I've been looking at various operating systems so I could figure out what to use to host my own web and mail servers. Although various versions of Linux have servers, I've always wondered about how secure are these distributions. First, let's be clear, many Linux distributions, out-of-the box, are probably more secure than any version of Windows. But, in my opinion, not all Linux distributions are secure enough to run web or mail servers because you have to open ports for them to work and because you are enabling additional software (any of which may have a security vulnerability).
To me, a secure server would include only those services required to run the web and mail servers to reduce the chance inadvertently exposing your system to hacking. Since all services are potential security vulnerabilities, the fewer you run, the fewer possible entry points. The problem, for me anyway, is that it is very difficult to setup and administer such a server unless you've had years of experience doing it.
To start my exploration of what operating system to use, I took a look at pair.com, the company that is currently hosting my site. It uses a version of Unix called FreeBSD. I reckoned that if it was good enough for them, it should work for me. But, the strength of FreeBSD - its no nonsense command line oriented operating system, left me wondering if it was worth the time and effort needed to get things up and running.
Although I haven't yet decided what to do, I would like to point to two projects (note: I have not tried either of these so I am simply letting you know that they exist. YMMV. Insert disclaimer here): Desktop BSD (D-BSD) and PC-BSD. Both use FreeBSD as a base and overlay it with tools that they say make it easier to administer.
Although each is independent of each other, both use KDE as its GUI. If you are familiar with KDE you should be able to move around without problems. However, that doesn't mean everything is just as it is when running your favorite Linux distribution. FreeBSD is Unix, and Unix is similar, but different.
That said, one thing that is similar is the problem with updating your system. As background, unless developers of the software you want to install or update create a version (sometimes called a "port" or "package") for your specific system, you often times have to compile the application yourself. This can be easy or it can be impossible. Many times its the latter. This has been a thorn in my side for years.
There are various efforts to solve this problem. Here, these two projects diverge. D-BSD uses the standard FreeBSD packages/ports system for installation/updates of new applications. As a review, a FreeBSD package is a set of precompiled binaries ready for installation. A FreeBSD port is a set of source files configured for you. Although you will have to compile them, it should be a one-step process for the user to run a script that automates the process. Both ports and packages check for dependencies. However, there may be situations in which it is impossible to install an application due to an inability to install the correct files first (such as recursive dependencies in which one application depends on the other already being there when you have neither installed).
On the other hand, PC-BSD uses their own packaging system called PBI. They provide pre-packaged applications that they claim are "self-extracting and installing...similar to InstallShield(r) on Windows(r)." The upside is you shouldn't have to worry about compiling, dependencies, or configuration problems.
This should not be under estimated as an advancement. I cannot count the number of times I've run into problems trying to install/update software. Even with systems such as RPM or Apt-Get, there are, as mentioned above, dependencies that cannot be solved. So any system that can reach the ease of installation of the Windows-based InstallShield would, indeed, be an advancement of note.
But, to the extent that this system even works, and I don't know if it does but I would guess it is only partially successful, the downside is you have to wait for PC-BSD to create these packages. In some cases, said wait may be forever. Although I could be wrong, I doubt PC-BSD will convert every application ever written for FreeBSD. Actually, it is doubtful they (or independent developers) will convert even the majority of the thousands of applications available. If this is true, then it is probable that you will run into situations where what you want to update/install is not available in their format and may never be. If/when that occurs, you would be left to use the standard ports/packages system like D-BSD uses.
In fact, even if PC-BSD creates a package for the application you want, it is highly unlikely that it will be available at the same time the standard port is released because it would take time to pull down the port and then create the PC-BSD version. In many cases, this delay may not be important. But if the update is to close a security vulnerability, you would want to do the update sooner, rather than later (to me, this is the biggest drawback of Xandros Linux and its own customized packaging system).
In any case, I just wanted to point to these efforts and note that they may be of use if you are looking for a robust alternative to Windows or Linux for a secure server operating system but would like to use KDE to administer it.
Aloha!
