Hacker News new | past | comments | ask | show | jobs | submit login
Comprehensive and biased comparison of OpenBSD and FreeBSD [pdf] (bsdfrog.org)
170 points by oherrala on Mar 20, 2017 | hide | past | favorite | 74 comments

One of the nice things about this is the last section (if you can bear to read that long). Both people comment on the strengths of the opponent's BSD: OpenBSD is complemented on "tackling very important project [sic] which would probably have never happened otherwise" (e.g., OpenSSH), particularly also the fact that OpenBSD cares to see their projects ported to !BSD (e.g., Linux). Meanwhile, FreeBSD is complemented on "its [sic] a real “enterprise” oper- ating system and I think it is slowly filling the spot left by Solaris."

At the end of the day, both OpenBSD and FreeBSD are niche systems. They don't have the popularity of Linux, and they probably never will. But that's not a problem. Both of them are major operating systems that do innovate, and hence they're worth paying attention to. That's where the compliment of FreeBSD as becoming Solaris's successor is really telling--Solaris was the operating system that brought us DTrace and ZFS, and it was FreeBSD who I believe had the first container system (jail).

I can see FreeBSD picking up a good part of the ex-Solaris marketshare in terms of users, but have they really taken over the role in terms of development? As far as I can tell, ZFS in particular has its canonical upstream development in the Illumos repository (Illumos is the successor to OpenSolaris), which FreeBSD pulls from, rather than development having really moved to FreeBSD as the new canonical home. FreeBSD developers are certainly involved in contributing code upstream, but then, so are a number of other developers, including from the major Illumos vendors (OmniTI and Joyent), and even some from ZFSonLinux.

SmartOS also has working Linux compatible Zones. Last time I looked, FBSD was a way short of this...

Even without the Linux-compatible aspect, Illumos Zones are considerably ahead of FreeBSD jails these days imo. Better tooling, resource limiting infrastructure, etc., especially if you want to run multi-tenant with untrusted tenants. Jails did pioneer the concept, though.

Focussing on solely ZFS is rather missing jcranmer's point, though, which wasn't about ZFS but was about the level of innovation generally surrounding FreeBSD. As such, where ZFS development lives is not as relevant as where the next such project will arise, and whether it is possible that it will be on FreeBSD.

> and it was FreeBSD who I believe had the first container system (jail).

This is an interesting tidbit that I had not considered before!

It would appear you are correct, but I would mention that the appearance of "jail" in FreeBSD 4.0 is very close to the appearance of OpenVZ (at least from the cursory look up I did).

While 4.0-REL was released in March 2000, and the OpenVZ history section starts with the concept phase in November 1999, the commit that upstreamed jails into FreeBSD was made in April 1999 with comment `Run for almost a year by: ...`


Bryan Cantrill has a nice talk which starts with a bit of history on containers (chroot, FreeBSD jails, Solaris zones, etc.). https://youtu.be/hgN8pCMLI2U

Since you are [sic]-ing - it's 'complimented', in this case.


I have a some interest in investing the time and effort into making FreeBSD a solid developer workstation environment. I don't want Solaris, I want SunOS.

My impression was that to get the OpenBSD stuff, OpenSSH etc, working on Linux they required quite a bit of out of tree patching.

OpenBSD developers maintain the portable versions of OpenBSD software. It's simply easier/cleaner for them to maintain the portable bits (compat code, build system) outside of the projects source tree. "Write code according to OpenBSD standards, fix outliers later."

FYI - Abstract

This paper will look at some of the differences between the FreeBSD and OpenBSD operating systems.

It is not intended to be solely technical but will also show the different "visions" and design decisions that rule the way things are implemented. It is expected to be a subjective view from two BSD developers and does not pretend to represent these projects in any way.

We don't want it to be a troll talk but rather a casual and friendly exchange while nicely making fun of each other like we would do over a drink. Of course, we shall try and hit where it hurts when that makes sense. Obviously, we both have our personal subjective preferences and we will explain why. Showing some of the weaknesses may encourage people to contribute in some areas.

Most of the topics discussed here could warrant their own paper and talk and as such some may not get the deep analysis they deserve.

This is a totally biased talk from two different perspectives.

While you're here, have you donated[0][1] yet? :) You may or may not be aware, but FreeBSD runs your movies on Netflix, your games on PlayStation 4 and Nitendo Switch, your files on FreeNAS and ZFS, your friends on WhatsApp and OpenBSD runs everything else on OpenSSH. ;)

So, you may or may not know that, but you need FreeBSD and OpenBSD and they also need you! Every cent counts and so does every contributor, that helps the foundations keep their non-profit status.

[0] https://www.freebsdfoundation.org/donate/

[1] https://www.openbsd.org/donations.html

FreeBSD appreciates, but doesn't need donations like the OpenBSD foundation does. many FreeBSD committers are FTE for a number of commercial outfits and work on FreeBSD full time. OpenBSD has hackathons, that are funded by donations.

if you use both, consider donating to OpenBSD first.

if you use OpenSSH, consider donating more to OpenBSD :-)

I'm a committer that works for such a commercial outfit, and I certainly don't get to work on FreeBSD full time (though I do work _with_ FreeBSD full time). Most of my contributions still come out of my spare time. I believe that's true for many others as well.

Please also note that while FreeBSD may have the bigger individual sponsors, the FreeBSD Foundation still relies on many small contributions as the tax-free non-profit status of the Foundation relies more on the number of contributors than the amount (at least that's how I understood it).

> You may or may not be aware, but FreeBSD runs your movies on Netflix, your games on PlayStation 4 and Nitendo Switch

Do Netflix, Nintendo and Sony contribute financially to the FreeBSD project? They are the ones making money off the project after all.

Netflix contributes in a much more valuable currency, cold hard lines of code.

From the new ssl-enabled sendfile syscall, general scalability and performance work to the IO-scheduler they required because they shredded the SSD garbage-collection - it is all upstreamed. They actively try to run the smallest Diff they can.

Netflix did in 2016 in the Gold Level ($25,000 to $49,999) and 2015 in the Platinum Level ($50,000 - $99,999): https://www.freebsdfoundation.org/donors/

Netflix a ton, as others have pointed out. Sony, not that I can see. There was talk of code going upstream, but I never heard more about it. Nintendo hasn't, but people are overselling the "Switch runs FreeBSD" line. A copy of the kernel license was included on the switch, which could mean just one line of code taken technically. From what I've heard, the sys calls don't look like FreeBSD.

Sony has made significant contributions, but you won't find them mentioned in the commit logs; they used shell companies and pseudonyms in order to hide their trail because they were contributing to FreeBSD long before they announced that they were going to be using FreeBSD in the PS4.

I can't recall where I read it, but it said that the Switch likely uses the FreeBSD networking stack running in userland. To me, this makes some sense, since if I remember correctly the 4G/5G/some-future-wireless-thing alliance uses a userland version of the FreeBSD network stack in their reference implementation.

From what I've seen, it originated here,and it's only speculation. It does seem likely though.

Know where I can buy OpenBSD stickers (where some goes to them)? Thanks

This appears to be a written down version of the talk they gave at FOSDEM: https://fosdem.org/2017/schedule/event/my_bsd_sucks_less/

When it comes to the BSDs, here is my impressions of them:

  NetBSD wants to run everywhere.
  OpenBSD wants to be secure.
  DragonFly BSD wants to advanced.
  FreeBSD wants to be Linux.
  TrueOS wants to be Ubuntu.
(I don't list MacOS because I don't feel that it is a true BSD.)

Beware that this sort of grouping is as superficial and wrong as categorizing people into blondes, brunettes, and redheads.

In truth, they all aim to be portable, advanced, and secure, with desktop and server support. And there is plenty of sharing from each to the others. The differences amongst them are, in reality, not so easily pigeonholed.

Very interesting read!

As mentioned, the wireless and graphics areas are sorely lagging behind GNU/Linux os'. They only have support upto Haswell in the graphics department. Ouch. The priority of both BSDs is clearly not the regular desktop user where wireless and graphics support can be deal breakers. The FreeBSD based PC-BSD (now known as TrueOS) exists, but AFAIK it does not fix the wireless and graphics support situation.

Given that GPU based computing is becoming more prevalent with the advent of ML/DL, I wonder if there are efforts to improve support for graphics.

(It would have been interesting if a Linux guy also joined the conversation, along with a Windows guy and a MacOS guy.)

The statement that wireless sucks on both is pretty accurate. I recently got an old ThinkPad specifically to run OpenBSD. I have run OpenBSD on a desktop since 4.8 and a home server since 5.1, but never on a laptop. I got the ThinkPad because I have often heard it is the best supported on OpenBSD.

It worked fine on first install, including the Radeon graphics and old Intel WiFi (no -11n, just a/b/g). Used it for about a month. Traveled, tried to log onto a different WiFi, and it couldn't see the router. Got home, and now it couldn't see the home router that it used to work on, though it could see the neighbors' WiFi. Tried everything I could think of, with no luck.

I decided to try FreeBSD on it. WiFi worked, graphics worked, but then I broke my su login when I used chsh to change from the stock csh shell to mksh. Since I was already annoyed with some other FreeBSD things, I decided to completely give up and load OpenSUSE (ha!!) on it.

Linux makes me want to vomit, but I'll be damned if all the hardware doesn't work like a charm out of the box. It's made me seriously consider learning how to write drivers for the BSDs.

I think the primary reason for this (graphics/wireless support, or lack thereof) with regard to FreeBSD is that a large number of the developers -- possibly even a majority, if what I've seen at conferences is any indicator -- don't run FreeBSD as their desktop OS. Instead, they seem to overwhelmingly run macOS. A larger percentage of OpenBSD developers do seem to run OpenBSD on their laptops, however.

FWIW, I do recall hearing about some fairly extensive progress being made recently WRT both graphics and wireless support on both of the BSDs recently, so expect the situation to improve quite a bit in the near future if it hasn't already.

> They only have support upto Haswell in the graphics department. Ouch.

OpenBSD supports up to Broadwell graphics, but neither support Skylake or newer.. except in experimental branches, or patches.


I think the lack of support for some graphic cards is not because of developers but because of hardware vendors. AMD, for example, does not support FreeBSD and OpenBSD officially but supports Linux.

Support for Intel's Broadwell / Skylake range is actively being developed in the `drm-next` branch found at https://github.com/FreeBSDDesktop/freebsd-base-graphics/

Current effort is to reduce the difference between "upstream" FreeBSD (being 12.0-CURRENT) and the project branch, and make the code ready for merging into head.

TrueOS merges that `drm-next` work on an ongoing basis. Likewise, if you're on HardenedBSD, there are binary updates via hbsd-update, or if you'd rather compile things, clone the `hardened/current/drm-next` branch from https://github.com/hardenedbsd/hardenedbsd-playground.

FreeBSD is fixing the graphics issue, their DRM-next branch is in or nearly in sync with Linux. It's not on 11 to my knowledge, still needs some testing, but TrueOS ships with it.

What could be done in order to help the BSDs to become mainstream or more visible as server-side alternative to Linux? I've operated a small FBSD mail server until 2004 (FBSD 4, vinum RAID, sendmail, cyrus IMAP) and was extremely pleased with the performance, robustness and overall coherency of it (though I wouldn't use that stack today).

While Linux certainly works well, I'm instinctively against monocultures of any kind or form. With Linux-only containers (Docker and co.) there's now the danger that we're loosing the BSDs terminally as a replacement for Linux. But is the isolation (or lack thereof) and interfacing to the host system provided by Docker/runC/whatever really worth it (compared to portable POSIX-based primitives eg. chroot jails, or modern capabilities-based generalizations of it such as FBSD's capsicum)?

It's also odd that a GPL-licensed OS, of all things, is making it to the top in containerland. But then the nominal "default" host OS for Docker (Alpine Linux) uses musl (MIT-licenses libc) rather than glibc. I'm not complaining, and there doesn't seem to be anything wrong with it legally, but the commercial Docker image ecosystem, to me, has the smell of a GPL-circumvention device of sorts in that many images routinely install the Debian/GNU userland tools on first load.

FreeBSD jails are on a different level in terms of stability (and simplicity, that contributes to stability) compared to Docker. Personally -- having run Docker containers for over a year in testing -- I would take jails over containers in a heartbeat.

Yeah, I would take jails over Docker as well, but systemd is just so much better, (more so than jails over Docker in my opinion), than init, that I am hoping for a better tool to come about, the underlying LXC technology appears to be solid.

For me, systemd is another reason to move away from Linux actually (or at least not deepen the dependency on Linux-exclusive features).

It's not that I think systemd is bad per se, it's just way too monolithic and heavy for my taste (and binary logs and ini files are a no-go for me; if I wanted that, I'd be using Windows).

Btw. the BSDs don't use SysV init but the somewhat saner/simpler BSD init (with full-blown service managers as optional add-ons in ports).

systemd is not for everyone, but for me is way saner than any other init system, including BSDs init. Writing service files for systemd just makes sense in my mind.

There are other aspects for why I do not recommend BSD to anyone who asks, most importantly their licensing and their general stance towards software freedoms, to the point where they are smug and happy when somebody violates the GPL, because "at least they get more users", as well as their relatively little upstream contribution to ZFS despite riding that train as fBSDs signature feature for years, but that's a different discussion altogether.

I don't know about BSD being smug and the other things you say. This sounds to me like what could be perceived when reading clickbaity and polarizing articles of the "Linux vs BSD" variety. I'm seeing BSD as a welcome choice/alternative to Linux that I would hate to loose.

Yeah, I don't want BSDs to disappear as well, (not likely), but watching this, (among other things) definitely left a bad taste[1].

1 - https://www.youtube.com/watch?v=cofKxtIO3Is

how do they compare to LXC? I ran into a lot of annoying issues trying to set them up in ubuntu

I don't understand how this is a paper. It's just two dudes in a chatroom and the 'authors' felt it was necessary to format it with LaTEX?

Also, the title has a spelling error in it.

The authors of the paper are French, it's in the form of a loose transcript of a recent talk given at this years AsiaBSDCon.


  "P10A: Comprehensive and biaised comparison of OpenBSD and FreeBSD"
In was probably presented and formatted this way because of tradition, also..


"Slides are useless. We want talk transcripts."

Here's a transcript.

"Take it away, take it away!"

"Or at least clean up their funny pronunciation and grammar first!"

AsiaBSDCon has a lot of attendees whose English is less than completely fluent. Having material in written form allows them to read at their own pace rather than struggling to keep up with a conference speaker.

... and the French are known for their affinity toward chat transcripts?

You'll want to stay strictly away from Plato (the philosopher, not the website) if you can't take information in dialogue form seriously.

Warning: this takes you directly to a PDF which may automatically download (such as on Chrome for Android).

— update: the title appears to now reflect that this is a PDF. It did not earlier.

The title already has the pdf tag and I think that's automatic so it was there when you clicked the link also.

The server does not send the Content-Disposition [1] header, so if your browser auto-downloads the PDF then either you've made poor choices about your browser config or you have a browser that can't itself show PDFs, in which case you may have made a poor choice of browser.

[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...

> if your browser auto-downloads the PDF then … you have a browser that can't itself show PDFs ….

Surely a browser that shows PDFs itself downloads them in order to do so? (I don't know for sure what was bothering anw, but I'm often on a limited data connection, and, whether the PDF is displayed in my browser or dropped in the download folder, it hits my data allowance the same.)

If a 100K download is of great concern, it's probably best not to click any link on HN. There are pages that have style sheets bigger than that.

Of course it must be downloaded in order to display it. Obviously what I mean is that since they point out "auto-download" specifically I would think that they mean that it's saved to disk in your Downloads folder. Why this should be a problem somehow you'll have to ask them not me.

If they file size was the concern, they would have said so. There are a lot of web pages that weigh in at more bytes than this PDF these days with all of their images and scripts and god-knows-what.

I added the "[PDF]" in subject line when I posted the link.

The "[pdf]" in the HN story header indicates this.

This paper appears to be an IRC session formatted in LaTEX. It'd be easier to read as text.

You can easily make your own plain text version [0]:

  $ wget https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf
  $ pdftotext \
    my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf  \
Or, if you prefer HTML [1]:

  $ pdftohtml -i -nomerge -s \
    my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf  \
ETA: Surprisingly, the PDF is quite lightweight. File sizes, in bytes:

   PDF: 118,971
   TXT:  90,912
  HTML: 384,256
[0]: http://evilrouters.net/foo/my_bsd_sucks_less_than_yours-Asia...

[1]: http://evilrouters.net/foo/my_bsd_sucks_less_than_yours-Asia...

I have my issues with HN, but this type of comment is one of parts I relish. Thanks!

Indeed, learning new little tricks like this is one of the great things about HN! Many times, I get more "value" from the comments than I do the submissions.

To be more in the spirit of the paper, you could perhaps give your instructions in terms of FreeBSD's own fetch command or OpenBSD's own ftp command, rather than wget from ports. (-:

Has anyone run both Linux and BSD on a server? What was your experience?

It depends.

If you call linux: debian or ubuntu or centOS, even with unsafe defaults freeBSD is secured.

Compared to untuntu/debian/centOS freeBSD has got bleeding edge softwares coming from upstream. That is the power of SOURCE distribution. Theses packages being compiled it may suit you. I must admit FLAVORED packages (make.conf templates) make sense.

I remember being a linux sysadmins and building my openLDAP/python/php packages from source by hand that were 4 years old with envy wondering WHY?!

Since systemd and my migration to BSD I have no regrets.

PF, ipfw are way more powerful than any linux firewall tools.

I have upstream stable software in the stable distribution.

I don't have systemd.

I have jails... And I have no religion switching to openBSD for core servers that need security knowing I have very few knowledge costs in doing so.

And be it capsicum or privilege dropping I look at linux containers techno as a smoke screen for poor man's security through obfuscation.

My advice is be smart: don't trust me, but if you are in between experiment.

If I was on my rig right now I would definitely convert this PDF to text so everyone could access it.

Are there common platforms where PDFs are inaccessible?

Not everyone runs GUI DESKTOP. Smartypants

It was an honest question.

My interpretation of your comment was that there was some (not insignificant size) group of people who would be unable to view this document due to some inherent limitation of whatever platform they're using to access the Internet (e.g., some mobile phone OS that can't open PDFs or something similar).

If I'm understanding correctly, however, your complaint is either that 1) nobody has provided you with an application to render PDFs on an 80x25 dumb terminal screen or 2) this document wasn't created in the format that you prefer.

When you make a conscious decision to not utilize a "GUI DESKTOP" -- like >99.9% of the rest of the world -- you must be prepared to accept such inconveniences and/or find alternatives that meet your needs. The rest of the world has no burden or obligation to cater to your preferences.

(FWIW, in an earlier comment, I posted instructions for converting this PDF to both text and HTML as well as performing the conversion myself and making available those versions of this document. You're welcome.)

Perhaps this is a good opportunity to teach those people about pdftotext. If you keep converting everything for them, how will they ever learn to do things on their own?


>but the ports tree is a rolling release not tight to a FreeBSD release

should be

>but the ports tree is a rolling release not tied to a FreeBSD release

What is the point of mentioning this here as opposed to, say, e-mailing the authors?

With -- at most -- a handful of exceptions (assuming maybe ajacoutot or bapt show up), no one here on HN has the ability to fix this so I really don't see the point.

Also, I guess he gave up shortly after.

There's way more than the single typo ...

Yeah, I noticed that and that's part of the reason I asked. If one pointed out every typo in this document (as well as all other HN submissions), the signal-to-noise ratio of the comments section would be intolerable.

I am counting on the authors seeing this thread.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact