netbsd-help: Re: Difference between BSDs

Subject: Re: Difference between BSDs
To: None <fernando@rxp.com>
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
List: netbsd-help
Date: 02/17/2003 04:22:07
On 2003-02-14 16:29, fernando@rxp.com wrote:
> New questions: (sorry)
>
> Someone mentioned OpenBSD is more secure. Should I use that for the
> firewall instead?

This is a popular argument for convincing people to use OpenBSD.  It
is true that a certain amount of security related work has started by
OpenBSD folks, and many nice programs (like OpenSSH) are primarily the
work of OpenBSD people.

This doesn't mean that the other BSDs are less secure though.  The
logical mistake is quickly made apparent if you put the two statements
below each other:

	- OpenBSD people have done work to make things secure.
	- The other BSDs are less secure.

The non sequitur here is obvious, since the first statement does not
necessarily imply that the other BSDs have done nothing to make things
more secure, or that NetBSD and FreeBSD have left security problems
unfixed.

> I see lots of posts in groups (and I think here once) saying that
> FreeBSD is faster. Should that be a workstation?

This might be true for some things.  It might also be false for
others.  One has to try both systems on the particular application
that they're needed for, and then decide based on raw numbers.

> Is NetBSD a good web server? Email server? The "Net" part of the
> name has me wondering.

All of the BSDs have excellent networking support.

Many fixes and optimizations have been done sincee 4.3BSD and 4.4BSD
were out.  The quality of 4.xBSD's networking code has steadily
increased and adopted to support faster machines, multiprocessor
machines, machines with more memory than those for which the
networking code was initially designed for, etc.  This is more or less
the picture of the kernel side of things.

As far as userland is concerned, many networking servers and clients
can run on BSD installations.  The changes (whenever changes are
needed) that you have to make to source code to run a networking
application on BSD are minimal.  Any client or server that runs on
some UNIX variant is very easy to port to BSD.

> What's the difference between the firewall and a proxy server? They
> seem to serve the same purpose (or, maybe they just coincidentally
> provide some of the same services).

No, they don't provide the same sort of services.  A firewall is a
packet filter, that selectively blocks or denies packets on a usually
low level.  A proxy, is commonly an application level program, that
lets user clients connect to it and acts as a server, forwarding the
requests to another server; the real server.

- Giorgos