Alternatives to LAMP
Most Free Software users are familiar with the Linux/Apache/MySQL/PHP stack—the LAMP configuration—a widely deployed set of software used for a large number of Internet and intranet applications. Although the LAMP configuration is the most frequently used, it’s not always the best tool for any given job. This article proposes some alternatives.
Alternatives to Linux
A number of free UNIX-like operating systems are available, with varying licenses. These include various BSD flavors and, recently, Solaris.
Solaris has traditionally had superb multithreading support, especially on large systems. With the current emphasis on multi-core processors, this capability is likely to become even more important. The latest version of the Solaris TCP/IP stack is heavily multithreaded, and therefore scales well to multiple processors.
When it comes to security, OpenBSD has a well-earned reputation as the operating system for the truly paranoid. The entire kernel and base system, including the OpenBSD fork of Apache, undergoes a constant auditing process. The OpenBSD attitude is that any bug is potentially exploitable, and when a bug is found by the auditing team the next step is to attempt to remove every single occurrence of that category of bug. This approach leads to an incredibly secure system.
The OpenBSD team are aware that they’re not infallible, so they take care to ensure that exploiting bugs is as difficult as possible. No area of memory on an OpenBSD system can be both writeable and executable at the same time, for example, which eliminates a significant number of arbitrary code execution vulnerabilities—even on platforms such as older x86 systems that don’t support page-level memory access controls. OpenBSD also provides significant protection against stack-smashing attacks and several other categories of exploit.
As well as security, OpenBSD is well-known for its firewalling and routing capabilities. The OpenBSD packet filter, pf, is incredibly powerful and easy to configure. Out of the box, an OpenBSD system supports features such as traffic shaping and transparent failover.
The major disadvantage of OpenBSD is its relatively primitive SMP support. While OpenBSD supports multiple processors, most of the kernel is still protected by a single lock. This effectively means that only a single process can be executing a system call at once, which limits the number of processors the system can use effectively.
FreeBSD scales somewhat better. During the 5.x series and the current 6.x series, there was a major focus on removing code from the big kernel lock, allowing more processes to make non-interfering system calls concurrently. In addition, recent FreeBSD kernels have adopted the N:M threading model pioneered by Solaris. This maps an arbitrary number of userspace threads to an arbitrary number of kernel threads. In general, there’s one kernel thread for every CPU, meaning that switching between threads in the same process, running on the same CPU, doesn’t require a costly context switch. NetBSD provides a similar model, although with a slightly different implementation.
FreeBSD has a reputation for stability, tarnished slightly by the 5.x series that never fully made it to a level where the team classed it as stable. Netcraft surveys show a number of machines that have been happily running 2.x series releases of FreeBSD for several years without needing a reboot.
One feature that makes FreeBSD popular with hosting companies is support for "jails," which can be thought of as an enhanced version of the traditional chroot. A user cannot escape from a jail (potential bugs notwithstanding), even if the user has root access. This means that an entire copy of the base system can be installed in a jail and a user given "root" privileges to this jail—without being able to affect the rest of the system. Unlike Xen and User-mode Linux, all FreeBSD jails use the same kernel, reducing hardware requirements.
NetBSD is well known for running on everything, including your toaster—a configuration they demonstrated at a show in 2005. For some hardware configurations, NetBSD is the only real choice. For others, such as SPARC32, it’s likely to be the fastest.
A side-effect of the portability of NetBSD is a very clean architecture. This comes across in the userland as well, making it a very easy system to administer, something helped enormously by the acclaimed NetBSD package management system, pkgsrc.