PC-BSD and Desktop BSD: Free to Choose

I’ve been looking at various operating systems so I could
figure out what to use to host my own web and mail servers.
Although various versions of Linux have servers, I’ve always
wondered about how secure are these distributions. First,
let’s be clear, many Linux distributions, out-of-the box, are
probably more secure than any version of Windows. But, in my
opinion, not all Linux distributions are secure enough to run
web or mail servers because you have to open ports for them
to work and because you are enabling additional software (any
of which may have a security vulnerability).

To me, a secure server would include only those services
required to run the web and mail servers to reduce the chance
inadvertently exposing your system to hacking. Since all
services are potential security vulnerabilities, the fewer
you run, the fewer possible entry points. The problem, for me
anyway, is that it is very difficult to setup and administer
such a server unless you’ve had years of experience doing
it.

To start my exploration of what operating system to use, I
took a look at pair.com, the company that is currently
hosting my site. It uses a version of Unix called
FreeBSD. I reckoned that if it was good enough for them, it should
work for me. But, the strength of FreeBSD – its no nonsense
command line oriented operating system, left me wondering if
it was worth the time and effort needed to get things up and
running.

Although I haven’t yet decided what to do, I would like to
point to two projects (note: I have not tried either of these
so I am simply letting you know that they exist. YMMV. Insert
disclaimer here): Desktop BSD (D-BSD) and
PC-BSD. Both use FreeBSD as a base and overlay it with tools that
they say make it easier to administer.

Although each is independent of each other, both use KDE
as its GUI. If you are familiar with KDE you should be able
to move around without problems. However, that doesn’t mean
everything is just as it is when running your favorite Linux
distribution. FreeBSD is Unix, and Unix is similar, but
different.

That said, one thing that is similar is the problem with
updating your system. As background, unless developers of
the software you want to install or update create a version
(sometimes called a “port” or “package”) for your
specific system, you often times have to compile the application
yourself. This can be easy or it can be impossible. Many
times its the latter. This has been a thorn in my side for
years.

There are various efforts to solve this problem. Here,
these two projects diverge. D-BSD uses the standard FreeBSD
packages/ports system for installation/updates of new
applications. As a review, a FreeBSD package is a set of
precompiled binaries ready for installation. A FreeBSD port
is a set of source files configured for you. Although you
will have to compile them, it should be a one-step process
for the user to run a script that automates the process. Both
ports and packages check for dependencies. However, there may
be situations in which it is impossible to install an
application due to an inability to install the correct files
first (such as recursive dependencies in which one
application depends on the other already being there when you
have neither installed).

On the other hand, PC-BSD uses their own packaging system
called PBI. They provide pre-packaged applications that they
claim are “self-extracting and installing…similar to
InstallShield(r) on Windows(r).” The upside is you shouldn’t
have to worry about compiling, dependencies, or configuration
problems.

This should not be under estimated as an advancement. I
cannot count the number of times I’ve run into problems
trying to install/update software. Even with systems such as
RPM or Apt-Get, there are, as mentioned above, dependencies
that cannot be solved. So any system that can reach the ease
of installation of the Windows-based InstallShield would,
indeed, be an advancement of note.

But, to the extent that this system even works, and I
don’t know if it does but I would guess it is only partially
successful, the downside is you have to wait for PC-BSD to
create these packages. In some cases, said wait may be
forever. Although I could be wrong, I doubt PC-BSD will
convert every application ever written for FreeBSD. Actually,
it is doubtful they (or independent developers) will convert
even the majority of the thousands of applications available.
If this is true, then it is probable that you will run into
situations where what you want to update/install is not
available in their format and may never be. If/when that
occurs, you would be left to use the standard ports/packages
system like D-BSD uses.

In fact, even if PC-BSD creates a package for the
application you want, it is highly unlikely that it will be
available at the same time the standard port is released
because it would take time to pull down the port and then
create the PC-BSD version. In many cases, this delay may not
be important. But if the update is to close a security
vulnerability, you would want to do the update sooner, rather
than later (to me, this is the biggest drawback of Xandros
Linux and its own customized packaging system).

In any case, I just wanted to point to these efforts and
note that they may be of use if you are looking for a robust
alternative to Windows or Linux for a secure server operating
system but would like to use KDE to administer it.


Aloha!

Advertisements

Comments are closed.