My apologies if this is the wrong place to ask this.
I’ve been reading around online about keeping software secure, and I’ve been puzzled by something for a while now. I’m not sure if this is a stupid question or not.
Generally, when I see online conversation about Linux vulnerabilities, I often see people detailing the how big the attack surface of the Linux kernel itself is due to its’ monolithic kernel; I saw a blog post about this very thing linked somewhere here on Lemmy recently. I also see folks glamoring about how the BSD ‘spinoffs’ (?) all have much better fundamental approaches to security, and they get compared to Linux quite often as ‘the superior platform’ due to things like the non-monolithic kernel and BSD Jails. Hell, one of the main self-touted benefits of the BSDs is that there is significant effort placed on discovering vulnerabilities.
Could someone knowledgeable tell me why desktop Linux has seemed to be ‘chosen’ in comparison to something like FreeBSD or OpenBSD? I don’t see any open-source forks of a BSD spinoff (only proprietary ones like what runs on the PS5), nor do I see anyone talking about using them for desktop computing purposes. Is there a fundamental challenge too great to overcome right now with using something like FreeBSD as a desktop OS, or has there simply not been enough volunteer manpower to throw at it, and Linux already has that problem, in comparison, solved? It shocks me that the adoption is so low, especially considering the reportedly amazing binary compatibility with most existing Linux software.
I have used linux the better part of a decade but have never really followed kernel development.
What does it mean for the kernel to be “monolithic”? What would need to change in the kernel for it to no longer be considered “monolithic”?
BSDs are also monolithic kernels, just like Linux, macOS, and Windows NT
FreeBSD has been trying to make it easier to run as a desktop OS by supporting the Linux APIs so they can use the WiFi and Graphics drivers from Linux
OpenBSD handles security by supporting fewer features. E.g. they do not support Bluetooth as it’s an insecure protocol, and they disabled SMT due to the hardware bugs in AMD/Intel/ARM - so they are more secure, but slower
I don’t see any open-source forks of a BSD spinoff (only proprietary ones like what runs on the PS5)
I wonder why. Maybe if they were GPL, they wouldn’t have that problem.
psychic damage
YEAR OF THE HURD
I feel like there are so many people here who have never used BSD and are just vibe commenting.
Liberal licence doing what liberal (licence) does .
Honestly when Linux was becoming popular (moreso than minix anyway) the future of BSD UNIX was uncertain because of active lawsuits by SCO UNIX.
https://en.wikipedia.org/wiki/SCO_Group,_Inc._v._International_Business_Machines_Corp.
It was in such a bad state that lots of businesses were paralyzed and the future looked pretty bad for BSD overall. Usage was dropping and Linux was just hitting the scene. Linus Torvalds even stated that if he had heard of FreeBSD, he would have not had to make the Linux kernel.
https://news.ycombinator.com/item?id=8641073
I was a sys admin and used FreeBSD for years and even ran it on the desktop until I tried Ubuntu and Debian shortly thereafter. The hardware support for laptops and GPU support for desktops were non existent in BSD, but Debian was easy to install and was much better at gaming.
Today I use a combo of Debian in servers and cachyos on my laptop and gaming computer. Linux and UNIX are vastly different in how they are implemented for security. Imagine two glasses, both 8 oz. One is titled usability and the other titled security. You have only 8 oz of water to divide among them.
UNIX Is all about security. Even though you can pour a little into usability to make it do what you need to do, you’ll have to custom compile kernels and add tons of pkgs to make it more usable and that affects security. Each pkg is potentially a security issue.
Linux wants to install on all the things, so tons of kernel modules are installed and gobs of software come by default. Most of their water stays on the usability glass because they don’t want you to struggle. They want it to just work right out of the box.
Because of this, BSD will always lag behind in usability, and Linux will always be more liberal about security. Just my 2 cents, take it fwiw
Imagine two glasses, both 8 oz. One is titled usability and the other titled security.
And one is the dumpster fire that is Windows 11.
I feel like these security arguments are overblown. Linux is still pretty damn secure, and the Linux community is still tough on fixing security bugs.
Would you rather be using a UNIX-based secure OS, or Windows update-and-crash 11?
I don’t use UNIX any more, I use Linux. I don’t see what windows 11 has to do with the security focus of UNIX vs Linux. Can you help me understand more clearly what you’re asking?
Nothing we just like to shit on windows here.
Can confirm; absolutely love shitting on windows.
Don’t have a single positive thing to say about it.
Part of the problem is that the “Just Use BSD” Guys are to the FOSS-sphere what the “Just Use Linux” Guys are to the rest of the world.
Linux has always been more pragmatic and focused on getting stuff out that works now. BSD has always been a promise that might be better in theory but is of little practical use to most people.
Obligatory Worse Is Better by Richard P. Gabriel reference
TL;DR for those unfamiliar: the guy (an important figure in programming/Lisp history) argues with himself for a few decades over what’s the better of two different approaches to software development: good-enough but hacky/limited/worse software tends to outcompete more complete/elegant/correct software because it gets to market quicker and makes iterative growth from there. Essential reading for anyone interested in programming history, or just software in general.
The FreeBSD desktop exists, it is called “Mac OS”.
Linus Torvalds used the GPL for his kernel, forcing companies to release the source code if they improve it and distribute it. The main userland was a lot of GPL licensed GNU software for a very long time, with a similar effect.
The BSD folks, on the other hand, decided to give everything away, by using much more “liberal” licenses. Apple took the BSD base, bolted their UI on top of it and gave almost nothing back. That would not have happened if BSD was GPL licensed.
macOS is very much not BSD. It’s its own weird (as in rare, not as in bad) thing that happens to ship a CLI BSD compatibility layer
For example, you can read on the independent and somewhat distinct design of https://en.wikipedia.org/wiki/XNU the kernel, which they open sourced anyways despite the lack of copyleft elements
Edit: I am a staunch supporter of FSF and copyleft over permissive but what you’re saying is just wrong. apple is scummy just like the other big tech companies but it’s one of the least scummy out there, especially wrt open source. The biggest examples are WebKit and LLVM.
Oh shoot. Is that what’s happening with the MIT licence on projects like the Rust coreutils?
Yes and no. It would be an issue if the coreutils were actually something difficult to do, but the main difficulty that project is encountering is just keeping bug-accurate compatibility. The fact they actually managed to get something working in a couple months is the indicator that it is not really that gamechanging.
Now a kernel or a browser on the other hand are another beast.
Maddening that Canonical pushed sudo-rs through in its current state
Well, technically the open source kernel behind all Apple’s OSs is still (mostly) open source. It’s useless as is, but it exists. So yay for BSD licences, I guess?
Linux took off around the same time that BSD was involved in a lawsuit, which halted the project while linux kept going with its development, atleast that’s what i’ve seen in youtube videos about it. I’ve looked at the BSD systems a while back out of curiousity, and while i haven’t actually tried installing it on hardware to make sure, from my research none of my devices is actually supported in terms of hardware. Meanwhile Linux worked fine for everything. Both are also opensource, so there’s not much of a reason for me to try and wrestle with BSD when Linux does the job. BSD might be worth it for some server usecases (because like you said, security), or if you feel really strongly about it idealogically one way or the other (maybe you prefer more permissive licenses, or the fact that BSD is one unified system with it’s kernel and coreutils being part of the same project).
Edit: something else i didn’t mention is that Linux has some specific cool things going for it, like Nix and Guix/declarative systems. I don’t think BSD really has a declarative approach like that available, and i’m a big fan of it.
There’s an infamous usenet-thread with Torvalds and Tanenbaum arguing over monolithic vs microkernel design. I microkernel is cleaner from a separation standpoint, but that also introduces hurdles and overhead.
Linux is popular because the hardware support is pretty great. There’s few laptop/BSD combinations that work well with sleep/suspend/wifi, while just about any laptop will have everything working with a recent Linux kernel.
This video has a similar discussion about the C++ programming language vs other programming languages that are theoretically better. https://youtu.be/I7fEsbksKRE?is=T53DqwVNM3ps97JY
The summary: An imperfect solution today is nearly always used over the perfect solution that will arrive at some unknown time in the future. Also momentum is a thing.
I like and knew BSD quite well and understood how to troubleshoot it.
Unfortunately, Linux is just moving so much faster, has more and newer software, and easier to find support.
Also less hardware compatibility on BSD.
And I’ve just recently started using catch his which has btrfs running out of the box and it works quite well so far, and that was one if things I missed about BSD was zfs.
“catch his” is cachy os?
Damn autocorrect. Yes lol. I’ll update that.
Probably, looks like something that phone autocorrect would mess up.
bsd just isnt at the same level as linux for desktop use. for servers bsd can get by just fine, but linux is a bigger target market for software including hardware drivers, graphics acceleration etc.
spin up a bsd and try it for yourself. i quite like it. i used it on my nas for a while because i has better zfs support. some things are a bit different, but if youre comfortable with linux you’re like 80% of the way there already.
after using linux for a quarter century, using bsd gives me the same feeling i got when i was using linux for the first time.
