Domain: freessh.org
Stories and comments across the archive that link to freessh.org.
Comments · 8
-
Personality Cults (Specifically, Theo De Ratt)
This is not intended in any way as a troll (merely informative to other readers who may not have come across him yet and wonder what we are talking about), but I take it from the UID you do this with the full knowledge that Theo is, on all apparent evidence, a bit of a nutter, a bullshitter (with reference to his utter bollocks about 'Linuxes'), and that rather than OpenBSD being founded out of some earnest devotion to security of his[1], it was because his access to the NetBSD CVS repository was pulled, on the grounds that he was being a class jerk to both users and other developers (not a exactly an isolated incident).
[1] In fact, he originally intended it to be called NextBSD, because he seemed he was basically intent on running his own show all along (which seems to me to be due to him 'not playing well with others').
While the development of OpenSSH remains a much valued contribution, from a security standpoint OpenBSD really has a long way to go to catch up to Linux as far as meaningful features go (the security hype being primarily based on (a) the contribution of OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD! - and (b) simply having all the services turned off on a default installation).
Specifically (and unlike Linux) OpenBSD doesn't support MAC (Mandatory Access Control) restriction on files, nor does it allow the restriction of access to raw devices, memory or sockets for any user (including processes executed as root), hell it doesn't even have ACL's (Access Control Lists) support without a 3rd party patch (e.g. with patches based on FreeBSD 5's implementation), and they don't seem to 'get' why anyone would want it. In fact, they have *actively* decided not to even attempt to implement POSIX.1e (according to this book, endorsed by Theo).
These are features that have been supported by Linux for years. If (and I honestly think it's going to be 'if' rather than 'when' now), OpenBSD begins work to implement these features, then it might start to be considered useful as a secure platform. Until then, it's very lacking in meaningful features indeed. In fact, other BSD variants are already ahead of OpenBSD in so far as implementing them (such as FreeBSD and TrustedBSD).
I realise it's considered easier to criticise than give due credit by some, but in the case of Theo De Ratt I can't see that the amount of credit he gets from some quarters is warranted.
In conclusion, this is why I find the inference that he is 'very wise and well intentioned' at best riotously amusing. ;-)
( YMMV. :) -
Re:one word
smart men use ssh
-
Good list of SSH implementations
An excellent collection of links to SSH client and server products is maintained by FreeSSH. Includes free and fee versions.
-
Re:Security holes?
Because telnet is much more ubiquitous than ssh/scp
True, though I doubt that's insightful. Just because Telnet is popular doesn't mean it should be allowed to travel inside or (horror) outside your network. SMB is popular too, you know. Would you like that going to the outside world?
There's a plethora of free Linux / Unix / Windows based SSH and SCP clients available, as well as a stack of commercial ones.
And if the Windows telnet app is shitty [the Win2K version is a little better], you'll end up using third party software anyway. -
From the OpenSSH.org website:http://slashdot.org/article.pl?sid=00/03/06/20362
4 2
http://www.deadly.org/article.php3?sid=20000306151 402
http://www.deadly.org/article.php3?sid=20000306030 924
http://www.deadly.org/article.php3?sid=20000306023 532
Who are you ?
.: I'm Alex de Joode, I operate the ZedZ ftp site which is propably the largest cryptography oriented ftp site in the world. I also ran an anonymous remailer for 4.5 years and currently host an anonymous remailer and operate an mail2news gateway so people can post anonymously to usenet. I'm in the process of setting up a new remailer.Who are "they" ?
.: "They" are the OpenBSD core team represented by Theo de Raadt.What's this document about ?
.: I received a lot of request to tell my side of the story, since it's impossible to reply to all people in detail, I decided to setup this page to answer the most common questions.Why did you register openssh.org ?
.: The company I work part-time for allowed me to investigate the kickstart of a open/free ssh server client combo that was compatible with ssh1 and could run on Linux/Solaris.The project title was, guess what
... 'openssh' ...I learned from LWN that there was an other group working on an openssh version so I contacted Theo de Raadt and asked if he was interested in developing a port for Linux/Solaris. He told me that they were only interested in developing a version for OpenBSD.
I registered openssh.org and was trying to find someone to do the porting. Unrelated to my activities Damien Miller started a succesful porting effort for Linux/Solaris, so there was no necessety for my search to continue.
Why didn't you give away openssh.org to openbsd ?
.: Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page.Then why do you still have openssh.org?
.: Theo de Raadt first agreed and suggested I register http://www.freessh.org, which I promptly did, but later he canceled the deal telling me:
"We're not going to get ripped off by someone we don't trust".What happend then (part 1) ?
.: Theo sent me some nasty emails and I didn't hear from him again untill the 1st of March. I offered other openssh developers the use of www,cvs,ftp and mail, but they declined. As a service to the community I rewrote the openssh.org URL to openssh.com so people would be transfered to that domain automaticly.What happend then (part 2) ?
.: Theo sent me an email demanding I remove the mx records for openssh.org. Theo must have known this demand was impossible since rfc822 requires that postmaster@domain is a valid email address. Without mx this is not the case, and I would violate this requirement.We exchanged some email about/with the word please and we summarized the November email exchange.
And then ?
.: Theo sent me a message telling me he would post a banner on openssh.com to warn people, he would post a message to BUGTRAQ and there would be story on slashdot.org. Handing over the domain would stop that.So what did you do ?
.: Nothing, I was surprised someone was trying to coerce me.Did other people contact you ?
.: I received a sudden influx of messages most cc'ed to openssh@openssh.com requesting me to hand over openssh.org, some seemed to believe I was reading their mail, while others were angry they couldn't receive mail @openssh.org. Since I offered the use of www,cvs,ftp and mail to the openssh developers this strikes me as strange.How is mail for openssh.org setup than ?
.: It's a virtual host that only accepts mail for postmaster@openssh.org, root@openssh.org, webmaster@openssh.org, all other mail will bounce. Since the mx points to the same host that used to run the remailer@replay.com, and still runs the remailer@hr13.zedz.net, sendmail is setup with 'LOGLEVEL=0', so not only do I not receive bounced mails, I don't even get a logfile of people who tried to send mail.What do you think of the OpenBSD Announcement ?
.: They recommend caution since "there could be privacy issues, possibly data mining or building a mailing list of security conscious users". I feel this was sent 'in the spur of the moment'. If I wanted a to build a mailinglist of security conscious users or was dataming, the only thing I would have to do is mail all the users of the ZedZ ftp-site. As for the privacy issues, I've provided and still provide ways to anonymously access the Internet. But you decide.Why do I suddenly get a seperate page at openssh.org ?
.: Damien Miller laid out his concerns about the seamless redirect from the openssh.org URL to the openbsd.com URL and requested me to remove the rewrite and to setup a seperate page. Which I did.What happens next ?
.: I'm disappointed in the behaviour of one or two people but since my main goal is and always will be the spread of encryption products and the use of those products by end users, hence the building of the ZedZ ftp site, I'm willing to 'get over' that.In order to facilitate the community I suggest to the OpenSSH/OpenBSD group that they supply me with a zone file and a secondary for openssh.org. I will instruct the primary DNS to fetch the zone file from the OpenSSH controlled secondary. It's up to the OpenSSH/OpenBSD group to configure the layout of the domain. If at a later stage 'the wounds' are healed and a mutual understanding, maybe even a mutual appreciation has been reached it's not impossible that the domain will be donated to the OpenSSH Project.
Since OpenBSD already uses ftp.zedz.net as primary ftp site for rsaref and cfs for instance (under it's old name utopia.hacktic.nl) this seems a reasonable and acceptable compromise to me.
Other whishes ?
.: A public apology from Theo would be nice. Also the OpenSSH.com site is very OpenBSD centric a change that would level the exposure of other OS's would be welcomed, but it's up to their webteam to decide.Other things ?
.: Not at the moment.How can I contact you ?
.: Just mail me at adejoode@zedz.net
Exit! Stage Left!
-
I would have done the same
Mr. de Joode has repeatedly refused requests to sell or turn the
.ORG name over to the OpenSSH developers.
I still can't understand why he should?
Maybe he has plans for the domain. Right now there are two links, to information about free SSH implementations and a link to OpenBSD OpenSSH project.
If I come up with a successful program called "slashdot" does that mean I'm entitled to have slashdot.org? If I had paid for and bought a domain (for whatever my purposes might be) and suddenly it's being demanded by some entity I've previously not heard of, I'd tell them to fuck off. I wouldn't sell.
I'd say the problem is when you get a domain so you can SELL it later, not if you buy a domain for yourself. What did the OpenSSH people offer in return other than money? Did they discuss switching domains, .com for de Joode and .org for OpenSSH?
Mr. de Joode also owns freessh.org, check it out here. -
Re:Is it *really* that important?
Right on! Not to mention the fact that if you read the OpenSSH.ORg web page you will note that it states 'free ssh implementations go to www.freessh.org' and stating "OpenBSD' OpenSSH implementation goto www.openssh.com"
.... now you tell me .. what is that implying to you? Ironically, the most freely available OpenSSH license can be found at www.OpenSSH.com.
Can someone explain to me this doesn't mean what it implies? -
Squatting...
I don't know about anyone else, but i don't have a huge problem with this case. If the site is a legitamate site with crypto information i don't see any reason why he should HAVE to give it up. By all means, i think that he should sell the domain for registration fees, but by no means should he be forced to give it up. As the site is now (it's simply 2 links, one to FreeSSH and one to OpenSSH. To me, that's simply a waste. If he wants to make a site on cryptography, take openSSH.com in place of openSSH.org, or better yet, just drop the whole thing because there isn't even a semblence of a page up there now. That's just my opinion, I may be wrong.
------------------------------------------------ ------