Firewall source code in linux

In all the publicity Linux has received in the past year, one key point gets lost among all the hype: Linux is a kernel, not an operating system. What Linus Torvalds developed was a Unix-like kernel that forms the core of the operating system generally called "Linux."

The rest of the OS has been taken from various open-source contributions, especially from the work of the GNU Project of the Free Software Foundation. For this reason, at least one Linux distribution - Debian - calls itself GNU/Linux.

Not to minimize the remarkable and excellent achievements of the Linux kernel development team, but it's this dichotomy between the kernel and the surrounding programs put together by the distributors that makes "Linux" sometimes annoying to use. Each Linux distribution takes upon itself the job of determining which programs (and which versions of programs) to include in the overall mix.

This creates dissonance for a system administrator trying out competing distributions. Debian GNU/Linux, for instance, maintains a philosophical agenda about what is "free" and what is not. Certain programs you expect to be a standard part of Linux have to be obtained separately in Debian due to interpretations of software licensing. Other distributions have similar quirks, such as Caldera's arbitrary elimination of several popular programs, such as Pine. (Caldera later made some of them available by FTP.)

The commercial distributions of Linux are trying to achieve popularity by offering graphical installations and graphical admin tools to ease the passage for new users. In itself this is a worthwhile goal, but each distribution has developed a different set of tools for administering the system. If you are accustomed to using YAST to administer a SuSE Linux system, you may be baffled by Caldera's COAS or Red Hat's Linuxconf.

Then there's the question of how to install and update new programs. Many distributions have adopted the Red Hat Package Manager (RPM) scheme, offering their packages as RPM files. But RPMs for one distribution often fail on another due to library incompatibilities, differences in program versions or names, and even differences in file locations.

This lack of consistency has led some system administrators to re- examine their approach to Linux. Some are returning to Slackware Linux, the oldest distribution on the market, because of its simpler, more traditional Unix-like approach to administration and file layout. With so many of the distributions now aimed at end-user workstation setups, it's becoming increasingly difficult to find a distribution that will install as a basic, minimal server with no X Window required for administration. Slackware excels at this.

Other sysadmins are evolving beyond a Linux-only approach. The BSD family - FreeBSD, OpenBSD and NetBSD - are also free and available via CD-ROM or FTP. They're all directly descended from Berkeley Unix and they offer a high level of consistency and integrity.

The FreeBSD team, for example, co-ordinates the entire operating system, not just the kernel. This brings a consistency and quality control from release to release that is not always seen in the Linux world. The FreeBSD team is conservative and more focused on "correctness" than on "coolness."

FreeBSD has earned a sterling reputation as rock-solid, dependable operating system, and it is a treat to administer.

OpenBSD, based in Calgary, focuses on security. It has undertaken an extensive audit of core source code to eliminate buffer overflows and other weaknesses that can lead to security exploits. When you install OpenBSD, it is nailed down tight, in sharp contrast to the "kitchen sink" openness of many Linux distributions.

Some security analysts consider OpenBSD the most secure version of Unix available. For this reason, it is becoming popular as a Web server and firewall platform. Being based in Canada, it is also free of the encryption export laws of the U.S, allowing it to incorporate strong cryptography. Several corporations and government offices are using OpenBSD for its Virtual Private Network capabilities.

While Linux is exciting the press and users worldwide, and rightly so, some IT managers are finding the more consistent BSD releases highly attractive additions to the server farm.

Gene Wilburn is ITS manager at the Royal Ontario Museum in Toronto. He can be reached at genew@rom.on.ca

FACT SUMMARY

BSD Family

* Includes FreeBSD, OpenBSD and NetBSD

* All members are direct descendants of Berkely Unix

* All offer high level of consistency, quality control and integrity not always seen in Linux world

* FreeBSD team more focused on 'correctness' than 'coolness'

* Calgary's OpenBSD focused on security, has reputation as rock-solid

COPYRIGHT 2000 Plesman Publications
COPYRIGHT 2000 Gale Group