From owner-freebsd-questions@freebsd.org Sat Feb 15 05:27:28 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B0DD24E9CA for ; Sat, 15 Feb 2020 05:27:28 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2560 bits) client-digest SHA256) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48KJfR1wvWz3JL6 for ; Sat, 15 Feb 2020 05:27:26 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from [10.0.5.3] (noddy.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id 01F5QAIl046933 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Sat, 15 Feb 2020 16:26:10 +1100 (AEDT) (envelope-from dewayne@heuristicsystems.com.au) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=heuristicsystems.com.au; s=hsa; t=1581744370; x=1582349171; bh=KM7OYsojXHrCBTTjeyIQ2XCBPKltfhqfRtJS7/ZjmeM=; h=To:From:Subject:Message-ID:Date; b=ZDtDnZGrHDw6CeF2o/mNJqptQ7Ap2YtgqhCMQO7J+TGeCr6OX7YwrcWLiQIEV1gQK RZ/5VVaS24qig0yYweAf3GMp75bOxYBewhgxikyu63YR0sHByn1AEoWM4xGidYng3z zAXsOIVuVLf538/rpvr0mrxrkFfjLDNIKbFhkM8tR3sVn/5GXs7G6 X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be [10.0.5.3] To: freebsd-questions@freebsd.org From: Dewayne Geraghty Subject: Re: Technological advantages over Linux Autocrypt: addr=dewayne@heuristicsystems.com.au; prefer-encrypt=mutual; keydata= mQFNBFbOsVMBCgDfvi2PspSwoMEtFhF+aFLQKtzSA9f0dhDqthKHESdfbqxvKzhkBjvTJ5Na EgjKoKfoQTh5xuIv3HLhtDo5PeasPgQl9cPJeriqmqlS+UhY5BGYcMc1AO/TX0fsDaQz96ko at3RUW7sff/qPgVzSurk+DV5h866gPdn5Jdjohyl2F1rzRl6dnaAIyg49zlwZOnPHJGKye+B meqUCnPRglhkpNqXR3v1ulbWpfwhdNDvWT82qTG/qsFy/agjJvxwLuEBeoGc1dPWasO8Nztt 0dqf1Lpeg6SX2yJd76WVS4znt88OEbx/QL2PTJ/YtSepS68WaeKuARKPukkU+QXDep0gaLPl /TvU5xAZndNB3rYnpmoLb32pDHlrJbZUVyTMqc3J2EYM6aaizCpg4VEvVpVSqUT4D9MuREhu PeZ3SvEazQARAQABiQF3BB8BCAAhBQJWzrFTFwyAAWHe5yZt8RJL0vaU1MfDto5dBmeFAgcA AAoJEJVk7a1LmFrdy2QJ/AysDdFIMCRiaqEellprZQyEz5I/qZJEi6yRfXH813hhISFz6moh urZYLQ9SRdyMntT8W3Oc4pJc9fF9RSnY0SSQY/arZbrvsv6hKb1KtIK7P5mLS914J9buxEcJ SWeVuOuMA9aCNqg5uMu19pH5pXayORfbv+K7vFPiyllZ64ShUWZJL69vAc/TsbvMrGtG1M4P qyWCOKEiUT93zhVGQoA0aUYjMAZoyvozZCuieo4O8hkPgMz9lka+3bqQBSOB+qO4Iz+CZs0k Lw7Soga6bRqLK86DH99WjTA6Oj1r8Won+j4V9fnTDCVJoSyqdVHLySDv/lHaNu4Ia4AO4i2d shmLw03gOUvoWLJx5X01A5Zio4FvecnpZqQ0Wz5Ph9MiK3lwarfjonTOLeNGd5BpdnHu5VRC fJml7uAYeyKsD8C4tCpEZXdheW5lIEdlcmFnaHR5IDxkZXdheW5lQGFtZGcuZXRvd25zLm9y Zz6JAYAEEwEIACoFAlbOsVcCGyELCwoNCQgMBwsDAgQIFQoJCAsDAgEFFgMCAQACHgECF4AA CgkQlWTtrUuYWt0L1QoAjsCVsMXXMmShfBg8sEpL/Yhe+mPjxHZQveAaAFzcYjvvjgYQbh1y FpNko+CYlm7HryG2GpUUYMr4rvAySTg2yka+mqLMmPX72srPTEhS1zhrYjKKwV+wKBfwIliP sVW6DLHqu2ETonwZiWErMKGx5upUxljZo9bup+EfFlMVStTbETzJw1UGC0ypaAA1p0GniF0J iUyDY7VzLUl+F5zH+E64W7VR1K7Fjx7dtBZSWvtYKubrVrys/eCfwLQdLYqx0zZu4qDTuAHa Xhc018mIQpLJ+NBjTk5xPPCFmV2d8GFMPbX0qeSOKIvFCXsqC0fPYyYOGX4I5u2JTWUCPuRa GcQ0R8uUh0cURN/Ui4SDa0w0z1ZLySh1oT+WgMN1OskZ9dbWl3J8rxOvTi4FnjSGactYAawK LbMKq8w8ghnhTuE= Message-ID: <45c7debd-be20-2f43-df50-8e63c0182cd8@heuristicsystems.com.au> Date: Sat, 15 Feb 2020 16:25:15 +1100 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48KJfR1wvWz3JL6 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=heuristicsystems.com.au header.s=hsa header.b=ZDtDnZGr; dmarc=none; spf=pass (mx1.freebsd.org: domain of dewayne@heuristicsystems.com.au designates 203.41.22.115 as permitted sender) smtp.mailfrom=dewayne@heuristicsystems.com.au X-Spamd-Result: default: False [-7.43 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; HAS_XAW(0.00)[]; DKIM_TRACE(0.00)[heuristicsystems.com.au:+]; RCVD_IN_DNSWL_MED(-0.20)[115.22.41.203.list.dnswl.org : 127.0.4.2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.23)[ip: (-9.73), ipnet: 203.40.0.0/13(-4.12), asn: 1221(-2.29), country: AU(0.01)]; ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FAKE_REPLY(1.00)[]; R_DKIM_ALLOW(-0.20)[heuristicsystems.com.au:s=hsa]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[heuristicsystems.com.au.dwl.dnswl.org : 127.0.4.2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[heuristicsystems.com.au]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2020 05:27:28 -0000 Victor, I was responsible for security at a bank which had 700 Linux servers and phasing out ~100 older non-linux servers. I suggested using FreeBSD and the blanked-face response was why? At the end of my term, there was no FreeBSD boxes, because Linux had management's mindset. Look at any CIO magazine, and you'll understand the herding instinct. Why consider FreeBSD? Stability and predictability, largely due to FreeBSD engineering & release management practices. FreeBSD goes through multiple steps from idea inception to public release (ports are handled differently), as follows: - idea - peer technical review(s) - enters into "Current" for integrated testing, depending on complexity or potential impact the migration window going into stable will be intelligently adjusted (3d to a month) - enters into "Stable" for wider testing as there is increased confidence - enters beta testing - usually three rounds, wider community engagement - enters release candidate testing - usually 3 rounds - a release for us! So you can be pretty confident that things are going to continue to work, provided that you understand the release/upgrading notes. - patches are released, as required, typically to vulnerabilities Ultimately it comes down to what applications can I run. Generally all applications are going to run on each, so what differentiates? For me, the highlights of FreeBSD are lightweight jails, geom (geli, gmirror and gshsec), audit management, mandatory access controls (portacl, ifoff, mls/,...), and the knowledge that cowboy behaviour undergoes impedance. Together these contribute to a known state that can remain secure. I've run an outsource for 10 years using only FreeBSD servers and boundary devices; reboots occurred when we replaced the UPS batteries or there was a critical kernel patch. So I did bet the business on FreeBSD. Technical arguments - I'd leave to others, but its the non-technical argument that will win management. PS The bank remained on Linux because that's what the cloud providers' knew; and Operations were funding a service not a tech. -- *** NOTICE This email and any attachments may contain legally privileged or confidential information and may be protected by copyright. You must not use or disclose them other than for the purposes for which they were supplied. The privilege or confidentiality attached to this message and attachments is not waived by reason of mistaken delivery to you. If you are not the intended recipient, you must not use, disclose, retain, forward or reproduce this message or any attachments. If you receive this message in error please notify the sender by return email or telephone and destroy and delete all copies. ***