On Jan 21, 2007, at 4:34 PM, bofh wrote:
On 1/21/07, Brian Keefer <[EMAIL PROTECTED]> wrote:
Because driver support for Linux is a lot better than for OpenBSD,
I'm not sure if I believe this to be as strong an argument since, as
the blackbox maker, you have your choice of hardware. This means you
can choose hardware that runs openbsd without issues, unless you need
the most cuttng edge hardware. We have two of your Edge boxes at
work, and from what I can see, you can get that, or equivalent
hardware running openbsd without problems.
It depends what hardware. We *could* find hardware that runs with
whatever OS we choose, but the OS then dictates the hardware and we
wouldn't be able to change easily. We rev our hardware from time to
time and usually jump to something fairly recent and with a fair
amount of embedded chips (we try to use what's already on the
motherboard as much as possible). Using *BSD would lock us down to
only chipsets that don't depend on blobs. Yes, we know blobs are bad
but we're also trying to get hardware rev'd as quickly as possible
with minimal amounts of tweaking.
If we ever need to say, switch RAID controllers quickly because of
shortages, or our motherboard supplier swaps in a new model with
embedded 10GigE NICs or something like that, chances are there won't
be an open-spec driver, but there will probably be a binary from the
manufacturer pre-compiled for Linux.
and a lot of the Anti-Virus vendors supply Linux binaries, but no BSD
binaries.
Now, this, I believe. But many of the smaller vendors have binaries
for freebsd, and I'm also quite sure someone the size of Tumbleweed
can get binaries for whatever platform you guys want. Maybe not as
easily. I might be wrong too :)
Ask CipherTrust (well, SecureComputing now) how they run their AV
engines. IronMail is based on FreeBSD and uses Linux binary
compatibility for their AV engines--I know this for a fact, because I
worked for them. Most of my recommendation for sticking with Linux
was due to my experience at CipherTrust.
Messaging security companies might make 50-100M a year, but that's
scratch to Symmantec, McAfee, Trend, etc. They're multi-billion
dollar companies from direct AV sales alone. They don't *need* e-
mail security companies for revenue. If they have something off the
shelf, sure they'll sell it... they're not going to do a new build
just for a single vendor (and if they would, they'd pass the cost on
to us which would kill margins).
Also, developers for Linux are cheaper (and more
plentiful) than developers for BSD.
This, I have to disagree with. Are you talking about kernel hackers?
If so, I'd think they cost about the same. If you're talking about
application developers, what really is the difference between someone
who writes an application in openbsd, versus one who writes it in
solaris or aix or linux?!
And if you believe in java, openbsd 4.0 runs jdk 1.5 :)
We do some limited kernel work, mostly around file system debugging.
When you have something that causes the I/O loads of a high-end e-
mail relay, you really rely on the file system a lot and interesting
things happen when it goes wrong.
The rest of it is user-land stuff, but we (and many companies like
us) leverage Java heavily. We've found that performance-tuning Java
can make a big difference for various things (mostly our other
products, not so much for e-mail) so running it on a platform where a
lot of other companies are doing the same thing gives us a shared
pool of experience to tap into. Never underestimate the power of a
few snippets of example code found through Google. Could we run Java
and PHP on OpenBSD? Sure. The setup just wouldn't be quite the same
and developers would have to relearn things. Also, as much as Sun
would like us to believe that it works the same everywhere, that's
just not true. There are platform-specific quirks and if developers
already have a background with the quirks on Linux, it helps.
The company I worked for considered switching our appliance OS to a
*BSD from Linux, but in the end we decided that commercial support
was too important to ignore.
"Commercial support from large vendors?" Probably so. And I have no
idea how good is the commercial support from the smaller vendors
listed on openbsd's site either.
Mostly on the hardware side. It's a lot easier to get a binary
driver for Linux for some brand-new hardware than it is to get a
source driver for *BSD. Other than the hardware, we actually get
commercial support and can open bugs with our Linux supplier. It's
not really a question of how technically competent the support is
from OpenBSD consultants, it has a lot more to do with how available
the support is, how likely it is that the support company will be in
business 10 years from now, how responsive the support is at getting
issues in the OS fixed in a timely and trackable way, how committed
they are to support new hardware as it becomes available, etc.
is crap). If you're building something that needs to use a lot of
third-party commercial software in addition to your own code, sadly
Linux is currently a better choice. I personally cannot stand Linux,
I'm looking at something like the Edge, and I'm not sure if I see
anything on it that couldn't be quickly developed on openbsd. After
all, the main engine is postfix.
Well, yes and no... The MTA, or modifications to it, the web UI, etc
could be done on other platforms... The database is another story.
MySQL never did have really excellent support for *BSD and I believe
their latest support release is dropping support for any *BSDs, or at
least putting them in second tier. I can't go into details, but the
company I worked at before had... some interesting situations due to
the combination of OS and database they were using. You can actually
get first-tier commercial support for MySQL on Linux, and if we
didn't like the service from MySQL we could go with something else
easily enough. The database turns out to be pretty critical when
you're pushing hundreds of thousands of messages per hour through a
single machine.
Sorry for the long, somewhat OT reply, but hopefully that gives
everyone some insight into how "blackbox" manufactures work. A lot
of it is not wanting to get overly restricted in what hardware we can
use, and the rest of it is wanting to have the best support possible
for third-party software. It just doesn't make sense for us to write
everything in-house. Why would we write our own database? Why would
we develop our own AV engine? How confident are we in the technical
support from our third-party suppliers and what kind of contractual
obligation do they have to provide updates and patches?
Like I said before, if we were manufacturing and selling firewall
appliances, our choice of OS would probably be much different. If I
went out today and decided to start a company selling router
appliances, it would be OpenBSD/OpenBGPd for sure rather than Linux/
Quagga. It depends to what extent the OS is just a platform, and to
what extent the OS is the *product*. For e-mail and file transfer
stuff, the OS is really just a platform to run our application code.
For networking services, the OS really is the product to a large
extent and then the quality of the OS matters a lot more than how
easy it is to develop quality software on top of it.
Don't get me wrong, I consider OpenBSD to be the highest quality OS
you can use for most things (probably Solaris for the rest), but at
the moment Linux has the advantage of wider hardware and software
support. At the end of the day being able to hold someone
accountable matters a lot.
I'll take the other stuff off-list since it's of limited value to
anyone else.
Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"
