Episode 2, The OS Show
Make sure to send us feedback so we can make the show even better.
Links:
Open Source Software
Excel flight Sim
GPLLicense
BSD License
GPL vs BSD
BSD in windows
BSD in OSX
Python Programming Language
OS:
linux
RedHat
Fedora
CentOS
Debian
Ubuntu
Knoppix.org
NetBSD
FreeBSD
OpenBSD
DragonFlyBSD
PCBSD
RYOS, Episode 2 - The OS Show
Thud: The RunYourOwnServer
podcast for June 7, 2006.
Thud:
In this
episode, "The OS Show", open source licenses, the
Linuxes, The BSDs, and a moment of sec.
Thud:
This
episode's reverse sponsor is the FreeBSD project.
FreeBSD is an advanced operating system for
x86-compatible systems. It is derived from BSD, a
version of Unix developed at the University of
California, Berkeley. It is developed and
maintained by a large team of individuals. Find out
more a
freebsd.org.
Thud:
In this
episode we want to introduce you to some of the
operating systems we like for servers. Since Seg is
wasting time with sleep, it's just Gek and me for
this episode. So let's get started.
OK, so Gek, why would you want to use an
open-source software as an operating system?
Gek: Me personally, like I
said before, I'm an information junkie. I do like
the idea of being able to look at the source code
and see how something is working. There are lots of
arguments for the security you gain by being able
to look at the actual code that you're running. I
don't usually go that far and I'm not as well
versed in C as I am in other languages, but I do
like learning from the people who write the
open-source software. And with an OS, you get a lot
more information than you do with just, say, a mail
app.
Thud: Yeah, I pretty much
have to agree with that. One of things that I like
about open source is that there's only people
working on it that really like what they're doing.
So, if there's somebody who's interested in
networking, for example, they could be working on
the network-driver part of it. It's not like in a
corporate environment where they hire 20
programmers and tell them, "OK, you're going to
write this part and you're going to write that
part," They pretty much get whatever they're get
stuck with.
In open-source software, you work on whatever
program you want, and you work on the sections of
it that you really like, and if you have a project
that you work on but you don't like the way that
it's written, you can start your own project that
does the exact same thing, but it's all your own
code.
For the large projects like a full operating
system, there's just so many people working on
them, it would be really hard for somebody to plant
a trojan or something like that into an open-source
operating system. It's been done before, but with
so many people working on it -- so many eyes on the
code -- it would be really, really difficult to
hide something like that.
Gek: Yeah.
Thud: Where, in if you take a
product like -- Excel is a good example. A few
years ago, Microsoft Excel had a full flight
simulator that was built into it because one of the
programmers decided to put it in. That's a lot of
extra code that they really didn't have to do.
Gek: Yeah, it's certainly
something that -- something I take into account is
that there's so many eyeballs looking at the code,
and it's also, like you said, people who really do
enjoy what they're doing. They want to be proud of
it. They want a product -- I mean it's not even a
product to them -- but they do want an end-product
that they can be proud of and that other people
will enjoy using.
Thud: OK, so one of the
things about open source is that there are
different kinds of licenses. Specifically on
operating systems, there's quite a disparity
between the licenses. Even though it's free and
it's open source and you can modify it, there are
just different camps for how people want to let you
use their software. So that's the next section,
we're going to talk about licenses. The first one
is GNU, and GPL.
So tell us a little bit about that, Gek.
Gek: Basically, the GNU-GPL
license was designed to enforce free software on
anybody who uses that software that was written
with that license. So, if I write a program to
replace Outlook -- to send mail, receive mail -- if
I write that, and somebody else comes along,
company or otherwise, and tries to use my code for
some new project, they have to keep that GPL
license, they have to bring that license along with
the code. The idea being that you've forced
somebody to keep the software free and the source
code open.
Thud: OK, the next license --
there's actually many, many different licenses that
are all kind of related -- but the GPL and the next
one, which is BSD, are the two main ones. A BSD
license is similar to the GPL in the fact that you
can use the code. The difference is that the
license specifically says that you can use the code
for anything. If you want to take the code and
write a commercial package and never contribute
back to the open-source project, you can do exactly
that.
In fact it's been done before. Microsoft's TCP
stack for their networking internals for their
operating systems, for a long time, was actually
based on a BSD-licensed stack, as was the Linux
version of TCP. Just about every operating system
was based on a BSD-licensed version of the code.
Gek: Also, Mac OS borrowed
FreeBSD for their basis for the Tiger OS.
Thud: Yeah, exactly. There's
a lot of BSD code out there that was developed by
open-source developers, that are now in commercial
packages, that are running large portions of the
Internet, desktops -- it's really all over the
computer world.
So, the next section we're going to talk about is
the differences between the major open-source
operating systems. One being Linux -- there's
actually a variety of those -- and the other being
BSD, which is different than the BSD license,
though the BSD license was designed for the BSD
operating systems. So, on the Linuxes, like I said,
you have a number of different distributions. The
big commercial one, of course, is Red Hat. You also
have Knoppix and a bunch of others.
On the BSD side you have FreeBSD, OpenBSD, NetBSD
-- all three separate projects, but all originally
based on the same code.
So, Gek, can you tell us just some more detailed
things about general Linux, not distribution
specific?
Gek: A lot of the
differences between the Linux distros are their
philosophy on the licenses, which is why the
licenses are so important. Red Hat tries to keep
most of the software that they use GPL, and they
don't like including other licenses in their
distro.
So, for some distributions that's actually how they
decide whether something can be included. Where
other distros don't really care, they'll use
whatever. Knoppix is one of the distros where they
don't mind using something that has a propriety
license. They're more interested in functionality
because they're a live CD. They're trying to expose
people to Linux and they don't want the obstacles
of licensing to get into people's way.
Thud: The differences between
the BSDs are pretty much the same thing, it's more
of a religion than anything. The three main ones,
as I said before Free BSD, OpenBSD, and NetBSD,
have completely different goals and different ideas
of how to meet those goals.
FreeBSD for example is really really good about
performance, they do everything they can to make it
as fast as possible on the widest range of
hardware. OpenBSD is security. They will actually
do things that slow down processing to make it more
secure, to make it harder for hackers and viruses
and things like that to affect a system.
NetBSD, their main goal is really run on
everything. NetBSD provides and their development
tree most of the bases for drivers that end up in
the other operating systems. If there's a brand new
piece of hardware coming out, whether it's a
network card or a SCSI card or even a sound card, a
lot of times the first open source operating system
that has a driver for it is NetBSD and then the
others adopt it, modify it, add onto it. So, that's
what NetBSD is all about.
And the licenses, as you were saying before, the
license differences are pretty interesting.
FreeBSD, they don't really care that much about the
licenses, as long as it's free, if it's GPL or BSD.
OpenBSD and the guy who is the head of the project,
his name is Theo, is very specifically trying to
get rid of all non-BSD licensed code on their
systems. They're obviously going to have problems
with certain things, because GPL code is just
everywhere on the Unix community. But, if they can
have somebody internally within their project write
a replacement for something is that used to GPL,
but because there are writing a replacement from
scratch, can now be BSD, that's what they try to
do.
Gek: It should also be
pointed out that one of the biggest differences
between Linux and BSD is that all of the Linux
distributions use the same kernel. Now, certain
distributions may apply patches to that kernel and
modify the base kernel, but they all run the same
Linux kernel that comes from Linus and his team.
The BSDs are completely different. Each of the BSD
projects, the main three ones the OpenBSD, NetBSD,
and FreeBSD projects, they all run their own
kernel. They write their own kernel, they have
their own kernel teams. There are projects that
stem from those, like DragonFly BSD and PC-BSD. But
that's one of the core differences is that the BSDs
do use -- each project uses it's own kernel. And
all Linux distributions share the same kernel.
Thud: Yeah, that is an
important difference. And with BSD it's interesting
now because they've been separate projects for so
long, but each project basically built on the
previous project. NetBSD was the original project
and FreeBSD started with kernels from that that
they've modified and added code to, and now they're
completely different.
OpenBSD was the same thing. It started with NetBSD
code and because of differences of ideas of how to
write software and what an operating system should
be, they peeled off from that BSD and started their
own. And now they're similar, but they're
definitely different. Their kernel code is
completely incompatible now, between them.
Let's go into a little bit more detail with the
Linux distributions, specifically the most common
ones which are Red Hat based. So, you have Red Hat,
CentOS, and Fedora. Gek, do you want to tell us a
little bit about the relationship between Red Hat
and Fedora which are the two major ones?
Gek: They have no
relationship, they're no correlation at all.
They're completely separate projects. No. Fedora is
a project that Red Hat started. They don't control
it anymore, but they use it to test the software
that they put into the Enterprise Linux.
They made the Fedora project so they could continue
a free version of Red Hat and they really did want
to focus on the corporate support and Ret Hat
Enterprise Linux. CentOS was a result of that.
People decided they didn't really like the idea of
Fedora where everything was going to be bleeding
edge, they wanted the stability of Red Hat. So, the
CentOS project takes the source code from Red Hat,
the stuff that Red Hat develops for Red Hat,
recompiles it, rebundles it, and basically releases
the same thing you get with Red Hat Enterprise
Linux. The only thing you don't get is the Red Hat
support.
Thud: That's pretty
interesting. If I remember correctly the way CentOS
is able to do that from a legal standpoint is that
Red Hat releases the source code for all the
commercial products, save one or two packages that
they actually have different licensing for, but
they release all the source code. So CentOS takes
that source code and compiles it into binary and
you can use it like a normal system.
Gek: Yeah, and I think the
reason Red Hat has to do that is because most of
that software that CentOS has access to is covered
under the GPL, so again the license carries over
and they have to release it.
Thud: So, tell us a little
bit about Red Hat and CentOS's and Fedora's way of
doing packages and software installations.
Gek: They all share the same
mechanism, doing an RPM bundle. Which, basically,
is a very advanced tarball of the files that you
need to either compile the program or a
pre-compiled binary that's distributed for your
architecture, whether you have an Intel or Sparc or
whatever your CPU is. The thing that I like about
RPMs is you can upgrade an RPM. So, for your own
package management, if you were designing an
application for your own company, instead of just
having to recompile everything on each of the boxes
you can make an RPM, copy it to each box, just do a
RPM upgrade, and now you've got all the boxes up to
date.
Thud:
Yeah, it's
makes it very easy to do software installations or
upgrades because it's all binary based. A lot of
the software in the UNIX world is, "Download the
source code and compile it," which, depending on
the software package, could take hours. With RPM
it's all done with binaries, so it makes it much,
much easier. Now that we've covered the Red Hat
Linuxes and all the related Linuxes that are based
on it, let's talk about some of the other
distributions, because there is quite a difference
between them, even though they have the same
kernel. I actually don't have any experience with
Debian, it's the first one of the list. Gek, why
don't you go into that a little bit.
Gek: OK. Debain is a pretty
popular package. I know for a fact that outside of
the US, it's extremely popular. It has its own
package management system that's called APT and
they use Debain packages,.deb files. They work very
similar to RPMs, I don't know exactly how the files
are structured, but you can basically go to the
command line and if you want to download a package,
say you want to install Postfix on your box you
just do "apt-get postfix" and it'll bring Postfix
down and you'll have Postfix mail server running on
your box. I believe there is also a GUI now called,
I want to say it's called Synaptic, but I'm not
positive, that you can use if you're not
comfortable with the command line.
Thud: Yeah, and from what I
understand, they actually have a variety of
repositories, so for a Red Hat based system that's
RPMs, for the most part you have to deal with RPMs
provided by either Red Hat directly or the projects
CentOS or Fedora, where you have to find somebody
out there who's taken their software and built it
into RPMs, which there area a lot of. But, Debian's
package system is set up in such a way that there's
many, many different repositories with many
different versions of software all compiled in
different ways for different things. There's a lot
more software available for it if I understand it
right.
Gek: Yeah, I think that the
number of packages -- Fedora seems to be going
towards the goal of being like Debian in terms of
how many packages are available, but I think Debian
is still the distribution with the largest number
of packages available.
Thud: Yeah, so if you want to
try a wide variety of software, Debian sounds like
the place to go.
OK, so the next project we're going to talk about
is Ubuntu, and I happen to know that Gek, you ran
it for a while and I think you gave it up at some
point, but tell us a little bit about your
experience with it.
Gek: I really, really like
the idea of Ubuntu. I think that this is a great
project. The reason I did give it up was because I
had problems when I was trying to do an upgrade one
time, and I just decided I would switch to FreeBSD
and use that for a while. The Ubuntu project is
extremely cool. They actually pay to have problems
fixed. So if they know of some limitation with
fetchmail, they actually put up a $25, or $50, or
$100 reward, depending on how big a problem it is.
If you're a developer, you can actually go and
claim that reward if you fix the problem.
They also are real heavy into Python, which is
something I'm a huge fan of. So most of the
projects that they sponsor they want written in
Python. That was another reason why I was using it.
They're trying to use the GUIs that Linux has
available to make the end user as comfortable as
possible. So if somebody's switching from Windows
to Linux, they don't feel like they're jumping into
something completely alien. It's easy to use. They
really do want to make it so that the average
person who's not a tech can pop in the Ubuntu
distro, install it and use it and feel comfortable
in it, day one. That's one of the things I liked
about it.
Thud: Yeah, that is actually
a pretty cool way of running a project. I wish a
lot of other OS's would offer cash rewards for
bugs.
Gek: So Thud, Knoppix is a
live CD distro, tell us a little bit about it.
Thud: Well, the difference
between it and the other distributions is the other
distributions are designed to run on a machine off
of the hard drive, as a server or workstation or
what-have-you. Knoppix was originally designed, and
still is, a CD-only distribution, so everything you
need is on the CD, or you can even do it on a USB
drive now. The idea is is that you just carry it
around with you. You can pop it into any machine,
boot off of it, do what you need to do -- check
your email, surf the web, do whatever -- and you
don't have to worry about it.
Depending on how you want to set it up, you don't
have to even save anything to the hard drive. If
it's only temporary things, or you're doing
everything remotely, it doesn't even affect the
machine that you're on. So you could put it in a
Windows machine, boot off of it, use it, and reboot
the machine into Windows, and the machine's hard
drive hasn't changed at all.
You also have the option of setting it up so that
it can save data. But the really cool thing about
it is if there's ever a security issue, or worm
going around or you get a virus, all the data's on
the CD. You can't write to the CD so it doesn't get
infected with anything. That's one of the reasons
why a lot of security tools that are operating
systems based on Knoppix with additional security
tools added, so there's a complete package to do
network scanning or exploit testing, things like
that, it's all based on a CD that you can just boot
off of on just about any machine.
Gek: I have to say I have
actually played around with the ability to remaster
your own Knoppix CD, and that's pretty cool too,
but I think it's a little more than I needed. The
idea, again, is that you can reuse it, you can
change it to work for you, and that's following the
whole open source philosophy.
Thud: All right, the next
section is on the BSDs, specifically OpenBSD and
FreeBSD. At least I haven't really used NetBSD that
much. I've found that anything I need to do I can
do with OpenBSD or FreeBSD. So we're going to
lightly touch on that BSD. As I said, they're all
related, so they're set up kind of the same way. On
a surface anyway, there's not a whole lot of
difference. There's a lot of behind-the-scenes
differences.
Gek: So Thud, tell us about
OpenBSD.
Thud: OK, so, OpenBSD's main
goal is security. That's one of the reasons why in
the way they build their system, everything is
security minded. They only include things in the
default package and in the default install that
they feel you really, really need. There are a few
things they add that you probably don't need but
they're off. They're installed but they're not
running. That's one of the reasons why they can
actually stand behind the claim on their website
that they've had one remote hole in their security
in the last eight years. I don't know of any other
operating system that can say that with the
confidence that OpenBSD can.
So Gek, tell us a little bit about what makes
FreeBSD different from OpenBSD.
Gek: Well, FreeBSD isn't
really concerned so much with security. Like all
open source distributions, operating systems they
are concerned, but they're more concerned about
speed. They really seem to be trying to get the
fastest OS that they possibly can, and to that
degree they've been pretty successful which is why
a lot of major websites for a very long time were
running on FreeBSD. I know that Yahoo used FreeBSD,
I don't know if they still do. I'm pretty sure
Hotmail used to run on FreeBSD, even while
Microsoft owned it, briefly, before they switched
it to IIS.
The project is designed to work on as many
different platforms as they can get it on. They're
trying to do cutting edge features. They like to
put in new things like the jailing mechanism that
they have is pretty neat. They also had
multiprocessor support, I believe, before the other
BSDs did. Maybe Net had it first. FreeBSD is easy
to install and absolutely free. They have a great
team. They have a pretty large team and it is
larger than OpenBSD's team. But there is an
argument to be made that a larger team isn't
necessarily better.
Thud: OK, so with Red Hat you
have RPMs for doing software installs and
upgrades., Debian you have Debian packages, Ubuntu
you have their way of doing updates. What is there
for FreeBSD?
Gek: FreeBSD has ports and
packages. Two different mechanisms that basically
accomplish the same thing. Ports is a collection of
source code that lets you go and look through a
through a tree structure, basically, like browsing
a list of applications.
If you wanted to get a mail program, there is an
actual mail directory in ports, you go in there,
you do an ls and you can find all these different
mail applications, and each one of those
directories has another file in there and there it
describes what that project is, what it does. Then,
you can just basically do make install and it will
download the source code, apply FreeBSD's patches
and then build the compiled program for you.
The great thing about ports is -- if there is any
dependencies that you need, if there are other
program that have to be downloaded and installed
also -- that all happens automatically. Portupgrade
is a way of managing things you have already
installed where you can just say, "I need upgrade
all of the ports ever installed so far." It will go
through, figure out what you have, download the
packages if there are updates, recompile them and
reinstall them.
I know that you have some familiarity with
OpenBSD's ports and packages. Can you tell us a
little about that?
Thud: Yeah, it is based on
the exact same system. They have ports, which is
source code, and they have packages which
pre-compiled binaries, basically a tarball that
gets installed. The way that they do is if you
install something in ports, you compile it, again,
it goes and grabs all the dependencies and then, it
creates the package. Then, they run their package
installer to actually install the finished package.
For this episode's moment of sec, we are going to
talk about a little bit security on all of these
different operating systems. There is just some
common things that you can do. One of the best
thing you can do is turn off services that you are
not using.
Gek: I usually go through
and turn off a lot of stuff on Red Hat or CentOS.
They include services that have to do with NFS. If
you are not using the server as an NFS server, you
don't need many of the services that start up by
default. There is, really, you just have to go
through and do mental checklist and say to
yourself, "I am going to use this server for a web
server and nothing else." Then, you do not need
anything else. You can turn almost everything else
off.
You still have to leave mail on but you can
configure it that it won't accept email from the
outside world. There is a lot of thing that you
just have to go through with Red Hat, CentOS and
Fedora, you can run chkconfig and you can get a
list of the services that are installed on the box
and even turn them off for that same command.
Thud: Yeah, that is one
command in Red Hat and the like that makes it
extremely easy to see what is running in and what
is not. Conversely on OpenBSD, there are actually a
number of different ways that programs can be
started. There are three or four different places
you have to check, to see whether or not there are
services that are starting that you do not need.
Gek: FreeBSD is the same
way. Another thing that you can look at is file
permissions. A lot of the OSs, by default, don't
have very restrictive permission on their files.
Once you get a better feel of what users actually
need to access to, if you are going to allow users
to login into your box remotely, you should
definitely take a look at file permissions and see
what you can change to lock down the box.
You don't want your users going into the /etc
directory at all, if you can help it.
Thud: Yeah, I have to agree
with that. Locking down the file system is a very
good place to start for security on any of the
operating systems. Especially, if you are going to
allow other people that you do not trust access to
the box.
Gek: I do not trust anybody.
Thud: Yeah, I do not trust
myself.
Gek: That must be some
interesting file permissions, then.
Thud: Yeah, I pretty much do
an install and then format everything.
Gek: [laughter] So in
closing, I just want to say, I really think the
best thing to do is to choose your OS, is go and
try the major distributions the Linuxes, Red Hat,
CentOS, Fedora. Debian, Ubuntu, I don't prefer them
for servers but you should definitely look into
them, they have merit. Just go through play with
them, find which one fits the way you want to
manage your servers and then learn how it works.
What do you think, Thud?
Thud: I definitely have to
agree. The same with the BSDs, just try them all,
figure out which one you feel most comfortable with
and stick to it. Because whatever you feel most
comfortable with, you are going to learn more and
just continually use it. If you use it all the
time, you are going to get better and better at it
and be more and more comfortable with it. It really
does not matter when it comes down to it. They are
all UNIXs, they are all going to run the same
software. It is really just a matter of trying them
out, figuring out which one feels right for you,
the operating system you feel most comfortable on,
and it just build on top of that.
I prefer OpenBSD because it comes default, it comes
locked down. You have to literally turn everything
on to get anything to work. A lot of the Linux
distributions are the opposite way. They include a
lot of stuff to make it easy for people just to do
an install and everything works, but if you want to
lock it down, you can. You can make Linux just a
secure as OpenBSD, you can do with any operating
system. I mean, technically you can make Windows as
secure as any UNIX system. You just have to unplug
it.
Gek: And turn it off.
[laughter]
Thud: Turn it off and wipe
the hard drives. It's really just a matter of
figuring out which one you feel most comfortable
with and just using that one. I have used Linux for
web servers, database servers, and mail servers in
the past. I just prefer OpenBSD today. Six months
from now maybe something completely different.
Gek: I have to agree. I
think what is more important is how easily you can
manage it and how comfortable you are, because
ultimately, no amount of security is going to work
without you being the person that says, "This can't
happen because this is insecure." There has to be
human element making the decisions.
And the OS, like you said, Open is a great place to
start, especially if you are not comfortable with
security. But it also more cumbersome because of
that, you have to turn things on. FreeBSD, I think,
has most things on by default. It might not be the
best place to start if you are looking for
security. Like you said, anything will really work,
you just need to learn how to lock it down and
prevent people from getting into the box.
Thud: For show notes or other
details, please visit our website at
runyourownserver.org.
If you would like to send us feedback or have
questions you would like us to answer on the show,
please send an email to podcast
att runyourownserver.org.
The intro music, "I Like Caffeine" is by Tom Cote.
This song, "Down the Road" is by Rob Costlow.
Please visit our website for links to their
websites.
This podcast is covered under a Creative Commons
license. Please visit our website for more details.
Transcription
by
CastingWords