|This document is available in: English Castellano Deutsch Francais Italiano Nederlands|
by Georges Tarbouriech
About the author:
Georges is a long time Unix user. He likes the free BSD variants of this great system.
Free Unix: the BSD one(s)
The genealogy of Unix is a bit complex. Through the time, more and more branches have been added to the tree. Today, there are two main families: BSD and System V. The BSD branch provides various versions of free Unixes. Each one has its own specificities giving the users a wide choice. Let us try to make a small review of these great OSes.
BSD stands for Berkeley Software Distribution. The name first appeared in 1977
when searchers in Berkeley started providing source code to companies owning AT&T licenses.
That is, the goal was to improve AT&T V6 (and V7 a bit later) code and features.
This first work was called 1BSD, the second 2BSD. From there, we already have a second branch: one keeps improving AT&T code up to the last version, V10, and it is numbered 2.7, 2.8, 2.9 till 2.11, while the other start from 3BSD and evolves to 4.0, 4.1 till 4.4 which is the present one. This second branch is the one trying to create a full system free of AT&T code. 4.4BSD is the first distribution without AT&T code. The Alpha version appears in 1992 and the final one in 1993.
However, starting from version 4.3, we have a few more branches: 4.3BSD Tahoe, 4.3BSD Net/1, 4.3BSD Reno and 4.3BSD Net/2, beginning in 1988 for the first one till 1991 for the latest.
1991 is the year of the first attempt to port BSD to 386 CPUs called BSD/386 and it is the work of Berkeley Software Design, Inc. 386BSD appears in 1992 and it is the starting point of the free versions of BSD.
NetBSD 0.8 appears at the beginning of 1993 and FreeBSD at the end of the same year. 1994 sees the birth of BSD Lite and this last becomes the base for future free versions of both NetBSD and FreeBSD. At the same time, BSD/386 becomes BSD/OS.
In 1996 OpenBSD releases its first version called OpenBSD 2.0 and in 1997, Apple releases Rhapsody.
This is a rather short abstract and I hope I did not make a mistake! If you want to know the whole story, just have a look at ftp://ftp.freebsd.org/pub/FreeBSD/branches/-current/src/share/misc/bsd-family-tree
At the time of this writing, the current stable versions are: 4.7 for FreeBSD, 1.6 for NetBSD and 3.2 for OpenBSD.
Since LinuxFocus has already published an article about FreeBSD, we will not spend too
much time on this one. You can read it following this link.
To make it short, we can say FreeBSD is simple and tidy. It is easy to install and easy to configure. The documentation is very well organized and will really help the newcomer. Furthermore, it is available in various languages.
FreeBSD provides the users with tons of applications in every category.
However, networking and security are one of the strong points of this system. IPv6 (standard under FreeBSD) and IPSec allows the administrator to easily manage a Virtual Private Network. The KAME project has done a very great job providing us with great tunneling features.
Many security tools are part of the base system: firewalls, proxies, cryptography, port scanners, etc. For instance, you can choose between two packet filtering programs: ipfw and IPFilter. Of course, they are not active by default and you will have to reconfigure and recompile your kernel.
As already said in the above mentioned article, FreeBSD runs on Intel and Alpha CPUs. It is a really fast system and the basic core is rather small in size. The memory is very well managed and protected.
FreeBSD can be used in many different ways: as a home system, within a network and obviously as a server. In this last case, FreeBSD is a very good friend since it provides you with everything you need. For example, we did not mention the jail which is a sort of improved chroot.
We must also mention the TrustedBSD project intended for security enhancement. The result of this work will be integrated into FreeBSD.
Again, FreeBSD is a very great system deserving more than a try.
NetBSD is the absolute proof of the original Unix philosophy: "we do not care
about the processor". It is just unbelievable: NetBSD is able to run on more than
50 processors... and still counting!!! It can run on machines as "strange" as a Playstation or a
Just imagine the number of required drivers to make it possible. NetBSD is probably one of the most impressive free software projects ever. I am not aware of any other company (free or commercial) able to provide such a work.
However, NetBSD is able to run as well on very modern processors.
Like FreeBSD, it is a clean and simple system. It is also easy to install even if it does not provide you with a GUI like it is the "fashion" with many Linux distributions. It is easy to configure too and the documentation is really a great one (also available in many languages). Since the number of supported platforms is "rather" high, NetBSD provides specific documentation for each of them. Another great job!
Software for NetBSD is available as packages and of course, as source code archives. That is, you can download what you want from everywhere like you would with Linux, for instance. There is an emulation system allowing binary compatibility with tons of software. Commercial software is also available.
Again, like FreeBSD, a big effort has been made on networking and security. NetBSD is also IPv6 compliant, for instance.
As a matter of fact, we can say NetBSD is very close to FreeBSD. Both share a lot of code. The main difference comes from the number of available platforms.
NetBSD is the best solution if you want a free Unix for something else than an Intel or Alpha machine (even if it can run on those). For instance, some SPARC workstations are unable to run Linux: NetBSD does work on them. This allows you to use such a workstation as a gateway, for example, instead of getting rid of it. This is only an example, and you can do much more with NetBSD.
The above mentioned workstation, could also become a database server in a local network. Why this example: because NetBSD does not require "racing" CPUs or tons of resources.
As another example, I used NetBSD (1.0 and 1.1) on an Amiga 3000T with a Motorola CPU 68030/25Mhz and 8 Mb of RAM (before adding 8 more Mb)... and it was running X with a 2Mb graphic card!!! By the way, it never crashed ! Of course, it was, may be, a bit slow when compared to current monsters.
Again, these examples do not mean NetBSD is only able to run on old pieces of junk. It allows you to do the same as FreeBSD, that is using it as your home system, adding it to an existing network or installing it as a trusted server on very new computers, whatever the CPU make.
Once more, an excellentjob!
Obviously, this is a very short presentation and NetBSD deserves much more. Just give it a try. Like most free Unix distributions, you can get it from NetBSD website or you can buy a CDRom.
OpenBSD is the absolute reference when security is a concern. It is the first
Unix system to be released with security in mind.
If you need a highly secure server (and who does not need one ?), this is the right system. Of course, I am not saying that the two previous ones are like sieves or that most of the Linux distributions are full of vulnerabilities. I just say, that OpenBSD is the very first one to provide you with a secure system at first installation. The only equivalent I can mention is the Linux EnGarde distribution, since the idea behind is the same one: security.
With OpenBSD, you get everything. All the security tools are available, cryptography is really part of the system (the same team develops OpenSSH), and last but not least, those people have done a lot to improve code auditing. This way, the OpenBSD team contributed in discovering and correcting many Unix vulnerabilities. This also includes security flaws in third-party software, for the benefit of the Unix community (free or proprietary).
Furthermore, since OpenBSD comes from NetBSD, it can run on many more platforms than the Intel or Alpha ones (of course, not so many as NetBSD!). At the moment there are about ten platforms able to run OpenBSD.
The "secure by default" philosophy is something we were not used to before OpenBSD appeared. None of the Unix editors thought that way (free or proprietary) and they kept providing systems requiring much work (and some knowledge!) to harden them. For instance, the idea of bringing the system up without any running daemons by default has not yet been understood. For many editors, the idea seems to keep as many running services as possible by default. Sometimes, you can have some of the worst services up and running at startup time. "Things" like telnetd, rshd, ftpd, etc, are on by default. Just incredible!
However, if most of the editors admit that OpenBSD is a model (sort of)... for once, they do not try to "copy". At the moment, the free BSD family seems to be the only one to have understood the problem. Thanks a lot to them!
Accordingly, if you need a very secure server, providing high availability, the obvious choice is OpenBSD. Well, if you feel like using it at home, why not ? And of course, it will be very easily integrated into your local network too. Furthermore, if you check the way it works, you will learn much about security: what to do, what to avoid, etc. And you then will be able to apply this to other systems. The basics are always the same: the less active services, the better, the less open ports, the better. Do not use, if you can (and you should!) protocols or daemons transferring the data in clear text (including passwords). If you cannot avoid this (come on!) then use a SSH tunnel to send or receive your data. Restrict permissions on sensitive directories and files. Check SUID and SGID programs. And so on.
OpenBSD does all this work for you while, for example, many proprietary Unixes activate by default a web server to read the online documentation!
Now you know where to find the right system for your servers ;-)
We should not forget to mention the core of Mac OS X at a time when Apple goes to Unix: Darwin. Darwin comes from 4.4BSD-Lite2 and uses a 3.0 Mach microkernel (initially
developed by Carnegie-Mellon university and enhanced by the OSF, now called The Open
Group). The present version is 6.0.1, while the kernel OS version found in Mac OS X 10.2 is 6.2.
As a matter of fact, FreeBSD has been the starting point of the Darwin development. However NetBSD and OpenBSD have also been used in this development. For example the integrated cryptography in Darwin comes from OpenBSD and so for the unavoidable OpenSSH. Many commands and tools come from NetBSD.
The kernel is called XNU (yes, like another well known acronym) and it is made of both Mach and BSD. Mach is in charge of memory management, IPC and messaging, I/O kit (device drivers) while BSD manages users and permissions, networking stack, VFS (virtual file system) and POSIX compatibility layer.
Accordingly, Darwin benefits from the work of the above mentioned BSDs. That is, when a vulnerability has been found, Apple provides updates very soon after they appeared in the free BSD community.
Let us also mention that like the free BSDs, Mac OS X is one the few Unixes to come with no active services by default.
Of course, Darwin was first dedicated to Motorola PPC CPUs, but since Darwin is open source, there is also an Intel version available from GNU-Darwin.
What is on top of Darwin, that is the beautiful Aqua interface, which is obviously not open source. However, thanks to the free BSD community, Apple provides the most user-friendly Unix ever. Sure, it then becomes a proprietary Unix, but it shows the high quality of free BSD software. Furthermore, bringing Unix to the whole world seems to me a very great idea. NeXT did the same 15 years ago but failed (unfortunately). I really hope Mac OS X will succeed where its "father" did not.
Each entity of the free BSD family shares its works with the other ones. They
are really free in every meaning of the term. They are more secure by default than any
other Unix. They run on most of the available platforms. The distributions are
not "bloated" and the core system is rather small in size. They are able to run
most of the available software. And so on.
However, most of the proprietary Unixes are based on System V. They seem not to care anymore about BSD. Nevertheless, they all have BSD compatibility packages and some of them were first based on BSD.
Unfortunately, these proprietary Unixes are losing more and more market share. Their policies look strange to me. All of them seem quite interested in Linux. What do they expect? To sell it at the same price as their own system? I am afraid that this will not work. Do they think of selling their machines replacing their own system with Linux? Very expensive in my opinion unless they sell low end computers, and in that case, the Intel "solution" will be cheaper. And, in any way, how will they compensate for the loss? Yes, I know the answer: selling services! How long will this last? And what about their existing solutions? Will they want to slowly replace them with the much cheaper Linux?
However, this year most of these companies have "fired" thousands of people! Where does that lead to? To an every day stronger Microsoft hegemony... and to more unemployed people. Very, very sad!
Of course, I am not saying that using BSD instead of System V would solve this problem. I just do not understand the policy of those big makers. Neither do I understand why they leave BSD if they are so interested in free Unix.
This may seem off-topic but it is not. Proprietary Unix needs free Unix... but free Unix needs proprietary Unix. Each one gets something from each other. Most proprietary Unix use free software one way or other, compilers for instance. Free Unix benefits from what was given to the community by proprietary Unix. A great example: OpenGL. Thanks to SGI.
This is a nice way to share and it creates an emulation. OpenBSD, helps a lot in showing the way to more secure systems. OpenSSH for instance, is available for most proprietary Unixes. As we already said, free BSDs are very important to Apple. I cannot remember Apple caring much about security before Mac OS X!
All this is to say that the Linux "fashion" is perverting many things. I like Linux but I do not like its "evolution". I do not share the idea of "cloning" Windos and its software. I do not agree with the fact the main distributions get bigger and bigger... and more and more "commercial". I do not want a monopoly replacing another one (which I do not believe, anyway!). For now, Microsoft does not really fear Linux or other Unixes. The day the "danger" will become a reality, Microsoft has the power to lock everything and particularly the Internet in a very short lapse of time. I know, this may seem paranoid and I hope it will not happen, but... This said, do not worry: I do not hold the truth and I am not fond of futurology.
We do need a real choice: the more OSes available, the better. Why talking about "world domination"? Apart from Microsoft, who cares about it? What we have to "fight" for is the freedom of choice. I know I already said so:-(
The free BSD family contributes a lot to this freedom. Those people keep sharing and this leads to very great systems. Thanks a lot to all of them.
By the way, Mr. RMS you have not "recommended" to say GNU/FreeBSD or GNU/NetBSD or GNU/OpenBSD (all right, we have GNU-Darwin!): did you forget about BSD like the big Unix makers did, or is it that you find those people do not use "enough" GNU software? Of course, I am joking, but freedom of speech also exists, at least for now... and I do not feel like saying (or writing) GNU/Linux!
Aren't we living in a great time?
Under the following URLs you will find mirrors, download areas, documentation in various languages,
Webpages maintained by the LinuxFocus Editor team
© Georges Tarbouriech, FDL
2003-01-27, generated by lfparser version 2.35