Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
wang_li 8 hours ago

There was FreeBSD and NetBSD. NetBSD supporting many platforms while FreeBSD supported just x86. There was some contention between NetBSD developers and Theo and crew left to create OpenBSD. They all more or less have common ancestry being derivatives of 386BSD.

mxuribe 8 hours ago | parent [-]

Yeah, i knew there was some aspects of decendancy across the different BSDs.

And, I mentioned NetBSD for embedded stuff...but really, i *think* its that NetBsd is simply installed on tons of different hardware....so not only embedded....i kinda remembered that about NetBSD.

But, its the other BSDs - in particular FreeBSD vs OpenBSD - that i always forget the differences...but got it now. Thanks!

Brian_K_White 7 hours ago | parent [-]

freebsd = utility

openbsd = security

netbsd = portability

freebsd: performance, features, drivers, software compat - closest to linux in utility & usability though unlike linux in execution

openbsd: safety for exposed services

netbsd: portable across many cpu & hardware platforms - big-endian powerpc sun, hitachi sh3 jornada, etc, easiest to port to a new arch

Melatonic 4 hours ago | parent | next [-]

Can FreeBSD be stripped down to be more like OpenBSD security wise while still keeping the performance benefits ?

Brian_K_White an hour ago | parent [-]

It can be customized just like linux where you can compile a custom kernel omitting unneeded features and then also ship a small userspace around it, and the core userspace tools are generally a little less feature rich than linux's already.

But it's not a matter of surface area that makes openbsd solid, it's the priorities while writing that affects how every little thing has been written over time.

You can write 10 different versions of a function that all work and are all nominally perfectly free of security gaps.

Yet they will all still be 10 different levels of robust. Some versions will fail as soon as some assumption is violated, and some make fewer assumptions and remain safe even when varying amounts and forms of "that can't happen" happens.

It's not just cosmic ray bit flips either, or a hacker trying to do power glitch attacks or rowhammer etc, stuff that makes the hardware violate it's promises. But stuff like a different developer updating something 15 years later who is not the original and does not realize every single facet of how it works and just how the current implimentation covers all possible edge cases, and so doesn't realize how their change opened up an edge case that was covered before. With fragile code, the new code simply has the new security gap until someone discovers it the hard way. With robust code, it's more likely to still be safe. The edge case maybe makes it fail to function, but not in a way that anyone can use productively.

Not that freebsd is exactly swiss cheese. These are all relative. I would and do rely on freebsd any day.

mxuribe 6 hours ago | parent | prev [-]

Oh this is a wonderful and succinct summary; thanks!