Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Oct 2002 07:04:11 -0600 (CST)
From:      hawkeyd@visi.com (D J Hawkey Jr)
To:        DavidJohnson@Siemens.com, freebsd-advocacy@freebsd.org
Subject:   Re: FreeBSD vs Linux For Managers...
Message-ID:  <200210291304.g9TD4Bf02105@sheol.localdomain>
In-Reply-To: <200210281311.34328.djohnson_acuson.com@ns.sol.net>
References:  <200210281311.34328.djohnson_acuson.com@ns.sol.net>

next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-=__GB7Su6m+ILzb1Xj4KFNMyvbBR__=-=-=

In article <200210281311.34328.djohnson_acuson.com@ns.sol.net>,
	DavidJohnson@Siemens.com writes:
> 
>         [SNIP]
> 
> We are all set to go to roll out FreeBSD to the other lab workstations. But 
> some Linux advocate in the company is starting to raise a stink (even though 
> he is unwilling to help in the conversion and subsequent maintenance). Now 
> the manager in charge of the machines wants a report on why FreeBSD was 
> chosen instead of Linux. Sigh.

I went through this exercise at my last job, except that "we" in my case
was just me, and the workstation was a firewall. I was the only one of
six that had any objective experience with both FreeBSD and Linux, though
the other five certainly had their opinions, anyway.

None were willing to assist in the conversion of the Linux firewall to
FreeBSD, not out of hostility, but for lack of experience with FreeBSD.

I was to have sole responsibility for the firewall.

> So what good reasons translated into Manager-ese can I present?

See the attachment for a pros-n-cons list I threw together, and presented
to and discussed with my boss over a couple of beers at the local tap.
It's rather dated now (FreeBSD 4.3, IIRC, versus RedHat Linux 6.2), but
I think it still has many valid points. Host names and addresses have been
changed to protect the innocent.

It was a major factor in implementing the firewall under FreeBSD.

> Thanks,
> David Johnson

HTH,
Dave

-- 

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"

--=-=-=__GB7Su6m+ILzb1Xj4KFNMyvbBR__=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="Linux-vs-FreeBSD.txt"


===========================================================
UNSCIENTIFIC COMPARISON OF REDHAT LINUX 6.2 AND FREEBSD 4.3
===========================================================

		Linux				FreeBSD
		-------------------------	-------------------------
Cost:		$0				$0
Vendors/Dists:	many OSes, 1 kernel		1			  (1)
License:	GPL				"Free Beer"		  (2)
Hardware:	most any i386 thang		not the newest as quickly
Support:	vendors, users			vendor, users		  (3)	
Audits:		vendors, GNU, Linus		vendor			  (4)
Availability:	high				high

Applications:	bleeding-edge, established	cutting-edge, established (5)
Support:	vendors, users			vendors, users		  (6)
Availability:	high				high

Stability:	lauded, but questionable	high and well-known	  (7)
Security:	largely unknown			high and well-known	  (8)
Scalability:    SMP				SMP, Dummynet             (9)
Performance:	high				high

(1) Linux has many distributions supporting a common kernel. Even among any
    one distribution, vendors often add or change things. FreeBSD has one
    distribution, and daily snapshots of the stable and current distribution
    tress are available.
(2) The GPL is seen by many companies as anti-business, as it requires that
    any work derived from GPL'd code must be returned to the copyright owner
    (the public). FreeBSD's license make no such requirement.
(3) Linux's support is muddied by the several distributions; what may work
    for one might not for another. Both enjoy a robust and active user
    community. On-line documentation for RH-Linux is inconsistant, at best.
    FreeBSD's man pages are exemplary.
(4) Linux relies chiefly on the credentials and skills of all that contribute
    to the GNU effort for the OSes. Linus controls the kernel, and keeps a
    staff of trusted lieutenants. All the BSDs have a core peer group that
    steers and commits code, with an established and known hierarchy of teams
    for support, auditing, etc. beneath it.
(5) For a long time, the BSDs were the platform of choice for development.
    Linux seems to be the OS of choice these days. Portability is high where
    the kernel is not involved. FreeBSD can run the majority of Linux, SCO,
    and SysV apps "natively".
(6) Pre-packaged software abounds for both. Linux's is somewhat disparate in
    that each distribution has it's own list of packages, package manager,
    etc.. FreeBSD's is uniform and consistant. On-line documentation for
    RH-Linux is inconsistant, at best. FreeBSD's man pages are exemplary.
(7) Linux's EXT2 filesystem, the default, is known as weak where disaster
    recovery is concerned, though quite fast. UFS is available? FreeBSD's FFS
    has years of proven robustness, though it's slower. Softupdates adds to
    it's stability, and puts performance on equal ground. Linux's process,
    memory and swap management is considered suspect under stress. FreeBSD's
    kernel is known for solidity, if not breakneck speed. FreeBSD's TCP/IP
    stack is considered second-to-none. One Linux vendor is known for putting
    release schedules before code readiness. FreeBSD has often postponed a
    release for code readiness.
(8) Going beyond the "usual UNIX" methodologies and tools, Linux is largely
    untested in terms of cracker successes. FreeBSD has years of refinement
    and fixes behind it, and benefits from it's siblings' progresses. Both
    are good about notifying the user base to known exploits and their fixes.
    More and more Linux exploits are being announced. FreeBSD has "wheel".
    FreeBSD has "jail".
(9) Dummynet: Can be used for bandwidth shaping. Bandwidth limiting handled
    in kernel.




I myself have found typos in RedHat init scripts that could cause failure.
I have yet to resolve another init script failure. I have witnessed TCP/IP
interfaces stop reponding. I have seen a Perl script cause a kernel panic
by spawning 'sendmail'. My own RedHat box just "went away" one morning.

RH 6.2 is at end-of-life. Updates are becoming fewer. The 'rpm' utility
itself has undergone a not-backward-compatable upgrade. Archived RPMs on
non-RH servers are growing stale, and will dwindle.

RH-Linux, even with a "server" install, installs too much Gucci stuff, and
enables nearly everything. FreeBSD's installation of any level installs
just what is necessary, and disables nearly everything. Linux has no hard-
and-fast disk order, BSD's is well-defined and adhered to. RH-Linux installs
no security mailings (or, at least, doesn't enable them), FreeBSD does.




[sheol] /usr/home/hawkeyd$ sudo nmap -sS -O RH-6.2_server
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on  (nnn.nnn.nnn.nnn):
(The 1513 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh               
24/tcp     open        priv-mail         -> accounted for
25/tcp     open        smtp
26/tcp     open        unknown           -> accounted for
27/tcp     open        nsw-fe            -> accounted for
28/tcp     open        unknown           -> accounted for
515/tcp    open        printer
1407/tcp   open        dbsa-lm           -> accounted for
8080/tcp   open        http-proxy
TCP Sequence Prediction: Class=random positive increments
                         Difficulty=5752230 (Good luck!)
Remote OS guesses: Linux 2.1.122 - 2.2.14, Linux kernel 2.2.13
Nmap run completed -- 1 IP address (1 host up) scanned in 32 seconds

[root@host24 /root]# nmap -sS -sU -O FreeBSD-4.n_server
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on  (nnn.nnn.nnn.nnn);
(The 3080 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh                     
80/tcp     open        http                     
113/tcp    closed      auth                    
TCP Sequence Prediction: Class=random positive increments
                         Difficulty=48251 (Worthy challenge)
No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=RI%gcd=1%SI=B903)
TSeq(Class=RI%gcd=1%SI=10E49)
TSeq(Class=RI%gcd=1%SI=BC7B)
T1(Resp=Y%DF=Y%W=805C%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=805C%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=N)
Nmap run completed -- 1 IP address (1 host up) scanned in 452 seconds

---------
NOTE: FreeBSD-4.n_server logged the probes in /var/log/security, and showed
      proof of bandwidth limiting. RH-6.2_server logged nothing.
      UDP probes were prohibited by FreeBSD-4.n_server because of it's own
      firewall rules.
      Many other "high" open ports on marner2.
---------

[root@host24 /root]# nmap -sS -sU -O another_FreeBSD-4.n_server

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 36 seconds

[root@host24 /root]# nmap -sS -sU -O -P0 another_FreeBSD-4.n_server

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on  (nnn.nnn.nnn.nnn):
(The 3080 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
80/tcp     open        http                    

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=37723 (Worthy challenge)
Remote operating system guess: CABLETRON Systems, Incorporated, Module Firmware Revision: 01.01.01

Nmap run completed -- 1 IP address (1 host up) scanned in 31 seconds

---------
NOTE: another_FreeBSD-4.n_server logged the probes in /var/log/security.
---------

--=-=-=__GB7Su6m+ILzb1Xj4KFNMyvbBR__=-=-=--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210291304.g9TD4Bf02105>