FreeBSD vs. Linux: 10 points of superiority (including motiv)

When you speak about jails, you don't speak about docker. Why ?

Docker? Uhm.
Quite a few CVE's already: https://web.nvd.nist.gov/view/vuln/search-results?query=docker&search_type=all&cves=on
Plus some more security related issues: https://github.com/docker/docker/blob/master/CHANGELOG.md


That's 12 security issues within one year of docker being declared ready for production *coughs*, half of them with a HIGH rating, and when you actually read what those vulnerabilities are...

world-readable and world-writable permissions on the management socket

uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs

does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks


Sounds very much like
  • Marketing/sales being much ahead of the docker product development
  • Security as an afterthought, at best
  • Both

Also they seemingly can't make up their minds as to which virtualisation engine to use...
I think it's an over-hyped product at the moment. At least it doesn't really inspire confidence, and I wouldn't let it anywhere near production just yet. It's not so much the fact that they had security issues -- that can be expected from a product that suddenly becomes very popular. It's what those issues were.

Docker is a very interesting toy at the moment, but not more than that ;) (Says an old-fashioned, paranoid git... your mileage may vary)
 
Docket is more similar to Dragon Fly vkernel except that it sucks and it is used for sandboxing applications not kernel. LXC is comparable to Jails but it is not used by Docket as back end.
 
First of all, I find it somewhat amusing that this thread is still a thing years after the fact. Which I think is something people who have responded in 2015 should keep well in mind: I wrote that whole thing in 2013, almost 2 years ago. And I think it's safe to say that some things could have changed in the mean time. What things is something I can't say for sure because slowly, but steadily, I lost touch with the Linux environments because I didn't have much use for them anymore and well; I also started to lose interest.

Another thing to keep in mind that in the end the above was / is my opinion, a small vent of it if you will. Not necessarily a means to start discussions on personal preferences. But having said that, some points which people provided:

Gentoo

Good arguments but Gentoo never did it for me because it doesn't give you the freedom to chose what you want to do. Freedom of choice, to me, goes wide. Even up to a point where you can chose if you want to use a binary (or binary-only) system or if you want to compile (almost) everything. With FreeBSD you start out with a binary base system which gives you all the required tools to make any choices you want from there. From that point on you can grab the source code (if you didn't opt to have it installed) and use it to either compile the kernel or the entire base system, optionally also fine tuning which parts you want and don't want (through /etc/src.conf and /etc/make.conf, see their respective manual pages for more info).

Same applies to 3rd party software. Do you grab the Ports collection or do you opt to use the pkgng bootstrap and configure a software repository?

Gentoo gives you a lot of freedom where configuration and tuning are concerned, no arguments there, but it doesn't give you the freedom of choice to pick between binaries or source code. Even the Linux kernel needs to be configured and compiled during the installation phase (according to the Gentoo wiki). Like I said: no arguments that Gentoo is good at what it does, but while doing so it also goes further than other distributions.

Were I to compare FreeBSD with a Linux distribution then I'd sooner look at Debian. Where one could use apt-get to get a binary package or apt-src to grab the source package. And to spice things up their package manager even goes so far that importing regular software into a package repository is also pretty easy.

To comment on some of the points in the original post:
....
Security: I find statements like "my OS is more secure than yours" highly dangerous.
True, that's why I never made such statements. I merely stated that FreeBSD provides some advanced security options and that some of those weren't available within SELinux at the time of writing.
 
Back
Top