Hacker News new | past | comments | ask | show | jobs | submit login
BSD vs. Linux (over-yonder.net)
66 points by jxub on Nov 30, 2018 | hide | past | favorite | 62 comments

From archive.org, it looks like this was written in late 2003/early 2004.

I've used Gentoo for a long time, and Gentoo (as the article notes) is quite similar to BSD in some ways. It too has a base system. There too the user compiles packages themselves from scratch (though precompiled binaries are available for a handful of packages) in a system like ports (called "portage" on Gentoo). It too has no systemd (unless you want it).

I like Gentoo and still use it, but my biggest problem with it is that compiling packages takes a hell of a long time (especially some monstrosities like QT or webkit, which can take me days or even a week to compile on my old, slow laptop). You really have to have relatively modern system to compile all your packages from scratch, if you don't want to have to do it non-stop, virtually 24 hours a day. It's really annoying. I have better things to dedicate my processor cycles to and my own time to than constantly compiling packages.

So maybe I'll switch. I'm not sure to what, though. I've thought of BSD, but it has the same problem. I don't really like the idea of binary distros either, because of their relative inflexibility (no choice to include/omit package features that you want/don't want), and honestly, I don't really trust binary blobs as much as compiling from source... though maybe in the end it doesn't really matter.

OpenBSD includes a large number of precompiled packages. In fact you are encouraged to use these rather than compiling from ports unless you have a specific need that isn't met by the standard package.

It's my understanding that most of the other BSDs are similar in this regard, though I don't have first-hand experience.

if you want to stay with Linux, I have heard that Arch is one of the more BSD-like distributions.

Arch used to be more BSD-like but since it’s adopted systemd it’s felt very much more mainstream Linux than it used to when it had a BSD-inspired rc.conf. That said, it’s still my preferred desktop OS.

FreeBSD definitely supports binary packages as well. It’s a great system to use too. In fact if there wasn’t a few Linux-specific tools I needed and FreeBSDs hardware support was on a par with Linux, then I would use FreeBSD as my primary system - without a doubt. But as it is I still run FreeBSD for all of my personal servers.

Have you tried the FreeBSD Linux emulator? It can be annoying grabbing the required libraries off a Centos box but once you do it's been pretty reliable for me.

Not recently. About 10 or 15 years ago I used to use the Linux binary compatibility layer but when I last looked - 5ish years ago? - it seemed support for that had languished.

To be honest the tool I’d most want would be Docker and I couldn’t see that working even with binary compatibility.

On the FreeBSD servers I run, I just fire up a VM for the rare occasions I do require Linux (and it is extremely rare that happens), but Arch is a better compromise for me on my laptop.

While Linux may support 10,000 devices, FreeBSD support 9734 of them. And you only need one. FreeBSD probably supports every piece of hardware you use.

Source: me. A FreeBSD workstation user for 16 years who has built his own machine with off the shelf parts since the beginning with a current machine running the latest and greatest.

OpenBSD precompiled packages have a limitation. http://www.openbsd.org/faq/faq15.html

Binary packages for -release and -stable are not updated.

I also ran into some strangeness with FreeBSD packages. I was on a STABLE release that was not the latest version. It was no longer possible for me to update and install binary packages.

If you're okay trusting another party, M:Tier builds updated versions of stable OpenBSD packages. See https://stable.mtier.org

This is generally the accepted solution if you don't want to follow Current.

I've had OpenBSD on my laptop for a couple of years now, but I recently installed Void and have been very happy with it. It maintains a lot of the simplicity you get from a BSD. Although it doesn't have a lot of the advantages of OpenBSD security-wise, the performance is better and software compatibility is higher.

Void also has forgone systemd which I find to be a mandatory requirement for a linux system. It's why I left Arch for OpenBSD in the first place. I love the simplicity of runit (the init system Void uses) and their package manager is top notch.

I've done the same thing; had OpenBSD installed on my desktop and loved it, but one piece of software I use wasn't supported very well on it, so I had to go to Void and avoid systemd, but pleasantly happy with the experience. I virtualize OpenBSD so I can have the same environment as my servers.

How about you rent a VPS, build your packages there, and set up the VPS as your own binary package repository? A $5/month ($0.0075/hr) Linode VPS comes with an SSD, and they're absurdly fast with the network. If it helps (I'm not sure where the bottleneck is most of the time), you can rent a more powerful VPS for a few hours for the build and then copy the built packages to a cheap $5/month VPS for hosting. Just don't forget to destroy the more powerful VPS once you're done. Turned off VPSes are still reserved for you so they would continue charging you for it until the hour you destroy it.

I haven't used Gentoo, but you say it can use binary packages. If it's too complicated, another option could be Archlinux. Building packages is really easy. It's just `asp export $package; cd $package; makepkg` and you'll get a $package-$version.pkg.tar.xz in the directory. If you want to modify something, just edit the PKGBUILD that asp downloaded. It's just a simple bash script with standard conventions. Once you're done modifying PKGBUILD, `makepkg` will make the package.

To make a repository, it's just a matter of putting all the .pkg.tar.xz in a directory and running `repose -J $repo .pkg.tar.xz; gpg -b $repo.db`, then hosting that directory with an http server.

Configuring the package manager to use your repo is just a matter of doing something like:

  cat >> /etc/pacman.conf << EOF
  Server = $url
EDIT: Anyone know how we can escape asterisks? The .pkg.tar.xz above is supposed to be a glob.

A single CPU core and 1 GB of RAM isn't enough for a build host.

I think DigitalOcean would support this better than Linode. You could keep the build host filesystem on a block storage volume instead of having to recreate it every time, and you could store the built packages in DigitalOcean's equivalent of S3 instead of needing a VPS just to host them.

I guess it depends on the individual packages. While many things can comfortably be quickly built on such hardware, I'm sure it wouldn't be enough for something like Firefox or Chromium. That can be handled by temporarily using a more powerful server.

I don't know about it being better, but you've got me curious. Linode also has block storage volumes. On using something like an S3, I wonder if that's really the best option. I don't know if it's cheaper, but it seems to be less flexible. For example, I like to have my private package repo provided on a VPN, not open to the public. I don't suppose using something akin to S3 would allow for a similar setup.

Still need to compile once, but I use https://wiki.gentoo.org/wiki/Binary_package_guide#Implementi... and it saves plenty of time. Also, when I deploy a new box, I copy over the portage tree, so most of the packages are pre-built and ready to install into the chroot.

I don't trust VPS's.

Security sure is inconvenient. :)

But really, what's your threat model? For a VPS employee/company to mess with your packages, they'd have to be personally targeting you. If you're only worried about systematic, automated handling of all company VPS to insert malware in the ones that have package repositories, then you can probably set it up in an unusual way to evade such a program.

What about someone who's located on another VM on the same hardware that hosts mine breaking out of their VM and in to mine and compromising my packages?

You have to chose to trust something. If you keep falling in this rabbit hole of not wanting to trust anything, your only option will be to stay on an airgapped computer, or even ditching that for a paper notebook in case the hardware manufacturers did something. That's unless, of course, you have the time and resources to manufacture your own computer down to implementing every piece of circuitry in each microprocessor.

I think chances are pretty slim that a VPS company's vps isolation is so crappy that you have the chances of getting your vps hardware shared with someone that knows of such a gapping security hole that could be such a huge liability to the VPS company.

EDIT: Also, why would someone go out of their way to compromise a neighboring VPS, check if they, by chance, have a package repository, and insert malware in that? Who are you, that someone would think that's a good use of their time?

You know, society can't function without trust. Every person that's close to you could suddenly turn around and try to kill you, but you have to trust that they function by reason, and know that they have no reason for doing so. Locks around the world are pretty useless to keep strangers from lock-picking them and very many of them are keyed-alike. Their real reason is to simply make it a greater hassle to get to whatever they're protecting and therefore make it a less appealing target. Like so and with other methods, people implement their security by making themselves a less appealing target. Some people setup the outside of their home as a dump while building a mansion inside. These people trust robbers to act on reason.

No one has perfect security. Security is a matter of choosing what to defend against (your threat model), choosing what you can trust, and anchoring your defenses on the things you trust.

EDIT 2: I removed the paragraph on VPSes being virtual in name only. Linode apparently uses KVM.

VPS providers are basically for personal use only not for enterprises. There have been multiple vulnerabilities that you could exploit another box from your environment.

FreeBSD does not have the same problem. You have your choice of packages or ports. Ports you compile if you want to change the default settings. Otherwise you use packages which are just pre-compiled ports with default settings.

Ditto NetBSD

You definitely should try Arch.

It has a similar "from scratch" policy, but all the official packages are pre-compiled. There's also the Arch User Repository, where you can find proprietary and unofficial packages, many of which will compile from source.

It also has by far the best documentation of any distro.

I like the idea of using Arch but it concerns me that it's probably not used a lot in critical places. So way less real eyes in the packages. By real eyes I mean people who will get fired it they introduced malware by not reviewing what's getting installed. It's my own bias but projects like Fedora, Ubuntu, Debian makes me feel a lot less vulnerable. I understand the AUR/PKGBUILD, it's not about that. I'm talking about the official packages and the core.

And when I installed Manjaro it felt like a 13 years old edgy kid riced the defaults. As much as I liked installing Arch from scratch I'm not always in the mood to do it. And if you automate the process you're essentially doing the same (but you don't lose street cred right).

> It also has by far the best documentation of any distro.

It really is the best wiki format and has a lot of valueable content. I wish more projects mimicked the approach. When I'm using Debian's wiki it feels like I have to think too much.

Hahahahaha yes that's exactly what Manjaro is.

And, sure, it's not Debian or CentOS, so you don't have as much attention focused on the packages. Their record of keeping malware out is pretty solid, though, as far as we know.

I think a lot of security has to do with simplicity: if you don't understand how your software is configured, you're likely to open up a security hole on your system.

Arch's "don't start doing stuff until the user tells you" posture does a good job of making sure the user is aware of what's running on her system. Contrast this to Debian, which will often start running random services as soon as you install a package (e.g. Apache).

I'd tried Arch long ago, and was really disappointed to see the install instructions tell me to check the distro's blog for security updates.

Seemed really amateurish. Hopefully that's changed.

Also, it was really immature compared to Gentoo back then. Now it's had some time to mature, so I might give it another go sometime. But I'd really have to feel I'm getting a huge win over Gentoo to bother.

You can try Void Linux

Take a look at NixOS. Everything is precompiled, but only until you start changing packages (configure flags and what not).

You don’t trust binary blobs? But do you read through all the source you compile? If not, there is little difference.

This is akin to arguing living in a room with an unlocked door is no different than living in a locked jail cell if you happen to never try to leave.

If the jail cell is as comfortable as the unlocked room, there is absolutely no difference—until you try to leave. Any sane distribution should come with built binary blobs—and an option to rebuild them at will. But forcing you to build everything from scratch is pedantically impractical. But what do I know, I only do this on regular basis at work!

Binary blobs are not the same as binary packages having source readily available. I see that pmoriarty appears to be misusing the term, I was responding to your comment without having closely read his.

Last updated in 2003. Seems eerily prescient, most of what it said back then would apply even more so today. All that would be needed is an amendment to 3) so that it also applies for init systems, to bring that list fully up to date.

I have the site archived and a domain quite similar. Maybe one weekend and some beer will breathe life back into it ;)

Could iOS vs. Android be understood as a faint echo of BSD vs. Linux?

iOS has some copy-pasted BSD code, but is probably the mainstream operating system that feels the least like {Free,Open,Net,Dragonfly}BSD. These feel even more "open-source" than Linux. Every one I have used installs the source code to the entire OS in /usr/src and make it very easy to change and recompile the system. On the BSDs I mentioned, if you don't understand how something works or you want to fix some bug, it's usually pretty easy to go find the source code, read it and learn how it works, and fix it. On most Linux-based OSs you would have to go figure out which random organization makes the component that has a bug (Linux project for the kernel, GNU for a lot of utilities, zillions of others for everything else), figure out how to download and build the source and install it into your distro (which is probably totally unsupported since your distro will expect to be using RPMs or DEBs rather than random stuff installed from tarballs...)

This is the most salient feature of the modern pc BSDs to me. It's impossible to describe how different it feels to be truly in control of your system and understand/change it however you want.

I wouldn't say so, although the IOS(XNU) Kernel has plenty of FreeBSD, OpenBSD and NetBSD code, it also has lots of Mach code and Apple code as well, to the point that XNU is it's own distinct kernel.


I don't think there's any OpenBSD code in kernel space on IOS, just userspace.

I'd say that Linux's popularity tend to translate to technical superiority, which then contributes to continued popularity.

Take something like Docker. Because Linux is popular, it was initially developed for Linux. And because Docker runs (best) on Linux, you get more deployments of Linux, and hence whoever makes the next big thing is more likely to develop it for Linux.

The end result is you have an OS that scales from smartphones to supercomputers, and so one needs quite a good reason to replace it.

> I'd say that Linux's popularity tend to translate to technical superiority

Linux isn't exactly technically superior to other OS kernels, and it's definitely lacking in innovation.

You cite Docker as an example, but that's a shining example of Linux taking major innovations from other OSes and copying it badly. BSDs had jails and Solaris had zones long before Linux got containers, and whereas those were considered security features on other OSes, Docker containers are not seen as improving the security of systems.

Other features like this exist too. Linux has refused to allow better IPC mechanisms such as what Android to be upstreamed, and the Linux replacement for select/poll is generally considered to be the worst of the bunch.

Another consideration is that both smartphones and supercomputers tend to use lots of modifications to Linux not present in desktop kernels. Android, as mentioned above, uses a different IPC mechanism, while supercomputer applications rely a lot on libraries that bypass kernels because scaling to highly parallel 100,000-core systems requires breaking POSIX a fair amount (particularly the filesystem semantics).

Linux is superior in hardware support and the amount of software Linux can run, which it not trivial, but beyond that FreeBSD and Linux are about equal in performance and capabilities when it comes to being a server. Also I would say that containers(jails) on FreeBSD is better than containers on Linux in terms of security. FreeBSD also has a more robust COW filesystem(ZFS) than Linux. The Linux crowd will get btrfs or an equivalent filesystem battle tested in the future because they are smart, but ZFS is currently the more battle tested filesystem.

Also when Netflix's open connect team finally open sources TLS sendfile than mainline FreeBSD will have much better file serving performance than Linux does. The FreeBSD downstream fork running on open connect appliances was doing 100Gbps of TLS encrypted traffic last year and I believe are doing much higher now[1].

Finally for me when I first got into Unix and Unix like operating systems I found the huge amount of Linux distros to be hard when it came to documentation. Generic Unix commands were pretty much the same across distros, but each one had a different package manager and different filesystem layouts, and different ways of upgrading, etc. With FreeBSD you just look up FreeBSD directions and don't have to worry about differences between distros.

[1]: https://medium.com/netflix-techblog/serving-100-gbps-from-an...

The end result is you have an OS that scales from smartphones to supercomputers

The end result is you have A KERNEL that runs on everything from smartphones to supercomputers

The linux community and the direction the operating systems using that kernel are taking is "interesting"

The same argument could have been made for Windows not long ago

I had to stop reading when he claimed that the BSD heritage of macOS is only of academic interest. The guy has clearly never tried to use macOS.

The article is meh, but the nostalgia was off the charts. I miss people having their own personal web sites. I made my first in 1995. Good times.

Linux has more drivers for the latest hardware.

In my experience that only comes into play with Laptops. FreeBSD supports pretty much any server or desktop hardware an organization or person has. Also FreeBSD has never made Laptop support a goal of the operating system, FreeBSD is primarily a server operating system for which it does a great job.

My experience has been that FreeBSD in particular has issues with graphics drivers. My 2015 desktop with a (at the time) mid-range Radeon card is only barely stable (took some fiddling with ports) in the latest 12 release. I hear Nvidia is better, but I refuse to use proprietary drivers.

I didn't really find that FreeBSD offered any advantage on the desktop over Linux, and features like browser sandboxing seem to (understandably) be lagging behind.

Lots of people are running away from Linux because of systemd, but that's a non-issue for me. It works just fine.

Curiously enough OpenBSD works perfectly OOtB, but in the end I returned to Fedora anyway because there's no support for Wine or Steam. I'd prefer it over FreeBSD though since I like the design of the base system better.

Counterpoint: FreeBSD doesn’t support CUDA which would be a deal-breaker for a lot of people.

This seems to be NVidia’s fault rather than the FreeBSD project’s, though.

Linux has passable support for a lot of hardware, but it frequently doesn't have complete support for even surprisingly popular hardware.

Recent problem of mine: in Linux, using a Bluetooth-connected Apple Magic Trackpad 2, I can't right click, let alone scroll or use any multitouch gestures.


It appears that the author has upstreamed his work and the module will be available with one of the next Linux Kernel Releases.

Well, unless it's a generic device, one or more people have to extend an existing driver or write a new driver entirely for it. This doesn't happen magically, even for popular devices. So you should be asking Apple why they don't offer a Linux driver for their hardware.

Linux also has more drivers for older hardware. Or just hardware.

I installed FreeBSD on a ThinkPad T400 back in 2016... I was royally unimpressed with all the shit I had to go through to get drivers working on what is probably the most supported laptop of all time for the open-source community.

I would shudder to think about setting up an encrypted BSD dual-boot with Mac OS on my MBP, like I do with Arch.

And I mean this not to degrade BSD; I did love the design. Just, like, I don't want to spend all my time installing drivers from source and writing custom scripts to control my backlight and CPU fan.

Conversely, I had recently installed FreeBSD on Thinkpad X1 gen6, and had zero issues with any hardware (although I did have to disable Secure Boot first, but it's hard to count that against BSD).

Oh, wow, that's good to hear. Maybe they've improved a lot in the past two years.

Ironically, a claim direct from the "myths" page, which I guess you didn't click on.


BSD support of hardware is terrible. It's not worth the hassle.

The actual content is supremely uninteresting, even ignoring its obsolescence. (And SCO never owned any Unix source code.)

But what a tour-de-force of passive aggression! I kneel.


Unix -> unices, much like index -> indices.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact