
DigitalOcean now supports FreeBSD - barium
https://www.digitalocean.com/company/blog/presenting-freebsd-how-we-made-it-happen/
======
TheDong
The fact that DO had to make this announcement at all is a sign that things
have gotten worse for VPSs.

Before, when a company provided Xen or Kvm, you generally would get to have
low-level access such as the ability to virtually connect to a serial port or
vnc session of your box as it booted. You also, typically, could provide your
own ISO images.

Even if you couldn't provide your own iso, being able to interact with the VPS
in the above way would allow you to use one of the provided disks and then
bootstrap the install of another (this is how I installed gentoo on many
providers that didn't "support" it)

DO's stance that you must use one of their images, you can't upload your own,
and you can't even use your own kernel (I'm not kidding! If you "sudo apt-get
update" to get a new kernel security update and reboot, DO will _IGNORE_ your
shiny new kernel because they hardcode the kernel as one they control. See
[0]).

This is terrible. We shouldn't be happy that they're adding FreeBSD to the
list of images they allow you to use, we should be showing, with our wallets,
that their restrictive setup that doesn't allow you to touch anything outside
of their tiny garden and exposes you to security issues is unacceptable. We
should be using other providers, like Linode, AWS, and GCE, all of which allow
bringing your own image in some form.

[0]: [https://digitalocean.uservoice.com/forums/136585-digital-
oce...](https://digitalocean.uservoice.com/forums/136585-digital-
ocean/suggestions/2814988-give-option-to-use-the-droplet-s-own-bootloader)

~~~
skrebbel
I assume you also complain about the availability of microwave meals? That'll
only become a problem when you can't buy raw fruits and vegetables anymore,
but I didn't see that happen. Likewise, you mention more customizable VPS
options in your post.

There's a market for everything. You don't understand my use case. My use case
is "I want to click a button and then I want to be able to `apt-get install
what-i-want` and then it should work. I don't even care whether it's Debian or
Ubuntu, as long as it has apt-get because that's all I understand.

Granted, maybe I shouldn't be running VPSes at all but hey, it works, and I
bet DO has many customers like me.

~~~
ownagefool
Part of his point is DO will ignore apt-get where kernels are involved. Sure,
it'll look like you're running the latest, but unless you undertake additional
steps, it'll be booting their kernel, not yours.

~~~
skrebbel
So? My whole point is that my Rails app will run on every kernel DO will ever
care to support.

If you want to do such low-level things as upgrade kernels, then maybe DO's
one-click-and- _poof_ -you're-running is less important to you than some other
features and DO isn't the best option for you.

~~~
mrkipling
Also, it's $5/mo. I'm sold (and have been for a year now). No complaints.

------
czk
Just deployed a FreeBSD droplet and I'm not sure if it's just because the host
network is busier than my other droplets, but I seem to be getting about half
the network performance that I can in a default linux droplet. They are using
Virtio, which is good since it doesn't require hardware emulation like the
E1XXX devices on KVM. I should probably use a better test than cachefly but
just wondering if theres any known tweaks/tips that should be done for FBSD on
KVM with virtio devices.

Disk performance is also lacking in comparison to the ubuntu droplet as shown
in the pastebin. Could just be because everyone's spinning up fbsd boxes on
this host? :)

[http://pastebin.com/raw.php?i=E8Q06XgM](http://pastebin.com/raw.php?i=E8Q06XgM)

~~~
atmosx
It's not only DO. I had to create a Linux VPS in order to run a Sinatra
application because when deployed on FreeBSD it took more than 60 seconds to
send a response to the remote API and the connection was timed out!

After performing some tests[2] I figure out that the problem was not FreeBSD
per se, but the FreeBSD deployment on the specific virtual server... I think
that *BSDs should be avoided because they tend to be a lot slower than linux
deployments on virtual machines.

[1] [http://www.transip.eu](http://www.transip.eu)

[2]
[https://gist.github.com/atmosx/14efea27eb2c1e38af09/](https://gist.github.com/atmosx/14efea27eb2c1e38af09/)

~~~
mst
> I think that *BSDs should be avoided because they tend to be a lot slower
> than linux deployments on virtual machines.

Many virtualisation providers don't support it properly, but "should be
avoided because my suppliers are stupid" is a terrible plan.

------
JeremyMorgan
Smart move. I will definitely be spinning up some FreeBSD droplets. This will
attract people like me who enjoy building lean and mean BSD servers, and give
people an alternative to Linux if they choose.

Nice work Digital Ocean, love the way you folks keep pushing forward. Need
some tutorials written?

~~~
Teichopsia
If you take requests?

After reading the tut on HN the day before on how to be your own vpn provider
with openbsd [1] I started to search for a tutorial that was either openbsd or
freebsd with softether without much luck. I was about to do an instance of
debian & softether.

Perhaps my comment would be better served in another way. I'm new at this and
have no idea what I'm doing. :) How can I go about from setting a vpn server
with a webpage for paying customers?

I'm looking at it more like a learning experience than to make it into a
business, but if it works great. Could you or someone point me into the right
direction into what needs to be read for each step of the way? I have very
little linux experience, non in bsd and a little in python.

Thanks in advance.

[1] [http://networkfilter.blogspot.com/](http://networkfilter.blogspot.com/)

------
xhrpost
As a web developer who knows enough Linux to do minimum dev-ops, could anyone
recommend some things worth playing around with in FreeBSD? Like "do this and
see how easy it is vs Ubuntu!". Or are the gains more long term like better
stability?

~~~
atmosx
Yes. From my experience:

* PF (default on OpenBSD, a fork exists on FreeBSD) configuration is way more human-readable than iptables. Makes a lot easier to create custom complex rulesets.

* Documentation is much cleaner on FreeBSD (or OpenBSD) compared to GNU/Linux. Again helps you deploy complex solutions easily.

* The upgrade process (using ports or pkg) is well documented, easy to execute[1].

* ZFS makes FreeBSD a very solid file server

So, other than specific software, a clean approach on how start/stop services,
where goes what, etc. I don't see any other reason for someone to switch from
Linux to BSD.

However, given my experience ruby (I'm a ruby programmer) under-performs on
FreeBSD VPSs compared to Linux VPSs while on bare metal doesn't. There are
reports citing NetBSD as fastest ruby bare-metal OS. But again, differences
shouldn't be all that much between BSD and Linux deployments in bare metal to
justify a switch on VPSs though, if deploy ruby apps, I'd say stick with
Linux.

[1] Hm. It's easy to execute if you are not afraid to read some extra
documentation. But once you get the hand of it, it's really a breeze, never
had serious issues with FreeBSD in ~3 years.

~~~
oscargrouch
\+ Dtrace

\+ Jails

\+ Capsicum [1]

\+ Netmap [2]

\+ Most performing network stack

\+ Resource Management (pretty low memory usage)

\+ The userspace tools come with the source (no GNU/Linux duality)

\+ Clang/LLVM as default compiler stack

[1] -
[https://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4](https://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4)

[2] -
[https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4](https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4)

~~~
thiagowfx
I never understood the main differences between jails and chroots. Would you
be willing to explain?

~~~
bespoke_engnr
FreeBSD jails are like a really mature, full-featured version of LXC as
opposed to "just a chroot". In addition to being chroot that provides _real_
filesystem isolation without many of the security issues of a Linux chroot, it
also has CPU and memory limits, disk quotas, network isolation, root privilege
isolation, all the magical ZFS goodness (provided you're running the jail on
ZFS). It's really, really nice.

This is a pretty good overview: [https://en.wikipedia.org/wiki/Operating-
system-level_virtual...](https://en.wikipedia.org/wiki/Operating-system-
level_virtualization)

------
phillc73
While this is great news, BSD support is currently the second most widely
requested enhancement to the Digital Ocean service.[1]

I wonder if we'll now see additional storage addressed soon?

[1]
[https://digitalocean.uservoice.com/forums/136585-digitalocea...](https://digitalocean.uservoice.com/forums/136585-digitalocean/filters/top)

Edit: I've had this theme bookmarked for ages, now might be the time to build
it! [http://daemon-notes.com/articles/desktop/example](http://daemon-
notes.com/articles/desktop/example)

~~~
icelancer
They have a bunch of stuff that was "planned" for Q1 2014 (separate hardware
for master/slave setups) that aren't even close to shipping. Pretty
frustrating. I like Digital Ocean and I use them in production for some apps
but it's very hard to take their techops team seriously when they are missing
deadlines by 12-18 months or more without regular updates. It's pretty
unprofessional.

~~~
samgimbel
Hey there, Sam here from the DO Product team.

You're right, we dropped the ball on UserVoice. There aren't any excuses to be
made. I know it's a lot to ask, but please trust that going forward we will be
much more transparent through UserVoice & elsewhere. We'll also be much more
intentional in communicating our priorities through that medium, as this seems
to be at the root of the concern about missing deadlines.

Again, no excuses, we're sorry we let you down, and we're going to get it
right going forward.

Cheers!

~~~
icelancer
Do you have a timetable on when tickets and announcements will be set up?
There are outstanding issues with hundreds/thousands of votes with zero
updates, and promises made 12 months ago with no progress. I've heard DO reps
in the past say they were going to update things but lack of follow-up is
always what happened.

I think I speak for a lot of DO users who have to rely on AWS/Linode for
larger clients that we'd move more infrastructure over to larger plans if we
could just get better ops timelines. Your support for servers has been nothing
short of great in my experience, but no timelines and no communication on
stuff as important as retaining IPs and uploading custom ISOs (both available
on cheap $5 VPS providers that are nobodies on LowEndBox) is really
frustrating.

~~~
samgimbel
The biggest mistake we've made previously was promising dates where none
really existed. We don't have concrete dates for you. When we do, and _only_
when we do, we'll update those UserVoice items. Bear with us, it won't be long
before I have more for you.

------
weavie
I am very intrigued by BSD as it comes highly recommended here. I just need an
excuse to dip my toes.

I need to set up a nginx -> nodejs server for a project soon. Given I have set
up a number of linux servers without trouble, how much of a struggle would it
be to just use BSD for this new project? Would it be worth holding off and
just messing about in a VM, or would my linux experience just transfer
directly to setting up on FreeBSD?

~~~
sneak
You're still using the 2005 sysadminning model of instances/hosts running
services. Use elastic beanstalk or similar to pop up a layer of abstraction to
"app". Your time is finite.

~~~
woodman
> or similar

Is this alternative method another SaaS with a different API and performance
characteristics? That takes time as well, in addition to the vendor lock-in.
BTW, stacking abstraction x infinity is what causes systems to be bloated,
unreliable security risks. Time spent gaining a greater understand of
components on layers below the level of the stack you're operating on is time
well spent, you'll be a better developer for it.

------
swills
There does seem to be one part of their announcement that's a bit off:

    
    
      While similar to other open source unix-like operating systems, it’s unique in that the development of both its kernel and user space utilities are managed by the same core team, ensuring consistent development standards across the project.
    

Wouldn't it be Linux that would be unique in that they don't do this? Solaris,
AIX, HP-UX, all the BSDs, Mac OS X (which is certified Unix) does this as
well. Correct me if I'm wrong here.

~~~
isaacdl
AFAIK, AIX, HP-UX, and Mac OS X are not open source (I'm only positive about
OS X)

~~~
Igglyboo
OS X is mostly open source, the big thing that isn't is XQuartz IIRC.

------
_nickwhite
In case someone missed it: The header graphic in this article is a great
homage to Beastie, the (original?) FreeBSD mascot, analogous to the Tux Linux
penguin:
[http://en.wikipedia.org/wiki/BSD_Daemon](http://en.wikipedia.org/wiki/BSD_Daemon)

------
wtbob
Great news! I'm personally looking forward to OpenBSD, but now that this is
done I bet that will be a cinch.

~~~
subliminalpanda
You might want to check out vultr.com. They don't directly support OpenBSD,
but allow you to install an OS an a VM instance with an ISO image, either by
you supplying it or they'll pull it for you through an ftp or http link. Their
pricing is similar to DO.

I managed to get an instance running without too much trouble.

(I do not work for vultr, or affiliated in any way).

~~~
easytiger
I use vultr too and find them pretty good if very slightly pricey

~~~
ochoseis
Is there anything like
[http://serverbear.com/compare/vps](http://serverbear.com/compare/vps) that
lets you browse OS's offered by various providers?

Also wondering how reliable Vultr's been for you guys.

------
IgorPartola
And yet, still no universal support for IPv6, and the droplets that do get it
only get 16 addresses. Yes, I am going to complain every time DO comes up in
the news until this is fixed.

~~~
zachberger
Pardon my naivety, but why do you need more than 16 addresses per droplet?

~~~
IgorPartola
Here is a good explanation: [http://etherealmind.com/allocating-64-wasteful-
ipv6-not/](http://etherealmind.com/allocating-64-wasteful-ipv6-not/).

~~~
quasse
Whoever wrote this doesn't seem to quite understand how bit math works.

 _" IPv6 addresses are 128 bits long, compared to 32 bits long for IPv4. In
other words, IPv6 addresses are 296 times more numerous than IPv4 addresses."_

IPv6 addresses are actually 2^128/2^32 or 7.9e+28 times more numerous than
IPv4, which would strengthen the argument that it's hard to be "wasteful" with
them in the way described.

~~~
grahamedgecombe
I get the impression that 296 is meant to be 2^96, which is exactly the same
as your figure.

------
mrbigidea
One small step for man, one giant leap toward a PFSense VM in the DigitalOcean
cloud.

~~~
pyvpx
what will you do with a pfSense VM on DO?

~~~
hueving
You could connect all of your VMs to it via ipsec or openvpn and have your own
little private network.

~~~
kchoudhu
Unfortunately, you can't. IPSEC isn't enabled by default in the FreeBSD
kernel.

~~~
bitcrusher
Yes, but you can use custom kernels with FreeBSD on DO. In the comments:

"FreeBSD droplets do allow you to customize your kernel. Unlike other droplets
these boot from the kernel within their filesystem. This is the reason that
FreeBSD is not available in NYC1, NYC2, and AMS1 as these regions do not yet
support this option."

------
edwinnathaniel
EXCELLENT!

Thank you very very much for supporting FreeBSD!

~~~
swills
Agreed, this is really great news, I'm trying it out now.

------
ghc
Finally, finally, finally! I've been waiting for either DO or Linode to offer
this since forever. Now the only thing left on my wishlist is OpenBSD support.

~~~
keidian
Linode doesn't (last i checked anyway) officially support FreeBSD but people
were doing it years ago in the irc channel when I used to hang out there

------
pellaeon
As one of the authors of bsd-cloudinit, it's super cool to see the project
being used by other people.

[http://pellaeon.github.io/bsd-cloudinit/](http://pellaeon.github.io/bsd-
cloudinit/)

------
pyvpx
I'm wondering what the chances of any other BSD being supported are...?
Dragonfly? Open? ...Net? :)

edit: after actually reading TFA, it seems unlikely. Well, it seems like
Dragonfly is most likely, if any others.

~~~
andrewsomething
Depending on demand, adding other BSD variants is certainly a possibility. We
had to start somewhere, and the FreeBSD community has been very vocal about
wanting to see this happen. This is the first non-Linux OS we've decided to
support, so we're excited to get feedback on it.

~~~
barkingcat
Thanks! I'm a long time FreeBSD vps user. It'd be great to check if DO
droplets can support CARP failover within the same datacentre, and then expand
to be able to do this across datacentres.

[https://www.freebsd.org/doc/handbook/carp.html](https://www.freebsd.org/doc/handbook/carp.html)

My use cases so far haven't involved CARP but I'd like to start experimenting
with that!

~~~
wcfields
Any recommendations of other BSD VPS providers?

~~~
kiike
RootBSD [1] has been around for quite a while. I personally use fileMEDIA [2]
and LunaNode. fileMEDIA provides a set of isos, among which you can find
FreeBSD, OpenBSD and DragonflyBSD (i personally requested them the DFBSD one).
On LunaNode you can upload any ISO image or qcow2 file you'd like.

1: [http://www.rootbsd.net](http://www.rootbsd.net) 2:
[http://www.filemedia.de](http://www.filemedia.de) 3:
[http://www.lunanode.com](http://www.lunanode.com)

------
zzzcpan
Just created a droplet and sadly, it is 10.1 amd64 only. Won't be very useful
on low-memory VMs. I hope they add i386 too.

EDIT: Anyone cares to explain downvotes?

~~~
xenophonf
What's your idea of a low-memory virtual machine? For test purposes I'm
running FreeBSD/amd64 under Hyper-V in 128-MB RAM without any problems,
although it is using around 32-MB of encrypted swap. That includes the Salt
minion, Postfix, and an untuned static Apache 2.4 installation. Of course,
it's much more comfortable in 256-MB RAM with around 44-MB RAM free according
to top, and of course that's workload-dependent (e.g., my mail relay running
amavisd-new and ClamAV wants 1.5-GB RAM after loading all of the spam and
virus signatures). I could definitely see wanting to run FreeBSD in 128-MB or
less RAM, but I'm very curious about your specific workloads. (It's the
gearhead equivalent of wanting to look under the other guy's hood. If you're
doing something cool, I want to hear about it!)

P.S. Hyper-V will let me go as low as 32-MB RAM, so thanks to you I'm keen to
try out different operating system installs (and workloads) in low-memory
environments.

P.P.S. Upvoted parent - I think the parent comment contributes to the
discussion, even though I would personally love to see commenter go into more
detail.

~~~
zzzcpan
I used to run a typical apache/mysql/php/perl stack on amd64 image on 512 MB
VM. Actually, I run many things in very tight memory environments on FreeBSD,
there is always significantly more room on i386 (in comparison to amd64).

------
cnst
Do they support IPv6? The IPv6 link from their list of features page just
links to their blog entry about Singapore.

What kind of IPv6 allocation do they provide?

~~~
gergles
Yes, in most regions. The allocation is an incredibly stingy 16 addresses.

------
ketralnis
I've been using Vultr.com for this for a while and they're pretty nice.
Slightly cheaper, promises that they don't oversell their servers, and they've
had FreeBSD for long enough to have got the kinks out.

They also let you just upload an ISO and install any OS you like from there,
which is handy for non-default FreeBSD configurations like ZFS-on-root

------
barkingcat
BOOM - time for me to spin up more of these!

------
filmgirlcw
This is great news, thanks DO!

------
aurelien
A service that is a bit ugly, here is what I feel about, you register, you
give your credit card, and you just don't know how it will cost. That point is
just bad and make me feel that will cost an eye.

~~~
lcmatt
Don't know how much it will cost?

The price you see in the huge font is the price you'll pay at the end of the
month...

------
neumino
Nice, but I wish they didn't deprecate Archlinux though :/

~~~
wcchandler
Couldn't you do a bootstrapped install if you really wanted it?

[https://wiki.archlinux.org/index.php/Install_from_existing_L...](https://wiki.archlinux.org/index.php/Install_from_existing_Linux)

~~~
sciencerobot
Someone wrote a script to do just that: [https://github.com/gh2o/digitalocean-
debian-to-arch](https://github.com/gh2o/digitalocean-debian-to-arch)

~~~
nly
Tried it, works really well.

------
nine_k
I wonder how much does DO's offer differ from other vendors that allow you to
basically boot from your own virtual CD, like AWS or Ramnode.

I'd love if someone explained it.

------
ltofbss
I have so much experience with Linux I feel like FreeBSD I would have so much
to re-learn. What makes it worthwhile and how transferable is my knowledge?

------
schmichael
Really wish they'd support IPv6 in all of their datacenters. Comcast and
T-Mobile universally support it, why don't datacenters?

------
ohnoesmyscv
You guys are awesome! Been waiting.

------
eklavya
Time for a benchmark.

------
jbverschoor
Migrating away from DO. because if the host dies, your vm dies.

Same as ec2 yes, but aws provides ebs.

~~~
Scottymeuk
Why not just build your infrastructure correctly? Then it doesn't matter if
the host dies.

------
cnst
It's kind of ironic that they list FreeBSD's excellent documentation as one of
the reasons for consideration, especially considering that their own
documentation is so bad!

I mean, what kind of company links directly to blog entries, with incomplete
and outdated information, all across their web-site?

Ain't nobody got time to read the blog comments and figure out what's the
current status of stuff is.

~~~
cnst
And the above post is downvoted to -2 for which precise reasons?!

Does anyone really disagree that documentation at DO is total crap?!

If it wasn't total crap, why would their employees link (on social media) to
the upstream www.freebsd.org instead of any kind of FAQ on their own website?
[https://news.ycombinator.com/item?id=8890383](https://news.ycombinator.com/item?id=8890383)
Oh, right, because DigitalOcean's documentation (about their own features (and
disabling of features from FreeBSD)) is absent and non-existent!

------
hiphopyo
Should have gone with OpenBSD instead to be honest. Half the requests on your
UserVoice are for OpenBSD. All the coolest stuff in FreeBSD comes from
OpenBSD.

OpenBSD -- the world's simplest and most secure Unix-like OS. Creator of the
world's most used SSH implementation OpenSSH, the world's most elegant
firewall PF, the world's most elegant mail server OpenSMTPD, the OpenSSL
rewrite LibreSSL, and the NTP rewrite OpenNTPD. OpenBSD -- the cleanest
kernel, the cleanest userland, the cleanest configuration syntax and some of
the world's best documentation.

FreeBSD, on the other hand, is becoming more of a testbed for experimental,
some would even say unnecessary technologies:
[https://news.ycombinator.com/item?id=8546756](https://news.ycombinator.com/item?id=8546756).
It's also having a hard time catching up to OpenBSD:
[http://itwire.com/business-it-news/open-
source/62641-crypto-...](http://itwire.com/business-it-news/open-
source/62641-crypto-freebsd-playing-catch-up-says-de-raadt).

~~~
elektronjunge
For security probably. But security isn't the only reason that I choose an OS.
OpenBSD's security comes at a cost. They are usually late to the party on non-
security features. Many of the security features make OpenBSD much slower.
Even for security software OpenBSD isn't as big a win as the devs make it out
to be. Take for instance PF, OpenBSD developers will be quick to point out
that the OpenBSD version is more up to date. But that doesn't tell the whole
story, FreeBSD is using a fork which allows for multi-threaded execution which
is a must most non-trivial deployment scenarios. Further more OpenBSD often
takes to hard of a line on security enhancements with the belief that the
kernel should be the line in the sand. Usually, one prefers multiple layers of
security but OpenBSD says the kernel is often good enough. See OpenBSD's
refusal to add a MAC framework for an example of this. Jails also don't exist
for similar reasons, though they are useful for reasons other than security.

The source you have for the 'testbed' for new technologies makes the claim but
barely has warrant for it. On the other hand, OpenBSD is much more liberal
about breaking compatibility especially when it involves security. While I'm
not going to excuse OpenSSL, NTP, or Sendmail they are all general robust
software that has been in use for decades. Aside from LibreSSL the OpenBSD
rewrites have been incompatible.

FreeBSD also offers a number of incredibly compelling features outside of what
OpenBSD can, or will offer in the short to medium term. I'll just list them:
virtualization with Bhyve, boot from zfs, a linux compatibility layer, a much
more modern package manager, official java support, the ability to install
binary blobs.

None of this is to say that OpenBSD isn't a great choice, but recognize there
are reasons to choose both platforms and that one doesn't need to spread FUD
to advocate for their favorite platform.

~~~
hhw
> See OpenBSD's refusal to add a MAC framework for an example of this. Jails
> also don't exist for similar reasons, though they are useful for reasons
> other than security.

I think you've incorrectly interpreted OpenBSD's intentions. OpenBSD doesn't
support a MAC framework because they believe the best approach to security is
correctness, rather than trying to achieve security by adding features which
results in more complexity, making it more difficult to ensure correctness. A
common mistake people make is thinking that OpenBSD's primary goal is
security; their primary goal is correctness. This just happens to result in
better security more often than not.

