Gentoo and FreeBSD: Not for Me
I dropped out of the Berkeley Unix world some years back, when I started moving systems from BSD/OS to Linux. A lot has happened since then, and it seemed like time to check back. The Internet Protocols were honed under Berkeley Unix, and its network stack has always been lauded. It seemed like FreeBSD, a Berkeley Unix variant, would be an excellent choice for my new router.
I've heard great things about FreeBSD. One notable aspect is its methodology for packaging software. FreeBSD provides a ports collection, whereby you can retrieve the sources to any one of thousands of programs, download them to your computer, and compile them.
That's all great--so long as the computer has a compiler. A computer ought needn't have compilers unless it's being used for software development. In fact, I consider it a grave breach of sound security policy to put compilers on publicly exposed systems, such as web servers. For instance, last year, my web server fell victim to the Slapper worm. The worm died, however, as soon as it landed. The Slapper worm required a compiler on the local host to activate its payload. Per my policy there were no compilers, and so the worm sputtered out.
I believe, and the Slapper worm demonstrated, it is dangerous to put compilers on publicly exposed systems. Even worse, compilers on appliances, like a network router, are insane.
Thus, the standard FreeBSD ports packaging was not appropriate for my router. Fortunately, they provide an alternative where the program is pre-compiled, called "packages." With packages, you can download and run. No compiler involved. Perfect for my application.
So, I installed FreeBSD to the new computer, and it was a snap. However, when I went to turn the firewall on, the natd process started puking, saying, "Unable to create divert socket." I did a bit of research, and I believe the problem is that the pre-compiled operating system kernel (the so-called GENERIC kernel) does not have the IPDIVERT option enabled. If so, then the distributed kernel is not appropriate for my application.
The solution? One solution, the preferred FreeBSD solution, would be to install a compiler and build a new kernel. Another solution would be to punt on FreeBSD and choose something else. That's what I did, and I'm pleased as punch with my new Debian Linux router.
Program source is great stuff. I learn more and I'm more productive when I can access the source of the programs I use. Program source should be available, but it shouldn't be required. Most times I (and most every reasonable human being on this planet) just want to download the program and run it.
The source required fad has caught on in the Linux world as well. The Gentoo distribution of Linux uses a packages management system, similar to the FreeBSD source-required ports. This seems so wrong to me in so many ways.
First, the time to load a system goes from 20 minutes to 20 hours. You aren't merely moving a bunch of bits from a CD to your hard disk. You are, instead, compiling every freaking program you plan to run. No operating system install should take longer than it does to make a loaf of bread.
Second, the sole argument I hear in favor of this methodology is, "It's optimized to your system!" I'm not sure I buy it. The evidence I've heard is anecdotal and possibly flawed.
I've heard people say how wonderful Gentoo is, because their computer got faster when they switched over from some other Linux. I wonder, were they running a kernel optimized for their system or a stock generic one? When I installed Debian Linux on my router, first thing I did was replaced the generic operating system kernel with one better suited to my computer. I had a choice of 51 different kernel image packages to choose from. Sure, Gentoo is going to be faster than the stock generic kernel, but how about the selected, optimized kernel? And even if a custom built kernel makes sense, how much is to be gained by building the entire blasted system.
Third, are you friggin' crazy? Have you ever tried to build Mozilla? My workstation doesn't even have enough disk space to do that. Even if it did, it's hard to justify the time and effort to compile an optimized version of the application that may save me 60 CPU seconds. No thanks, I'd really prefer to just install it and run it.
For the hobbyist, there is an exciting "I built it myself" aspect to these source-required distributions. I've compiled so many programs in my life, it doesn't give me a thrill anymore. I'd prefer to just download it and use it.