroyer wrote: | One application where FreeBSD especially shines is as a | fileserver to Windows clients: Unlike on Linux, NFSv4 ACLs are | supported natively! | | The NT ACLs used in Windows and SMB are much more expressive than | Linux's POSIX draft ACLs. When a Windows client writes a file to | a Linux Samba server, it cannot necessarily express the file's | ACL as a POSIX ACL losslessly. To work around this, Samba's | vfs_acl_xattr saves the "real" ACL as an extended attribute: | https://www.samba.org/samba/docs/current/man-html/vfs_acl_xa... | | This means the ACLs set by clients won't be enforced for local | users on the file server, and that you need special tools to view | and edit those ACLs. | | In contrast, FreeBSD supports NFSv4 ACLs on ZFS, and those are a | superset of NT ACLs. Samba saves the NT ACL as an NFSv4 ACL, and | this can be viewed or edited using getfacl and setfacl as with | any other file on the server. | [deleted] | amtamt wrote: | There are virtualization options in FreeBSD, but I can't use | FreeBSD in absence of mature OCI compatible container support, | without going though hoops on bhyve. In present day, it matters a | lot with a good amount of time being spent on docker/ kubernetes. | gigatexal wrote: | This is the same for me. ZFS native boot environments and such | is a killer feature that I am envious of. | | Also proton gaming seems to be best supported on Linux from | what I can tell. | michaelmrose wrote: | ZFSBootMenu provides boot environments for Linux. The now | defunct Project Trident, formerly PC-BSD and then TrueOS, had | a gui installer that sets you up with | | - ZFS on root install of essentially void Linux | | - rEFInd with a kernel sufficient just to boot into | | - ZFSBootMenu which lets you boot into a prior boot | environment | | - ZFS native encryption of /home per user directory set up to | unlock when you log in via PAM and zfscrypt | | - An update script that automatically creates a boot | environment prior to updating | | - A mediocre choice of display manager and their own customer | desktop environment that was neither in my opinion terrible | nor interesting. Trivially replaceable with a different DE | and lightdm. | | Trident is alas gone but all the pieces remain and work fine. | | https://zfsbootmenu.org/ | | https://web.archive.org/web/20211223122028/https://project-t. | .. | gigatexal wrote: | this i did not know thank you for sharing! | | I've not got zfs on root on my fedora 36 install but if i | did this is something i'd seriously look into | tomc1985 wrote: | I've gotten good enough at Linux to where I don't need to | constantly look stuff up after long periods of use, but not | FreeBSD. | | Which is why I love FreeBSD so much. It's consistent, clearly | explained, thoroughly documented, powerful, and flexible. I have | a home server (just upgraded to 13.1) that I go months at a time | without logging in. And while I do tend to forget a lot of | important details, looking them up is _incredibly easy_. | | I don't really care about _what_ software FreeBSD uses, just that | it is consistent and well-documented. | | Plus, the whole architecture of it fits comfortably in my head. | It is so nice to reason about. | jester23947 wrote: | I really like this article about FreeBSD. One really nice feature | that is not cover though is to set the immutable flags on some | binaries with the command chflags. It's possible to boot your | very secure system into securemode level 1 or higher. In this | mode, it's impossible to delete those files. | | rm -rf /* has very limited damage. chmod -R 0000 /* won't touch | chmod and all kind of ooops become much less destructive. | | It's probably not useful in all scenarios, but definitely some | systems deserve to never be touch live. Automation, scada, super | important core backbone systems. | | FreeBSD is the power to serve. It deserves more credits. | how2cflags wrote: | Just wanted to say that in linux you have extended attributes | on files, check the man page on chattr. I believe the -i option | makes files immutable. | | I picked this little trick up watching a red team discuss how | they set themselves persistence on the target system by making | /etc/shadow immutable this way.. Fun bit is, root can't even | remove the file until the flag is removed, and you can't see | the immutable flag on the file unless you know what you are | looking for via lsattr. | matthews2 wrote: | FreeBSD has the concept of a 'security level'. You can | increase it at runtime, which disables more functionality, | but you can't decrease it without a reboot. | | At security level 1, the immutable and append only attributes | on files can't be removed, so even chattr -i would be | useless. | znpy wrote: | Linux has SELinux, which is enabled by default in RHEL and | derivatives. | | You could literally hand out root shell to people, and they | wouldn't be able to make much mess out of it. | | There are SELinux policies to prevent disabling selinux | too, of course. | | You probably wouldn't even need chattr. | pxc wrote: | SELinux is way more complex than security levels sounds | here. | GekkePrutser wrote: | Securelevels are not just this. FreeBSD has its own | SELinux equivalent called Mandatory Access Control: | | https://docs.freebsd.org/en/books/handbook/mac/ | | It goes far beyond making files immutable. I haven't | really done a deep dive to see if it's on par with | SELinux but the description in this thread doesn't do it | justice. | pxc wrote: | What I meant is that devising a sane and useful way to | make use of security levels seems easier than achieving | something 'equivalent' with SELinux. Sophisticated policy | systems are nice, but something that kind of bundles sane | defaults together and organizes them into ordered layers | like security levels sounds great. | kstrauser wrote: | The whole securelevel mechanism is nice. You can only increase | its value at runtime, never decrease it without rebooting. At | higher levels, you can't modify firewall rules. If you | configure the server to boot into a high securelevel, you can | make the machine effectively read-only until you boot it with | console access. | avodonosov wrote: | If it also recommended well supported laptop models... | nulbyte wrote: | There are details on what is working and what isn't for a slew | of models on the FreeBSD wiki: | | https://wiki.freebsd.org/Laptops | lmas wrote: | Yeah from that page I picked a refurbished Thinkpad x270 as | my new daily drive and set up FreeBSD on it, works perfectly! | gnramires wrote: | I have to plugin Void Linux, a nice little distro that tries to | mimick some of BSD philosophy (I believe w.r.t. simplicity and | security). It's working very well here (it's somewhat analogous | to Arch, meant for advanced users -- that said, following the | docs it shouldn't be too difficult to get going). | | https://voidlinux.org/ | bxparks wrote: | I have tried learning FreeBSD occasionally, mostly for nostalgia | because I learned Unix on BSD 4.3 (or 4.4?) on MicroVaxes many | years ago. But I get stuck on some very basic things: | | - My wifi card doesn't work. The installer recognizes it, but the | driver doesn't work. | | - The console terminal defaults to 80x25, I don't know how to | resize it. | | - I can't figure out how to start X Windows. | | - If I run it in a VM (e.g. VirtualBox), the network bridging | doesn't work so my FreeBSD instance has no internet access. | | It's probably my fault, I'm sure it's in the docs somewhere. But | it probably means that I'm not the target audience for FreeBSD, | since I don't have the time and patience to figure out the most | basic things. | Dracophoenix wrote: | > - My wifi card doesn't work. The installer recognizes it, but | the driver doesn't work. | | It really depends on your Wi-fi card. If you're installing | FreeBSD on bare metal with an Intel card, iwx now supports Wifi | 6 and 6E cards. Although, since I haven't tested it myself, I | can't say it will work as expected if it works at all. | | > - The console terminal defaults to 80x25, I don't know how to | resize it. | | Select console terminal at the boot screen and type the | following: gop list gop set {mode number} | | and then reboot the VM | | > - I can't figure out how to start X Windows. | | Assuming you've installed the appropriate graphics driver from | the pkg or ports repo: pkg install xorg | startx | | If you don't have the appropriate graphics driver, proceed to | step 8 in the webpage below. | | > - If I run it in a VM (e.g. VirtualBox), the network bridging | doesn't work so my FreeBSD instance has no internet access. | | https://freebsdfoundation.org/freebsd-project/resources/inst... | | Step 8 might help. | xoa wrote: | If you're interested in trying out BSD on the desktop vs in a | server or through some other BSD-based appliance distro | (projects like OPNsense or TrueNAS Core which build on BSD but | are mostly intended to be used from a Web GUI) you could take a | look at GhostBSD [0]. It's a vastly more polished and desktop | focused project that takes off many of the sharp edges of a | plain vanilla FreeBSD install. Of course, "more polished" for | BSD is still going to be a ways behind Linux these days. There | just isn't the same level of hardware support, eyeballs and | companies working on it. But it's not 00s era either, it's a | pleasant functional experience. If one wants to test the waters | a bit in an easier way it's an option worth considering. Ars | did a decent little initial experience run through [1] a few | years back (though since it is under active development a lot | has changed since then) you could check out if interested. As | demoed there it's very viable in a light VM so one doesn't even | need to dedicate any hardware for a first try. That review also | lists some of the other more GUI focused BSD distributions left | out there. | | Anyway, there are some options to ease into it more. I find | some of the ancient FreeBSD-isms a bit grating on occasion but | overall I'm glad it's part of the mix. | | ---- | | 0: https://ghostbsd.org/ | | 1: https://arstechnica.com/gadgets/2020/04/not-actually- | linux-d... | gabereiser wrote: | Yet... "On FreeBSD you'll notice right away that you're dealing | with a "complete operating system", a system that has been put | together very well." It's a complete operating system. /s | | This is why FreeBSD loses in my view. The arrogance of claiming | to be a complete system when basic stuff like wifi doesn't | work. | teakettle42 wrote: | > basic stuff like wifi | | Wi-fi is not basic. | | Having written a wifi driver, that's something I'm | comfortable stating unequivocally. | | The hardware is almost always proprietary and undocumented, | and in many cases (looking at you, Broadcom), a poorly- | designed shitshow of complex errata, proprietary magic | numbers required for initialization, and in general, an | absolute dogshit technology stack. | | The only reason Linux has working Wi-Fi at all tends to be | because it was used to power a lot of cheap consumer access | points, and Wi-Fi chipset manufacturers released binary and | open-source Linux drivers -- generally of horrific quality, | but drivers nonetheless. | Klonoar wrote: | _> - My wifi card doesn't work. The installer recognizes it, | but the driver doesn't work._ | | (Even if you get it to work, it's not going to be full speed) | jester23947 wrote: | read the handbook... it's the second chapter in this webpage. | RamRodification wrote: | ...or pick an operating system where you don't need to read | the handbook to get working WiFi. | djbusby wrote: | I'm on Linux and have to get a rtw8852 driver from some | random-ish gitHub repo to get WiFi in a recent Lenovo. | | Does this mean WiFI is only for Win/Mac? | gtirloni wrote: | Does it mean rtw8852 is supported on *BSD? | alexklarjr wrote: | mostly, I can't make both my usb wifi5 dongles work on | ubuntu 22 as well as random Qualcomm wifi4 pcie. These | chips must be decade old. | trelane wrote: | RTW8852 based wifi, sure. You can get Linux preinstalled, | and with full support from some places. I highly | recommend doing that if you're going to run Linux. | They'll not have that chip though. They'll have one that | works. | unethical_ban wrote: | That's odd. My 2018 Lenovo Thinkpad had working Wifi out | of the box from day 1. | | The last time I had wifi driver issues on Linux was 2008. | gabereiser wrote: | New chip for Wifi6 hasn't made it upstream to the kernel | yet and relies on patches. | shaw00000 wrote: | FreeBSD, OpenBSD and NetBSD are for servers, appliance servers | and embedded devices mostly. You can use them as a desktop, but | that's not where their strengths are. If you want to learn or | use FreeBSD in this case I strongly suggest setting up a home | server and learn as much as possible. | SoftTalker wrote: | I've used OpenBSD as my desktop OS for the last 10 years or | so. I agree it's probably not the ideal desktop OS for | everyone, but I think your dismissal may be a bit too strong. | | You do need to be sure your desktop machine is well-suited | for OpenBSD. This means supported Intel or AMD graphics | (Nvidia won't work well if at all, and not all AMD will | either) and network/wifi card. | beezle wrote: | If the user has run of the mill hardware, that only is true | in the sense that FreeBSD does not offer to install a desktop | environment at time of initial install/setup. Nothing | precludes you from installing Gnome, KDE, or any of the many | others. IE pkg install gnome. | | The only place FreeBSD (or any of the other BSDs) is less | robust is driver support, though most common stuff is | available. In any event, those needing support for the latest | greatest of hardware are probably better of with Windows. | a-dub wrote: | how does the kernel compare these days? pre-cfq i remember the | scheduler was far better than linux, but what about raw | performance for single and multithread/process workloads with | lots of i/o going through the kernel? | | raw cve counts seem meaningless without a denominator to me. | those numbers should be normalized by estimated install base if | they're going to be compared. | jeffbee wrote: | Yeah, the number of BSD CVEs just boils down to the fact that | nobody cares about BSD. Since nobody cares about it, its | performance is also very 20-years-ago and doesn't stand up to | modern linux performance. You could expect database performance | (e.g. postgresql) to be 2-4x higher on linux under a highly | concurrent load. There are thousands of full-time professionals | around the world focused on linux performance and the | applications are co-evolving to work best on linux so you can't | expect cutting-edge speed from freebsd. | | There's probably a niche for freebsd but unless you know | exactly what it is and how to exploit that niche, you're not | going to find it by accident. | [deleted] | naikrovek wrote: | > the fact that nobody cares about BSD | | I am quite certain that you would be shocked if you learned | how many people use it. I've worked at two companies where | more than 95% of servers ran FreeBSD, and these are | absolutely companies that you have heard of. 10s of thousands | of servers at each when I worked at them, and likely 5x that | amount, now. | | lots of people care about FreeBSD. they just aren't known for | crapping on Linux, like Linux users are known for crapping on | everything that is not Linux. | jen20 wrote: | So who are these companies? I hear references to them | constantly, but pretty much the only ones willing to stick | their head above the parapet are Netflix (in a single use | case) and a few storage/network vendors using proprietary | forks. | ooneeks wrote: | I would scream if I ever saw a dude in a suit give some | 70's looking NEET permission to base their company's | entire IT platform on FreeBSD specifically. It'd be like | switching all your office workstations from MacOS to | Ubuntu or Linux Mint. | ooneeks wrote: | Well to be fair, most people using FreeBSD are also Linux | users, save people indirectly using/'benefiting' from BSD, | i.e in a work environment as you mentioned. Of course | discounting Mac users (I honestly think that's a hilarious | joke). It also strikes me that many companies use BSD | simply to save money in an area where time =/= money, as | BSD is very secure and very stable, there are some | licensing issues with many big Linux distros, etc. I very | much doubt that anyone in the year 2022 are using BSD | servers or workstations to improve their performance yield | unless you're working retail or construction or something | and are looking to implement a RTOS platform based on BSD | because your boss severely capped your department's budget | lol | a-dub wrote: | there was a time when freebsd's networking stack was | pretty trendy for use in high performance networking | settings. | | it was frequently used to implement things like software | load balancers. quite possibly because of its (pre-linux- | cfq) superior resource scheduling. | | there was also a time before it was trendy to complain | about the GIL in python where SMP in freebsd suffered | from the BKL. only one processor could be in the kernel | at a time. | naikrovek wrote: | despite all the Linux users defending their operating system | (they should, Linux is great) based on past experiences, I still | prefer FreeBSD when possible. it just feels ... like a complete | thing, rather than an assembly of different things. it makes | sense to me. | | the article mentions this, and when I started typing I thought I | could do a better job of explaining, but as I typed I realize | that I could not. | | it just feels better to me. it may not feel better, or even good, | to any of you, and that's (of course) fine with me. I just like | FreeBSD. | | I think FreeBSD deserves _far_ more attention than it gets, and I | am therefore quite happy to see this article on HN, even if | others can 't see why it's a valid option for anything they need. | stiray wrote: | I am using freebsd since version 8 for all my server needs (was | using linux, but got repelled by its chaos which I dont care | about on my laptop, but it pisses me off on server). | | Some more points: | | - bhyve, developed by netapp, they ditched all old technologies | support and it works faster on my i5 server than kvm on my i7 | laptop. Snapshoting using ZFS is not a feature to discard either. | | - FIBs, absolute miracle routing tables that you can apply to | whatever software, define the routes as fib 1 (lets say it is | openvpn) and then use them as simply as `setfib 1 bash` to use | them in all child processes | | - backward compatibility, this is where linux is really horrible, | there was an article about compiling binary on freebsd 2 and | running it on freebsd 10. Try this on linux, binaries are not | compatible even on minor versions. | | - jails... docker? Really? Jails are 15+ years old | implementation, kernel supported, that stood test of time, | actually being a security feature. It runs circles around the | docker in everything except how much it was adapted by community. | I never understood why people rather used an inferior solution | like docker. | | - not to mention all the chaos in linux ecosystem, in next sub- | version, the commands can have completely different switches,... | | I will never understand on what technical merits people are using | linux for servers except the support-ability of hardware. Due to | the whole show that linux is getting we would prosper as a | humanity by ditching the linux. Unfortunately, marketing is worth | more than anything. | | (I do understand that people will not agree due to their | preference, but try to use it. I doubt you will prefer linux ever | again.) | nightfly wrote: | I've run into fun issues like FreeBSDs slab allocator not | playing nicely with the ZFS/NFS workload on one specific server | and having to drop down to having ZFS allocate memory in a | different way that used about twices as much CPU to avoid | random multi-second pauses on the whole system. Also had issues | where kerberized NFS would get confused and something would | crash so had to have random cron jobs to restart dying | components, since FreeBSDs init system is so simple. Also | arbitrary and short name length limits, I think in both bhyve | in the past (couldn't use fqdns for VM names since that would | have exceeded the limit) and something about zfs mountpoints | ages ago (I think we ended up changing our naming and nested | conventions to work around) | stjohnswarts wrote: | I use Linux all day long and none of this is an issue for me, | so I guess that's the counterpoint. I'm just a desktop/server | user/developer though and not a guru by any stretch. | atmosx wrote: | Comparing Linux to FreeBSD is like comparing a Mercedes to a | custom-made trackday car. | | Docker, kubernetes et all was the nail in the coffin. | | BSDs are amazing for universities, OS classes and some | outliers in the industry here and there. | | The one thing FreeBSD had was network stack performance. | Linux supports higher throughput for a while now.. so even | that ship sailed. | stormbrew wrote: | Some of this may be true, though I have some disagreements | about the accuracy of some (and also the issue that "Linux" is | a broad target and some of these apply more or less to | different distributions or os'), but freebsd definitely had its | share if chaos in its history. The fbsd4-6 era was a difficult | one to navigate and it's basically where I feel off the freebsd | bandwagon. | GekkePrutser wrote: | Me too, at FreeBSD 6. ZFS was also pretty new and unstable in | those days. I upgraded and could no longer read my pools. | | But I came back to it in the last few years and it's matured | a lot. | jeffbee wrote: | > backward compatibility, this is where linux is really | horrible, there was an article about compiling binary on | freebsd 2 and running it on freebsd 10. Try this on linux, | binaries are not compatible even on minor versions. | | What a completely bizarre claim. I have commercial linux/x86 | binaries from the 90s that work perfectly well on my current PC | running Linux 5.15. | asveikau wrote: | I had trouble trying to run libc5 era software a few years | ago. This wasn't the kernel but the distro did not make it | easy. I wouldn't expect them to keep maintaining libc5 | packages 20+ years later either. | | I think if you do anything GUI-ish over the last 20 years | there's been many shared library breaking changes. But that'd | be true of FreeBSD too since those dependencies are just the | same when they live in ports. | trws wrote: | I'm guessing the OP meant "where glibc is really horrible", | since bsd libc is rather more abi stable, largely because | that's where FreeBSD provides compatibility instead of the | syscall layer. This is not to say you can't use an old libc | and fix up the loader paths or use a container and make it | work, but it's a different set of challenges. | bonzini wrote: | > it works faster on my i5 server than kvm on my i7 laptop. | | What benchmark and what processors exactly? | yjftsjthsd-h wrote: | > jails... docker? Really? Jails are 15+ years old | implementation, kernel supported, that stood test of time, | actually being a security feature. It runs circles around the | docker in everything except how much it was adapted by | community. I never understood why people rather used an | inferior solution like docker. | | Docker has Dockerfiles, layers, and trivial push/pull of | images. Compared to those workflow improvements, nobody cares | if the guts suck. | ahepp wrote: | I've had a decent time writing little "jailfiles" and a | create/destroy script. It's certainly nowhere near as | ergonomic as docker though. | | But it seems like a very solvable problem. | jzb wrote: | But, someone has to care enough to do so, and it has to | catch on. | | FreeBSD lacks the network effect. | GekkePrutser wrote: | > Compared to those workflow improvements, nobody cares if | the guts suck. | | Some people care, this is why FreeBSD is still around :) | | And it's not really relevant if you build your own images | anyway. And in fact within the scope of FreeBSD jails offer | very similar features, one of the things that's very common | to do is make a base image with ZFS and then base all your | jails off it. This means you just have to update your base | and all your jails are updated. It's similar to pulling the | latest alpine with docker. If you embrace the full ecosystem | with Bastille you will have very similar capabilities. | | The big missing point is that you can't use images from | docker hub. This is a big negative but if you already don't | plan on using those it's not really a bad thing. And there is | increasing resistance to pulling things made by unknown | people into production (I'm sure many vulnerabilities will | happen in the future as attackers start to take advantage of | this). | | But anyway it doesn't have to be for everyone. It doesn't | have to be the biggest thing around. | heinrichhartman wrote: | I would like to be on the jails train, but the | build/deployment story always felt inferior. | | I have never seen anyone build jail-images from CI and | deploying them to fleets of FreeBSD hosts. This may be | technically feasible with zfs send/recieve but in practice | people I know distributed packages (not images) to 10s of | FreeBSD jails/hosts. | | I want to deploy container images to a cluster - not | install a package in a zone/jail. Is anyone doing this with | FreeBSD/Solaris? (Outside of Joyent) | kaba0 wrote: | Docker is not a security sandbox technolgy, but a bundle all | the dependency sandbox one. | old-gregg wrote: | Remember, you're comparing Linux and FreeBSD in 2022 but BSD | lost to Linux much earlier, many years ago. Back when I was | looking into them (long time ago, excuse me for not remembering | the details), BSD felt more pleasant and coherent. But at the | same time it had limitations on scalability, performance and | compatibility with hardware and also with userland software. In | every benchmark, especially on multi-core, multi-socket | systems, Linux was ahead. | | My theory at the time was this: GNOME won on developers' | desktops, so most software was developed on Linux natively, | with BSD compatibility (and performance) as an afterthought. | IIRC Linus made a similar point on the mailing list that | developers love servers that resemble their programming | environments. TDLR: BSDs got stuck in CLI-only mode for too | long. | | The more common explanation was that Linux got a head start by | a few years by being a clean-sheet implementation, while the | BSD had to spend its early years purging itself off the AT&T | copyrighted code, so it was untouchable from a commercial use | perspective. | cesarb wrote: | > The more common explanation was that Linux got a head start | by a few years by being a clean-sheet implementation | | My favorite theory for why Linux got a head start is in this | (long) comment I found some time ago here: | https://news.ycombinator.com/item?id=21420338 | | Some excerpts: | | "With Linux, I just booted from a Linux boot floppy with my | Linux install CD in the CD-ROM drive, and ran the | installation. With BSD...it could not find the drive because | I had an IDE CD-ROM and it only supported SCSI." | | "It insisted on being given a disk upon which it could | completely repartition. [...] Linux, on the other hand, was | happy to come second after my existing DOS/Windows." | | "By the time the BSD people realized they really should be | supporting IDE CD-ROM and get along with prior DOS/Windows on | the same disk, Linux was way ahead." | nine_k wrote: | I remember why I chose linux in 1998 for my desktop, and | would choose for my server. | | Hardware compatibility. I could install Linux on my shabby | work desktop, and it just worked. Actually it worked more | stably than NT 4. | | Binary distros. I could apt-get install stuff onto my box in | minutes. I rarely had to build things from source. | | Speed of change. Linux was acquiring features at a breakneck | speed. Large companies started contributing. SMP, interesting | networking stuff, better disk I/O, new filesystems, stuff | like that. Hell, Windows emulation good enough to run | StarCraft! It felt alive and cared for. It was apparent that | many serious businesses want to bet big on Linux. Some say | marketing; I say GPL and project guidance. | | I also had a lovely server box with FreeBSD. It had select | compatible hardware. It had really nice documentation. It ran | Apache and Squid pretty well. I had to build the latter from | source IIRC. I had to build a lot from source (slow in 1998). | If that was not available as a buildable package, I often had | to tweak header files to make it build. For many amenities | which I took for granted on my linux box, I decided that it's | too much hassle to make them built on BSD. | | Features like SMP or journaling file systems were a bit late | in FreeBSD. Maybe they were more solid, and achieved | performance parity with Linux with time. Sadly, the industry | largely made the choice. | | I also find modern Linux a mess, and run a minimalist distro | (Void) on my laptop. I could consider running BSD on a | server, but most servers now have to run VMs and containers | within them, most tooling just assumes Linux. | cesarb wrote: | > it works faster on my i5 server than kvm on my i7 laptop | | Laptop processors are usually slower, due to lower thermal and | power limits, so that's not surprising at all. | ooneeks wrote: | Having used BSD many years ago on desktop, I completely | disagree. What are you using your computer for using BSD? I | really don't spend 99% of my time just compiling lol The chaos | thing is something I hear from BSD users quite a lot. I'm still | not sure what it is means, maybe that's some sort of personal | issue..? I suppose you don't like forking and variation, which | is understandable coming from a user of an OS with a | fantastically small userbase that somehow still manages to be | proportionally more fragmented than any other community I can | think of, but the "chaos" of Linux is grossly overstated. Most | everything that is relevant today runs Debian, unless you're a | poweruser running Arch or even Gentoo, but even then, who's out | there being a distro purist? I'm willing to bet that most | people running Arch or Gentoo are still using quite a bit of | 'Debian resources'/assets. Sure, there's RedHat too and all the | others that fill some corporate niche, but there really isn't | this whole divide within the Linux community like people | sometimes imply. I think a lot of people are stuck in a mindset | that hasn't been relevant for somewhere between 10 and 20 | years. | ajross wrote: | > It runs circles around the docker in everything except how | much it was adapted by community. | | ...except? | | Meh. People who want to engage in this argument are generally | trying to argue about jails vs. the collection of linux | container technologies. That's not Docker. Docker won because | of Dockerfiles. Docker isn't, at its core, an interesting | container technology. Docker is a simple metaphor and | programming environment to _leverage_ container technology to | solve practical[1] problems. | | And as it happened, it was done on Linux and not jails, owing | in large part to the more configurable/toolkit-style/policy- | free tools available there. Jails were indeed more mature, but | they were solving the wrong problem. | | [1] Also thorny, boring problems like configuration management | of large apps developed piecewise from components and by large | teams. The kind of thing that is historically not well served | by the operating system, BSD included. | truth_seeker wrote: | More detailed comparison of Docker Vs Jails : | | https://www.diva- | portal.org/smash/get/diva2:1453017/FULLTEXT... | intothemild wrote: | I love FreeBSD and i love Jails, but you're right. Docker won | because of simplicity. | | Dockerfiles make it super simple. There is similar stuff for | jails but you need a jails frontend that use it. | | A few years ago i wanted to build the Jailfile equivalent, | call it Warden, and have Warden manage the jails. | | But honestly i doubt it would get traction outside a small | community. | throwaway7980 wrote: | CBSDfiles, reggae and bastillebsd can all build jails from | a file based method | SoftTalker wrote: | "Simple" is subjective. | | Have you ever looked at what Docker puts in your iptables? | I challenge you to understand what's happening with your | networking after that. | | If you want containers, lxc command line and a bit of | configuration for a bridge interface is all you really | need. | ajross wrote: | > If you want containers, [...] is all you really need. | | And that is the attitude embraced by jails (to be clear: | rather more cleanly and attractively than the expression | of the same ideas in linux), and precisely why it lost. | | No one wants "containers". They want _docker_. They want | to be handed something that looks no more threatening | than a mid-80 's build script and have it magically be | it's own little world with all its own software and | versions and stuff, but still talk to the rest of the | world on the same networks from the same piece of | hardware (yes, via some weird voodoo to glue all that | together). | | It's like arguing that no one needs word processing | because nroff or LaTeX is all you need. It's not wrong. | It's just a failure in the market. | SoftTalker wrote: | The voodoo is what bothers me. As the person responsible | for the server, when things go wrong I will get blamed. | In that situation, I at least want it to be my fault. | Sunspark wrote: | Build it and they will come.. | GekkePrutser wrote: | > Dockerfiles make it super simple. There is similar stuff | for jails but you need a jails frontend that use it. | | But docker is just a frontend for linux containers :) | You're not comparing the right things here: Linux | containers with a popular frontend and all the trimmings, | to barebones FreeBSD jails. | loop0 wrote: | Honest question here about jails. I like docker because the | tooling makes it super easy to get anything running in no time. | How is jails tooling? Let's say I need to get an app running, a | database and a redis for the app. Is that as easy as docker | compose? | notabee wrote: | As someone who has just been tearing my hair out over v1 and v2 | cgroups and containers for testing systemd services, I think I | need to spend some time in FreeBSD land. | stingraycharles wrote: | From a technological perspective, everything you say is true, | and FreeBSD is better in so many regards. But, compatibility | and community support is just a deal breaker. | | The jails vs docker argument is a good example: while | technically better, Docker (or rather, cgroups and image | distribution) have been standardised and have tremendous | community adoption. FreeBSD cannot tap into any of this at all. | Yes, jails might be better, but because they lack widespread | adoption, they're far less useful. | | It's a sad state of affairs, I wish things went otherwise, but | I feel Linux is sometimes a good example of the "worse is | better" approach at work. | mtlmtlmtlmtl wrote: | I think one of the biggest mistakes the FreeBSD team made(in | terms of more widestream adoption) was abandoning the Linux | syscall table layer. It's still there, but it's stuck on | 2.6.x last time I looked. It's a lot to maintain, yes, but it | would help secure a lot more users like me, who are highly | technical, potential contributors, who like a lot of the | features(jails, better ZFS integration, easy to set up dtrace | support etc), but also like to play around with bleeding edge | software that tends to support Linux/OS X first, and maybe | BSDs by accident, if you're lucky. | | I think keeping this layer in development, maybe having a | similar setup to SmartOS, letting you set up "Linux jails" or | something like that, would significantly help adoption in the | desktop/workstation space. This would of course lead to | recruiting more developers, and so on. | | Drivers are trickier, but I actually never had driver issues | the last time I used FreeBSD as a daily driver(for about 6 | months a few years ago, until I ran back to Linux with my | tail between my legs). | | It would be nice if at some point many decades ago, the Unix | world had agreed on a standardised kernel API for modular | drivers, so that drivers could more easily be ported between | kernels, but it's way too late for that at this point I | guess. | | And maybe not even technically feasible, but I'm not | qualified to comment on that. | nullify88 wrote: | Perhaps VHS vs Betamax is a suitable equivalent to FreeBSD vs | Linux. | philistine wrote: | Your comment implies the old trop that Beta was much better | quality than VHS, but Betamax's reputation for better | quality was marketing spin and conflation with Betacam, | Sony's pro version. | | In reality, Betamax was nearly indistinguishable from VHS. | usefulcat wrote: | Obviously it's been quite a long time, but as someone | whose first VCR was beta, this rings true. If nothing | else, I definitely don't remember a noticeable quality | difference when we later switched to VHS. | nmz wrote: | Nobody ever adopts it because nobody wants to support it, | ergo nobody ever adopts it and nothing ever improves. Gotta | love this little cycle of mediocrity the software world has | going on. | aleclm wrote: | This post is not very robust in its arguments: | | 1. vulnerability list is not very relevant as a measure if you | don't relate to SLOC, features available or _something_ ; | | 2. having a lot of configuration options for security is far from | being good, security should be easy and by default; if the | tradeoffs are unclear you enter FUD and avoid enabling them; is | randomizing PIDs good? what are the downsides? :shrug: | | 3. I stopped reading given that the most prominent arguments | seemed heavily biased; | efortis wrote: | About point 1, and not exactly SLOC, but the comparison is | between the Linux Kernel and FreeBSD (a full OS). | | Now, it's possible that the number of vulnerabilities are much | higher in the Linux Kernel because there is more research | interest due to its larger usage. | locutous wrote: | Tried freebsd for a router because if into like this. Hardware | support was lacking for my setup. It ended up being unstable and | horrible. Replaced with Linux and it's been running smoothly | since. | gray_-_wolf wrote: | I've considered migrating my NAS to openbsd few times, but one | thing I was not sure about is with that to replace the filesystem | with. I'm currently running btrfs and I like it. Few things I | would like to have in a replacement: | | 1. copy-on-write and snapshots | | 2. checksums that are automatically verified on reads | | 3. btrfs' version of RAID1 (meaning I don't have to buy identical | HDDs only) | | What would be my options? | ahepp wrote: | I believe zfs fulfills all those requirements. | | I'm running freebsd on my NAS and it's been great. | LanternLight83 wrote: | Not #3, but it's still the best option | gtirloni wrote: | Hmm I think you can mirror different sizes just fine but | it'll predictably use the smaller size, no? Is btrfs | different in that regard? I have only used it when it was | released many years ago so my memory is rusty. | ahepp wrote: | as far as I know, you can put disks of different sizes in a | mirror vdev, you'll just obviously be limited to the size | of the smaller disk. | | Is that not what OC is asking for? | jiripospisil wrote: | I have a server running FreeBSD 13.1-RELEASE and the experience | is kind of mixed. Things from the top of my head in no particular | order: | | - I like the idea of "kern_securelevel", but I can only use it on | the low setting (1 out of 3) because the machine (VM) is | sometimes powered off and its time gets de-synced. The server is | running ntpd but on this security level you're not allowed to | change time by more than a second. | | - ntpd doesn't support running with ASLR enabled. Fortunately, | you can disable ASLR for a particular process with "proccontrol". | | - ASLR is not enabled by default. Not that it cannot be defeated | but it's a basic security measure, isn't it? | | - User installed packages put their configuration into | "/usr/local/etc/". Or more generally user level stuff goes to | "/usr/local". I like that, keeps things more tidy. | | - Upgrading between major versions requires several reboots. You | also have to reinstall / recompile all of your installed packages | / ports because ABI can change between versions. | | - IPv6 didn't work out of the box because the standard DHCP | client doesn't support DHCPv6. Getting it to work took me a while | but works now with the use of rtsold. | | - pf is nice. Enabling pflog and then inspecting the logged | traffic via standard tools such as tcpdump is handy. | | - In line with UNIX philosophy, each utility does one thing and | one thing only. I find it quite annoying though when dealing with | long running services. There doesn't seem to be a standardized | way of monitoring once a particular service is started via rc. | Some packages use daemontools, some use something else (I forget | the name), and some don't do any monitoring at all. Similarly | with logging. I very much prefer systemd in this regard. | | - Jails are cool but annoying sometimes. Jails are created from a | particular version of FreeBSD and you have to keep them up to | date with "freebsd-update" like a regular host (including the | reboot dance). There's a way to share most of the files between | jails using mount_nullfs but I haven't tried that. | | - I miss "journalctl --since=-5hours" every time I ssh into the | machine. Not sure how I could do it with just plain log files | without parsing their specific format. | jagged-chisel wrote: | How well does FreeBSD support a "modern" web backend? Does Java | run here? Mono (C#)? Node.js? PostgreSQL? Any noSQL databases? | sophacles wrote: | For the most part: yes. The one I'm not sure of is Mono. | | That being said, some tooling assumes linux sometimes, but the | popular stuff is generally gtg, especially if you get it via | the ports tree. | carlavilla wrote: | You can run Spring with Java 17 in FreeBSD without problems. | Same with Node.js, Postgres and MongoDB for example. About | Mono, I don't have experience with this environment. But I'm | using the other technologies at my work without problems. | whalesalad wrote: | In the server sense, FreeBSD will do essentially everything | that Linux does as far as running software. For your examples, | yes. | pid_0 wrote: | pjmlp wrote: | I guess calling POSIX modern is a point of view, unless a | language runtime is bound to Linux specific syscalls, any UNIX | like OS will run "modern" web backends. | | From that point of view, you can even do "modern" web backends | on IBM and Unisys mainframes, using their POSIX environments. | | And yes, they do actually support everything on that list, by | the way, mainframes invented noSQL databases before SQL was a | thing, have a look on ISAM. | trasz wrote: | Very, very few things depend on Linux-specific syscalls. | There are two reasons for this: first, they are unportable, | so you need another code path for everything !Linux anyway, | and even when you only care about Linux you can't assume | those syscalls are available, because you first need to get | them into the kernel, then into glibc, which is a separate | project, and then you need to ship them in the distro, which | in some cases (RHEL) means either waiting half a decade or | porting it to a kernel half a decade old. | | And no, there aren't many things you can run on z/OS POSIX | environment, because it fails to support absolutely basic | things, like fork(2). | | >mainframes invented noSQL databases before SQL was a thing | | I'm not sure about this; structured storage was popular | before Unix made flat files common, but there was a | fundamental flaw in how it was implemented: it was all in the | kernel, not on top of it. | pjmlp wrote: | Who said anything about z/OS? There are other mainframes to | chose from. | | In any case, in what concerns "modern" Web development, | z/OS has you covered, | | https://www.ibm.com/products/open-enterprise-sdk-go-zos | | https://www.ibm.com/support/pages/java-sdk-products-zos | | https://www.ibm.com/products/sdk-nodejs-compiler-zos | trasz wrote: | What mainframes are still alive, apart from | z/Architecture? | | As for "modern Web development" - not really; it's a bit | like running Apache and MySQL on Windows 98 - yes, you | technically could, but you probably don't want to. Have | you heard of anyone wilfully choosing to use mainframes | instead of some Unix over the past two decades? | tomc1985 wrote: | Haven't tried Mono, Node, or anything NoSQL, but Java, Ruby, | and Postgres all run pretty well. It is runtime-compatibile | with Linux executables and you can even install a linux distro | in a jail | | https://forums.freebsd.org/threads/setting-up-a-debian-linux... | tester756 wrote: | here people mess with FreeBSD afaik: | | Building the .NET Core SDK on FreeBSD | | https://github.com/dotnet/source-build/issues/1139 | ArrayBoundCheck wrote: | AFAIK I and most people can't run it due to freebsd not | supporting our hardware. Does it support intel wifi and GPUs? | (I'm using an amd GPU). Can I run netflix or prime and get 1080 | resolution? (note on linux I need to use a addon to achieve this) | trasz wrote: | Yes, it does support Intel WiFi and GPUs, and in some cases | (all GPUs, more and more WiFi) it uses code borrowed from | Linux. For Netflix you'll need to run Linux Chromium or Firefox | using linux(4) | (https://docs.freebsd.org/en/books/handbook/linuxemu/), because | of widevine. | rvz wrote: | It is not early days anymore and we have given it a quarter of a | century for these _' alternatives'_ OSes to do something on the | desktop and it is still plagued with issues for just simple | desktop usage. | | This list of reasons here makes it easy for me and others to | choose _neither_ and tell users to just stick with either Windows | or macOS (which macOS is a BSD Unix, but the users don 't care | and they should not). | | Both FreeBSD and the trillions of GNU/Linux distros are _still_ | not ready for a simple desktop usage. | | This is even before mentioning the in-fighting on swapping out | system components like desktop environments, windowing systems, | init systems, service, etc. | claudiojulio wrote: | https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice... | itvision wrote: | > Technical reasons to choose FreeBSD over GNU/Linux | | On the server/router maybe. For IT pros maybe. | | The desktop is a whole different matter. | oleleo wrote: | sgt wrote: | On the desktop, Linux is going to be challenging anyway. Many | people love that challenge and make it work, and that's cool. | But my point is that if you can make it work on desktop Linux | you will make it work on FreeBSD as well, given some decent | skill. | loeg wrote: | > But my point is that if you can make it work on desktop | Linux you will make it work on FreeBSD as well, given some | decent skill. | | As someone who has run Linux and FreeBSD desktops for years | -- no, Linux on the desktop is actually quite a bit better | and easier to use than FreeBSD. | gtirloni wrote: | _> Linux on the desktop is actually quite a bit better and | easier to use than FreeBSD._ | | As someone who actually started learning *NIX on BSDs and | later switched to Linux, I think "quite a bit better and | easier" is an understatement. I tried the latest FreeBSD | last year on a not so recent Lenovo laptop and it was a | horrible experience. | caslon wrote: | Desktop Linux is pretty comfortable and intuitive, actually. | There's no challenge involved. | sgt wrote: | A guy I know (relatively skilled) spent a whole week | setting up Linux on his laptop the other day. So I don't | think it's always as predictable as to say there's never a | challenge involved in 2022. | prmoustache wrote: | Not sure what do you want to prove with that anecdotal | point. I've seen coworkers spend a month or 2 with both | their new and old mac or windows laptops because they | weren't seeing the end of migrating their stuff from one | computer to another and setting up their dev environment. | | Some people are just bad at this. | trelane wrote: | He should try putting OSX on the hardware. Wouldn't even | _start_ to work. | | Clearly OSX is not ready for the desktop yet. | ooneeks wrote: | Just install Ubuntu if you quite literally cannot grasp | GNU/Linux. No, your "guy" is not "relatively skilled", | that's an absurd claim when it took an entire week | setting up Linux on a laptop. It has never, ever taken me | more than an hour or two with mainstream distros, or more | than 3 days max. for more complicated distros such as | Gentoo or Arch - but the system would be minimally | operational within a day, always. You would literally | have to one-finger press your keyboard whilst also | learning how to read for the first time simultaneously, | to make the install of Linux on a LAPTOP last a week. | caslon wrote: | "Relatively" seems like it's doing a lot of work there. | unethical_ban wrote: | I just installed Fedora 36 on my Thinkpad. It went pretty | smoothly. Single monitor, AMD CPU/iGPU. | | There are a few gripes about the discoverability of the | keyboard shortcuts. Unity was good with this, holding | down the Win/Meta key showed all the DE shortcuts. | | Also, there is not an easy way to change certain settings | (like system font!) without installing an obscure package | "Tweaks" that should be built into the system settings. | sgt wrote: | Can you quickly try and connect to my 4K 60Hz monitor | without the whole room breaking into laughter? | ooneeks wrote: | Have you not ever used a Linux distro? I haven't had an | issue with monitors since before Ubuntu 8. Seems | ridiculous you're going to claim that Linux, which | dominates the phone/handheld industry, would have issues | in regards to using high resolution/high DPI monitors | along with lower spec ones concurrently. I think of all | OS's, my bet would probably be that this is a way bigger | issue on Windows than on Linux or Mac. | caslon wrote: | Anecdotally, as a user of a different distribution and | desktop environment, yes. Just Works. | sgt wrote: | If that's true then there's been substantial improvements | on that front recently (which is good). As I recall, that | was a tricky problem since your laptop screen likely runs | another resolution, different DPI, etc so connecting to | an additional screen makes things go haywire. | caslon wrote: | That's only with Wayland. If you don't use Wayland, the | situation has been fine for a decade. | iasay wrote: | macOS is a fine Unix desktop to drive your FreeBSD servers | from... | awuji wrote: | I have been daily driving FreeBSD as a desktop since the last | time this article was posted and I love it. It is super | consistent and reliable, and after I got it set up, I don't | have to worry about anything breaking. I can easily use it | daily for coding and web browsing, and it feels as smooth and | fast as a Linux setup on the same hardware. | | That said, I still have a Linux system for things like gaming, | Cuda, and containers. Though, as I never have time to game | anyways, I could just use the Linux system as a server. | | But, I've used Linux for 10+ years and it only started annoying | me recently so I may also get frustrated with freeBSD | eventually. ___________________________________________________________________ (page generated 2022-08-06 23:00 UTC)