Technological advantages over Linux

Dewayne Geraghty dewayne at heuristicsystems.com.au
Sat Feb 15 05:27:28 UTC 2020


Victor,
I was responsible for security at a bank which had 700 Linux servers and
phasing out ~100 older non-linux servers.  I suggested using FreeBSD and
the blanked-face response was why?  At the end of my term, there was no
FreeBSD boxes, because Linux had management's mindset.  Look at any CIO
magazine, and you'll understand the herding instinct.

Why consider FreeBSD?  Stability and predictability, largely due to
FreeBSD engineering & release management practices.

FreeBSD goes through multiple steps from idea inception to public
release (ports are handled differently), as follows:
- idea
- peer technical review(s)
- enters into "Current" for integrated testing, depending on complexity
or potential impact the migration window going into stable will be
intelligently adjusted (3d to a month)
- enters into "Stable" for wider testing as there is increased confidence
- enters beta testing - usually three rounds, wider community engagement
- enters release candidate testing - usually 3 rounds
- a release for us!  So you can be pretty confident that things are
going to continue to work, provided that you understand the
release/upgrading notes.

- patches are released, as required, typically to vulnerabilities

Ultimately it comes down to what applications can I run. Generally all
applications are going to run on each, so what differentiates?  For me,
the highlights of FreeBSD are lightweight jails, geom (geli, gmirror and
gshsec), audit management, mandatory access controls (portacl, ifoff,
mls/,...), and the knowledge that cowboy behaviour undergoes impedance.
 Together these contribute to a known state that can remain secure.

I've run an outsource for 10 years using only FreeBSD servers and
boundary devices; reboots occurred when we replaced the UPS batteries or
there was a critical kernel patch.  So I did bet the business on
FreeBSD.  Technical arguments - I'd leave to others, but its the
non-technical argument that will win management.

PS The bank remained on Linux because that's what the cloud providers'
knew; and Operations were funding a service not a tech.

-- 
*** NOTICE This email and any attachments may contain legally privileged
or confidential information and may be protected by copyright. You must
not use or disclose them other than for the purposes for which they were
supplied. The privilege or confidentiality attached to this message and
attachments is not waived by reason of mistaken delivery to you. If you
are not the intended recipient, you must not use, disclose, retain,
forward or reproduce this message or any attachments. If you receive
this message in error please notify the sender by return email or
telephone and destroy and delete all copies. ***


More information about the freebsd-questions mailing list