I really like NetBSD and OpenBSD, though I do occasionally boot into FreeBSD and Dragonfly. I actually like all the BSDs.
NetBSD
The reason I like NetBSD is because of the Veriexec subsystem and its exploit-mitigation features...from the security manpage:
Quote:
NetBSD provides the following exploit mitigation features:
- PaX ASLR (Address Space Layout Randomization).
- PaX MPROTECT (mprotect(2) restrictions)
- PaX SegvGuard
- gcc(1) stack-smashing protection (SSP)
- bounds checked libc functions (FORTIFY_SOURCE)
- Protections against NULL pointer dereferences
|
I also like the some of the ipfilter facilities though I am a bit new to it. Also the fact that you can cross-build NetBSD on other architectures using the build.sh script.
**The cpu-scaling sysctl facilities are REALLY nice for my laptop:
Quote:
|
sysctl -w machdep.est.freq.target=XXXX
|
OpenBSD
In short, PF and Altq built-in...Wow! Also it has a very clean, functional feel to it. I really like the systrace system call facility and was a bit sad to see systrace leave NetBSD. I also like the sensord I think it's called though I have yet to implement it...
FreeBSD
FreeBSD feels a lot more "massive" to me than the other BSDs somehow...perhaps it is because there is a much larger user-base than in the other distributions and therefore constantly has developers sharing their work. In fact, there was recently an article I read (I forget where) which said FreeBSD is indeed a very fast-moving target which I agree is true.
I really like the sysctl tcp and udp "blackhole" features, and really want to wrap my head around the ipfw and dummynet facilities as well. ipfw is such a massive thing however but for a general-purpose firewall, is made really easy via the /etc/rc.firewall built-in scripts. In other words, I like how you can define rc.conf variables for the firewall (ipfw) and get a basic working setup in no time!
The ACL features are nice too, and for FreeBSD 9, there is supposed to be the Capsicum extensions incorporated into the mainline.
**FreeBSD also has cpu-scaling which is usually more fine-grained than that found in NetBSD:
Quote:
|
sysctl dev.cpu.0.freq=XXXX
|
Dragonfly
I really like Hammer and think that the way you can define different firewall setups for ip4 and ipv6 is very cool...all again from /etc/rc.conf! Though it's said Dragonfly is more of a clustering platform, I have yet to work with those facilities myself due to lack of hardware : P
Other than that, it feels a lot like FreeBSD obviously because it's branched from an older release (5.X I think). The virtualization feature where you can run a kernel in userspace is cool too (I think I described that correctly).
OpenSuse
I started out with Linux and like others tried a thousand distributions. I think out of all the Linux systems, Opensuse is to me, one of the most stable and additionally has a well-thought-out design. I have had an account at susestudio.com for nearly two years and there you can design custom distributions/appliances etc with an opensuse or suse-based solution. I ALWAYS however, come back to BSD systems for building appliances etc. It just feels as if I have more control when building from the ground-up.
But for Linux, I think it is good.