# Argue: FreeBSD over Ubuntu



## da1 (Aug 28, 2013)

Hi guys,

It seems that lately I'm having to defend FreeBSD over Ubuntu more and more. Here are a couple of arguments that were presented to me in favor of Ubuntu:

It gets the job done.
It just works.
If it works for me, it will work on our servers.
Now, each point in more detail:

"It gets the job done" - this was a phrase that was thrown at me while discussing our redundant FreeBSD 7.2 PF-based firewalls and the fact that we should upgrade to a supported version. I think the other person wanted to say something along the lines of "Ubuntu also has a firewall. Why not use that one?". In these cases, I find it hard to defend PF (or FreeBSD in general) because, granted, all OSes have a firewall and achieve the same goal. So, what would a good argument be in favor of FreeBSD?
"It just works" - I started hearing this while, with the assistance of 3ware, I was trying to fix a software (firmware) bug. I think what the other person wanted to say was "with Ubuntu, it just works" but I think the other person neglected to mention that the same scenario can occur with ANY OS.
"If it works for me, it will work on our servers" - I definitely do not want to use Ubuntu on any server but again, going back to point number 2, I think the person in question here is twisting and turning every single argument to his advantage and tries to push Ubuntu down our throat.
Did anyone else experience something similar?


----------



## h3z (Aug 28, 2013)

If someone is pleased to use Ubuntu, then let them. I assume, you have your reasons for using FreeBSD and not using Ubuntu. You can't really pit the two against each other. There are many reasons for this. You can find countless threads on this forum, where it has been explained at length. You can however, measure the rationale of the two individuals for their choice in platform. This is unless the two are very different case scenarios. But, it might just come down to personal preference. In which case, each person is within their own right.

I have used Ubuntu before. I would not use in again, because it is counter productive to my needs and preferences. Some things are auto-configured for the user's ease. But, at the cost of me trying to re-spin my own version of the distribution. FreeBSD, is tailored more for someone who wants greater control of their system.

Someone looking for instant gratification, will find Ubuntu simple. Someone looking for a more specific and less cluttered configuration environment, will find FreeBSD simple.


----------



## wblock@ (Aug 28, 2013)

What is the business case for switching?  All that time and money spent rewriting PF rules into, presumably, iptables (some entertaining stories on the web about that), and what does it gain?  Versus a FreeBSD version upgrade, which is cheap.  If you were going to switch, a better case could be made for OpenBSD and their newer version of PF than Ubuntu.  Although OpenBSD won't have the new "SMP-friendly" PF.

"Gets the job done"--well, what wouldn't?  Windows would "get the job done", too.  The point is to do it as effectively as possible.
"It just works"--does it?  If you don't have Ubuntu doing the job now, what evidence is there that it will "just work"?
"If it works for me, it will work on our servers"--Flawed reasoning, unless whoever says "works for me" is doing exactly the same job.  Which, as far as I've seen, is almost never the case.

The real question may be "can we switch to Ubuntu so we can hire cheap Linux guys instead of expensive FreeBSD guys?"


----------



## da1 (Aug 28, 2013)

wblock@ said:
			
		

> The real question may be "can we switch to Ubuntu so we can hire cheap Linux guys instead of expensive FreeBSD guys?"



This may very well be the case since there are many more Linux sysadmins and I do believe they come cheaper.


----------



## numpad5 (Aug 28, 2013)

The biggest trouble I have with most of the popular big Linux distributions like Ubuntu is that they develop too quickly with too large of an inexperienced team, and wind up running so fast and heavy they just fall apart eventually.

Most mainstream BSD groups seem to have lasted longer with more of a healthy stable walking pace.

The way I compare Linux to BSD overall right now is kind of like watching Olympic sprinters (Linux) vs dedicated army messengers who have to hold the fort (BSD).


----------



## da1 (Aug 28, 2013)

While I agree, from a management point of view, it's all about the numbers. I'm afraid that as @wblock@ pointed out, it may very well be cheaper to hire a Linux admin vs a BSD admin.


----------



## scottro (Aug 28, 2013)

Generally, in my highly biased opinion, FreeBSD developers think more like system administrators and Linux developers think like desktop users.  

Actually, Ubuntu server is not bad in that respect, unlike RedHat which has, for example, completely crippled its textmode install.  Good Linux admins are also expensive, as opposed to someone who runs Ubuntu on their laptop and knows the basics, but little else.  

Generally, a server runs applications, and if, for example, the important application was the Apache web server, it's probably more important that the employee know Apache than its platform.  Obviously, every place is different, but often, it's more difficult to configure the application than the platform.


----------



## shepper (Aug 29, 2013)

I have mentioned this before but I finally found the actual link

This is from the maintainer of a successful site who I believe gives a balanced view of the choices.


> From FreeBSD to Debian GNU/Linux
> 
> After last week's DDoS attack on DistroWatch.com and the subsequent server operating system switch from FreeBSD to Debian GNU/Linux, many readers have asked about the reasons for this move. Did I lose my trust in FreeBSD? Or were there other reasons that prompted the move? With such questions being asked both in the DistroWatch forums and in emails filling my inbox during the week, I thought it would be best to answer them here, rather than replying individually to each person who wanted an explanation.
> 
> ...


----------



## throAU (Aug 29, 2013)

da1 said:
			
		

> This may very well be the case since there are many more Linux sysadmins and I do believe they come cheaper.



And if the dollars add up then maybe the business case makes sense.

At the end of the day, unless you have a compelling business case to run one platform over the other, you have no business wasting the company's money either way.

Accounts department don't care for religious choices.  If there are valid reasons to run FreeBSD instead of Ubuntu, identify them.  If you can't do that then you shouldn't be making the choice.

As to why I run FreeBSD:  smaller number of vulnerabilities, ability to run a far more cut down environment, and where I run it (edge networks) I believe there is a benefit in having a different platform on your edge to your internal servers, so that the same exploit can't be used across the public and protected networks.


----------



## serverhamster (Aug 29, 2013)

Regarding 2. "It just works."

The problem with Ubuntu server is that it's based on Ubuntu. The result is that features that don't belong on a server get in the server version. Upstart, mountall and a _boot splash_ that hides important messages were really, really troublesome in the past, and there still is no equivalent of /var/run/dmesg.boot. 
They also have to follow a tight schedule. I remember reporting 2 bugs that didn't get fixed in time for the release of an 'LTS' because of that schedule.

When there was a separate /boot partition, Ubuntu couldn't boot.
When there was an LVM snapshot, Ubuntu couldn't boot.
Those things are all resolved now, and you can hide the boot splash, but I still don't trust Ubuntu server anymore. (Debian doesn't have those stability problems.)


----------



## ShelLuser (Aug 29, 2013)

shepper said:
			
		

> I have mentioned this before but I finally found the actual link
> 
> This is from the maintainer of a successful site who I believe gives a balanced view of the choices.


In my opinion it doesn't, because you should also take the age of the article into account. Although it doesn't mention dates (which I consider to be the number one 'flaw' with technical based articles) the URL shows something like 20070924, the article itself mentions the 1st of October 2007 and several comments are also dated on that time period.

Needless to say but a _lot_ has changed since then. I don't know what the state of FreeBSD was in 2007, but these days most of his arguments are no longer valid. With tools such as portmaster I can provision a new server in no time. Simply by making sure that I kept a usable list of the ports I installed (for example by using `portmaster --list-origins`).

I can feed that list directly into portmaster again, so the only thing I need to do when provisioning a new server is to get portmaster going and then let it do it's thing. Either by letting it build everything or simply by pointing it to my local package repository.


----------



## SirDice (Aug 29, 2013)

Next time you do a run add the -g switch to portmaster and make sure /usr/ports/packages/ exists. The switch will tell portmaster to build a package when it's done building and installing. Saving those packages will save you a lot of time when rebuilding a new server. I used to do that in the past until I set up my own package repository.



> And there I was - looking at a very basic FreeBSD installation. With my first priority being the need to get DistroWatch up and running as soon as possible, I was about to start configuring the system, installing the necessary ports, and restoring the essential services. Normally, I'd consider this a fairly enjoyable task, were it not for the fact that it was getting late and I was feeling increasingly tired. "Ah, if only it were Debian and not FreeBSD," I told myself, "everything would be up and running in a snap!" Then, rather than spending a better part of the night setting up a fresh FreeBSD installation, I decided to ask the technician to install Debian instead.


That simply means he never documented anything. Document everything and store all the packages you have installed in a safe place. He could have been up and running within 30 minutes. Instead he took the "easy" way out and used something he's more familiar with. Good argument for him but not for me. If it was me doing it it would be the other way around. I'd ditch Debian and I'd install FreeBSD instead. That's not because one is better than the other, it's simply because I'm more familiar with FreeBSD and I don't have to look up anything.


----------



## drhowarddrfine (Aug 29, 2013)

shepper said:
			
		

> I switched to FreeBSD. The reason? I needed some features in PHP 5 which was not yet officially supported in the then stable version of Debian. With Debian GNU/Linux 3.1 "sarge" in perpetual delay...
> 
> With not having any special reason for wanting to run the latest and greatest, Debian seemed to me like an ideal solution.


He contradicts himself. He DID need to run the latest and greatest and he IS frustrated with Debian.

I'm reminded of the phrase, "Do you want it fast, cheap or good? Pick two."


----------



## vand777 (Aug 29, 2013)

I'm a huge advocate for FreeBSD and my answer will always be "FreeBSD is the best".

But the balanced view would be that the answer depends on what services your server will be running. If it is a firewall, then definitely FreeBSD. At my company we run everything on FreeBSD but we had, for example, to switch our MySQL servers to Linux because there was a free tool (do not rememeber which one... something to do with backups I think...) which was implemented only in Linux because it was using some very Linux specific stuff. To have this tool was very important for us and we had to switch all our MySQL servers to Linux. 

I do think that the correct answer depends on what your servers will be running and what are business requirements to scalability/performance/features. Without this taken into account the answer will be too generic.

P.S. Although people think that FreeBSD is hard to install and maintain but it is much harder for me to install Linux and then get rid off all unnecessary stuff which is installed by default :e. I'd prefer to be in full control of my operating system and it does not take long to become pro in it. And it is only preception that Linux is easier. It easier only until something is broken .


----------



## da1 (Aug 29, 2013)

The sole problem here is how do we translate this into "management language"? They don't speak tech-language, they speak only "numbers-language".


----------



## J65nko (Aug 29, 2013)

Time is money isn't it? So maybe you could use the Makefile, that automates the Vermaden manual ZFS install suitable for boot environments, that I posted. If you disable the -v option to unpack the installation sets, you can show management that you can have a basic FreeBSD install within three minutes. See Makefile for Vermaden's FreeBSD ZFS root install adapted for 4K sector disks

On OpenBSD you can customize your install by creating a so-called siteXX.tgz installation set and install.site script. See Customizing the install process.

For my OpenBSD installs I created a set of Makefiles that automate the creation of this set and script. I am porting these to FreeBSD and will publish them here next month or so. 
For several years I have not used the FreeBSD installers at all. There is no use for using any installer, if you can script the whole installation process and have completely reproducible customized OS configurations.


----------



## wblock@ (Aug 29, 2013)

It usually comes down to three things: money, impressing upper management, or trying to convince someone who is not technically competent to make the call but has already decided.

The first is difficult, because you must compare something that exists (FreeBSD/PF) with something that is imaginary (Ubuntu/firewall that is not currently implemented).

The second can usually be solved with graphs or Powerpoint presentations.

The third is usually a lost cause.  The Boss's thirteen-year-old nephew Timmy has convinced him that Ubuntu is "uber-leet".  Or worse, a magazine has convinced him.  Either way, the decision has been made, and the rest is downhill.  Asking the boss to sign a statement that says you protested the decision usually does not go well.  For one, the Boss thinks (rightly) that it shows their technical incompetence.  Also, they know from experience that their decisions often go wrong, and don't like to have evidence.


----------



## da1 (Aug 29, 2013)

And in the end we are the ones to be blamed.


----------



## scottro (Aug 29, 2013)

Which is actually a valid argument.  If you are the one who will be blamed for a problem, then you should be the one who makes the decision.  "If something goes wrong, I can troubleshoot and repair a FreeBSD installation faster than an Ubuntu installation."
Which can possibly lead to another argument in its favor, that as it is aimed more at a sysadmin, there are more easily usable admin type troubleshooting tools.  

Obviously, it all depends upon the company, the boss, the co-workers and so on.


----------



## ShelLuser (Aug 29, 2013)

Well..  Might as well join in a bit, for what's it worth anyway. Apologies up front if my comment here is bordering a rant, I tend to get passionate about some of these things 

For the record; I run a small company where the main focus lies on website hosting, web-based development (mostly focussed on Microsoft (ASP.NET)), systems administration and occasionally software development in general. If all goes well then this week will mark the end of a migration project I've been working on for the past months; moving my Linux CentOS server park from one hosting provider to the other, and in between also moving away from CentOS to FreeBSD.

Now, I don't keep track of everything I do. When it comes to tasks such as systems maintenance (which is usually something I do on a weekly basis) I simply get to work. But the funny thing is; updates always start on my (dedicated) backup server. Although primarily used for storage (and as backup MTA) it also contains the exact same environment which is used on the main web servers.

The idea should be obvious: updates are first installed and tested on this server and from there on provided to the rest. So I logon, do my thing (installing updates, testing, checking changelogs (if applicable), etc.) and then log off.

Enter last(1)...

Now, call me crazy if you must, but I'm a huge fan of Microsoft Excel. The things I can do with that stuff.. I've build logfile analysers (mainly for Exim and Postfix), used it to keep track on some of my projects (such as the previously mentioned migration project), calculated the profits I could get from hosting by comparing my costs with the prices I charged customers, did the same when moving hosting providers; this time also trying to calculate for the time I had to invest, etc, etc.

In my opinion it's quite a powerful tool, especially when combined with the underlying VBA engine. Which is, once again in my opinion, another highly under appreciated environment.

One of the things I managed to work out was to initiate SSH connections straight from within VBA (basically using .NET routines, but let's try not to get too much offtopic), effectively allowing me to pick up output such as that from last and import it straight into my spreadsheet.

Did you know Excel can do graphics too? ;-)

I can state for a fact that the time I took to maintain my FreeBSD servers has been a _lot_ less than the time I spend on CentOS.

Let's start with something trivial; you download updates for your software and you want to provision those to your other servers. What do you do?

When looking at Debian you'll soon come across /var/cache/apt/archives where downloaded archives are kept. Yet you can't simply share this directory with other servers since it's basically 'managed'. The package management system keeps track of all this, even uses this directory for storage (as the name 'cache' implies). It's basically only meant for local use; copy the contents of this directory somewhere and you can quickly restore your server.

But what about other servers?  Well, for that you'd need to set up your own repository. There are tools provided which can do this, and some of those are really impressive, but it's always an extra step which you have to take _apart_ from updating your server.

Worse; its a step which only costs extra time. You don't gain much by doing this (read on..).

@SirDice already mentioned this; but when updating your ports collection with portmaster then all it takes is one extra parameter (-g) to tell your system to build packages while using a command you would have used anyway. And guess what? You _can_ safely export /usr/ports/packages if you want to.

Another aspect..  Because updates to the base system are separated from updates for '3rd party software' (Ports collection) you can plan any 'dangerous' updates much better. Now, this is of course a personal matter; but to me 'dangerous' is taking a risk that your system might not boot. For me that's a huge issue because then I'd get dozens of unhappy customers.

Which is what I was getting to above: the funny thing is that not doing an Apache or PHP update can have much more direct consequences. So on Linux you have no choice but to do the whole update, including kernel updates. And that takes more time, also because it is impossible to be 100% sure that a new kernel will run on all server instances. As a direct result; I now have to do a lot more extra testing on every server I have to make sure that all the updates are running fine.

And only because I cannot afford to fall behind updates to PHP, Apache, SSH and so on because those are directly exposed to the outside world.

FreeBSD? Well, of course the same thing applies: when looking at freebsd-update it is also something I need to do on a per-server basis. And because I'm using a higher security level (kern.securelevel) I have to perform this in single user mode also.

But the main advantage here is that I can plan for this. On a per-server basis even, _without_ compromising server security by not applying updates to public exposed services.

Your mileage may vary, as is the saying, but on my end this structure has saved me a lot of maintenance time.

And before anyone else mentions this: yes, I am well aware that I can easily install a new kernel on Linux but simply not reboot the machine straight away, thus "plan" for the "update". Hopefully you also realize how stupid that actually is. Because what would happen if some freak error occurs in between; let's say an issue with remote storage which would now make it imperative to reboot the server to reset everything back to default? Now you're effectively booting into a completely untested kernel. Worse yet; it also wasn't planned in any way.

Sure; I can work around that. Then all I have to do is edit the boot manager (/boot/grub/grub.cfg) after all the updates have passed and tell the system not to boot with the latest kernel. One way or the other; it would still take me more time than it does on FreeBSD.

And that's not even mentioning the time saved from using ZFS snapshots instead of daily incremental backups which I made using either dump or xfsdump (which is my favourite; I prefer the XFS filesystem over EXT3 or EXT4). Or the time I save when having to restore something (/home/$user/.zfs/snapshot/ vs. copying the file from the remote server, using interactive restore when possible, then copying the file over).

All in all...  Each to his own, but in my opinion FreeBSD is in general a lot more efficient than Linux. My Excel time sheet doesn't lie; Microsoft hates open source after all 
	

	
	
		
		

		
			





.


----------



## jrm@ (Aug 29, 2013)

ShelLuser said:
			
		

> Now, call me crazy if you must, but I'm a huge fan of Microsoft Excel.



You're crazy.


----------



## nestux (Aug 30, 2013)

I bet this topic will get 100 pages. If someone is pleased to use Ubuntu (for any reason) then let them use. If someone think that Ubuntu is garbage and prefer FreeBSD we have to do the same thing.


----------



## throAU (Aug 30, 2013)

vand777 said:
			
		

> I'm a huge advocate for FreeBSD and *my answer will always be "FreeBSD is the best".*



Even when it's not?

Whether it's Windows, OS X, Linux, FreeBSD or whatever other technology platform, blindly choosing a particular platform "because it's the best" without doing due diligence to determine the actual, real merits of the platform is not doing your job (if you're employed in this space).  "Best" is also highly subjective, and depends on the rest of your environment, the skill-set of the people employed, the availability of support, etc.


edit:
Re: Boss's nephew recommending Ubuntu (for example) - my response to that would be "I've considered the alternatives including Ubuntu, and in my professional opinion:  xxxxxxxxxxx".  Outline WHY you think Ubuntu is a bad idea, other than "I don't like it".  "I don't like it" is not a valid business case.  "Like" or "Dislike" should not be factors in this decision.  The reasons WHY you like or dislike a platform however, could be.

If you are still over-ruled, it is clear that this person thinks they should be making these decisions (they do not value the opinion of the person they are paying to do the job (you)) and it is time to either toe the line or find another job.



			
				da1 said:
			
		

> And in the end we are the ones to be blamed.



And this is why I suggest to find another job, if you believe you are right and disagree with the person over-ruling you.


----------



## RichardET (Aug 30, 2013)

It begs the question - what server OS was Ubuntu using for its forums?


----------



## zspider (Aug 30, 2013)

I tend to find FreeBSD is just better designed. When I used Linux,(Ubuntu and derivatives in particular) I'd always have problems with random things flaking out for no known reason. Since switching those problems are virtually non existent for me.


----------



## vand777 (Aug 30, 2013)

throAU said:
			
		

> Even when it's not?
> 
> Whether it's Windows, OS X, Linux, FreeBSD or whatever other technology platform, blindly choosing a particular platform "because it's the best" without doing due diligence to determine the actual, real merits of the platform is not doing your job (if you're employed in this space).  "Best" is also highly subjective, and depends on the rest of your environment, the skill-set of the people employed, the availability of support, etc.



As I said in my post:


			
				vand777 said:
			
		

> But the balanced view would be that the answer depends on what services your server will be running.
> 
> ...
> 
> I do think that the correct answer depends on what your servers will be running and what are business requirements to scalability/performance/features. Without this taken into account the answer will be too generic.



At my company we, for example, run Asp.Net MVC4 apps on MS Windows Server 2008R2/2012 (on IIS, using Nginx on FreeBSD as frontend) because we believe that Microsoft has better native support for such apps than Mono. Everything depends on what's the purpose of server. What apps/services it will be running.


----------



## devildetail (Aug 30, 2013)

> And there I was - looking at a very basic FreeBSD installation. With my first priority being the need to get DistroWatch up and running as soon as possible, I was about to start configuring the system, installing the necessary ports, and restoring the essential services. Normally, I'd consider this a fairly enjoyable task, were it not for the fact that it was getting late and I was feeling increasingly tired. "Ah, if only it were Debian and not FreeBSD," I told myself, "everything would be up and running in a snap!" Then, rather than spending a better part of the night setting up a fresh FreeBSD installation, I decided to ask the technician to install Debian instead.


How is it possible that they did not have a disaster recovery procedure?. You must perform backups of the operation systems, plus data and applications. This not a question of Debian vs FreeBSD, it is a lack of disposition.


----------



## sulman (Sep 4, 2013)

SirDice said:
			
		

> That simply means he never documented anything. Document everything...



We've all done it, and continue to do it, but this is the most important thing in system administration. Time and again.


----------



## da1 (Sep 4, 2013)

Please don't go off-topic .

I'm more interested in arguments concerning the topic rather than how someone did something.


----------



## fonz (Sep 4, 2013)

gpatrick said:
			
		

> The US-CERT National Vulnerability Database has more vulnerabilities for Linux than Windows.


Which is relevant in a FreeBSD vs. Ubuntu comparison how exactly?


----------



## da1 (Sep 4, 2013)

My question exactly. Moreover, when you say Linux, I don't think one is inclined to think of Ubuntu.


----------



## jrm@ (Sep 5, 2013)

fonz said:
			
		

> Which is relevant in a FreeBSD vs. Ubuntu comparison how exactly?



I haven't any formal training in logic, but I did watch the Holy Grail, so I'll take a shot at it.  

Ubuntu has a Linux kernel.  Thus, Ubuntu would be affected by many of these vulnerabilities.  FreeBSD, having fewer vulnerabilities, is superior, with respect to security, when compared to Ubuntu.

@fonz, I hope my recollection is correct that you have a healthy sense of humour.


----------



## cpm@ (Sep 5, 2013)

*Yum! Yum!*

@gpatrick,

Take a look at the other OSVDB Browse categories and note that you can even click on a Creditee's name and see all of the vulnerabilities that they have discovered here: http://osvdb.org/browse







Comparison between FreeBSD and Ubuntu (according to OSVDB the FreeBSD statistics are worst) :\

PS. IMHO, the rivalry spoils many things in the IT/Community world.


----------



## fonz (Sep 5, 2013)

gpatrick said:
			
		

> A specific search for "ubuntu" and "freebsd"


That's better


----------



## RichardET (Sep 5, 2013)

The OpenSUSE forums were hacked last week. I asked the forum head what software they use, it's SUSE Enterprise Server. It's no FreeBSD.


----------



## J65nko (Sep 5, 2013)

@RichardET, I don't think it is fair to point to an OS when it is very likely that the compromise is caused by an application i.e. forum software.


----------



## fonz (Sep 5, 2013)

J65nko said:
			
		

> @RichardET, I don't think it is fair to point to an OS when it is very likely that the compromise is caused by an application i.e. forum software.


Exactly. Sure enough the OpenSUSE forum runs on OpenSUSE, that's hardly a surprise. But it doesn't say which forum software (vBulletin, PHPBB, etc.) they use.


----------



## ShelLuser (Sep 5, 2013)

fonz said:
			
		

> Exactly. Sure enough the OpenSUSE forum runs on OpenSUSE, that's hardly a surprise. But it doesn't say which forum software (vBulletin, PHPBB, etc.) they use.


It's very safe to conclude that they run vBulletin.

If you go to their forum you'll notice a small disclaimer at the bottom: "_Search Engine Friendly URLs by vBSEO 3.5.2 PL2_". Clicking on the link gets you to the vBSEO website which is described as: "Professional vBulletin SEO with a 5 Minute Installation of vBSEO".

Although it is theoretically possible that another forum provides a compatibility layer for vBulletin modules I somewhat doubt that this is the case here.


----------



## SirDice (Sep 5, 2013)

gpatrick said:
			
		

> A specific search for "ubuntu" and "freebsd"  on the US-CERT NVD returns:
> 
> ```
> 3-months  3-years    All
> ...



Be careful when comparing those values. Don't just blindly look at the numbers. Things like security bugs in Apache, or other applications not directly related to the Linux OS (if there is such a thing), tend to get lumped together as Ubuntu/RedHat/SUSE "vulnerabilities" whereas on FreeBSD they would not, only security bugs in the base OS get counted. Security bugs in ports are usually not taken into account (and shouldn't be). Just like a bug in Acrobat Reader isn't a security vulnerability of Windows but of the Acrobat software, the software just happens to run on Windows.

If you want to make a proper comparison you'll have to filter out everything but the kernel and some GNU base utilities and/or libraries.


----------



## throAU (Sep 6, 2013)

SirDice said:
			
		

> If you want to make a proper comparison you'll have to filter out everything but the kernel and some GNU base utilities and/or libraries.



It depends how you want to compare.  I'd argue that what actually matters is effort expended to secure vs. number of vulnerabilities in the install.

Most modern Linux distributions seem to install a LOT of stuff by default that you would need to remove to secure the machine to the same degree as a default install of FreeBSD base.

To be fair, Ubuntu and FreeBSD probably shouldn't be compared at all.  FreeBSD is a better comparison to a minimal install of Debian.

If you're looking for a BSD style competitor for Ubuntu, it is probably more fair to compare to PC-BSD, as they both include a similar environment out of the box and have a similar goal or usage scenario.


----------



## da1 (Sep 6, 2013)

throAU said:
			
		

> If you're looking for a BSD style competitor for Ubuntu, it is probably more fair to compare to PC-BSD, as they both include a similar environment out of the box and have a similar goal or usage scenario.



True, however, we are talking about a person that would happily replace the FreeBSD OS on the servers with Ubuntu.


----------



## SirDice (Sep 6, 2013)

throAU said:
			
		

> It depends how you want to compare.  I'd argue that what actually matters is effort expended to secure vs. number of vulnerabilities in the install.
> 
> Most modern Linux distributions seem to install a LOT of stuff by default that you would need to remove to secure the machine to the same degree as a default install of FreeBSD base.


True. But I just don't like it when people call an Apache issue a Linux vulnerability. Because it isn't. Chances are that the same vulnerable Apache is in our ports tree.


----------



## kpa (Sep 6, 2013)

SirDice said:
			
		

> True. But I just don't like it when people call an Apache issue a Linux vulnerability. Because it isn't. Chances are that the same vulnerable Apache is in our ports tree.



It's hard to know if the vulnerability is a Linux only one or affects all platforms without taking a closer look what the Linux distribution has done with Apache. Often the distribution specific patches are really substantial in size and you have to know the internals of the software to make a judgement.


----------



## dndlnx (Sep 14, 2013)

RichardET said:
			
		

> The OpenSUSE forums were hacked last week. I asked the forum head what software they use, it's SUSE Enterprise Server. It's no FreeBSD.



The FreeBSD servers were compromised just recently, they wouldn't build/update any new packages for a long time. I remember because I had just switched to using packages...

 Now I'm back to ports, so it's all good.


----------



## kpa (Sep 14, 2013)

dnix said:
			
		

> The FreeBSD servers were compromised just recently, they wouldn't build / update any new packages for a long time. I remember because I had just switched to using packages...
> 
> Now I'm back to ports, so it's all good.



Did you ever bother to actually read the details of the compromise? It was a leakage of an SSH private key on one of a developer's home machines, nothing to do with the operating system used on the servers.


----------



## dndlnx (Sep 14, 2013)

Yes, I recall this. I wasn't saying it had to do with FreeBSD. All I cared was, they didn't build packages for months.


----------



## throAU (Sep 14, 2013)

SirDice said:
			
		

> True. But I just don't like it when people call an Apache issue a Linux vulnerability. Because it isn't. Chances are that the same vulnerable Apache is in our ports tree.



If it is shipping with the OS, then as far as I'm concerned it is an OS vulnerability.  If the Linux distribution guys want to complain that it isn't an OS vulnerability, then they should strip their OS back to what they consider to be their own responsibility.

As an end user, I don't care who writes the software.  If, for example, I obtain application A with OS B from vendor C, then IMHO it is vendor C's responsibility to ensure that it is secure and patched promptly.  The original author/publisher of application A is not really relevant - if I wanted to be responsible for tracking down security fixes direct from the author for every application on the system, I wouldn't be running a distribution, I'd run Linux from scratch or whatever.

If the distribution vendor can't support the software they ship, they should stop shipping it.


----------



## kpa (Sep 14, 2013)

throAU said:
			
		

> I
> 
> If the distribution vendor can't support the software they ship, they should stop shipping it.



This is the whole distribution vs. OS debate  in a nutshell. If you bundle software in highly customized form with the OS as many Linux distributions tend to do it's no longer third party software. It's the responsibility of the bundler to keep it in shape.


----------

