|
|
| October 1999 | Get BSD | New to BSD? | Search BSD | Submit News | FAQ | Contact Us | Join Us |
|
Abstract
If you've got an old 486 or 386 box lying around, consider
reuse over recycling. You could be surprised at the results with a BSD
unix.
I first learned about OpenBSD when I lived in Calgary. A close friend and co-worker was friends with some very heavy computer security consultants. Whilst "security-wonk" is not exactly a technical term, it suited these guys to a "T". It was through these fellows that I learned about OpenBSD. I have occasionally used FreeBSD and NetBSD, but I'm mostly familiar with OpenBSD, so that will be the focus on this article. Many benefits accrue to the other BSDs, but I am so personally enthused by OpenBSD, that I am (as much as time will allow) beginning to actively port software to this platform, where such may already exist on other BSDs.
I "grew up" in a NeXTSTEP environment, so BSD unix was not a new entity for me. Granted NeXTSTEP had a different windowing and administrative system, but there is a familiarity and consistency to any BSD system, regardless of its peculiarities. So I was pleased when I first installed OpenBSD (2.1 at the time, if I am not mistaken) and found much of the language, file structure, and other aspects to be quite familiar. Additionally, I was impressed with the philosophy of OpenBSD which promoted code correctness and stability which, whilst useful to security maintenance, also has the benefit of assisting OpenBSD not to break in adverse conditions. And boy did I have some adverse conditions in store...
This friend of mine and I were working a contract for Sun Microsystems, and we wanted to serve files over the network somewhat platform independently. Granted we had two new UltraSPARC's and two Pentium Pros running Solaris and NeXTSTEP respectively, but there was a glitch. We were dual booting the Pentiums into Windows, so we couldn't count on these machines being file-servers or print-servers, and Solaris hard-drives required SCSI workstation drives which were quite expensive. So to assist in our storage quest, we bought a 6 Gig IDE hard-drive, and dropped it into my old unused 486 and installed OpenBSD on a whim.
After some difficulty learning the intricacies of disklabels, and the then-primitive install scripts, we got the thing up and running and amazingly, it worked! We served files at remarkably comfortable speeds. We wondered how this could be, and so began to investigate OpenBSD a little closer. We believed that closing buffer overflows, implementing careful constraints on parameters, and other measures used in building OpenBSD would involve unreasonable overhead. We found however that this was entirely offset by the lack of memory leaks, race-conditions (resulting in timeouts and blocked processes and threads), and other mental gymnastics which slow up many other operating systems. In short, we were used to Windows' level of software quality, and we found that the efficiency of this BSD unix was such that we could get amazing performance (relatively) from a box which couldn't comfortably run Windows 95! The very design method, allowing a combined synthesis of centrally managed software development with open-source innovation and rapid feedback, seemed to have resulted in a very high quality product. More so as well with the near paranoia for quality and stability which the OpenBSD core group exhibits.
What were we running a file and print server on? Well, I had a 486 DX4-100, with 32 Megs of Ram, one 512Meg Hard drive as the root and swap partition store, and a 6 Gigabyte partition as /usr and /home and /exports store. Additionally we were using a Brother HL-730DX printer, with ghostscript as our print server on the same box, and when we were both in contention for file and print serving, we got the occasional NFS timeout. I later added more memory and this problem was almost entirely eliminated. This was in 1996.
So what has happened to my box since then? Recently, I wanted to revive this machine as I have been consulting from home. "Well", I thought to myself, "it worked before, why not try it again." Not wanting to languish completely, however, I added a bit more memory (it's up to 56Megs) and I added an upgrade to an AMD5x86 (really a 486-class chip at 133MHz) and I bought a 13GB hard drive. The current configuration is actually unsupportable by my system's bios! Nevertheless, OpenBSD seems to be able to handle it, and it's my home directory server, while I dual boot OpenBSD with Windows on my other machine. Running samba is as easy as ever, and my trusty Brother printer still works like magic... but there's more.
I have a cable modem. Not to be left behind the curve, I wanted to get myself connected with style, so I have connected my OpenBSD box to the net with ipfiltering, keeping the worst of the net away from me, and ipnat to allow my internal boxes to access the internet. So how does it perform? Better than in Calgary! I get no timeouts now in NFS and I stream video through ipnat with nary a blip to my file and print serving and at speeds comparable to my original direct link from Windows to the cable modem. It is so darned efficient I am consistently amazed.
So I recently found that I had to work mostly in Windows for a given contract. This meant using Windows' built-in telnet to get to an external site running FreeBSD. I couldn't stand working in a 80x24 character environment, so I conspired to find a solution. I happened upon a very nice XWindows server for win32. (XWinPro 5.1). But I had a problem. On my dual booting machine, I run Window Maker (an XWindows window manager), and (being the NeXT-bigot that I am) am really spoiled for a NeXT-like user experience. "No", I thought to myself, "surely I couldn't run Window Maker from my 486, displaying xterms on my Windows box!" Could it be that I had outstripped my little 486 box? NO!! I tried it, and it worked. Again, it didn't kill my system. Sure, the 'uptime' results indicate that each thread is waiting more than a second for resources, however, this seems to cause only the expected delay, not the crash-and-burn experienced on less stable platforms. I also found that I could, using ssh (secure shell), pipe secure xterms from an external box, past my nat, to my Windows display with no trouble at all.
But I wanted to unify my mail as well, so I thought to myself, "Christian, surely this little box (which I have named gabriel) can't do all this. You've got to buy more hardware." "But no!" I think back to myself, "we have to have faith in our little gabriel box. Look at all we've been through." (At this point, miracles performed by a 486 box running OpenBSD had called my sanity into question...as my wife will attest.) So I installed cyrus on gabriel, and imported my mail from outlook through IMAP. Now I can back-up in one place, and I can switch OSes on my K6-2 box with impunity. (Well, Windows NT and 98 crash on that box regularly, but my files are safe...)
Now, I also wanted to put my website up, just a modest little thing, but for my friends logging in, I wanted SSL. Using a dynamic name service to accommodate for my dynamic IP woes, I then managed to get apache up and running with SSL. Oh, and mysql... quite a busy box.
But alas and alack, I found a problem. After all this, I began to really put the features of OpenBSD to work. Thinking that, this being my gateway, I should probably take at least a few minutes and protect myself from script-kiddies, I set about disabling certain ports, and I ramped up the security of the passwords. I changed the algorithm in passwd.conf to blowfish for general user password cyphers. Bad move. The one thing a 486 is NOT good at is trying to do solid enciphering and deciphering speedily. Poor gabriel just can't do math very fast. So every time I log in, I hang for about 30 seconds while little 486 cranks away at blowfish. Powerful encryption, but a really annoying login lag. But there's a bright side... even when it's working at password authentication, nothing else is significantly slowed. OpenBSD seems to nicely let other processes/threads have first kick at the can while it's enciphering, which is very polite, and very very stable.
So in summary, my experience with OpenBSD has been that I can run a 486 bought in 1995 as a file server (homes no less), a Postscript interpreting print server, a Windows file server, a web server, a secure web server, an e-mail server, a gateway/firewall, a network address translator, an xdm/xsession provider, ssh gateway to my external box, database server, nameserver, cvs server (forgot to mention this), and I hope soon a scanning server. A machine worth maybe $200CAD (Canadian Dollars = 67 cents USD), with about $200CAD worth of memory, and a $249CAD dollar hard-drive, and it is a daemon! Truly miraculous. And I've got my friends resurrecting their 486s, one with FreeBSD that I know of, and a few others who will likely join me in porting Sun's JDK to OpenBSD on their 486s. The irony of this phenomenon which runs entirely counter to the desperate surge of hardware capacity to support bloated and inefficient operating systems is thick indeed.
I'm sure that when I eventually offload my file-serving to a faster box running a 100Mbps network that I'll have much nicer response times, and that I'm certainly not spoiled for processor power here, but you know, it's just enough, and frees up my other box entirely to do compiling and building and productivity. In short, for a little home network, it's perfect. Some very smart man should take a 486 embedded motherboard, put a small hard-drive on it, write a remote management application, and this would be a nearly perfect, extremely secure gateway, mail, web, nat, etc. box. My little stress test alone suggests that it could easily handle the day-to-day operations of a small network, and given the burden it handles, could probably handle a lot more internet traffic than my cable modem, if I were to use it in a more specialized way.
The moral of the story? Don't throw away your old hardware, you just don't know where that computing power will come in handy, and with a BSD you can wring every last drop of juice from it... for free! Just be sure to give back to the BSD community. Port something, or write something you like or need and share it around. It may not be a miracle, but you might just be amazed.