Farhan - Why we didn't go FreeBSD

New About Yours API Help
3.5 KB, Plain text
Hi guys,

I met you both at vBSDCon. Hope you're doing well.

I want to tell you of the tale of why my attempts to run FreeBSD in multiple environments were all dismissed. In short, a major reason FreeBSD's is under-used is because it fails to provide a clean user experience that conceals the machinery of its awesome capabilities.

I am with a team that got access to a fairly large playground environment: A powerful Dell server, with 1 terabyte of ram, a few terabytes of disk, and more CPU cores than US states. The entire purpose of this device is to experiment with various VMs, learn new technologies, databases, general testing, etc. Its definitely over-kill and we have a lot of latitude on what we can do with it.

First things first, what Hypervisor should we run on this device? I recommended FreeBSD's bhyve paired with vale, bridges and epairs. We played around with it and it did everything we needed, but it was ultimately rejected for ESXi. Why? Because ESXi's interface was clean, intuitive and easy to use, whereas bhyve et al required a lot of manual commands. We have varying levels of Unix experience and some people are just not comfortable with multiple cryptic commands and prefer a simple web interface.

Second, we needed an environment to run various pre-built docker containers. Note: Not zones, jails or even cgroups! Docker containers. Docker on FreeBSD is still experimental. Moreover, with someone looking over my shoulder, it failed to pull down a container which did not make my case easier. So we went with CoreOS.

We were working on setting up an application that would run on a public-facing host, so security was of the utmost importance and we take defense-in-depth very seriously. But when we learned FreeBSD does not have ASLR, it was immediately dismissed. We would have gone with OpenBSD, but LibreSSL is not FIPS 140-2 compliant, which would eventually become a requirement in production. I proposed HardenedBSD, but it was seen as an obscure fork of FreeBSD, whose future is unknown. I know that's inaccurate, but sometimes perception matters more than reality.

The only implementation FreeBSD saw was as pfSense. Besides that, everything else was CentOS, Ubuntu or Windows Server.

I love FreeBSD but there is an over-emphasis on chasing novel features and seemingly zero effort on user experience. A simple web interface goes a long way. FreeBSD had jails since at least 2000, but failed to produce a clean interface, such as docker. The multitude of hacked shell-script jail(2) front-ends are great, but not sufficient when you need an infrastructure of redundant containers. And while there may be a solution out there, it is one solution among many other standards.  This allowed Linux to come out with cgroups and docker and conquer the market, while FreeBSD's docker implementation using jail(2) is not production ready.

The one place we did implement it, pfSense, was because it was easy to use and powerful. Personally speaking, even I prefer Virtualbox over bhyve or Qemu because I like the interface. FreeBSD has massive untapped potential and frequently has years of lead-time, but fails to create clean user experiences.

I have a lot of other thoughts on things we are not chasing that could increase our market share and bring in new developers. But that should be enough for now. Just a bit of constructive criticism.

Followup:  As silly as this sounds, I initially went with FreeBSD over OpenBSD because I preferred its console font (the box prompt vs the line). Is there a way to change OpenBSD's default terminal font?
Pasted 6 months, 3 weeks ago — Expires in 158 days
URL: http://dpaste.com/1GHCGY5