|
|
|||
FreeBSD 10.3 vs OpenBSD 6.0
Hi Experts,
I know there is a gazillion other pages, threads and articles on this topic - I've read them all. However, most (if not all) of them are outdated - meaning they don't compare FreeBSD 10.3 to OpenBSD 6.0. Could you please tell me what is the difference between those two systems - especially regarding security? E.g. about the PF implementation, anit-exploitation mechanism, pledge() ... and many many other security-related topics. I asked this question on FreeBSD forum and I got some really interesting answers. They also encouraged me to ask you guys the same questions and it's a good idea. I'd love to hear your opinion on this. |
|
||||
FreeBSD - focus on all round features and performance
OpenBSD - focus on security and proper implementation For FreeBSD You have features like GELI, ZFS, Boot Environments, Jails, Virtualbox, Capsicum, GEOM Framework, PKGng, Bhyve, Nvidia Binary Drivers, ... For OpenBSD You have features like Pledge, VMM, Encrypted SWAP by Default, Newer PF, ... For some people suspend/resume works better on OpenBSD, for some on FreeBSD. If You need modern storage or virtualization, You use FreeBSD. If You are already profficent in FreeBSD, then why use OpenBSD? Newer PF or some ALIX box that OpenBSD may run better then FreeBSD, or SUN SPARC T1000 which is not supported by FreeBSD, or for home router/wifi/switch/firewall, but for today multicore CPUs and tens of gigabytes of RAM and terabytes of storage with multiple disks I do not see a place for OpenBSD. When OpenBSD developers will adapt HAMMER or HAMMER2 filesystem from DragonflyBSD and VMM would be usable to run Windows in it, then I COULD change my mind, but for now, besides some VERY specific needs, I would run FreeBSD, but thats me. Decide for Your own. Regards, vermaden
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
||||
Quote:
I saw the same question posted last week on Reddit, either /r/bsd or /r/openbsd. Hopefully, everyone who responds technically gets partial credit hours. |
|
||||
Quote:
I know what I don't like about OpenBSD and FreeBSD because I've used them. Likewise, I know what I do like about OpenBSD and FreeBSD because I've used them. It's the only way to know for certain if something meets your needs.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice. |
|
|||
On my x61s, OBSD as improved in performance compared to 5.7. With 6.1 promises it is time to reconsider the debian wheezy <-> OBSD switch.
OK! Let's go noob-technical! My opinion as a not so experienced (but biased) OpenBSD desktop user: -Performance: FBSD felt more responsive than OBSD around 10.1 vs 5.7. Now 6.0 feels fine on my x61s (with softdep in fstab). -Hardware compliant: On my thinkpad, OBSD is just fine. FBSD couldn't suspend/resume, backlight did'nt work etc... Maybe 11.x will improve? OBSD is NOT a features-OS, it won't follow every last chips. 3-4+ years-old non-nvidia thinkpads are your best bet but there are people currently hacking on chromebooks, HPs, etc... For nvidia, go FBSD. -ease of setup/use: OBSD wins here. For example: I couldn't shutdown/restart/suspend/hibernate with xfce. No worry, I opened the pkg_readme and spent 15sec finding the answer. Problem solved. FBSD handbook is cool but I couldn't find my way as easily as I do in OBSD. A Linux desktop feel even messier compare to the BSDs. OpenBSD has an oustanding audio stack/server (an audio server!! who would have guessed?). httpd was easily set up too. Compared to Android where I will never figure out how to re-enable UMS or had to hack my through making my app able to write on sdcard. -security: Can't speak much here, I have never been hacked (I guess) or run sensible system. First, are you planning to use only base or base+ports+3rd party+etc... Security-wise OBSD's base seems a very safe bet considering the care given to the designs and implementations. I never mustered the courage to configure sudo but I feel confident with doas hence less miss-configurations. The code is maintained (read the reports of hackathlon on undeadly.org), the devs pay attention to details. As soon as you build up your system with ports, you are doing compromises. Do you trust firefox? Are you sure the last vulnerability is patched in the port? Basically your system is as weak as your weakest port I suppose. So FBSD ports vs OBSD ports? Or maybe sandboxing (FBSD jails, linux sandboxing) vs OBSD pledge()&co (the most popular ports are being pledged) ? Is sandboxing a testing/developpement tool or a security mechanism? With 3rd party software, the security question is less obvious. Your call... For me it's OBSD+xfce+firefox+vlc and the likes. -community: Both seems fine. I like Tedu' blog (doas basics in a blog post), bsdnow or undeadly.org for news. About the leadership, here, I believe a benevolant dictatorship makes more sense than a democracy. OBSD focus seems more defined than FBSD. tl;dr Write down your needs. Try both. Get an opinion. P.S: PF is more advanced in OBSD obviously and its SMP perfs is catching up FBSD. About pledge, I suggest you listen to Theo making a comparison of security mitigation https://www.youtube.com/watch?v=a_EYdzGyNWs Very instructing. Last edited by Funkygoby; 14th September 2016 at 08:30 PM. Reason: typo, grammar, non-sense |
|
|||
+1
Empirical testing is the best answer beiroot can get. Testing both systems will reveal one's real priorities, & show which project will meet these needs. |
|
|||
Some people need software not available natively for *BSD, but available for Gnu/Linux. In this case they can dualboot, but if they use FreeBSD they also can use binary compatibility with Linux. Linux compat was updated in FreeBSD in recent releases.
If you mind FreeBSD-like system and security there is HardenedBSD, but I don't know if said compat layer works there. I use OpenBSD, because I like simplicity and I think it is quite secure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 16th September 2016 at 10:15 AM. |
|
|||
Oh good lord! I thought this thread was dead! Why have I not received any notifications?!
Thanks a lot for all your answers and suggestions. I'm currently running Free and OpenBSD on my VMs and playing with them merciless. So far I feel I have too little experience to discuss details but the overall security is the reason why I'm trying/comparing these two BSDs. Just a theoretical question. Are there any ongoing security research in those systems? Any particular topics being investigated? I'm also thinking about setting up OpenBSD on my old Toshiba netbook just to see how it manages as a desktop. From what I've read OpenBSD developers use it as their desktop (while FreeBSD don't - true?). If yes that would be a sign of OBSD true devotion) Is OpenBSD smooth for everyday use? I've heard there are annoying things Like lack of flash (which I know can be a blessing) etc. Any others? I heard OBSD+ThinkPad makes a nice couple. I'll see with my Toshiba anyway. |
|
|||
Quote:
http://www.openbsd.org/goals.html ...but plans for implementing specific features, & their priorities are not publicly stated. Having said that, readers of the misc@ & tech@ mailing lists can see what is being publicly discussed & surmise the immediate direction. Information on subscribing to the mailing lists can be found at: http://www.openbsd.org/mail.html Quote:
|
|
|||
Smooth is subjective term.
Firefox runs slower than in Gnu/Linux, but for me smooth enough. You can watch Youtube. If you have GPU which is supported by drivers in OpenBSD you can watch HD movies (at least 720p and 1080p) using mpv. It shouldn't stress yours CPU too much. Editing 10 pages documents inside LibreOffice Writer is smooth. Browsing PDFs using Evince is smooth.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 19th September 2016 at 06:17 PM. Reason: Added picture |
|
|||
Thanks Funkygoby for a thorough answer and additional links.
Thanks vermaden for feature comparison and miło spotkać rodaka na obcej ziemi Thanks ocicat for the links and some introduction. I'll definitely look more into it - especially the mailing lists. Thanks e1-531g for the table you attached - it's a nice graphical summary of the question I asked in the first post. Looking at the date in the link - is it up to date? Meaning state form OBSD 6.0 vs. FBSD 10.3? Last edited by beiroot; 20th September 2016 at 12:40 PM. Reason: credits to all those who deserved them |
|
||||
Quote:
Note that Linux also ticks a bunch of these boxes − and has for years. FreeBSD is really lagging behind here.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
||||
Welcome, wzajemnie
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FreeBSD user going to try OpenBSD | Trihexagonal | OpenBSD Packages and Ports | 5 | 27th May 2012 08:55 PM |
Mac Mini - OpenBSD or FreeBSD | roddierod | OpenBSD Installation and Upgrading | 22 | 17th May 2012 05:08 PM |
Installing FreeBSD on an OpenBSD disk | Carpetsmoker | FreeBSD Installation and Upgrading | 1 | 26th January 2010 10:28 AM |
Ipsec freebsd openbsd failure | kasse | OpenBSD General | 3 | 31st December 2008 01:42 AM |
which Flash Drive I must buy for FreeBSD and OpenBSD | mfaridi | General Hardware | 18 | 22nd October 2008 07:43 PM |