Slashdot Mirror
Ask Theo de Raadt about OpenBSD
OpenBSD 2.8 was released today, so this seemed like a good time to ask project leader Theo de Raadt about OpenBSD -- or anything else. He's a rather colorful person; a pizza eater, kernel hacker, and devout rock climber, so even though this is a big day for OpenBSD you might want to discuss a few other things with Theo, too. We'll choose about 10 of the highest-moderated questions and e-mail them to him shortly after noon (US EST) tomorrow. His answers will appear next week.
> Huh? You know what CVS is, isn't it ?
Yes, I can find out what's been changed historically, if I *really* go looking. I have no way of knowing easily that:
bash-2.04# perl -v
This is perl, v5.6.0 built for sparc-openbsd
was compiled from a different codebase than:
bash-2.04# perl -v
This is perl, v5.6.0 built for i386-linux
My point is, if you change the source, change the version. That I can hunt something down in CVS is pretty meaningless if I don't know that I need to.
--Dan
I have only been using OpenBSD for a short while now, so forgive me if this question is based upon some incorrect assumtions.
OpenBSD's kernel design seems to be of the monolithic species. OpenVMS (no relation) and NT are two prominent operating systems that use a microkernel archetecture. The microkernel design seems to me to be fundamentally more secure, since there is less priveledged code. Further, if one of the servers is compromised, the damage is minimezed.
My question is this: Is the OpenBSD design fundamentally secure, or is it only a very well done implementation of a basically flawed design?
Yes, I'm still a junky. Are you still a bitch?
Did the drive to audit code come from the need or the design of BSD? Or was it initially a whim? More imporantly, where did you learn it from? Is their some "mentor" you looked too for ridge design? I have to admire your team's daunting code reviewing...I wonder if I'll ever have that kind of meticulous coding nature.
If Theo made the ISO images available, would you purchase an OpenBSD CD just to support him?
...
You *can* do an ftp install or AFS install or even make your own CD. So its not like you *have* to pay to get it.
The CD is $30.00 plus S/h, so buy it, get the CD set and have the warm fuzzy feeling of having contributed to the project in some way.
Btw the T shirts kick ass too
The number of the beast
What's your opinion of the TrustedBSD project? I know it's relatively green and AFAIK not much has been shipped off the assembly line other than some rough beginnings. But, that aside, do you think it's too ambitious (or not ambitious enough?) And if it ever does complete its goals do you think OpenBSD will utilize any code from it?
More realistically, the amounts get diminished in two obvious ways:
What doesn't get sold transforms magically into "pieces of chad" that aren't being fought over by Floridan electoral officials, but which rather cost that $5, and result in zero input of cash.
I'd be surprised if Theo's seeing as much as $100K of "positive" cash flow, all in all. If he's seeing more than that, bully for him; it's not as if he hasn't put in a lot of work that resulted in that.
As for your suggestion that it would be slick to have a "charity" to handle the money, while part of me agrees, there's definitely room for duality here.
What I would like to see is for people to take the action of Just Plain Giving Out Gifts to developers that they want to give money to. No "charitable contribution;" no "tax deduction."
One might think that this is a losing proposition, as there's "no deduction." To the contrary, if there's that deduction, on your side, then the money must be treated as a taxable income on the part of those that receive it as income.
It's worse than that; employment income involves deductions, which means that lots of the money gets eaten up by taxation.
In contrast, if you give someone $50 a gift of your after-tax income, it may not be deductible in your hands, but should correspondingly not be taxable in their hands. If someone received $40K in nontaxable gifts, that might well be as good as receiving $60K in taxable income...
Food for thought...
If you're not part of the solution, you're part of the precipitate.
And focusing on OpenBSDs strengths, a second step to remove the BKL for the networking code could result in useful SMP for firewalling, VPN and IDS applications under SMP. Any plans or thoughts on minimal SMP support like this for OpenBSD?
Canada is the centre of development for OpenBSD. With the state of encryption, patent, and copyright laws in many places, do you think there are many other countries in which something like OpenBSD could have been developed?
What legal trends do you see as particularly threatening to OpenBSD or similar projects?
Strippers. Lots and lots of strippers.
I'm Canadian and asking the question any Canadian could answer? Riddle me not that one!
Theo, would you prefer anchovies or black olives on your pizza?
----------------------------
-----------------------
Moderator's essentials
Hi Theo,
Do you think your once overzealous (now calmed) ego is still hurting OpenBSD? Or has time calmed the fires?
In the early days the open fighting between the NetBSD (we won't take changes until hell freezes over) and the OpenBSD (we are the best, you suck) camps was pretty unattractive, to say the least.
--- I do not moderate.
What's your take on Apple putting a BSD-layer in their forthcoming Mac OS X? What effect do you see this having on the BSD community & your own distribution in particular?
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
If you were offered an OC connection for FREE would you take it? I'd assume yes.
Thus sprach DrQu+xum, SID=218745.
DrQu+xum: Proof that the lameness filter doesn't work.
Xenophon:
s pa rc/
I'm actually pretty confident that OpenBSD tracks the changes they make, but those changes(I believe) are to the overall package that is OpenBSD, not to the individual files.
You wrote:
===
I don't think you understand how they package up their releases. It isn't like Red Hat or Debian, i.e. there are no individual packages like perl-5.003-666 or nethack-23-skiddoo.
===
To which I reply:
ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/
That being said, it may very well be that anything that Theo directly touches is considered a critical component and is kept out of the "packages" tree. This would be somewhat surprising to me(given the amount of energy Theo et al puts into creating a "high quality package archive"), but wouldn't be unimaginable. However, it remains unclear what has been touched and what hasn't. Is that really Perl 5.6.0? What about Netcat 1.1.0? I can't even compare binaries; I have to diff source trees.
Not too long ago, one security guru got taken to task *HARD* for assuming that the version of Debian he had downloaded possessed the same security holes as...uh, that version actually had. Except it was the Debian unmarked modified patched version, and he didn't know. He submitted a total mea culpa...but I'm just not sure he should have.
This is actually the topic of a paper I've been considering writing, but I think it'd be much more interesting to hear what Theo has to say on the matter first.
Yours Truly,
Dan Kaminsky, CISSP
Cisco Systems, Advanced Network Services
http://www.doxpara.com
I've read both the FreeBSD and OpenBSD looking for facts to support what is the best choice and only found OpenBSD claims for good security. From talking to people who use the BSD's more than I do I've heard FreeBSD is faster than OpenBSD on average. I've heard that FreeBSD is faster for running user applications and OpenBSD has faster networking code. Is this true and does the 2.8 release change any this?
Are there any plans to produce something like this? Something with a very simple user interface that is quick and easy to get set up? I'd love to play with OpenBSD and do it by hand but I simply do not have the time.
Oceania has always been at war with Eastasia.
From crypt(3) (OpenBSD 2.6):
The Blowfish version of crypt has 128 bits of salt in order to makebuilding dictionaries of common passwords space consuming. The initial
state of the Blowfish cipher is expanded using the salt and the password
repeating the process a variable number of rounds, which is encoded in
the password string. The maximum password length is 72. The final Blow-
fish password entry is created by encrypting the string ``OrpheanBehold-
erScryDoubt'' with the Blowfish state 64 times.
There is no "blowfish key" to keep secret. The password and the random salt are the key. If there were some "secret key", it wouldn't stay a secret very long -- the passwd(1) source would have to contain it, and you'd get it straight from the CVS server (or the CVS snapshot on the CDs).
A more interesting question, then, is whether it's possible to launch a known-plaintext attack to retrieve the key (and thus the password). The plaintext is in the man page that I quoted above, and the cyphertext is in the master password file. But I'm no cryptographer (I don't even pretend to be one), so I can't speculate on how feasible such a feat would be.
Why are there 25 free linuxes? Don't we only need one? And geez, what's with all of these operating systems in general? Wouldn't we be better off one, say Windows?
The BSD's are projects just like any other... They're developed with different mindsets, different goals. And since it's under all the BSD license... the leaders from any of the other BSD's can pick and choose from anything any other *BSD has done. So effort doesn't need to be wasted unless one has a better solution in mind, in which case it's not wasted after all.
Will OpenBSD ever support "role accounts" with the ability to perform very specific functions that would otherwise require superuser access?
I do not deploy Linux. Ever.
I do not belong in the spam.redirect.de domain.
With the effort underway by www.openpackages.com, and with the correlating efforts on the linux side by Connectiva to making a apt-rpm bridge, do you think it would be a good thing, from a security, and OS level point of view, to have a single type of package.
Does your team support the efforts towards a unified package structure?
Further down the road, if one package structure does develop for *BSD, would you also support an effort towards a common package from *BSD to linux?
Thanks for a great OS..
GPL'd web-based tradewars themed space game
-dB
"It if was easy to do, we'd find someone cheaper than you to do it."
Any advise for code auditers? Can you share any tips or techniques you have found useful in uncovering bugs? What do you first look for in a fresh piece of code? What about a mature piece of code?
Boxers or briefs ?
Elaborate.
How do you feel about the amount of publicity Linux has got in the press in the last couple of years, as opposed to the relatively low profile of the *BSDs?
11.0010010000111111011010101000100010000101101000
Soooo ... where's the best place to ski/snowboard??
:)
From what I've heard, multiprocessing support is going to be a very tricky thing to implement, because it gives rise to so many possible exploits, particularly with regards to race conditions. I also understand that it would take a remarkable amount of effort and time to rewrite much of the code base for SMP without compromising the OS's integrity.
With that in mind, what kind of resources would you need before you could seriously consider attempting dual or quad processor support? And, if you were given unlimited access to those resources, how long would it take before a -stable release would be ready? I would really like to see this feature get implemented, although I know that at this point your developer team is busy enough as it is.
Free music from Jack Merlot.
Thanks for OpenBSD, Theo. It runs my firewall.
I love the cute new version of the blowfish logo! From the file name, it looks like she's called "Sushi".
So my questions are (a) Who is the artist, and (b) When will there be a T-shirt with a picture of Sushi printed really big?
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
How about looking at tools to allow insecure software to be used without compromising the integrity of the system? The effort to produce a secure OS base is largely wasted if adding new programs trashes the security. It's nice to have an OS like OpenBSD as the basis for high security bits like firewalls, but it's never going to get beyond a niche market if the security evaporates the moment that desktop/workstation applications are installed. What kinds of things is OpenBSD doing to help make it easier for developers to make secure applications?
There's no point in questioning authority if you aren't going to listen to the answers.
I was wondering if you had any intention of making ISO images available for download any time soon. I personally think that part of Linux's appeal to the average person is the ability to easily burn a CD and give different distributions a try. Is the ISO thing just a money issue?
Have you considered the technical feasibility and nutritious benefits of a pizza donation form on the openbsd.org site? Perhaps powered through partnership with a local pizza joint?
One of the criticisms i've heard of OpenBSD - merited or not - is that it faces the past, and concentrates more on fixing an existing model than on exploring new opportunities. Do you see OpenBSD sticking with its 4.4BSD baseline for the forseeable future, or would you consider moving towards a post-UNIX model like Plan 9? And speaking of Plan 9, what do you think of the Plan 9 License, http://cm.bell-labs.com/plan9dist/license.html
Heh!
You're absolutely right, though. I completely forgot. Guess I need to brush up and do a "man foo".
Potato chips are a by-yourself food.
Will there ever be binary patches for security bugs found in OpenBSD? It would be more convenient than recompiling every time, I wouldn't need the extra disk space and it would save some time.
-jfedor
Microsoft have beaten them to it... some years ago they came out with this
I use my copy that was bought by the PHB to raise the height of my monitor - and it's been stable for years. Ironic?.
Theo--
First of all, I want to thank you for the hard work you've done building OpenBSD. It truly is a wonderful package.
Much of the security in OpenBSD lies under the hood in the work you've done cleansing the source of unsafe library calls. While this work is appreciated, I've become more and more concerned lately about the fact that these changes are not necessarily documented and certainly not reflected in the version number of an application or utility.
Version numbers reflect a snapshot in the life of a codebase. They're used to reference unsafe editions or particularly stable builds. Major number reflect code branches, but minor numbers reflect specific states of the code--such is the expectation of a user or an administrator when a version number is detected. Without granularity of versioning, I have no reason to trust or distrust a given application by its number; I must personally audit its source--and end up giving it a number of my own.
You and your team are code auditing masters. Rather than pollute the namespace by making indistinguishable your securely built modified code and the original(and, by extension, your secure code and numerous unnamed distributions' "just get it to compile" modifications), wouldn't it be appropriate for OpenBSD to apply a name extension to any package which it has modified, and in the interests of full disclosure, to provide a reasonable CHANGELOG of the fixes contained therein?
Yours Truly,
Dan Kaminsky, CISSP
DoxPara Research
http://www.doxpara.com
So what's are your favorite local ride (within about 3 hours of home)? What's your favorite ride overall, anywhere? And the obvious required question from one biker to another- What's your best carnage story? :)
Stay muddy,
Jason
I wouldn't say that it has a clunky interface, exactly, or a higher learning curve. What it has is actually a very simple and elegant interface which encourages and assists you in learning in depth about your system very rapidly. Admittedly, my first free Unix-like system that I installed was Debian GNU/Linux (Specifically, "slink"), and I thought it was pretty easy to do, and people are always bitching about that, so YMMV.
Regardless, I found the interface to be refreshingly simple, and it gave me a great deal of control over my system. I'm now completely addicted to OpenBSD. Sure, there are some things about Debian I miss, but there were things that I missed about Windows when I switched to Debian. And in both cases, I feel the benefits I get from the transition far outweigh the sacrifices I have to make.
The ports system goes a long way to making things easier, much as apt does with Debian. So I can browse with a graphical browser, I can use KDE if I want, I can use Dia, the Gimp, and most other programs I find important for doing work. The main thing that needs to be done to make OpenBSD just about perfect for me as a Workstation OS is to have more supported audio programs, and part of that could just be ignorance on my part.
Anyway, I've been using OpenBSD as my workstation OS for the past sixth months, and I've been very happy with it.
-Chocodile "Thud on top, I ate the chocodile." -from "Disseminated" by Soul Coughing
I've seen reports of estimated CD sales per release at being as high as 10000. Add in t-shirt/poster sales and donations and a relatively considerable sum of money is flowing around OpenBSD. Combine this with the fact that checks are to be written to Mr. de Raadt and I get curious as to how the finances are handled. Not that I'm suggesting any misappropriation is occurring, I would just like to know who is in charge of the money and whether or not the OpenBSD project is registered as a non-profit organization (and if it is then checks should be made out to - and the CD image should be copyrighted to - that organization). Also, I would like to see a small financial report put out (as would be required if it were a non-profit organization in Alberta) so that users can see where their money is going. Plus, I would also like know exactly how many CDs are sold per release.
I greatly appreciate the work that the OpenBSD project developers have put in, and I plan on continuing to use, purchase, and donate to OpenBSD (and maybe even contribute when I get the technical skills) regardless of the answer to this question: Where exactly does the money go?
Theo, Has any other development team approached you, asking you implement your model and technique of code auditing? Even Microsoft should be interested in it.
Also, are there any plans to integrate Biometric hardware support into OpenBSD, to get rid of the human factor somewhat? Biometric capable OpenSSH would be a good start... Biometric capable login software...
Thanks for your time,
The Lerfted One
Well, I must be one of the more insane OpenBSD users, since I believe that is the perfect OS for the laptop. My ability to use built in encryption with cfs and tcfs, makes it perfect for storing those company trade secrets, marketing data, sales info. Swap is encrypted as well. The atapiscsi CDR capability for ide is wonderful as well. My question is if you are going to continue to make OpenBSD laptop friendly? Thanks, Rob.
OpenBSD is widely recognized, both inside and outside of the hacker community, as being an incredibly secure, stable, and robust operating system. Yet when the TrustedBSD project was recently founded to create a *BSD that would eventually be certified for use in the most sensitive areas of the US Government, FreeBSD was used as a starting point. Why do you believe this decision was made? What argument would you make for (or against) the use of OpenBSD in such a case?
Anonymous Luddite: "What do you think of the dehumanizing effects of the Internet?"
Andy Grove: "Not Much."
Can someone explain to me the reason for all these different flavors of ice cream? I like it better when there was chocolate. or vanilla. but this country's gone to hell in a handbasket since they invented strawberry.
Free music from Jack Merlot.
Thanks for your work, Theo. I use OBSD every day as a workstation and as a firewall, and the Cop-chasing-script-kiddie t-shirt is the best.
If you could time warp back to the beginning of OpenBSD's development (ignoring the scism that brought you to that point), what would you do differently? Would you have chosen a more commercial focus? Pushed SMP development earlier? Run around in circles waving your hands in the air?
On another note, what's your feeling about commercial use of OpenBSD? i.e., do you support it, tolerate it, or what? (better example, I make a set-top box running OpenBSD, and I need the OS to do "X". If I called you and said, "Theo, I need OpenBSD to support 'X'", would I be told to piss up a rope, write it myself, or would the OpenBSD team do it for a price?)
Potato chips are a by-yourself food.
What do you think about Bruce Schneier saying "Security is a process, not a product." Is OpenBSD a secure product?
-... ---
I think its an issue of man power...
The site quotes: "The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security.
(No pun intended of course)
To what extent do you see OpenBSD using more graphical tools as part of the system and install? Newbies coming to Linux in the last year now have a range of handholding options that make security and other decisions on their behalf, often with little merit, along the lines of the 'let's keep it in line with the Windows-style experience'. Do you think OpenBSD should make any moves in this direction?
Very much looking forward to ordering 2.8.
========================================
Death will come, and will have your eyes
-- Pavese
I hate replying to what is probably a flamebait, but...
Writing Solid Code : Microsoft's Techniques for Developing Bug-Free C Programs by Steve Maguire is a good book on the subject. Ignoring the obvious anti-MS mindset of the original poster, this book has good techniques for any platform.
One of the books I rate higher then this is Steve McConnell's "Code Complete," which is also from MS Press. Maybe MS doesn't read their own books - but a lot of the are great.
Theo, what are your general thoughts on the other UNIX variants out there? Is Solaris too slow? Is IRIX waaay insecure?
Also, which UNIXes do you enjoy working with (other than OpenBSD)?
Tools like these already exist to somewhat prevent total system compromise through the compromise of one application. chroot and jail() are good examples, although I am uncertain whether OpenBSD has jail() (FreeBSD does, so it wouldn't be too much of a stretch to say OpenBSD does...).
Friends don't let friends use multiple inheritance.
Personal bias aside (heh), what considerations should a person take into account when chosing between OpenBSD and another free operating system which shall remain nameless?
Slashdot 's editors are dickheads
What is your intention for OpenBSD in the computing world? Most knowledgable people wouldn't doubt it is a great operating system and that it fits very well providing network services (I for one use it as a firewall, NAT router), but it's clunky interface (and higher learning curve) is keeping from being a top notch workstation (a la FreeBSD, Linux). Do you have any plans to increase OpenBSD's usability as a workstation type operating system? --Shamino
Butchers make the bestest meat; sugar sugar sugar beet!
I'm pretty sure that the core GNUstep developers would be interested in auditing their code for security. The question is how to educate third-parties on the auditing process. I'd be interested in knowing your thoughts on this.
Would it be possible to, say, make a very small, very simple (read: no optimizations) cc compiler written in assembly for each architecture, and compile gcc (or whatever our system compiler is) with this trivial compiler first? It seems to me that this would eliminate the problem of having to know whether the entire history of whatever code we were running was trojan-free or not. If this is in fact possible, is it something that you would be interested in having in OpenBSD? In any event, keep up the good work!
As someone who has used (and still uses) OpenBSD from time to time I have been extremely impressed with the security and the fact that it installs a "minimal" system that you can later build up.
However, as a person that deals with new entries into the use of open-source/free software on a regular basis, I have often wondered about the possibility of an easy to use/install version of OpenBSD. I realize in the past that the OpenBSD team has sort of shrugged off the ease of use idea as un-important when compared to the security issues, and that is all well and good for the primary drive of OpenBSD. However, as a person that would like to see people become more security concious (or at least aware of security as an issue), and a person that would love to see common desktop systems become far more secure, I have often wondered about developing a solid desktop system on top of OpenBSD.
My question is not whether or not you and the OpenBSD team would themselves do this. I believe you have addressed this in the past (with a resounding "not now"). But, I would be interested in whether you would support an effort to do this sort of project or not. If a group were established with the sole purpose of developing a desktop distribution based on OpenBSD (and auditing every line of the desktop applications as well as your current teams does the base system), would you look at that as a positive for OpenBSD, or a negative? Would you be willing to commicate with the individuals that would be attempting this, and occassionally help them out with coding issues if they asked? Or would you at least voice support for an effort such as this? Or would you flat out seperate "real" OpenBSD from any attempt to make it more "user friendly"?
I would be very interested in your response.
------------
Given the proliferation of cheap (ala CheapBytes) and free (from zedz, for example) ISO images of OpenBSD CDs, and the far more "available" nature of your *BSD and Linux competition, do you believe that your copyright (and through it, the official OpenBSD policies you've created) on the layout of the OpenBSD CD still warranted? Why?
-Ed Felix qui potuit rerum cognoscere causas.
Hi Theo,
First, thanks for your work. I use OpenBSD every day for both workstations and servers. It's hard to beat.
My question is: How did you get started with OS programming? I guess reading books(Such as The design and implementation of 4.4BSD by McKusick & Bostic) together with source is one way to start. But which path did you take and how would you recommend getting into the details, given a solid knowledge of C, application development etc is present?
Good luck in the future!
Would you and/or other members of the OpenBSD coders consider writing a book on secure, bug-free coding and auditing? Most programming books feature sample code that is written for pedagogical purposes. Quite often this runs contrary to how secure code should be written, leaving a gap in many a programmers knowledge. A book on audinting and how to avoid security pitfalls when coding would also make your life easier - less code to audit for OpenBSD, and more time top concentrate on nifty new features!!!
Chris
My question is, has the OpenBSD team ever proposed looking into how to create a 'secured ports' tree, or some other similar system, that would ensure that many of the applications people specifically want secure platforms like OpenBSD to run could be as trusted as the platforms themselves?
--
You are not alone. This is not normal. None of this is normal.
Theo,
I also am an avid rock climber and I was wondering what level you climb at and what you feelis your biggest climbing accomplishment. Do you do big wall or any mountaineering, or do you just do sport climbing and bouldering?
--neutrino
History has the relation to truth that theology has to religion-i.e. none to speak of. - Lazarus Long
Assuming you are speaking with someone who somewhat unfamiliar with OpenBSD, what would you say sets it apart from other operating systems? Why would it be preferable to *nixes or NT or whatever else someone could think of?
"...heroic hearts, made weak by time and fate, but strong in will, to strive, to seek, to find, and not to yield."
This probably has been commented a lot, and there are more issues than just pure technical ones for this not having happenned before. But, is there any thought on your part, of possibly more code sharing between the bsd's.
Maybe even creating an "architecture council" in which the core of each project would have a say on features that should/can/may be implemented on both kernel and userland?
This would not have to be a "you must do this" kinda thing, but rather and amicable forum to discuss new ideas and share implementations?
So what's your thought on this? do-able, possibility, of have i been smoking too much crack?
I guess I could be more specific
As a wise AC posted below, let's say I have a product in mind that uses OBSD as a base. However, in order to make the product more powerful, I needed the OBSD kernel to move from user-space threads to kernel threads.
If I offered the OBSD team $50K to move the kernel to that model, would they do it?
A more egregious example: in order to make my Whizzo Superdevice sell, I need OBSD to integrate a proprietary security algorithm within the kernel structure (for God-knows what reason -- it's an hypothetical, worst-case example). The kernel needs to support it, but the algorithm can't be distributed with the normal distribution. Would the OBSD team merge it into CVS (assuming I'm just a guy with a great idea but no coding "skillz")?
It would be a tough call for me, I know. I'm not terribly idealistic, and the $$$s might sway me -- I was wondering if Theo is immune or not.
Potato chips are a by-yourself food.
it's the first link on the page. why was this moderated so high?
Stallion Technologies offers embedded OpenBSD-based appliances, but there is little to no information regarding the building of such a device. It seems to me that OpenBSD would be great as a floppy-based firewall, and I can think of many other uses for a small-footprint/embedded version of OpenBSD. Does OpenBSD have any plans for providing consise documentation on the building of such a system? Barring this, does the OpenBSD project have any plans to document how the OS can be installed on a single floppy disk?
On a side note, is OpenBSD likely to ever head in the direction of being a distributed kernel? And, if so, how would security and resource management be maintained? (It's hard enough on a central kernel system.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
A lot of people know that OpenBSD forked from NetBSD, and there's still some animosity between the two groups. Personally, I think that the competition has helped both groups (NetBSD now ships with far fewer open services, for example).
Egos are delicate things, but do you see any chance for greater cooperation in the future, or do you see more forking and division as inevitable?
--
Forward, retransmit, or republish anything I say here. Just don't misquote me.
Given the desire to audit code before it makes it into OpenBSD, and the limited number of people who find joy in code audits, do you feel that OpenBSD will eventually end up so far behind to be eventually considered a historic footmark, like 386BSD?
Do you feel that others opinion of you hurts the progress of the OpenBSD project? (if honey attracts flies {bugs}, does your vinegar nature keep the bugs away?)
If it was said on slashdot, it MUST be true!
What do you think will be major Security improvements/features(kernel/base system) that are going to be added to OpenBSD?
Where is there still room for a lot of improvement? Also what are the goals of the OpenBSD project besides default Security?
"Mommy, mommy! The garbage man is here!" "Well, tell him we don't want any!" -- Groucho Marx