path: root/en_US.ISO8859-1/articles/linux-comparison/article.xml

<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.2-Based Extension//EN"
	"../../../share/xml/freebsd42.dtd" [
<!ENTITY % entities PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Entity Set//EN" "../../share/xml/entities.ent">
%entities;
]>

<!--
Copyright (c) 2005 Dru Lavigne

     Redistribution and use in source (SGML DocBook) and 'compiled' forms
     (SGML, HTML, PDF, PostScript, RTF and so forth) with or without
     modification, are permitted provided that the following conditions
     are met:

      1. Redistributions of source code (SGML DocBook) must retain the above
         copyright notice, this list of conditions and the following
         disclaimer as the first lines of this file unmodified.

      2. Redistributions in compiled form (transformed to other DTDs,
         converted to PDF, PostScript, RTF and other formats) must reproduce
         the above copyright notice, this list of conditions and the
         following disclaimer in the documentation and/or other materials
         provided with the distribution.

     THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION PROJECT "AS
     IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
     THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NIK CLAYTON BE LIABLE FOR ANY
     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
     ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGE.

     $FreeBSD$
-->

<article lang='en'>
  <articleinfo>
    <title>FreeBSD: An Open Source Alternative to Linux</title>

    <author>
      <firstname>Dru</firstname>
      <surname>Lavigne</surname>
      <affiliation>
        <address><email>dru@isecom.org</email></address>
      </affiliation>
    </author>

    <copyright>
      <year>2005</year>
      <holder role="mailto:dru@isecom.org">Dru Lavigne</holder>
    </copyright>

    <pubdate>$FreeBSD$</pubdate>

    <releaseinfo>$FreeBSD$</releaseinfo>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.linux;
      &tm-attrib.unix;
      &tm-attrib.general;
    </legalnotice>

    &legalnotice;

    <abstract>
      <para>The objective of this whitepaper is to explain some of the
	features and benefits provided by &os;, and where
	applicable, compare those features to &linux;. This paper
	provides a starting point for those interested in exploring
	Open Source alternatives to &linux;.</para>
    </abstract>
  </articleinfo>

  <sect1 id="introduction">
    <title>Introduction</title>

    <para>&os; is a &unix; like operating system based on the
      Berkeley Software Distribution. While &os; and &linux; are
      commonly perceived as being very similar, there are differences:</para>

    <orderedlist>

      <listitem>

	<para>&linux; itself is a kernel. Distributions (e.g. Red Hat,
          Debian, Suse and others) provide the installer and the
          utilities available to the user.  http://www.linux.org/dist
          lists well over 300 distinct distributions.  While giving
          the user maximum flexibility, the existence of so many
          distributions also increases the difficulty of transferring
          one's skills from one distribution to another. Distributions
          don't just differ in ease-of install and available programs;
          they also differ in directory layout, available shells and
          window managers, and software installation and patching
          routines.</para>

        <para>&os; is a complete operating system (kernel and
	  userland) with a well-respected heritage grounded in the
	  roots of Unix development.

	  <footnote>
	    <para>See also <ulink
	      url="http://www.oreilly.com/catalog/opensources/book/kirkmck.html"></ulink>
	      for a brief history.</para>
	  </footnote>

	  Since both the kernel and the
	  provided utilities are under the control of the same release
	  engineering team, there is less likelihood of library
	  incompatibilities. Security vulnerabilities can also be
	  addressed quickly by the security team. When new utilities
	  or kernel features are added, the user simply needs to read
	  one file, the Release Notes, which is publicly available on
	  the main page of the <ulink
	  url="http://www.FreeBSD.org">&os; website</ulink>.</para>
      </listitem>

      <listitem>
        <para>&os; has a large and well organized programming base
          which ensures changes are implemented quickly and in a
          controlled manner. There are several thousand programmers
          who contribute code on a regular basis but only about 300 of
          these have what is known as a commit bit and can actually
          commit changes to the kernel, utilities and official
          documentation. A release engineering team provides quality
          control and a security officer team is responsible for
          responding to security incidents. In addition, there is an
          elected core group of 8 senior committers who set the
          overall direction of the Project.</para>

        <para>In contrast, changes to the Linux kernel ultimately have
          to wait until they pass through the maintainer of kernel
          source, Linus Torvalds. How changes to distributions occur
          can vary widely, depending upon the size of each particular
          distribution's programming base and organizational method.</para>
      </listitem>

      <listitem>

        <para>While both &os; and &linux; use an Open Source
          licensing model, the actual licenses used differ. The Linux
          kernel is under the <ulink url="http://www.opensource.org/licenses/gpl-license.php">GPL license</ulink> while
          &os; uses the <ulink url="http://www.opensource.org/licenses/bsd-license.php">BSD license</ulink>. These,
          and other Open Source licenses, are described in more detail
          at the website of the <ulink url="http://www.opensource.org/licenses/">Open Source
          Initiative</ulink>.</para>

        <para>The driving philosophy behind the GPL is to ensure that
          code remains Open Source; it does this by placing
          restrictions on the distribution of GPLd code. In contrast,
          the BSD license places no such restrictions, which gives you
          the flexibility of keeping the code Open Source or closing
          the code for a proprietary commercial product.

	  <footnote>
	    <para>For a fairly unbiased view of the merits of each
	      license, see <ulink
	      url="http://en.wikipedia.org/wiki/BSD_and_GPL_licensing"></ulink>.</para>
	  </footnote>

          Having
          stable and reliable code under the attractive BSD license
          means that many operating systems, such as <ulink url="http://developer.apple.com/darwin/projects/darwin/faq.html">Apple OS X</ulink>
          are based on FreeBSD code. It also means that if you choose
          to use BSD licensed code in your own projects, you can do so
          without threat of future legal liability.</para>
      </listitem>
    </orderedlist>
  </sect1>

  <sect1 id="freebsd-features">
    <title>&os; Features</title>

    <sect2 id="freebsd-features-platforms">
      <title>Supported Platforms</title>

      <para>&os; has gained a reputation as a secure, stable,
        operating system for the &intel; (&i386;) platform.  However,
        &os; also supports the following architectures:</para>

      <itemizedlist>
	<listitem><simpara>alpha</simpara></listitem>
        <listitem><simpara>amd64</simpara></listitem>
        <listitem><simpara>ia64</simpara></listitem>
        <listitem><simpara>&i386;</simpara></listitem>
        <listitem><simpara>pc98</simpara></listitem>
        <listitem><simpara>&sparc64;</simpara></listitem>
      </itemizedlist>

      <para>In addition, there is ongoing development to port &os;
        to the following architectures:</para>

      <itemizedlist>
        <listitem><simpara>&arm;</simpara></listitem>
        <listitem><simpara>&mips;</simpara></listitem>
        <listitem><simpara>&powerpc;</simpara></listitem>
      </itemizedlist>

      <para>Up-to-date hardware lists are maintained for each
        architecture so you can tell at a glance if your hardware is
        supported. For servers, there is excellent hardware RAID and
        network interface support.</para>

      <para>&os; also makes a great workstation and laptop
        operating system! It supports the X Window System, the same
        one used in &linux; distributions to provide a desktop user
        interface. It also supports over 13,000 easy to install
        third-party applications,

	<footnote>
	  <para>Using <ulink url="&url.base;/ports">FreeBSD's ports
	    collection</ulink>: software installation is as easy as
	    <command>pkg_add -r application_name</command>.</para>
	</footnote>

        including KDE, Gnome, and
        OpenOffice.</para>

      <para>Several projects are available to ease the installation of
        &os; as a desktop. The most notable are:</para>

      <itemizedlist>
	<listitem><para><ulink
	  url="http://www.desktopbsd.net">DesktopBSD</ulink> which
	  aims at being a stable and powerful operating system for
	  desktop users.</para></listitem>

	<listitem><para><ulink
	  url="http://www.freesbie.org">FreeSBIE</ulink> which
	  provides a LiveCD of &os;.</para></listitem>

        <listitem><para><ulink
	  url="http://www.pcbsd.com">PC-BSD</ulink> which provides an
	  easy-to-use GUI installer for &os; aimed at the desktop
	  user.</para></listitem>
      </itemizedlist>
    </sect2>

    <sect2 id="freebsd-features-frameworks">
      <title>Extensible Frameworks</title>

      <para>&os; provides many extensible frameworks to easily
        allow you to customize the FreeBSD environment to your
        particular needs. Some of the major frameworks are:</para>

  <variablelist>
    <varlistentry>
      <term>Netgraph</term>

      <listitem><para>Netgraph is a modular networking subsystem that
        can be used to supplement the existing kernel networking
        infrastructure. Hooks are provided to allow developers to
        derive their own modules. As a result, rapid prototyping and
        production deployment of enhanced network services can be
        performed far more easily and with fewer bugs. Many existing
        operational modules ship with FreeBSD and include support for:</para>

	<itemizedlist>
	  <listitem><para>PPPoE</para></listitem>
	  <listitem><para>ATM</para></listitem>
	  <listitem><para>ISDN</para></listitem>
	  <listitem><para>Bluetooth</para></listitem>
	  <listitem><para>HDLC</para></listitem>
	  <listitem><para>EtherChannel</para></listitem>
	  <listitem><para>Frame Relay</para></listitem>
	  <listitem><para>L2TP, just to name a few.</para></listitem>
	</itemizedlist>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term>GEOM</term>

      <listitem><para>GEOM is a modular disk I/O request
	transformation framework. Since it is a pluggable storage
	layer, it permits new storage services to be quickly developed
	and cleanly integrated into the FreeBSD storage
	subsystem. Some examples where this can be useful are:</para>

	<itemizedlist>
	  <listitem><para>Creating RAID solutions.</para></listitem>
	  <listitem><para>Providing full-blown cryptographic protection of stored data.</para></listitem>
	</itemizedlist>

	<para>Newer versions of FreeBSD provide many administrative
	  utilities to use the existing GEOM modules. For example, one
	  can create a disk mirror using &man.gmirror.8;, a stripe
	  using &man.gstripe.8;, and a shared secret device using
	  &man.gshsec.8;.</para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term>GBDE</term>

      <listitem><para>GBDE, or GEOM Based Disk Encryption, provides
        strong cryptographic protection and can protect file systems,
        swap devices, and other uses of storage media. In addition,
        GBDE transparently encrypts entire file systems, not just
        individual files. No cleartext ever touches the hard drive's
        platter.</para></listitem>
    </varlistentry>

    <varlistentry>
      <term>MAC</term>

      <listitem><para><ulink url="&url.base;/doc/en_US.ISO8859-1/books/handbook/mac.html">MAC</ulink>,
	or Mandatory Access Control, provides fine-tuned access to
	files and is meant to augment traditional operating system
	authorization provided by file permissions. Since MAC is
	implemented as a modular framework, a FreeBSD system can be
	configured for any required policy varying from HIPAA
	compliance to the needs of a military-grade system.</para>

      <para>&os; ships with modules to implement the following
	policies; however the framework allows you to develop any
	required policy:</para>

      <itemizedlist>
	<listitem><para>Biba integrity model</para></listitem>
	<listitem><para>Port ACLs</para></listitem>
	<listitem><para>MLS or Multi-Level Security confidentiality policy</para></listitem>
	<listitem><para>LOMAC or Low-watermark Mandatory Access Control data integrity policy</para></listitem>
	<listitem><para>Process partition policy</para></listitem>
      </itemizedlist>
    </listitem>
    </varlistentry>

    <varlistentry>
      <term>PAM</term>

      <listitem><para>Like &linux;, &os; provides support for <ulink url="&url.base;/doc/en_US.ISO8859-1/articles/pam/">PAM</ulink>,
	Pluggable Authentication Modules. This allows an administrator
	to augment the traditional &unix; username/password
	authentication model. &os; provides modules to integrate
	into many authentication mechanisms, including:</para>

      <itemizedlist>
	<listitem><para>Kerberos 5</para></listitem>
	<listitem><para>OPIE</para></listitem>
	<listitem><para>RADIUS</para></listitem>
	<listitem><para>TACACS+</para></listitem>
      </itemizedlist>

      <para>It also allows the administrator to define policies to
	control authentication issues such as the quality of
	user-chosen passwords.</para>
      </listitem>
    </varlistentry>
    </variablelist>
    </sect2>
  </sect1>

  <sect1 id="freebsd-security">
    <title>Security</title>

    <para>Security is very important to the <ulink
url="&url.base;/doc/en_US.ISO8859-1/articles/releng/">FreeBSD
Release
      Engineering Team</ulink>. This
      manifests itself in several concrete areas:</para>

    <itemizedlist>
      <listitem><para>All security incidents and fixes pass through the
	Security Team and are issued as publicly available
	Advisories. The Security Team has a reputation for quickly
	resolving known security issues. Full information regarding
	FreeBSD's security handling procedures and where to find
	security information is available at
	<ulink url="http://www.FreeBSD.org/security/"></ulink>.</para></listitem>

      <listitem><para>One of the problems associated with Open Source
        software is the sheer volume of available applications. There
        are literally tens of thousands of Open Source application projects
        each with varying levels of responsiveness to security
        incidents. &os; has met this challenge head-on with <ulink
        url="http://www.vuxml.org/freebsd/">VuXML</ulink>. All software
        shipped with the FreeBSD operating system as well any software
        available in the <ulink
        url="&url.base;/ports/">Ports Collection</ulink>
        is compared to a database of known, unresolved
        vulnerabilities. An administrator can use the &man.portaudit.1;
        utility to quickly determine if any software on a &os;
        system is vulnerable, and if so, receive a description of the
        problem and an URL containing a more detailed vulnerability
        description.</para></listitem>
    </itemizedlist>

    <para>&os; also provides many mechanisms which allow an
      administrator to tune the operating system to meet his security
      needs:</para>

    <itemizedlist>

      <listitem><para>The &man.jail.8; utility allows an administrator
        to imprison a process; this is ideal for applications which
        don't provide their own chroot environment.</para></listitem>

      <listitem><para>The &man.chflags.1; utility augments the
	security provided by traditional Unix permissions. It can, for
	example, prevent specified files from being modified or
	deleted by even the superuser.</para></listitem>

      <listitem><para>&os; provides 3 built-in stateful, NAT-aware
	firewalls, allowing the flexibility of choosing the ruleset
	most appropriate to one's security needs.</para></listitem>

      <listitem><para>The &os; kernel is easily modified, allowing an
	administrator to strip out unneeded functionality. &os;
	also supports kernel loadable modules and provides utilities
	to view, load and unload kernel modules.</para></listitem>

      <listitem><para>The sysctl mechanism allows an administrator to view
	and change kernel state on-the-fly without requiring a
	reboot.</para></listitem>
    </itemizedlist>
  </sect1>

  <sect1 id="freebsd-support">
    <title>Support</title>

    <para>Like &linux;, &os; offers many venues for support, both
      freely available and commercial.</para>

    <sect2 id="freebsd-support-free">
      <title>Free Offerings</title>

      <itemizedlist>

        <listitem><para>&os; is one of the best documented
	  operating systems, and the documentation is available both
	  as part of the operating system and on the Internet. Manual
	  pages are clear, concise and provide working
	  examples. <ulink
	  url="&url.base;/doc/en_US.ISO8859-1/books/handbook/">
	  The FreeBSD Handbook</ulink>
	  provides background information and configuration examples
	  for nearly every task one would wish to complete using
	  &os;.</para></listitem>

	<listitem><para>&os; provides many support <ulink
	url="&url.base;/doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL">mailing
	lists</ulink>.
          where answers are archived and fully searchable. If you have
          a question that wasn't addressed by the Handbook, it most
          likely has already been answered on a mailing list. The
          Handbook and mailing lists are also available in several
          languages, all of which are easily accessible from
          <ulink url="http://www.FreeBSD.org"></ulink>.</para></listitem>

	<listitem><para>There are many FreeBSD IRC channels, forums
	  and user groups. See <ulink
	  url="http://www.FreeBSD.org/support.html"></ulink> for a
	  selection.</para></listitem>
      </itemizedlist>

      <para>If you're looking for a &os; administrator, developer
	or support personnel, send a job description which includes
	geographic location to <email>freebsd-jobs@FreeBSD.org</email>.</para>
    </sect2>

    <sect2 id="freebsd-support-commercial">
      <title>Commercial Offerings</title>

      <para>There are many vendors who provide commercial &os;
        support. Resources for finding a vendor near you
        include:</para>

      <itemizedlist>
        <listitem><para>The Commercial Vendors page at the &os;
          site: <ulink
          url="http://www.FreeBSD.org/commercial/"></ulink></para></listitem>

	<listitem><para>FreeBSDMall, who have been selling support contracts
	  for nearly 10 years.
	  <ulink url="http://www.freebsdmall.com"></ulink></para></listitem>

	<listitem><para>The BSDTracker Database at: <ulink
  	  url="http://www.nycbug.org/index.php?NAV=BSDTracker"></ulink></para></listitem>

     </itemizedlist>

     <para>There is also an initiative to provide certification of BSD
       system administrators.  <ulink
       url="http://www.bsdcertification.org"></ulink>.</para>

     <para>If your project requires Common Criteria certification,
       &os; includes the <ulink
       url="http://www.trustedbsd.org">TrustedBSD</ulink> MAC
       framework to ease the certification process.</para>
    </sect2>
  </sect1>

  <sect1 id="freebsd-advantages">
    <title>Advantages to Choosing &os;</title>

    <para>There are many advantages to including &os; solutions in
      your IT infrastructure:</para>

    <itemizedlist>
      <listitem><para>&os; is well documented and follows many
        standards. This allows your existing intermediate and advanced
        system administrators to quickly transfer their existing Linux
        and Unix skillsets to FreeBSD administration.</para></listitem>

      <listitem><para>In-house developers have full access to all
        FreeBSD code

	<footnote>
	  <para>In addition, all code is browsable through a
	    web-interface: <ulink
	    url="http://www.FreeBSD.org/cgi/cvsweb.cgi/"></ulink>.</para>
	</footnote>

        for all releases going back to the original
        &os; release. Included with the code are all of the log
        messages which provide context to changes and
        bug fixes. Additionally, a developer can easily replicate any
        release by simply checking out the code with the desired
        label. In contrast, &linux; traditionally didn't follow this
        model, but has recently adopted a more mature development
        model.

	<footnote>
	  <para>An interesting overview of the evolving Linux
	    development model can be found at <ulink
	    url="http://linuxdevices.com/articles/AT4155251624.html"></ulink>.</para>
	</footnote>

        </para></listitem>

      <listitem><para>In-house developers also have full access to
	FreeBSD's <ulink
	url="http://www.gnu.org/software/gnats/">GNATS</ulink>
	bug-tracking database. They are able to query and track
	existing bugs as well as submit their own patches for approval
	and possible committal into the FreeBSD base code.
	<ulink url="http://www.FreeBSD.org/support.html#gnats"></ulink></para></listitem>

      <listitem><para>The BSD license allows you to freely modify the
	code to suit your business purposes. Unlike the GPL, there are
	no restrictions on how you choose to distribute the resulting
	software.</para></listitem>
    </itemizedlist>
  </sect1>

  <sect1 id="freebsd-conclusion">
    <title>Conclusion</title>

    <para>&os; is a mature &unix;-like operating system which
      includes many of the features one would expect in a modern &unix;
      system. For those wishing to incorporate an Open Source solution
      in their existing infrastructure, &os; is an excellent choice
      indeed.</para>
  </sect1>
</article>