LWN: Comments on "Debian vs. FreeBSD as a Web Serving Platform, Part 1"

Debian vs. FreeBSD as a Web Serving Platform, Part 1

jel — 2009-04-08T00:15:56+00:00

Yes, yes, yes. I started using debian unstable many years ago, and like you, found it difficult. However, it was a lot tougher back then, and there are techniques you can learn to avoid problems, which is no different really from knowing how not to cause yourself problems with a release version. Most debian desktop users run unstable, and the tools and the distribution itself copes very well with making sure you don't burn yourself too badly. It's at least as safe as playing with ports, and probably a LOT more safe.

I also use it on servers, most of the time. The availability of debian unstable's modern, huge selection of managed, up-to-date packages, all downloadable at the stroke of a key, together with a little know-how, is much better than relying on something like a release from CDs.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

yanzg — 2005-05-17T16:29:03+00:00

I use debian as my server and workstation. I think that stable is enough for a mini-server and Debian testing is really very stable compared with many other distributions including fedora core. So Debian testing can be used as server if needed, though I only use Debian testing as desktop. The unstable distribution of debian is not a bleeding edge, however, the unmatched packages may cause trouble if you rely on it.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

Seegras — 2005-04-21T11:29:07+00:00

I'm a Sysadmin for about 30 servers; all running Debian stable or testing (actually, we upgraded when it seemed that this testing would very soon get stable.. That was a few months ago). And I'm lazy. And there's nothing better for lazy sysadmins than Debian. What I miss most are the BSD Jails, but considering the acessory amount of work with *BSD, I happily run Debian.

But BSD is certainly worth some consideration if you're only running one or a few servers.

Just one more uninformed reviewer

vinci — 2005-04-14T10:33:40+00:00

> Second, the article completely ignores the most benefical aspect of Debian, > its policies and their effect in systems administration, including
> reliability and security. Make that third too, it's really important.

I don't think Debian is more secure than other Linuxes. The thing is, that old software tends to have more know security leaks. Often brand new, rewritten code changes some architectural weaknesses of a program.

Fedora at some point drops support for old releases (that are younger than the newest Debian release). The support is than made by the Fedora Legacy project. Debian also should concentrate on packaging new software an making a good distribution. You will allways have bugs. Older distributions a re not necessarily more secure. People think that and tend to leave their server alone. But that's not a good idea, either.

Unstable stable and testing

vinci — 2005-04-14T10:24:48+00:00

It does mean that a packages is there today and gone tomorrow - and you get NO support. This can lead to high frustration. Yes, some packages are very well organized, but "unstable" is not named "testing" for good reasons.

The truth is, and I hate to say that, that Debian today is quite unusable for people who like to use modern software. The concept is outdated. 3 years for a new release is just too much (for me and many others).

I am using Debian right now since 6 years as home server and webserver. I like it very much. But the update policy is a pain.

I don't know what comes into nex 'stable' and when 'stable' comes. That means that I might have to switch to another distribution if I want PHP5, Horde3 ,Gnome 2.10 in the next 4-5 years. We just don't know so many things today about a future release. "Its ready when it's ready" - this is good for a product nobody is eagerly waiting off. I want to know when a next release comes out and what software it will have. It is ok, if that does not fit a 100%. But if you need a certain basis you can not use todays Debian.

But I am optimistic that Debian will make its reforms now and be attractive again, soon. But right now one should not recommend Debian.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

vinci — 2005-04-14T10:14:51+00:00

No, no, no. Only use "unstable" if you know what you are doing (being a developer or something). So generally NEVER use unstable. If you use it anyway, you will know why.

I had SO MUCH trouble because of people like you recommending unstable years ago, when I started using Debian.

Thilo

Unstable stable and testing

cricketjeff — 2005-03-05T00:47:01+00:00

While I would never use unstable without a great deal of thought on a busy production server it isn't as drastic as the name implies, unstable doesn't mean the packages are flaky just that the versions and dependencies will change quite rapidly. Testing is a third set of archives and is the "new" stable version in waiting and is usually suitable for immediate use, indeed in my last job we served about 3 billion webpages a year from testing boxes. If you need to use the latest software for one or two packages but want stability for the rest Debian has that covered,
apt-get install -t unstable package-name
will pull the package you want from unstable the apt conf file allowing you to specify stable or testing to be your default distribution.
apt-get install -st unstable package-name
would pretend to do the same thing so you can see what extra packages will need to be pulled for unstable so you can decide whether or not to go ahead.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

l2fl2f — 2005-03-04T13:10:36+00:00

Hello,

Good job, The linux guys are not happy, read the post :)). I switched from Linux to FreeBSD few months ago and I am happy with what I get: 30 minutes to compile a new kernel, 45 minutes installation process, binary packages or ports compilation (www.freshports.org), a (real) unix kernel, good memory usage and a rock solid OS. Anyway, I use FreeBSD because I love it and it did and do the job for me (be honest and try FreeBSD).

Debian vs. FreeBSD as a Web Serving Platform, Part 1

penguinista — 2005-03-03T22:20:08+00:00

I dont find these comparisions particularly useful. After having worked with solaris, then linux, then freebsd over the years it basically comes down to following some best practices for each platform. It really doesnt matter much to me what OS I work with, especially for web hosting. Intesestingly enough, I am about to go full circle and look forward to hosting a dedicated box on solaris 10.

Just one more uninformed reviewer

leandro — 2005-03-03T16:14:30+00:00

Great concepts suffer from being out of line with what people have grown used to expect, and Debian is no exception.

First, if one wants to compare Debian to BSD on being up-to-date, the baseline should be not stable but testing.

Second, the article completely ignores the most benefical aspect of Debian, its policies and their effect in systems administration, including reliability and security. Make that third too, it's really important.

Fourth, most obviously any such comparision should start not with packaging and policies but with the OS itself, that is, the kernel, C libraries and basic utilities. Pretty much everything else comes from the same sources, but there are important points to compare -- like Linux running on pretty much anything, having more flexible and functional utilities and experimenting more, while FreeBSD is leaner and arguably having some advantages for databases.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

ballombe — 2005-02-26T00:02:37+00:00

>What I'd love to see: FreeBSD with much of Debian infrastructure, ie. dpkg, apt-get etc. Now that would be a butt-kicking combination.

That exists, this is Debian GNU/kfreebsd http://www.debian.org/ports/kfreebsd-gnu/

and there is even at least one user according to http://popcon.debian.org

kernel securelevels

tzafrir — 2005-02-25T22:43:48+00:00

but every security update requires a reboot.

There are too many places you need to make immutable to prevent trojaning. Including a host of directories in which you can drop hook scripts for various packages. On the next reboot your system will be trojaned.

kernel securelevels

ecashin — 2005-02-25T17:16:32+00:00

I've always considered the kernel securelevels
feature of FreeBSD to be the most significant
difference between, e.g., debian and FreeBSD
for a host like a web server.

By going into a higher securelevel, it's possible
to make files truly immutable. That is, no user,
not even root, can modify files that have the
immutable flag set. And the immutable flag can't
be unset. That means you can set up the server
such that trojaning its system programs (like login
and ls) becomes impossible.

Linux has some features aimed at providing this
level of security, but I've been waiting for
them to come together in a usable way for a while.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

komarek — 2005-02-25T04:24:26+00:00

"Although very good and highly up-to-date, Backports.org is a third-party repository"

As I understand it, FreeBSD ports are also 3rd party, yes? And that is why they are in flux, relative to the base system? So the "sharp contrast" doesn't seem particularly sharp, or even in contrast. If you want recent stuff from either one, you leave the core system. Except that the core in Debian is enormous and old, and the core in FreeBSD is miniscule and as old as a Fedora release (with its large core) (not that I want to endorse Fedora here).

-Paul Komarek

Debian vs. FreeBSD as a Web Serving Platform, Part 1

planet12 — 2005-02-25T01:17:00+00:00

This is in sharp contrast with FreeBSD where only the base system, often referred to as kernel and userland, is kept in a constant state (with the only exception being security updates), while the included applications, or ports in FreeBSD's language, are continuously updated. This being so, a system administrator can choose to keep upgrading all important ports to their current stable versions and take advantage of any new features in them. This is a very pleasant aspect of FreeBSD - instead of an endless wait one might endure before a new stable Debian release, the administrator running FreeBSD can upgrade all installed ports to their latest versions at any time, independently on the base system.

This "pleasant" aspect of FreeBSD had a dark side, especially when it comes to security updates. There are no security branches for the ports tree, and I don't normally want a new version of insert-whatever-here, that may or may not break itself and other things upon installation. I just want a version without the vulnerability... and I'd rather spend three minutes with apt-get than two hours babysitting portupgrade.

The QA on many ports is, to be frank, utter crap. Having to restore your carefully crafted configuration file from a backup, because the port decided to delete or replace it, is not that uncommon. The FreeBSD ports system has given me more grief than Debian unstable ever has.

What I'd love to see: FreeBSD with much of Debian infrastructure, ie. dpkg, apt-get etc. Now that would be a butt-kicking combination.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

chip — 2005-02-24T18:11:15+00:00

If you're interested in the "daily run" sort of checkup, the Debian "logcheck" and "tiger" packages offer lots of info mailed to you on whatever schedule you prefer.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

tzafrir — 2005-02-24T17:36:51+00:00

Again, in the context where it was written:

> This is in sharp contrast with FreeBSD where
> only the base system, often referred to as
> kernel and userland, is kept in a constant
> state (with the only exception being security
> updates), while the included applications,
> or ports in FreeBSD's language, are
> continuously updated. This being so, a system
> administrator can choose to keep upgrading all
> important ports to their current stable
> versions and take advantage of any new
> features in them. This is a very pleasant
> aspect of FreeBSD - instead of an endless
> wait one might endure before a new stable
> Debian release, the administrator running
> FreeBSD can upgrade all installed ports to
> their latest versions at any time, independently
> on the base system.

Basically either use Stable+backports or Unstable to get basicalyl the same effect.

BTW: I'd like to see some comparison of the apache configuration in both distros. The Debian mainjtainers of the package bothered doing the extra work to automate as many tasks as possible. e.g.: almost all modules are disabled in the default apache config. There is an extra utility to "enable" modules (and virtual hosts, for apache2).

Debian vs. FreeBSD as a Web Serving Platform, Part 1

ballombe — 2005-02-24T17:19:09+00:00

Rebuilding Debian package from source is not essentially different from using a port system and has the advantage that you don't need to compile on the target system and can keep around your packages easily.

Debian is much a source distribution: each packages is compiled automatically 10 times on 10 different platforms before entering testing so this is a very well tested process. This much more than 'it works for me'.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

vonbrand — 2005-02-24T16:52:56+00:00

Don't go around recomending unstable versions for 24x7 jobs (it is called unstable for some reason, isn't it?).

Debian vs. FreeBSD as a Web Serving Platform, Part 1

climent — 2005-02-24T11:38:12+00:00

<i>...the administrator running FreeBSD can upgrade all installed ports to their latest versions
at any time, independently on the base system.</i>

Not completely true. Some ports depend on the actual kernel version of the FreeBSD base.

Debian vs. FreeBSD as a Web Serving Platform, Part 1

tzafrir — 2005-02-24T08:54:57+00:00

If you mention a system that constantly updates, you should consider Debian's unstable as well, and not just stable.

As for daily checks: take a look at, e.g. logwatch, sxid.

Anyway, on Debian using apache with worker.c is as easy as:

apt-cache search apache| grep worker
apt-get install apache2-mpm-worker

Tested on Sarge.

And rebuilding from source is quite simple:

As root: apt-get build-deb apache2

As user:
apt-get source apache2
cd apache2-2.0.52
[patch whatever you want]
fakeroot dpkg-buildpackage

You get a nice deb to install on your system, along with its source so you'll be able to reproduce that build later.