port-i386: Re: questions about netbsd

Subject: Re: questions about netbsd
To: KroNiC~BSD <kronic_bsd@fastmail.fm>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-i386
Date: 02/09/2003 16:19:34
On Sat, Feb 08, 2003 at 02:45:22PM -0600, KroNiC~BSD wrote:
> >Afternoon folks, I am trying to find another BSD to replace my current 
> >installs of openbsd. I have always heard that netbsd was very stable 
> >and ran on may platforms, but i have a question. What is netbsd's 
> >security record?

Quoting Hubert Feyrer on -advocacy:
"NetBSD has the lowest number of incidents reported on the Bugtraq mailing list"


> Does it have encryption built into the kernel like 
> >openbsd...

Yes, although there's no support for hardware encryption devices yet.
The IPSec support comes from the kame project, so should be very close to
the OpenBSD one.

> such as the blowfish password algorithm? Stability is 

The passwd algortithms are not part of the kernel, but in unserland
applications. NetBSD doesn't support blowfish, but it supports MD5 (in
addidition to the historical 3DES).

> >important but so is security as most of my bsd installs are firewalls, 
> >routers, ids systems etc...  Another question i have about netbsd is 
> >its stability / ability to perform under very heavy loads such as web 
> >servers, vpn servers and fileservers....and what brand / model of 

Should be OK, there are very loaded NetBSD servers around the world

> >network card would you guys recommend for such demanding 
> >environments? 

SMC etherpowerII, 3com, intel, ...
note that the 3com has support for hardware IP4/TCP4/UDP4 checksums, so
it may be a win for high traffic servers.
You can also go with intel gigabit adapters (I have the 64bit server, and
the dual-port 64bit versions), they're not that expensive and also
have hardware IP4/TCP4/UDP4 checksums. If you have 64bit PCI busses, it
can be a win even at 100Mbs.

> We are wanting to replace our linux web servers and 
> >file servers with a BSD OS. One last question :)  What is the minimum 
> >disk space reqs. I was going to install netbsd this weekend for a home 
> >router project. I salvaged a old p/90 machine but it only has a 
> >341-meg hd. Would this be enough to install just the minimum and still 
> >have sources so i can apply patches or cvs update as needed.

You can do a minimal install in 300M without problems, if you don't need
fancy extra packages (such as KDE or TeTeX :). base+comp should fit
in about 120MB (without swap). Complete system sources need about 500MB, so it
clearly won't fit here. Add another 600M for to compile the sources, and
another 400M for a complete release build (so a build.sh -R will need
1.5GB, including sources)

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--