Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday August 12 2016, @11:16AM   Printer-friendly
from the all-it-takes-is-time-and-money dept.

Arthur T Knackerbracket has found the following story:

The developers of FreeBSD have announced they'll change the way they go about their business, after users queried why known vulnerabilities weren't being communicated to users.

This story starts with an anonymous GitHub post detailing some vulnerabilities in the OS, specifically in freebsd-update, libarchive, bspatch and portsnap. Some of the problems in that post were verified and the FreeBSD devs started working on repairs.

But over on the FreeBSD security list, threads like this started asking why users weren't being told much about the bugs or remediation efforts. That's a fair question because updating FreeBSD could in some circumstances actually expose users to the problem.

Now the FreeBSD team has answered those questions by saying “As a general rule, the FreeBSD Security Officer does not announce vulnerabilities for which there is no released patch.”

The operating system's developers and security team are now “reviewing this policy for cases where a proof-of-concept or working exploit is already public.”

That post also explains that the team is considering more detailed security advisories. There's also an admission that the proposed patch may have broken other things in the OS.

The post concludes by saying that the FreeBSB core and security teams are working with all due haste to fix things and will let those subscribed to its mailing lists know when patches are ready and the danger is past.

[The majority of SoylentNews.org's servers run Ubuntu 14.04 LTS (Long Term Stable version). Upgrading to version 16.04 LTS would expose our systems to systemd and there has been some discussion among staff about our options. One option under consideration would be FreeBSD. Are there any Soylentils who run FreeBSD? What has your experience been? Any surprises to share with the community? --martyb]


Original Submission

Related Stories

FreeBSD Jails – Deep Dive into the Beginning of FreeBSD Containers 16 comments

Klara Systems has an article with a deep dive into the origins of FreeBSD jails. These ideas have been around for many decades and taken form in several stages and finally became part of FreeBSD over 20 years ago. FreeBSD jails share the main system's kernel and are therefore a relatively light weight means for userspace isolation, compared to "containers". Within the jail, the environment appears as a normal system and processes within the jail can not see upward into the host or laterally into other jails.

In the late 1990s, [Poul-Henning] Kamp was contacted by a man from South Carolina named Derrick T. Woolworth. Woolworth had a problem and was looking for a solution. He ran a web hosting company named R&D Associates Inc and he “had this idea for running multiple different versions of Apache and MySQL on the same server”. Woolworth “complained about the fact that different customers in his webhotel needed different versions of apache, mysql, perl etc, and that this forced him to run many machines, each almost idle, just for these different software loads.”

Woolworth offered to pay for the development of such a feature. “The deal was that he would pay for the development and then after one year I would commit them to FreeBSD.” With that Jails were born. After Woolworth’s year of exclusivity expired, Jails were included in FreeBSD 4.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday August 12 2016, @11:26AM

    by Anonymous Coward on Friday August 12 2016, @11:26AM (#386971)

    However the only reason I didn't run it on more hardware was the lack of 3d acceleration at the time. As a server grade OS it ran like a champ (in fact for the linux binary servers I was running under it, via linux emulation it was as fast if not faster than the 2.6.x release of the time.) Unlike linux however, it didn't go into swap hell as main memory ran out (system in question only had 256 megs, and would grind to a halt when main memory filled up, making the system unresponsive... still a problem I have with linux today.) Ran for about 3 years (400+ days of that continuously) without any problems.

    If you need ZFS-like features on x86_64 I would recommend DFBSD, or consider NetBSD/OpenBSD (depending on your hardware, smp, and security requirements) for server-only OSes.

  • (Score: 2) by bradley13 on Friday August 12 2016, @11:54AM

    by bradley13 (3053) on Friday August 12 2016, @11:54AM (#386975) Homepage Journal

    I get the systemd hate, I really do. However, I'm happy with Ubuntu, so I grit my teeth and upgraded to 16.04. Adapting to a different distro? Sure, it would have been possible, but in the end I just want to get work done. Guess what, Ubuntu 16.04 works just fine.

    --
    Everyone is somebody else's weirdo.
    • (Score: 2, Informative) by Anonymous Coward on Friday August 12 2016, @12:31PM

      by Anonymous Coward on Friday August 12 2016, @12:31PM (#386979)

      Hate? I moved way past hate after a 3am call. Fuck systemd.

      • (Score: 0) by Anonymous Coward on Friday August 12 2016, @01:08PM

        by Anonymous Coward on Friday August 12 2016, @01:08PM (#386991)

        that sounds a little ridiculous. i'm not the most senior lsa but i can't think of a single issue i've had with systemd except having to learn new things. I'm not saying that some of the criticisms about scope creep, not unixy, etc aren't justifiable but as far as reliability, i've had no problems and i've been using it for a while.

        • (Score: 4, Insightful) by tangomargarine on Friday August 12 2016, @03:00PM

          by tangomargarine (667) on Friday August 12 2016, @03:00PM (#387043)

          You're claiming that one other user's anecdata is "ridiculous" and using your own one user's (yourself) anecdata as evidence? Dude: listen to yourself.

          "That's crazy; systemd doesn't have any problems because I personally haven't run into any."

          --
          "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    • (Score: 4, Informative) by http on Friday August 12 2016, @09:28PM

      by http (1920) on Friday August 12 2016, @09:28PM (#387182)

      Nobody seriously "hates" systemd, but there's every kind of flaw in philosophy and implementation that makes it desireable to avoid. Kind of like a wild bear. You don't hate it, you stay hte fuck away and do your best to alert anyone nearby.

      --
      I browse at -1 when I have mod points. It's unsettling.
  • (Score: 2, Disagree) by Beige on Friday August 12 2016, @12:26PM

    by Beige (3989) on Friday August 12 2016, @12:26PM (#386978) Homepage

    Couple quick thoughts based on my experiences using both Linux and FreeBSD for many years;

    - You'll probably find it *much* easier to adapt to systemd (and/or firewalld for that matter) than to adapt to a whole different OS.
    - Having said that, FreeBSD's network stack is generally more solid out of the box (i.e. no need for fiddling with PREROUTING rate limits or setting up things like SYNPROXY for DDoS resilience). FreeBSD had IMO some bad releases between versions 4 and 8 but 10 has been generally good and the binary upgrade process is about as straightforward as apt/yum. So depending on your other objectives FreeBSD might save you some pain/cost/hassle in the longer term.

    • (Score: 5, Interesting) by Unixnut on Friday August 12 2016, @01:02PM

      by Unixnut (5779) on Friday August 12 2016, @01:02PM (#386990)

      I have to say in my experience, I disagree with you. I found adopting to FreeBSD was much easier than SystemD, especially debugging problems with it. The fact it has reached a point where it is easier to either "Turn it off and on again", or "reinstall Linux" than actually delve into the OS and debug/fix/alter the system, means that it is becoming more like Windows, for many of the same reasons I moved from Windows more than a decade ago.

      If systemD works, it is tolerable, but if (like me) your job involves administration/maintenance and debugging of the systems, you quickly learn how much of a major PITA systemD is.

      I switched to Devuan (https://devuan.org/) for my Linux desktops, as they are systemD free. I started moving to FreeBSD for the servers. The biggest thing to get used to was the default shell is not bash. A lot of the commands for core things like disk detection, adding/removing users are different (BSD stack rather than GNU stack), but nothing that a bit of internet research cannot fix. The ports system is a bit like Gentoo's portage, just a little more manual.

      ZFS itself is awesome, but required quite a bit of fettling and magic incantations to wring out the best performance.

      FreeBSD is a bit tricker to set up (if you want to really fine tune things). In fact it reminds me a bit of Linux up until 2.6. Generally very powerful and flexible, but steep learning curve. Getting the system to be exactly how you want can take a while, but once set up it runs like a champ till the end of time.

      If you want it to "Just work", or only use the defaults, or don't care about the OS as long as it runs your apps, then stick to Linux. I can foresee a time when Linux becomes more like Windows, easy to install/use, inflexible, but pretty UI and apps exist for it. While FreeBSD does the heavy lifting/Server side. Either way, it would be better than Windows, as both are OSS, and you can hack into them if you really need to.

      • (Score: 2) by Beige on Friday August 12 2016, @07:26PM

        by Beige (3989) on Friday August 12 2016, @07:26PM (#387139) Homepage

        It appears I touched a raw nerve with the previous posting and I'm sorry for that - however, in my personal experience learning systemtd didn't take much time and it has worked fine since. Most day-to-day stuff you can handle with just systemctl and chkconfig and these seem to work fine at least on CentOS. As far as potential secuirty issues go, systemd should be the least of your worries anyway. Personally I've used FreeBSD since version 2 and I've generally been happy with it so I wouldn't arue against its merits. However, it sounds like the SoylentNews staff are happy and comfortable with Ubuntu 14 and assuming that's the case then adapting to systemd shouldn't be much of a problem for anyone with half a clue.

        • (Score: 3, Insightful) by The Mighty Buzzard on Saturday August 13 2016, @02:33AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Saturday August 13 2016, @02:33AM (#387332) Homepage Journal

          Adapting to systemd almost certainly isn't going to happen for SN. Allow me to enlighten everyone as to why:
          You do not put a beta init system on a production server. Period.

          --
          My rights don't end where your fear begins.
        • (Score: 3, Informative) by Unixnut on Saturday August 13 2016, @10:02AM

          by Unixnut (5779) on Saturday August 13 2016, @10:02AM (#387443)

          Yeah, sorry. My company has started switching to CentOS/RHEL7 , and we are doing the initial testing/rollout. I spent the last 2 weeks trying to work out why systemD would randomly hang, or work fine one moment, then on reboot drop into "Emergency Mode", or the binary logs getting corrupted, and the general pain of having no choice but to interact with things like logs using their tools.

          You can't bypass their tools and use one of the standard ones, or your own. Back when it was all separate programs and scripts, it was easy to "step through" each stage until you hit a problem, then debug it. SystemD either works, or it doesn't. I can't easily step through it, or replace subsystems, because it is all so heavily integrated. All it usually tells you is the equivalent of "Oops, something happened. Here is the emergency mode", without really telling me anything useful, or even showing where in the stage it broke.

          And yes, we had a clean installed CentOS7 machine that would just boot randomly into emergency mode on reboot. In the end it was faster and easier to just wipe it and reinstall, after which it worked. No idea why, and no idea why it didn't work. This kind of obscure "Sometimes works, sometimes doesn't" might be standard acceptance for Windows Admins, but it used to infuriate me, because I hate black boxes, where I have no idea why something is broken, or why it suddenly started working. It is why I switched to Linux and Unix systems back in the early 00's. You could rip a Linux system apart completely, and it was all small programs interconnected loosely. It was wonderful, so powerful and flexible, but it demands effort and the pursuit of knowledge to be any good with it.

          As for SystemD. IMO it has a serious architectural/design flaw, which is that it is trying to be yet another tightly-integrated abstraction layer between the kernel and the apps. A bit like svchost on Windows. The more abstraction layers you have, the more complexity, and the more opportunity for flaws to creep up due to the interaction of different parts. Not to mention being slower (latency wise) and more prone to security flaws (I have some power over higher parts of the stack, but the kernel/systemD is not easy to just rip out and replace in case of a security flaw).

          However I suspect this is on purpose. I think RedHat is seeing the next major growth will be on stateless machines, like Openstack. You don't care about debugging the OS or its init system. If the machine cocks up, just terminate and spawn a new one. The apps are stateless, the data is in "the cloud", so minimal downtime. That is why for systemD boot times were so important. On a server nobody cares if it takes 30 mins to comeback, as you reboot so often. However in a dynamic "Virtual Cloud" setup, you want to spin machines up quickly.

          For that kind of setup, I actually think systemD is perfect. You have a "black box" OS, you have your apps running on it (perhaps in docker), and if one segment fails, just respawn and carry on.

          However that means that it is ill suited for traditional systems. While I can imagine in future the majority of compute could be cloud based, there will still be traditional hardware machines out there, and for them I believe in future the BSDs will dominate, along with Linux where required due to tie-in (e.g docker can only run on Linux, so you need a Linux host for it). However I am sticking to Linux on my desktops. Far more apps, better graphics support, there are systemD free alternatives, and I am still more familiar with it.

    • (Score: 0) by Anonymous Coward on Friday August 12 2016, @05:22PM

      by Anonymous Coward on Friday August 12 2016, @05:22PM (#387094)

      >You'll probably find it *much* easier to adapt to systemd (and/or firewalld for that matter) than to adapt to a whole different OS.

      The answer: use Slackware.
      It's best of both worlds.

    • (Score: 3, Insightful) by rleigh on Friday August 12 2016, @11:30PM

      by rleigh (4887) on Friday August 12 2016, @11:30PM (#387245) Homepage

      "You'll probably find it *much* easier to adapt to systemd (and/or firewalld for that matter) than to adapt to a whole different OS."

      I'm not sure. With systemd, it is already effectively a whole different OS. The whole core system is changed. The rest of the system, the daemons and applications etc., are identical on Linux, BSD or whatever.

      To be perfectly honest, after I transitioned from 100% Debian to my initial FreeBSD foray, I was up and running quickly with some help from the guidebook. There was some learning to be sure, but when you look at the differences between old Debian to FreeBSD and old Debian to systemd-Debian, they are just as different. The main change is in the configuring, starting and stopping of services. And BSD init isn't that different from sysvinit except at a superficial level. The rest of the system is mostly the same. Different package manager, some config in /usr/local/etc. It wasn't a big deal, just a few days from first test install to first running server with ZFS and a few services. Learning all the systemd stuff to an expert level would require vastly more time investment, and while I get get by with it for trivial stuff I have no desire to take it that far. Using a current FreeBSD system, I feel vastly more "at home" on it than I do on a current Debian or Ubuntu system, because so much of it is familiar. Maybe using Solaris and HP-UX has made me more accepting of the small differences, I don't know.

  • (Score: 1, Insightful) by Anonymous Coward on Friday August 12 2016, @12:33PM

    by Anonymous Coward on Friday August 12 2016, @12:33PM (#386980)

    Security is as much a function of the admin as it is the product used.

    I have had a good experience with FreeBSD. FreeBSD having jails, ZFS, up to date software, and in place upgrades is hard to beat. The patch and port vulnerabilities are concerning, but don't really apply to my use case. In order for this to affect me, attackers would need to somehow MiTM me on my internal network (I am already breached at that point, so it is a moot point) or compromise FreeBSD.org's servers. I'm not going to go into detail with how my network and servers are setup, but the chances of this being exploited undetected are very low. Not only that, there is a work around. FreeBSD can be patched using their SVN repo, which uses TLS.

    FreeBSD + ZFS + jails makes testing bullet proof and easy because if you use ZFS clones, it guarantees an identical system on identical hardware with an identical configuration. It only takes a few minutes to clone a jail, so screwing up your test jail takes only a few minutes to recover from.

    There is a very easy fix that would require very little effort on the FreeBSD developers and server admins parts. Since the exploits require MiTM, one word. TLS. Let's Encrypt and Startcom offer free certificates. Post a sed script to the mailing list and RSS to update the config files with the URLs. Mitigated. Now they can take their time fixing the utilities.

  • (Score: 2, Interesting) by sunami88 on Friday August 12 2016, @12:41PM

    by sunami88 (5409) on Friday August 12 2016, @12:41PM (#386982)
    Did the smallest amount of research on switching to BSD recently (looking forward to when Mint 17.3 is no longer supported). The bottom line is it looks like Steam won't work, and that's a deal breaker. I'm sure there are many other considerations but that's as far as I got.
    --
    Sex. Drugs, and Unix.
    • (Score: 2) by canopic jug on Friday August 12 2016, @01:17PM

      by canopic jug (3949) Subscriber Badge on Friday August 12 2016, @01:17PM (#386999) Journal
      Actually there is some movement on getting Steam on FreeBSD [github.com]. It looks like it uses the Linux compatiblity layer, but if it works, it's one less barrier for your use case.
      --
      Money is not free speech. Elections should not be auctions.
    • (Score: 2) by Scruffy Beard 2 on Friday August 12 2016, @01:54PM

      by Scruffy Beard 2 (6030) on Friday August 12 2016, @01:54PM (#387015)

      Yes, the "will it work on BSD" is my new quick&dirty test for binary drivers (though BSD supports running Windows binary wifi drivers).

  • (Score: -1, Spam) by Anonymous Coward on Friday August 12 2016, @12:46PM

    by Anonymous Coward on Friday August 12 2016, @12:46PM (#386986)

    * Hook 25th Anniversary Reunion @https://www.facebook.com/22Vision/ [facebook.com]
    URL: https://www.facebook.com/22Vision/photos/?tab=album&album_id=927931163982109&_fb_noscript=1 [facebook.com]
    Archived #1: https://archive.is/P1VnX [archive.is]
    Archived #2: https://web.archive.org/web/*/https://www.facebook.com/22Vision/photos/?tab=album&album_id=927931163982109&_fb_noscript=1 [archive.org]
    WTF?: Hook (1991): http://www.imdb.com/title/tt0102057/ [imdb.com]
    Twitter https://twitter.com/22Vision [twitter.com]
    @Twitter / Hashtags: #Hook25th #22Vision
    https://twitter.com/hashtag/Hook25th?src=hash [twitter.com]
    https://twitter.com/hashtag/22Vision?src=hash [twitter.com]

    #####

    * Hook cast (1991): Where Are They Now? [Video]
    URL: https://www.youtube.com/watch?v=EOuT5Q9kRjo [youtube.com]

    #####

    - EXCLUSIVE: 'Hook' Turns 25! The Lost Boys Reunite and Remember Robin Williams [Video]
    URL: https://www.youtube.com/watch?v=NwcP8ldzL44 [youtube.com]

    #####

    - 'Hook' Turns 25: Lost Boys Reunite For Photo Shoot, Remember Robin Williams
    URL: http://www.hollywoodreporter.com/news/hook-turns-25-lost-boys-918633 [hollywoodreporter.com]
    Archived #1: https://archive.is/22Bks [archive.is]
    Archived #2: https://web.archive.org/web/*/http://www.hollywoodreporter.com/news/hook-turns-25-lost-boys-918633 [archive.org]

    #####

    - EXCLUSIVE: ‘Hook’ Turns 25! The Lost Boys Remember Robin Williams on the Second Anniversary of His Death
    URL: http://www.etonline.com/movies/195226_hook_turns_25_the_lost_boys_all_grown_up_remember_robin_williams/ [etonline.com]
    Archived #1: https://archive.is/a6AgT [archive.is]
    Archived #2: https://web.archive.org/web/*/http://www.etonline.com/movies/195226_hook_turns_25_the_lost_boys_all_grown_up_remember_robin_williams/ [archive.org]

    #####

    - Lost Boys to men! Hook stars reunite in emotional picture 25 years on... without their leader Robin Williams
    URL: http://www.dailymail.co.uk/tvshowbiz/article-3732711/Hook-s-Lost-Boys-reunite-emotional-picture-25-years-without-leader-Robin-Williams.html [dailymail.co.uk]
    Archived #1: https://archive.is/TWGcR [archive.is]
    Archived #2: https://web.archive.org/web/*/http://www.dailymail.co.uk/tvshowbiz/article-3732711/Hook-s-Lost-Boys-reunite-emotional-picture-25-years-without-leader-Robin-Williams.html [archive.org]

    • (Score: 0) by Anonymous Coward on Friday August 12 2016, @10:47PM

      by Anonymous Coward on Friday August 12 2016, @10:47PM (#387217)

      Aw, man, I thought you were talking about Blues Traveler. That Hook is only 22 years old.

  • (Score: 0) by Anonymous Coward on Friday August 12 2016, @12:59PM

    by Anonymous Coward on Friday August 12 2016, @12:59PM (#386988)

    Is that there's always something across the street that's newer and shinier and just as free.

    • (Score: 0) by Anonymous Coward on Friday August 12 2016, @01:12PM

      by Anonymous Coward on Friday August 12 2016, @01:12PM (#386994)

      ohh, the horror! i hope you're being sarcastic...

  • (Score: 2) by Knowledge Troll on Friday August 12 2016, @01:27PM

    by Knowledge Troll (5948) on Friday August 12 2016, @01:27PM (#387002) Homepage Journal
    I returned to FreeBSD 10.x after a long stint with Linux - the last version of FreeBSD I ran was around 4.x or so, it has been a minute for sure. Systemd was the thing that pushed me over the edge to look at FreeBSD again very seriously. Things are different but there is nothing wrong with FreeBSD. My biggest gripe is that FreeBSD uses a BUFSIZ of 4k I think and I'm used to 2^16 for BUFSIZ. It shows up a few places like using dd with slow media or chewing more CPU than needed if you just use BUFSIZ the constant in your code with IO loops. Aside from that and installing bash from ports (which actually you should probably think about not using bash anyway) it is a Unix box. It isn't a Linux box, which could lead to confusion, but it is a Unix box. Unix for lyfe yo. Fuck SystemLinux that shit ain't Unix.
  • (Score: 1, Insightful) by Anonymous Coward on Friday August 12 2016, @01:52PM

    by Anonymous Coward on Friday August 12 2016, @01:52PM (#387014)

    I cut my teeth in Linux, and was pretty diehard. I found my way to FreeBSD with a new gig, and haven't looked back in 6+ years. I now manage an exclusively FreeBSD shop. There is certainly a learning-curve, but it's not so bad, largely thanks to coherent documentation. I've tip-toed back into Linux recently for some personal projects, and the experience (as a Systems Admin) has been less-than-complimentary. IMHO, modern [Linux] distributions are great, as long as you don't stray from the golden path blessed by the maintainers. FreeBSD stays out of the way (figuratively), letting you focus on getting real work done.

    Rather than gush about how great FreeBSD is (and it really is), here some of the cons...
    - Packaging: Pkg is volatile, and ports are great if you like watching code compile. We maintain our own pkg infrastructure. Linux (Debian in particular) wins hands-down.
    - Community size: Relative to Linux, it's a small community. This makes for less in-fighting, but fewer man-hours for security/bug/feature updates.
    - Third-party support: Linux is a bigger audience, so it gets more attention from devs working on other projects. We maintain patch repositories for a number of FOSS projects we utilize.
    - Feature set: FreeBSD is excellent at it's core competencies, but it's a shorter list than you may be used to as a Linux user (e.g. "What do you mean there aren't 6 dozen filesystems supported?!")

    • (Score: 2) by coolgopher on Friday August 12 2016, @03:19PM

      by coolgopher (1157) on Friday August 12 2016, @03:19PM (#387054)

      I came from the other direction - I started on FreeBSD 2.2.5 and eventually ended up on Linux. My last FreeBSD box was in the 10.x days. Actually, the only reason I'm not still running FreeBSD on my main system is that I use Linux at work, and it makes it easier for me to work from home with a Linux install here too. Oh, and Raspberry Pi. The Linux support is far better on the Pi so far.

      I do miss the ports system. Prebuilt packages are convenient, but being able to customise stuff easily to reduce dependencies was very nice. Yes, I know about Gentoo, I've run it, and no, I like the FreeBSD ports much better.

      In short, a thumbs up for FreeBSD, especially for servers.

    • (Score: 3, Interesting) by rleigh on Friday August 12 2016, @06:10PM

      by rleigh (4887) on Friday August 12 2016, @06:10PM (#387111) Homepage

      All very true. I'm increasingly using FreeBSD but still very much in the Linux world as well.

      With respect to the large number of filesystems which Linux supports, it's nice if you need them but in practice most people will use one or two at most. On FreeBSD I'm finding UFS perfectly adequate for VMs and ZFS perfectly fine for servers and workstations, and NFSv4 for networking. In practice, I'm happy with just those three. Likewise on Linux ext4 or zfs plus NFS/CIFS and I'm equally happy (swap ext4 with xfs to taste).

      pkg is definitely a bit more volatile, but it's nice that there's now the more stable quarterly updates if you don't want to run your own builds and infrastructure. When the base system is also upgradeable with pkg, that will make jails vastly simpler to upgrade (as well as the base system).

      From the security point of view, I do think that Linux distributions have a more effective model at the moment. FreeBSD requires more diligence, and upgrading all your base systems, jails, and all the pkg/ports packages on top of that is currently more work, and more importantly often more delayed. As mentioned above, I think having everything upgradeable via pkg will be a massive improvement. It's all doable right now, but this will make it sufficiently simple that anyone can do a pkg update/upgrade and be confident their system is up to date.

  • (Score: 4, Interesting) by hendrikboom on Friday August 12 2016, @03:18PM

    by hendrikboom (1125) Subscriber Badge on Friday August 12 2016, @03:18PM (#387053) Homepage Journal

    I'm using Devuan exclusively for laptop and server.

    It works.

    It was an easy upgrade from Debian wheezy to Devuan jessie -- just replace a few lines in /etc/apt/sources.list, upgrade apt and maybe a few tools, then everything. I had a complete bootable system backup just in case, but I never needed it.

    From Ubuntu it may not be as easy, even though it counts as a Debian derivative. It is probably still easier than switching to BSD.

    Mind you, this is a low-usage home server, so there isn't a lot of load on it. But Devuan is developed by and for system administrators, and they seem to be very aware of system administration issues.

    I was not a gnome nor KDE user, though a lot of the associated libraries were, and still are present. (Gnome, in particular, seems to be acquiring systemd barnacles.)

    -- hendriik

  • (Score: 2) by srobert on Friday August 12 2016, @04:11PM

    by srobert (4803) on Friday August 12 2016, @04:11PM (#387067)

    I've been a desktop/laptop Linux user since 1996. I started playing around with FreeBSD on a laptop around 2012. I'm not a gamer, and my needs are pretty simple, email, web browsing, simple spreadsheets, word processing. I'm not running a server. Most of my personal computing for the last few years has been done on a FreeBSD laptop. I recently acquired a new laptop whose Wifi card is not yet supported by FreeBSD (or any BSD), so I installed ArchLinux on it. ArchLinux is OK, but I'll likely migrate the new laptop to FreeBSD when the wifi support becomes available, which I think will be around the time FreeBSD 12 is released. FreeBSD seems easier to me to update and administer even for desktop use. I'd imagine that would be even more true for a server, provided the hardware works and your applications are available. The documentation is easy to follow and procedures are more consistent over time than most of the dozen or so Linux distributions I've used.

    • (Score: 2) by Celestial on Friday August 12 2016, @04:31PM

      by Celestial (4891) on Friday August 12 2016, @04:31PM (#387078) Journal

      Out of curiosity, have you tried DragonFly BSD? I've been told that it has better hardware support for notebook computers than FreeBSD, and plan on trying it the next time I buy a notebook.

      • (Score: 1, Informative) by Anonymous Coward on Friday August 12 2016, @10:23PM

        by Anonymous Coward on Friday August 12 2016, @10:23PM (#387212)

        DragonFly is a fork from the 4.x branch of FreeBSD. That was probably the last good release of FreeBSD for general purpose computing; everything since then has been geared more towards the production server environment. Thus device drivers for recent graphics have been neglected since 2007 or so; the official mantra for FreeBSD users is to just use the nVidia blob. DragonFly has no problem supporting graphics drivers as recent as Broadwell as that is what Matt Dillon uses for his machine.

        That being said, DragonFly is about fifteen years in the past when it comes to security. It still lacks basic constraints like DEP or rootless Xorg and is probably the least secure BSD out of the box. Take that as you may. Personally, I've had no problem with OpenBSD on laptops, to include suspend/resume working with no issue.

      • (Score: 2) by srobert on Saturday August 13 2016, @02:26AM

        by srobert (4803) on Saturday August 13 2016, @02:26AM (#387329)

        I tried both DragonflyBSD and OpenBSD a while back. I think they were both in VirtualBox on the FreeBSD laptop. I didn't use them much though, as FreeBSD was working flawlessly on the host. If my new laptop's wifi card is supported under one of the other BSD's before FreeBSD. I might give one of them another try.

  • (Score: 2, Interesting) by Anonymous Coward on Friday August 12 2016, @04:16PM

    by Anonymous Coward on Friday August 12 2016, @04:16PM (#387070)

    Theo de Raadt has speculated that FreeBSD is compromised given their complete lack of security culture and the proximity of a USGOV building in California to FreeBSD. This is exactly the kind of exploit that we've seen in the past with the USGOV. Suddenly, the freebsd-security team has been quiet on this front. Note that FreeBSD is the core operating system behind many Juniper routers/firewalls and Netapp file servers.

    Similarly, Julian Assange has claimed that Debian and RedHat are compromised. Remember that exploit where pressing backspace exactly 28 times would let you bypass a grub2 password, allowing you write access to the unlocked /boot partition on a full disk encrypted drive? Yeah. Exactly what you would need to happen if say, you had physical access to a laptop and wanted to install a keylogger to get the LUKS password, but suddenly laptops were being designed to be difficult to physically tamper with due to their ultrabook thinness and SecureBoot.

    I just don't know man. Use whatever you feel comfortable with to host your website. Linux doesn't have a culture of security-consciousness outside of GrSecurity, which has been slandered by GNU apologists who probably can't even write a Hello World in C. If you were really security conscious, I guess you would just use OpenBSD and whatever comes in the base install, marking /usr/local nosuid and not allowing any partition to have wxallowed.

  • (Score: 1) by jimtheowl on Friday August 12 2016, @06:02PM

    by jimtheowl (5929) on Friday August 12 2016, @06:02PM (#387104)

    I have been running FreeBSD since version 3.2 in a personal context only, but I know some people who use it in a professional one.

    I do not recall ever having any surprises.

    Whether or not it works out, we all like a good systemd story.

    Soylentnews would be the news.

  • (Score: 1, Interesting) by Anonymous Coward on Friday August 12 2016, @07:02PM

    by Anonymous Coward on Friday August 12 2016, @07:02PM (#387127)

    I've been a UNIX systems administrator for over thirty years.

    I started out administering VAX 11/750s running BSD 4.2 and BSD 4.3, directly from Berkeley. I also supported machines running Mt Xinu's port of BSD.

    At one time I was working with engineers evaluating the Sun 1 - if I recall correctly, it was based on the 68000 or maybe the 68010, the same chipset used by Apple for the original black-and-white Macintosh. This was before Sun had a graphic user interface, or even a mouse.

    I remember the big effort to port BSD to the 386 - 386BSD, they called it - and how that morphed into FreeBSD, and NetBSD, and OpenBSD.

    At about the same time, a guy named Linus posted his open source kernel. It was a curiosity, but everyone who knew anything about UNIX was knee-deep in the BSD open source movement.

    Since then, Linux has matured - but it still demands all of the attention, and pretends that it alone is the open source movement. Those of us who watched it born know better and tend to ignore it like the spoiled child it is. Its inability to play nicely with other UNIXes is legendary.

    Nowadays I use FreeBSD on my laptop.

    If I ever get a year to work on it without disturbance, I'd like to get into OpenBSD, and leave FreeBSD behind.

    Oh, sure, I still use Linux. Two children have laptops with two different versions of Vector Linux installed, and another child uses a Raspberry Pi, with Raspbian 8 installed - based on Debian, if I recall correctly.

    Ultimately the operating system is just a board in your infrastructural platform for the application - and it should be treated as modular, just like any other element of any other infrastructure.

    It's important not to get too attached.

    So, yes, I'd recommend abandoning Linux, for production purposes.

    ~childo

  • (Score: 2) by linuxrocks123 on Friday August 12 2016, @07:52PM

    by linuxrocks123 (2557) on Friday August 12 2016, @07:52PM (#387150) Journal
    I recently upgraded a 14.04 LTS XUbuntu installation to 16.04 LTS.  It was an easy task after that was finished to disable SystemD and re-enable upstart:

    sudo apt-get install upstart-sysv

    It's probably not "supported", but so what.  I'm sure Slash isn't supported, either.

    Personally, I'd probably migrate to Debian or Devuan.  Using Ubuntu instead of Debian/Devuan for servers is a mistake IMO.  But if you want to keep using Ubuntu, de-SystemDifying it is an option.