hpr3655 :: BSD for Linux users
I attempt to explain the wacky and wonderful world of BSD in a Linux friendly way
Hosted by binrc on 2022-08-05 is flagged as Explicit and is released under a CC-BY-SA license.
BSD, UNIX, FreeBSD, OpenBSD, NetBSD.
Listen in ogg, spx, or mp3 format. | Comments (5).
UNIX, Linux, and BSD
Linux was created by PC users attempting to use mainframe UNIX. BSD was created by mainframe UNIX users attempting to use a PC.
BSD is what I like to call a â€œPedigree UNIXâ€, meaning that it is a pure blooded descendant of AT&T UNIX. Although all of the original AT&T code has been re-written so a permissive license, the heritage persists.
In contrast to Linux (which shares no original Bell Labs code), BSD was originally all Labs code.
BSD in the wild
BSD style licensing is quite simple to understand compared to the tome that is the GPL. Interpreting it usually goes something like follows:
Do whatever the hell you want with this code, just donâ€™t blame me when it breaks something and donâ€™t claim you wrote it
Permissive licensing means that various companies can put lipstick on the UNIX pig and falsely assert that itâ€™s anything other than lipstick on the UNIX pig. Not that UNIX is a pig, but you cannot disguise a pig with lipstick. Those burdened with the gift of sight and knowledge can spot a UNIX system quite easily.
- Apple software is basically stolen BSD
- Windows TCP/IP stack (and ftp/rcp/rsh/ssh/scp and other various non-trash networking protocols) is basically stolen BSD
- Sony PlayStation is basically stolen BSD
- Nintendo switch is basically stolen BSD
- a million others that I canâ€™t be bothered to list because theyâ€™re either abandonware or are embedded in your e-toaster and internet enabled dishwasher so no one cares
Interacting with BSD guys
Most Linux enthusiasts are missionaries. They are generally helpful and seek to guide the computing neophyte into the inner circle of FSF initiates.
The BSD guys tend to be like hermits. They donâ€™t care if you use their code, they only care that the code works for them. When you ask for help, a typical response will be â€œdid you even read the error logs?â€ or â€œdid you even RTFM? What about supplemental documentation? We didnâ€™t write TFM just so you could go online and ask something clearly documented in TFM.â€
Not all BSD guys are bitter, but you really should consult available resources before asking questions
Forking vs distros
In Linux land, all the distros are basically the same with varying coats of paint. We call these distributions because all â€œimplementationsâ€ of linux are nearly identical code bases built with varying compile time options.
In BSD land, distros donâ€™t exist. Free/Net/Open are entirely independent and donâ€™t share a common upstream. They are forks of primordial BSD that run separate kernels, separate userlands, etc. Although code is shared amongst each other, a statically linked binary canâ€™t simply be dumped from one to another and still run as it would in Linux land.
Meta-distos of FreeBSD do exist but they are short lived unless they have corporate backers.
Idiotâ€™s guide to picking a BSD
I want basically Linux desktop out of the box but with a BSD kernel so I can look cool when I post a neofetch screenshot to the /g/ desktop thread!!
Selecting a FreeBSD fork that comes with a desktop is your goto. The currently maintained desktop distros are HelloSystems, GhostBSD, NomadBSD, and MidnightBSD.
I want a viable desktop operating system
FreeBSD with a non-GNOME DE is fairly reliable. Iâ€™ve had success with KDE, XFCE, and various tiling window managers. GNOME is too reliant on systemd so the port is janky.
I want something to learn by example with
OpenBSD is a great learning platform. The source code for userland utils is simple, short, and generally free from OS specific function calls. RTFM goes by the wayside when you easily RTFSC.
I want to prevent foot shooting incidents
OpenBSD eliminates many foot shooting scenarios by being a thorn in the side of the user who wants to do stupid things
I want to run UNIX to an obscure device
OpenBSD runs on a lot of architectures: i386, amd64, arm64, arm7, alpha, sparc64, risc64, ppc64, etc. The devs self-host these ports (ie build the release on a physical processor instead of cross compiling). This means that the alpha port is actually built on a VAX machine, the sparc port is actually built on a sparc machine, etc.
NetBSD runs on everything.
I canâ€™t decide!!! Pick one for me!!!
Just go with FreeBSD. It feels a lot like old Debian.
Lenovo Thinkpads are bulletproof. Buy something on ebay. Dell desktops generally work quite well. Intel components are most stable. You will suffer less if you can find a pure Intel machine. The biggest things to look for are an intel CPU, intel wireless chipset, intel integrated graphics, and an intel sticker. Vpro vs no vpro doesnâ€™t seem to make a difference in my anecdotal experience.
But what about a GPU????
Goal: general purpose, easy to use operating system
Use cases: server, desktop, NAS, hypervisor
- Core OS
- system feels clean and organized.
- Everything required to boot the system is in /
- Everything not required to boot the system is in /usr/local
- ZFS boot environments allow modification and upgrading without worrying
- Familiar enough to linux users
- System feels well integrated instead of hacked together like a GNU+/Linux
- system feels clean and organized.
- UFS is dead, long live ZFS (the only actually good RAID)
- Disk encryption via GELI and encrypted ZVOLS
- Third party software
- Largest ports system of the BSDs
- Can install precompiled packages with the pkg utility or compile yourself via the ports tree
- Like a chroot but actually secure
- Like docker but without the aspect of downloading random stuff from github
- all jails share a kernel but have separate hostnames, ip addrs, etc
- bhyve hypervisor, similar to kvm
- Capsicum (sandboxing framework)
- OS compat layers
- Linux compat layer (can even run steam).
- UFS is not journaled by default, just use ZFS
- there is a virtualbox port
- Fast rather than secure by default
- read security(7) and youâ€™ll be fine
Goal: simplicity, portability, standardization, correctness, proactive security, and integrated cryptography
Use Cases: Networking appliances, desktops, servers
- Core OS
- webcam and microphone disabled by default
- API changes to prevent foot shooting (ie strlcpy and strlcat because string functions in C are a memory leak waiting to happen).
- kernel is randomly relinked and randomized at boot time
- Memory protection
- W^X protection means that memory is either exclusively writable or exclusively executable
- mallocâ€™d memory is randomly allocated (bonus: makes buggy programs segfualt loudly)
- full disk encryption (including swap)
- various algos
- TCP/IP stack randomizes things to reduce predictibality
- X11 fork
- privilege separation (ie all Xsessions donâ€™t run as root)
- Pledge/unveil syscalls
- pledge restricts process capabilities, kernel kills misbehaving processes
- unveil restricts filesystem access to a minimul level
- All of the standard daemons run in a chroot with privilege separation
- A million other things
- Third party software
- Everything you need is in the base system. Some of what you want is available via ports or pkg_add
- CARP, doas (like sudo but less spaghetti), OpenBSD httpd, LibreSSL, OpenBGPD, OpenNTPD, OpenSMTPD, OpenSSH, pf (the only easy to use firewall), spamd (email filter that plugs into pf), a million other things
- vmm and vmd
- Source code is the only good â€œlearn by exampleâ€ for C
- Security features can cause slowness
- sometimes you canâ€™t shoot your foot even if you really really want to
- critics claim itâ€™s all security theater
- Requires opening vulnerabilities back up if you want a â€œJust Werksâ„¢â€ Linux desktop experience
- No MAC
Goal: clean and careful design, scalability, portability
Use cases: server, embedded, desktop if youâ€™re a flagellant
- It actually runs everywhere
- Designed for cross compiling (via build.sh)
- UNIX and arch agnostic third party packing framework
- nvmm (similar to kvm, works with qemu)
- a bunch of filesystems, including journaling UFS and ZFS
- entirely POSIX compliant
- kernel is scriptable with Lua
- havenâ€™t used it enough to die the death of a thousand papercuts