Given that you know Linux, you'll find FreeBSD to be the best one to try. I would recommend the 5.x series if you're feeling ambitious, or the 4.x series if you don't want to put in too much effort. I say this because of my own past experice with Linux and BSD. Have fun.

So you're willing to experiment with a new system. Then why not install all of the free BSD's and use each for a few weeks and after that decide which one to keep, if any.

That is true ... though I was not as successful ... basically, I now use both NetBSD and FreeBSD; I like them both. I use FreeBSD on my laptop because it has NDIS support for my WiFi card (after 5.3), but I also like NetBSD, which is on my desktop. NetBSD seems to handle packages better than FreeBSD, as often with upgrades on the latter, I have some problems (I think that DragonFly is trying to fix that, though it is very preliminary right now). I have also used OpenBSD, primarily for the AFS support built in, but I did not like it as much as the others. I also have an UltraSparc, that, of course, is running NetBSD.
To each his own, they are all great OSes, you will find one (or more) that you like.

Here are some reasons you should consider OpenBSD's strengths.

Easy Install (and perhaps one of the quickest I've ever seen)
Very Secure OS. (You mihgt just find the OS all of your future servers run)
Ports System. - Like other BSDs, the ports system is truly a marvel. Software installation could not be easier.
Good license standpoint - OpenBSD has a rather purist stance on the licenses for software they ship. It might seem extreme at first, but there is some good reasoning behind it.
Documentation - OpenBSD's offical FAQ is very helpfull and answered 99.9% of the questions I had as a beginner.

I've tried them all and they're so different from each other that one won't really give you a very good idea of what the others are like.

OpenBSD is probably the easiest. Most things are in a working configuration by default, they just need to be switched on. FreeBSD has more software and better performance, but it's never been worth it for me because you have to mess around with the kernel and stuff (We're not on Linux, after all). I had to manually enable modules to get things like sound and set all sorts of environment variables to get some of the ports to work right. On OpenBSD it pretty much works the first time you boot it if it's going to work at all. The security is a bonus, but mostly I like how little work it takes to maintain.

FreeBSD is a bit more up to date, and has more powerful features (I love jails). I usually fall back on it if I need one of the features.

I don't really see much point in NetBSD, but given the number of people that use it and like it it's probably worthwhile to take a look.

DragonFly is still close enough to FreeBSD in terms of user experience that you might be able to skip it if you don't like FreeBSD.

They're all pretty easy to install. Give 'em a shot.

Besides being the easiest, FreeBSD has by far the largest collection of ported software. Although you can probably built almost all of the same programs by hand on Net- or OpenBSD, it's nice to be able to let someone else do the hard work for you, particularly if this is your first time to use the system.

BTW, I'd rewrite your instructions as:

Update your software collection:
cd /usr/ports; make update
portupgrade -ra

Install from source:
portinstall misc/screen

Install from binaries:
portinstall -PP misc/screen

Yes, I know that the first one is rarely that simple (although it can be, especially on relatively new machines). The second two are pretty representative, though.

Lots of people can say that, and its not that hard if you read the documentation.

I say without a doubt they should try FreeBSD first. It'll run almost any application they are used to either natively or through the Linux compatibility layer.

Also, reading through the FreeBSD Handbook [freebsd.org] will answer almost any question that one could have regarding getting the system up and going.

Combine all of this with the extremely expansive collection of ported applications [freebsd.org] (it's often as easy as 'cd /usr/ports/net/whatever ; make all install clean ; rehash' for almost anything) and it's a really, really nice way to work.

I would also add firewalls, routing, and packet queueing. I haven't found anything that compares with the power and ease of OpenBSD's pf firewall ruleset. It provides all of the features that you could possibly need in a firewall including stateful packet filtering, packet normalization, and packet shaping - all with and extremely easy-to-understand interface. For routing, you can support RIP, OSPF, and BGP. BGP is supported with the new OpenBGP server. I have a few OpenBSD boxes set up in my home lab that are linked with various Cisco routers running OSPF. But which one is actually cheaper . . . ? :) Finally, the OpenBSD dev team is militant on the security front. All servers are chrooted by default. Stuff just works out of the box securely. I can't tell you how easy and quick it is to set up a secure, chrooted web server with OpenBSD.

OpenBSD is easy to install. The hardest part is the disk configuration. OpenBSD doesn't hold your hand through the process. BUT, it's all spelled out in the FAQ. Once you've done it, you'll realize it's not that bad. I can install a base OpenBSD system from CD in about 10 minutes. Not much longer on a broadband connection booting from a floppy. Combine that with the power of the ports and packages, I can usually have the system I want in an hour or two depending on download times.

If you like Linux for tons of packages, and ease of use as a desktop system, go with FreeBSD.

If you hate Linux for its complexity, bloat, unclean filesystem, and long for something cleaner, go with Open or Net, I prefer Open myself.

If you hate linux for all those things, but don't want to make any large steps, then again, FreeBSD, its the closest thing to a baby step you'll make.

All the BSD's rock, all of them are much cleaner, and more consistent than your average linux distro, which is, in my humble opinion, the best reason to move over to them.

I agree that he'll be fine whichever he chooses, but your statement that they are all more or less the same in terms of security is very wrong. OpenBSD is not the same as the other BSD's in terms of security. It really, really isn't. If you think so, you're naive. The entire development process revolves around security; code is audited, settings and defaults are carefully crafted. OpenBSD did not start simply because they wanted to include one piece of software and FreeBSD wanted to include another. The whole purpose of OpenBSD is to be the most secure OS on the planet.

To suggest there is no difference is not only untrue, but vaguely insulting to the project.

BSDs in their most basic are all the same. NetBSD, OpenBSD, FreeBSD are like different distros. The only difference will be felt when compiling the kernel or system, in which NetBSD will feel different.

It really depends on what the BSD is destined to do. For learning any one of those three will do really. The effective differences between their CLI, commands, toolbox, kernel interface and compilations, networking etc are negligible. In networking, well, OpenBSD has the excellent pf instead of the ipf, but for learning will feel the same nevertheless.

If used for anything beside learning, well, FreeBSD is featureful, and can make excellent use of your hardware, OpenBSD is extremely secure and simple, and makes for great firewalls and VPN servers, NetBSD is also real simple, and porting it around is easier than Linux, easiest among all OSes.

But even those differences are negligible. FreeBSD and NetBSD are also very secure, FreeBSD and OpenBSD are also portable etc. FreeBSD has the largest base and some apps will run natively on it but not the other BSDs. I think FreeBSD alone has nVidia drivers available for it among all BSDs. If you plan to encrypt the filesystem, encrypt data structures in the ram, keep code and data seperate in the ram enforced by the OS, use encryptions of many more bits, do fancy VPNNing, use OpenBSD. I personally have difficulty in choosing a BSD for any specific task because they are so similar despite what the developers say. So I just use OpenBSD because I'm Canadian.

Choosing a Linux distro is usually a better conversation with more reasons to choose one over the other. Please dont bring up Linux vs BSD, just search that term on google and read for the rest of your days.

I'd suggest *starting* with OpenBSD (or NetBSD though I've got no personal experience myself) and later trying a FreeBSD install. If you've been on Linux for 6 years and have run HP/UX I'd have to say you're qualified to run one of the less candy coated BSD's to get yourself integrated into the "whole BSD 'thang." DragonFly will be cool (someday) but I can't suggest it for someone new to BSD. Same with Darwin.

OpenBSD would be great to learn on as it will definately push you into the documentation and get you used to some of the conventions used (slices v. partitions, startup scripts, etc.). I'd suggest you use an older or spare computer if you've got extra or can pick one up cheap. You could also just set aside space on those 80 gigs you've got. READ UP ON PARTITIONING, USE OF LARGE DRIVES, ETC. BEFORE YOU START ANYTHING!

Once you get some OpenBSD under your belt, put a box in service at your network connection (right behind you cable/DSL connection?) and learn to setup pf (packet filter - built in). Experiment with AltQ and get yourself a good firewall/NAT in place (junk the Linksys). Not too much trouble and the docs at OpenBSD - pf [openbsd.org] are quite good. Here you could experiment with adding a web server or MTA (if you don't have tons of boxen to keep your "real" services in some kind of dedicated DMZ). My home OpenBSD box forwards BitTorrent, Freenet, VNC and SSH to a variety of machines in my house. I also prioitize packets in the following order: 1st to tcp_ack_out, Vonage telephone, ssh_interactive, everything else, freenet, and finally ssh_bulk. Keeps my phone line crisp and prevents freenet from destroying my ssh sessions' latency. You can do this with other products but I've had a good time (and have learned quite a bit) constructing my /etc/pf.conf file. (Yes. I've got a life otherwise :)

Then build youself a FreeBSD box. This should be cake. 5.x should install without a problem for you and you've got access to all the ports you could ever imagine. Your experience with OpenBSD will help you understand some of the differences you'll encounter. Makes a great desktop. OpenBSD will work fine as a desktop machine but I've never done it. Same for NetBSD I suppose. Give it a whirl. I'm sure you'll learn a ton and be quite happy with whatever you decide.

Don't short yourself on learning OpenBSD. It is awesome, security aware and has some wonderful features (need encrypted swap case the feds might knock down your door at any minute? check.). It may just serve all your needs and knowing it is surely going to be useful to either yourself or others in the future. Use it for utility and the ability to sleep at night with your data behind it. (still better go with RSA keys on sshd though). Check out http://undeadly.org/ [undeadly.org]

Don't short yourself either on checking out FreeBSD. I moved from Linux to "the beast" some 5 years ago and haven't looked back since. The 4.10 machine I use everyday has been up 168 days as of today. I had at shutdown the machine previous to that due to a scheduled power outage. It sits fully exposed on an unprotected IP and runs user apps, a web server and mail. Not a single problem in years. FreeBSD has certainly served me (and some clients of mine) well.

If you're a system developer or like playing with things at the driver level or experimenting with new code, new systems or want to put your toaster on the network, don't deny yourself a NetBSD 2.x install. Wonderful features at the leading edge. Very capable and I hope to get some more experience with it myself one day.

Learn OpenBSD. You won't regret it.

I second FreeBSD, but for a different reason: DOCUMENTATION.

I think FreeBSD by far has the best centralized documentation anywhere (gentoo is good, too--I think they try hard to model after FBSD). Between the Handbook for general How-To's and the man pages for nitty-gritty, you can do almost everything without googling.

I keep trying to learn Debian, but every time I give up because it's hard to find good up-to-date information.

Uhm, no. Everything in a base install, even if not turned on, has undergone a code audit... I'm fairly certain that the OpenBSD versions of sendmail, bind, and "the webserver formerly known as Apache" have all had many security-related patches applied, not all of which were accepted back into their respective main code branches.

Anyway, for a Cluefull User I highly recommend OpenBSD - the documentation kicks ass, and the user community is great at helping those that help themselves (i.e. as long as you've done your homework [catb.org], they've always been quick to help).

Yeah, documentation! Which reminds me of the community, which is just great. I came to FreeBSD from a mandrake background (mandrakusers.org and pclinuxonline forums) - so I was a bit afraid that freebsd users are probably too geekish for my taste or something. What a pleasant surprise! Even after the positive experience on mandrakusers, bsdforums seemed even more friendlier. Sure, you are expected to read the documentation, but even if you made zero effort to do so you are directed to the handbook in a polite manner (no rtfm). And bsdforums is a wealth of knowledge. I didn't feel the need to post for 3 months, found almost anything I wanted via the search feature.

Anyway, although this is not the most important factor in deciding which OS to choose, it can still matter. I am very grateful to the FreeBSD user community for their patience to help out a noob like I was back when I tried it out. There is also a linux section on freebsdforums.org - and contrary to what some troll would have you believe, most freebsd users either run linux as well or don't care about linux at all. And if you are looking for positive linux reviews, you can find many of them on - surprise surprise - bsdforums (I read raves about mandrake, gentoo, etc.). I just thought that I'd mention this if someone had the same apprehension I had 1.5 years ago.

Auditing is extremely important. You seem to believe that because bugs are still being found, obsd must have the same level of security of other Unix. That's false. The other Unix aren't doing this kind of code audit, and aren't decreasing the number of possible exploits at a comparable rate.
That doesn't mean the audit is foolproof. But don't think in terms of black & white. The more the code is audited, the better it becomes.
There are also other things going on at the same time. For one, many services (like named) get chown'd and chroot'd by default. I believe this is still not the default behavior for quite a few Linux distros (I know debian doesn't do this, and they're one of the larges installed server base). Many other daemons have their own dedicated uid/gid. Check the /etc/passwd and /etc/group files and see...
There is also lots of stuff going on at the kernel level to deal with buffer overflows, etc. Now of course Linux has stuff like this too, but unless it's managed by the distro, the user has to patch his kernel himeself and configure the grsecurity (or whatever patch) correctly. Whereas in obsd, it's already part of the kernel and there's no need to deal with it (unless you want to use the systrace ACL system, but that goes without saying). Incidentally, the fact that the kernel is highly audited makes a huge difference here. It minimizes the chances of exploiting a kernel bug and bypassing all these security mechanisms.

The developers on NetBSD are a great bunch (not that the other BSDs don't have great developers), and for any sort of a server or desktop it's my first choice - for embedded platforms it's my only choice. 2.0 has some really great features that have, in typical NetBSD fashion, been a long time coming, but now that they're here, they're REALLY well designed.

FreeBSD is also a good one to try. I don't like it as much, but that's mostly just personal preference. DragonFly looks interesting, but I haven't bothered with it yet. OpenBSD is, well, rudimentary at best - I've only ever encountered one thing it does that the others don't do (yet), and that's RFC2385 support, which I highly doubt you will care about. Other than that, it's crude, problematic, and mostly hype - NetBSD and FreeBSD are every bit as secure, possibly moreso.

I think that the "all of them" replies are the ones closest to the mark. It may also depend upon where you are coming from. For example, Debian has created a distribution using a NetBSD kernel but their own Debian userland. That should get some NetBSD benefits while keeping the system "feeling" like Debian GNU/LINUX.

Between the NetBSD, FreeBSD, and OpenBSD systems, I'd add these thoughts:

a) Security isn't something you get out of a box.
If you think that it is, then I hope that
you're not running any boxes that I ever have
to rely upon!

b) Performance isseus are mostly transient if you
stay up to date.

c) Ease of use is subjective. I found the
FreeBSD install tool to be cumbsome and
unclear on the AMD64. I just wanted a base
system installed so that I could boot and
build from FrreBSD's pkgsrc-like source
package system (they call it "ports").
I had to goof around selecting and unselecting
stuff before the right things were all turned
on.

That said:

NetBSD is the only real choice if you require one of the platforms that only it supports. Or if you need to cross-build a slow Motorola 68K box from a fast AMD64. (The current benchmark superiority is nice, but not a long-term selling point.) Code cleanliness and the portable pkgsrc system that it uses (pkgsrc runs on FreeBSD, LINUX, Solaris, ...) are also pluses, but not of much impact for most people.

OpenBSD supports a few ports, like the Motorola 88K (not to be confused with the 68K!) which no one else supports.

FreeBSD is the only BSD with mainline support for DRI. (But it fails on my AMD64 box, along with audio. I assume that they work more reliably on i386 hardware, but have not tried.) If you expect hardware accelerated OpenGL, and don't want to fool around with unsupported patches, FreeBSD is the only one that stands a chance for now.

If you just want to see what a BSD is like, probably the best thing to do is install all of them that you can.

(For the record: I mostly use NetBSD. I have installed FreeBSD/amd64, hoping to use it as a friendly alternative to GNU/LINUX for games and OpenGL, etc. Given that neither DRI nor audio work on this box for FreeBSD, I use NetBSD for audio and GNU/LINUX for games. I rarely boot FreeBSD.)

The bridging support (with Spanning tree I believe), vlans and carp all make OpenBSD a rather wonderful bit of network glue. Its all polished, complete and and works out of the box (no kernel recompiles or add-on tools).

This is where OpenBSD really shines.

Jason.

However, from a practical perspective my guess is that there are few attacks on Apache/named/dhcp/ftpd/OpenSSH and whatnot that work on Linux that fail to work on OpenBSD, because OpenBSD modified Apache in a way the Apache project wouldn't accept patches back.

This clearly shows how uninformed you are. OpenBSD ships its own version of these tools in the base install, and the differences between the stock version and the OpenBSD version are sometimes big. named and dhcp use privilege separation for example, httpd is chrooted by default, etc. etc.

Your assumption that userland code isn't audited is also false. A large effort has gone into userland, and since auditing is a continuous process, it will go on.

Some examples: sometimes new classses of attacks are found, and a complete scan of the tree is done for the specific error. Some time ago the whole base tree has been cleaned wrt to strcpy, strcat and sprintf. No more unbounded string operations remain in the tree.

The three major BSD's are FreeBSD, OpenBSD and NetBSD. OpenBSD is known as the secure BSD, NetBSD is known as the architecture portable BSD, and FreeBSD is known for many things. I've run servers using FreeBSD that I've been happy with.

A lot of people I know are impressed with OpenBSD's security and architecture. OpenBSD is also a major force behind some security things that Linux borrows, for example, my "apt-get install ssh" installed an SSH written by OpenSSH, which is associated with OpenBSD. If I was concerned with security, or wanted to get involved in kernel development, I might look at OpenBSD. Be that as it may, it seems like a niche, and is not as widely used as FreeBSD or necessarily aimed for a wide market.

NetBSD I am not very high on. It's thing is portability, and it has always been ahead of FreeBSD and OpenBSD, but sometimes even that has stalled, and it's one benefit hasn't been that impressive in comparison. Currently that is not true, but it seems cyclical. Unless you're interested in architecture portability, I'd avoid it. IMHO the best coders went to OpenBSD in the NetBSD/OpenBSD split. But if you need artchitecture portability above all, from time to time NetBSD shines in that area.

FreeBSD to me is the "Linux" of the BSD's. If I wanted security or to hack on the OS, I'd get OpenBSD, but otherwise, I'd get FreeBSD. I've been using FreeBSD and Linux since the mid 1990s, and although I'm more of a Linux person, I've always liked things about FreeBSD. One thing that I feel helps it propogate is I feel the install is easier than a lot of the big Linux distributions. In the mid 1990s, it used to support my crappy NE2000 compatible cards when Slackware Linux didn't, so I wound up installing FreeBSD for servers I originally was going to run Linux. In 2002 or so, I needed a UNIX on my Intel box which only had a 56K modem to do a network install - I got the floppies for FreeBSD, Red Hat and some other Linux distro I forget. Only FreeBSD was able to do the install. I've always thought their installation process was superb. I've also used FreeBSD as a desktop and a server and have been happy with it as both. I prefer Linux, but FreeBSD is a nice competitor to Linux, and some things, like installation, it seems to do better in.

Uhm, no. Everything in a base install, even if not turned on, has undergone a code audit... I'm fairly certain that the OpenBSD versions of sendmail, bind, and "the webserver formerly known as Apache" have all had many security-related patches applied, not all of which were accepted back into their respective main code branches.

The Apache httpd diff is about 4000 lines. After the fork the diff is even larger as they are removing the unneeded apr layer.

Besides that it's so much of a bastard to install that it's a fun challenge. (Not many people can say they have installed OpenBSD!)

Utter rubbish. Me, being a complete *nix idiot then (and still pretty clueless now) was able to install OpenBSD without a hitch, found drivers for my exotic hardware and had the best community support you could wish for. [lowendpc.com].

In addition to being a great, functional and secure OS, it also has a outspoken, intelligent leader who is not afraid to stir up controversy for his political or technical beliefs.

Go Theo!

I know this stuff has [slashdot.org] been [slashdot.org] posted [slashdot.org] before. [slashdot.org]
But since I've seen that a 3-year-old post [slashdot.org] spreading FUD over BSD was modded up from "-1 Troll" to "+1 Funny", I thought that - at the risk of burning my karma - it was right to make available to the +1 readers an even funnier collection of *facts*. ;)

FreeBSD:
FreeBSD, Stealth-Growth Open Source Project (Jun 2004) [internetnews.com]
"FreeBSD has dramatically increased its market penetration over the last year."
Nearly 2.5 Million Active Sites running FreeBSD (Jun 2004) [netcraft.com]
"[FreeBSD] has secured a strong foothold with the hosting community and continues to grow, gaining over a million hostnames and half a million active sites since July 2003."
What's New in the FreeBSD Network Stack (Sep 2004) [slashdot.org]
"FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."

NetBSD:
NetBSD sets Internet2 Land Speed World Record (May 2004) [slashdot.org]
NetBSD again sets Internet2 Land Speed World Record (30 Sep 2004) [netbsd.org]

OpenBSD:
OpenBSD Widens Its Scope (Nov 2004) [eweek.com]
Review: OpenBSD 3.6 shows steady improvement (Nov 2004) [newsforge.com]

*BSD in general:
Deep study: The world's safest computing environment (Nov 2004) [mi2g.com]
"The world's safest and most secure 24/7 online computing environment - operating system plus applications - is proving to be the Open Source platform of BSD (Berkeley Software Distribution) and the Mac OS X based on Darwin."
..and last but not least, we have the cutest mascot as well - undisputedly. ;) [keltia.net]

--
Being able to read *other people's* source code is a nice thing, not a 'fundamental freedom'.

BIND, Sendmail, DHCP and SSH. For the 3.6 release, the DHCP server and client underwent a major cleanup to improve security. In addition there are security enhancments.

From http://netbsd.org/Documentation/software/packages. html [netbsd.org]:

The NetBSD Packages Collection (pkgsrc) is a framework for building third-party software on NetBSD and other UNIX-like systems, currently containing nearly

5000 packages.

From http://www.freebsd.org/ports/growth/status.png [freebsd.org]:

[graph with a y-value of

12,000 at the current time]

Which brings us back to my statement:

Besides being the easiest, FreeBSD has by far the largest collection of ported software.

If you can make a FreeBSD port of a program, then you can probably also get it to run on NetBSD or OpenBSD. However, the odds of any particular program already being ported to FreeBSD are significantly higher.

>I never found adequate documentation for how to deal with it (most seemed to assume I already knew what I was doing).

I would suggest this excellent trilogy of articles about FreeBSD ports:
Ports Tricks [onlamp.com]
portupgrade [onlamp.com]
Cleaning and Customizing Your Ports [onlamp.com]
Together with the ports chapter on the FreeBSD Handbook [freebsd.org], they should pretty much cover anything you'd need to know to work with ports - they did for me.
And btw, as another poster already pointed out, the BSD section [onlamp.com] of Onlamp is a *great* source for BSD technical info.

I've also heard great things about NetBSD's pkgsrc [netbsd.org] system - I have to try it out some day.
--
Being able to read *other people's* source code is a nice thing, not a 'fundamental freedom'.

You can also take a crack at converting the port to pkgsrc with this tool [aarnet.edu.au]. I've had some decent luck with it myself.

OpenBSD's auditing is much more important than you think it is, but there's alot more than that. Tons of apps that are setuid root on free/net/linux are not on openbsd, things like tcpdump, dhcpd, syslog, etc are privilege seperated to limit root code, and there is propolice, W^X, and randomized loading of libraries to make exploiting the holes that are found nearly impossible. If you are stupid enough to think that simply turning off services on a linux box would achieve the same security, then you need help.

And openbsd runs plenty by default, its netbsd that simply turns everything off and calls it security. If you haven't even tried openbsd, maybe you shouldn't be talking about what it does and doesn't do?