|
by Georges Tarbouriech <gt(at)linuxfocus.org> About the author: Georges is a long time Unix user. He likes the free BSD variants of this great system. |
Free Unix: the BSD one(s)Abstract:
The genealogy of Unix is a bit complex. Through the time, more and more branches have been added to the tree. Today, there are two main families: BSD and System V. The BSD branch provides various versions of free Unixes. Each one has its own specificities giving the users a wide choice. Let us try to make a small review of these great OSes. |
BSD stands for Berkeley Software Distribution. The name first appeared in 1977
when searchers in Berkeley started providing source code to companies owning AT&T licenses.
That is, the goal was to improve AT&T V6 (and V7 a bit later) code and features.
This first work was called 1BSD, the second 2BSD. From there, we already have a
second branch: one keeps improving AT&T code up to the last version, V10, and it
is numbered 2.7, 2.8, 2.9 till 2.11, while the other start from 3BSD and
evolves to 4.0, 4.1 till 4.4 which is the present one. This second branch is the
one trying to create a full system free of AT&T code. 4.4BSD is the first
distribution without AT&T code. The Alpha version appears in 1992 and the final
one in 1993.
However, starting from version 4.3, we have a few more branches: 4.3BSD Tahoe,
4.3BSD Net/1, 4.3BSD Reno and 4.3BSD Net/2, beginning in 1988 for the first one till
1991 for the latest.
1991 is the year of the first attempt to port BSD to 386 CPUs
called BSD/386 and it is the work of Berkeley Software Design, Inc. 386BSD
appears in 1992 and it is the starting point of the free versions of BSD.
NetBSD 0.8 appears at the beginning of 1993 and FreeBSD at the end of the same
year. 1994 sees the birth of BSD Lite and this last becomes the base for future
free versions of both NetBSD and FreeBSD. At the same time, BSD/386 becomes
BSD/OS.
In 1996 OpenBSD releases its first version called OpenBSD 2.0 and in 1997, Apple
releases Rhapsody.
This is a rather short abstract and I hope I did not make a mistake!
If you want to know the whole story, just have a look
at ftp://ftp.freebsd.org/pub/FreeBSD/branches/-current/src/share/misc/bsd-family-tree
At the time of this writing, the current stable versions are: 4.7 for FreeBSD,
1.6 for NetBSD and 3.2 for OpenBSD.
Since LinuxFocus has already published an article about FreeBSD, we will not spend too
much time on this one. You can read it following this link.
To make it short, we can say FreeBSD is simple and tidy. It is easy to install
and easy to configure. The documentation is very well organized and will really help
the newcomer. Furthermore, it is available in various languages.
FreeBSD provides the users with tons of applications in every category.
However, networking and security are one of the strong points of this system.
IPv6 (standard under FreeBSD) and IPSec
allows the administrator to easily manage a Virtual Private Network. The KAME project has done a very great job providing
us with great tunneling features.
Many security tools are part of the base system: firewalls, proxies, cryptography,
port scanners, etc. For instance, you can choose between two packet filtering
programs: ipfw and IPFilter. Of course, they are not active by default and you will
have to reconfigure and recompile your kernel.
As already said in the above mentioned article, FreeBSD runs on Intel and Alpha
CPUs. It is a really fast system and the basic core is rather small in size. The memory
is very well managed and protected.
FreeBSD can be used in many different ways: as a home system, within a network
and obviously as a server. In this last case, FreeBSD is a very good friend
since it provides you with everything you need. For example, we did not mention
the jail which is a sort of improved chroot.
We must also mention the TrustedBSD project intended for security enhancement.
The result of this work will be integrated into FreeBSD.
Again, FreeBSD is a very great system deserving more than a try.
NetBSD is the absolute proof of the original Unix philosophy: "we do not care
about the processor". It is just unbelievable: NetBSD is able to run on more than
50 processors... and still counting!!! It can run on machines as "strange" as a Playstation or a
Dreamcast.
Just imagine the number of required drivers to make it possible. NetBSD is
probably one of the most impressive free software projects ever. I am not aware
of any other company (free or commercial) able to provide such a work.
However, NetBSD is able to run as well on very modern processors.
Like FreeBSD, it is a clean and simple system. It is also easy to install even
if it does not provide you with a GUI like it is the "fashion" with many Linux
distributions. It is easy to configure too and the documentation is really a
great one (also available in many languages). Since the number of supported
platforms is "rather" high, NetBSD provides specific documentation for each of
them. Another great job!
Software for NetBSD is available as packages and of course, as source code
archives. That is, you can download what you want from everywhere like you would
with Linux, for instance. There is an emulation system allowing binary compatibility with tons
of software. Commercial software is also available.
Again, like FreeBSD, a big effort has been made on networking and security.
NetBSD is also IPv6 compliant, for instance.
As a matter of fact, we can say NetBSD is very close to FreeBSD. Both share a
lot of code. The main difference comes from the number of available platforms.
NetBSD is the best solution if you want a free Unix for something else than an
Intel or Alpha machine (even if it can run on those). For instance, some SPARC
workstations are unable to run Linux: NetBSD does work on them. This allows you to use
such a workstation as a gateway, for example, instead of getting rid of it. This
is only an example, and you can do much more with NetBSD.
The above mentioned workstation, could also become a database server in a local
network. Why this example: because NetBSD does not require "racing" CPUs or
tons of resources.
As another example, I used NetBSD (1.0 and 1.1) on an Amiga 3000T with a
Motorola CPU 68030/25Mhz and 8 Mb of RAM (before adding 8 more Mb)... and it was
running X with a 2Mb graphic card!!! By the way, it never crashed ! Of course,
it was, may be, a bit slow when compared to current monsters.
Again, these examples do not mean NetBSD is only able to run on old pieces of
junk. It allows you to do the same as FreeBSD, that is using it as your home
system, adding it to an existing network or installing it as a trusted server on
very new computers, whatever the CPU make.
Once more, an excellentjob!
Obviously, this is a very short presentation and NetBSD deserves much more. Just
give it a try. Like most free Unix distributions, you can get it from NetBSD
website or you can buy a CDRom.
OpenBSD is the absolute reference when security is a concern. It is the first
Unix system to be released with security in mind.
If you need a highly secure server (and who does not need one ?), this is the
right system. Of course, I am not saying that the two previous ones are like
sieves or that most of the Linux distributions are full of vulnerabilities. I
just say, that OpenBSD is the very first one to provide you with a secure system
at first installation. The only equivalent I can mention is the Linux EnGarde
distribution, since the idea behind is the same one: security.
With OpenBSD, you get everything. All the security tools are available,
cryptography is really part of the system (the same team develops OpenSSH), and last but not
least, those people have done a lot to improve code auditing. This way, the
OpenBSD team contributed in discovering and correcting many Unix
vulnerabilities. This also includes security flaws in third-party software, for
the benefit of the Unix community (free or proprietary).
Furthermore, since OpenBSD comes from NetBSD, it can run on many more platforms
than the Intel or Alpha ones (of course, not so many as NetBSD!). At the moment
there are about ten platforms able to run OpenBSD.
The "secure by default" philosophy is something we were not used to before
OpenBSD appeared. None of the Unix editors thought that way (free or proprietary) and
they kept providing systems requiring much work (and some knowledge!) to harden
them. For instance, the idea of bringing the system up without any running daemons
by default has not yet been understood. For many editors, the idea seems to keep
as many running services as possible by default. Sometimes, you can have some of
the worst services up and running at startup time. "Things" like telnetd, rshd,
ftpd, etc, are on by default. Just incredible!
However, if most of the editors admit that OpenBSD is a model (sort of)... for
once, they do not try to "copy". At the moment, the free BSD family seems to be
the only one to have understood the problem. Thanks a lot to them!
Accordingly, if you need a very secure server, providing high availability, the
obvious choice is OpenBSD. Well, if you feel like using it at home, why not ?
And of course, it will be very easily integrated into your local network too.
Furthermore, if you check the way it works, you will learn much about security:
what to do, what to avoid, etc. And you then will be able to apply this to other
systems. The basics are always the same: the less active services, the better, the
less open ports, the better. Do not use, if you can (and you should!) protocols
or daemons transferring the data in clear text (including passwords). If you cannot avoid this
(come on!) then use a SSH tunnel to send or receive your data. Restrict
permissions on sensitive directories and files. Check SUID and SGID programs. And so on.
OpenBSD does all this work for you while, for example, many proprietary Unixes
activate by default a web server to read the online documentation!
Now you know where to find the right system for your servers ;-)
We should not forget to mention the core of Mac OS X at a time when Apple goes to Unix: Darwin. Darwin comes from 4.4BSD-Lite2 and uses a 3.0 Mach microkernel (initially
developed by Carnegie-Mellon university and enhanced by the OSF, now called The Open
Group). The present version is 6.0.1, while the kernel OS version found in Mac OS X 10.2 is 6.2.
As a matter of fact, FreeBSD has been the starting point of the Darwin
development. However NetBSD and OpenBSD have also been used in this development.
For example the integrated cryptography in Darwin comes from OpenBSD and so
for the unavoidable OpenSSH. Many commands and tools come from NetBSD.
The kernel is called XNU (yes, like another well known acronym) and it is made
of both Mach and BSD. Mach is in charge of memory management, IPC and messaging,
I/O kit (device drivers) while BSD manages users and permissions, networking
stack, VFS (virtual file system) and POSIX compatibility layer.
Accordingly, Darwin benefits from the work of the above mentioned BSDs. That is,
when a vulnerability has been found, Apple provides updates very soon after they
appeared in the free BSD community.
Let us also mention that like the free BSDs, Mac OS X is one the few Unixes to
come with no active services by default.
Of course, Darwin was first dedicated to Motorola PPC CPUs, but since Darwin is open
source, there is also an Intel version available from GNU-Darwin.
What is on top of Darwin, that is the beautiful Aqua interface, which is obviously not
open source. However, thanks to the free BSD community, Apple provides the most
user-friendly Unix ever. Sure, it then becomes a proprietary Unix, but it shows
the high quality of free BSD software. Furthermore, bringing Unix to the whole
world seems to me a very great idea. NeXT did the same 15 years ago but failed
(unfortunately). I really hope Mac OS X will succeed where its "father" did not.
Each entity of the free BSD family shares its works with the other ones. They
are really free in every meaning of the term. They are more secure by default than any
other Unix. They run on most of the available platforms. The distributions are
not "bloated" and the core system is rather small in size. They are able to run
most of the available software. And so on.
However, most of the proprietary Unixes are based on System V. They seem not to care
anymore about BSD. Nevertheless, they all have BSD compatibility packages and some
of them were first based on BSD.
Unfortunately, these proprietary Unixes are losing more and more market share.
Their policies look strange to me. All of them seem quite interested in Linux.
What do they expect? To sell it at the same price as their own system? I am
afraid that this will not work. Do they think of selling their machines
replacing their own system with
Linux? Very expensive in my opinion unless they sell low end computers, and in
that case, the Intel "solution" will be cheaper. And, in any way, how will they
compensate for the loss? Yes, I know the answer: selling services! How long
will this last? And what about their existing solutions? Will they want to
slowly replace them with the much cheaper Linux?
However, this year most of these companies have "fired" thousands of people!
Where does that lead to? To an every day stronger Microsoft hegemony... and to
more unemployed people. Very, very sad!
Of course, I am not saying that using BSD instead of System V would solve this
problem. I just do not understand the policy of those big makers. Neither do I understand why
they leave BSD if they are so interested in free Unix.
This may seem off-topic but it is not. Proprietary Unix needs free Unix... but
free Unix needs proprietary Unix. Each one gets something from each other. Most
proprietary Unix use free software one way or other, compilers for instance.
Free Unix benefits from what was given to the community by proprietary Unix. A
great example: OpenGL. Thanks to SGI.
This is a nice way to share and it creates an emulation. OpenBSD,
helps a lot in showing the way to more secure systems. OpenSSH
for instance, is available for most proprietary Unixes. As we already said, free
BSDs are very important to Apple. I cannot remember Apple caring much about security
before Mac OS X!
All this is to say that the Linux "fashion" is perverting many things. I like Linux
but I do not like its "evolution". I do not share the idea of "cloning" Windos
and its software. I do not agree with the fact the main distributions get bigger
and bigger... and more and more "commercial". I do not want a monopoly replacing another
one (which I do not believe, anyway!). For now, Microsoft does not really fear Linux or
other Unixes. The day the "danger" will become a reality, Microsoft has the power to
lock everything and particularly the Internet in a very short lapse of time. I know,
this may seem paranoid and I hope it will not happen, but... This said, do not
worry: I do not hold the truth and I am not fond of futurology.
We do need a real choice: the more OSes available, the better. Why talking
about "world domination"? Apart from Microsoft, who cares about it? What we
have to "fight" for is the freedom of choice. I know I already said so:-(
The free BSD family contributes a lot to this freedom. Those people keep sharing
and this leads to very great systems. Thanks a lot to all of them.
By the way, Mr. RMS you have not "recommended" to say GNU/FreeBSD or GNU/NetBSD or
GNU/OpenBSD (all right, we have GNU-Darwin!): did you forget about BSD like
the big Unix makers did, or is it that you find those people do not use "enough"
GNU software? Of course, I am joking, but freedom of speech also exists, at
least for now... and I do not feel like saying (or writing) GNU/Linux!
Aren't we living in a great time?
Under the following URLs you will find mirrors, download areas, documentation in various languages,
etc:
Webpages maintained by the LinuxFocus Editor team
© Georges Tarbouriech "some rights reserved" see linuxfocus.org/license/ http://www.LinuxFocus.org |
Translation information:
|
2005-01-14, generated by lfparser_pdf version 2.51