Slashdot Mirror
Ask Theo de Raadt about OpenBSD
OpenBSD 2.8 was released today, so this seemed like a good time to ask project leader Theo de Raadt about OpenBSD -- or anything else. He's a rather colorful person; a pizza eater, kernel hacker, and devout rock climber, so even though this is a big day for OpenBSD you might want to discuss a few other things with Theo, too. We'll choose about 10 of the highest-moderated questions and e-mail them to him shortly after noon (US EST) tomorrow. His answers will appear next week.
I have only been using OpenBSD for a short while now, so forgive me if this question is based upon some incorrect assumtions.
OpenBSD's kernel design seems to be of the monolithic species. OpenVMS (no relation) and NT are two prominent operating systems that use a microkernel archetecture. The microkernel design seems to me to be fundamentally more secure, since there is less priveledged code. Further, if one of the servers is compromised, the damage is minimezed.
My question is this: Is the OpenBSD design fundamentally secure, or is it only a very well done implementation of a basically flawed design?
Yes, I'm still a junky. Are you still a bitch?
Did the drive to audit code come from the need or the design of BSD? Or was it initially a whim? More imporantly, where did you learn it from? Is their some "mentor" you looked too for ridge design? I have to admire your team's daunting code reviewing...I wonder if I'll ever have that kind of meticulous coding nature.
More realistically, the amounts get diminished in two obvious ways:
What doesn't get sold transforms magically into "pieces of chad" that aren't being fought over by Floridan electoral officials, but which rather cost that $5, and result in zero input of cash.
I'd be surprised if Theo's seeing as much as $100K of "positive" cash flow, all in all. If he's seeing more than that, bully for him; it's not as if he hasn't put in a lot of work that resulted in that.
As for your suggestion that it would be slick to have a "charity" to handle the money, while part of me agrees, there's definitely room for duality here.
What I would like to see is for people to take the action of Just Plain Giving Out Gifts to developers that they want to give money to. No "charitable contribution;" no "tax deduction."
One might think that this is a losing proposition, as there's "no deduction." To the contrary, if there's that deduction, on your side, then the money must be treated as a taxable income on the part of those that receive it as income.
It's worse than that; employment income involves deductions, which means that lots of the money gets eaten up by taxation.
In contrast, if you give someone $50 a gift of your after-tax income, it may not be deductible in your hands, but should correspondingly not be taxable in their hands. If someone received $40K in nontaxable gifts, that might well be as good as receiving $60K in taxable income...
Food for thought...
If you're not part of the solution, you're part of the precipitate.
Theo, would you prefer anchovies or black olives on your pizza?
----------------------------
-----------------------
Moderator's essentials
Hi Theo,
Do you think your once overzealous (now calmed) ego is still hurting OpenBSD? Or has time calmed the fires?
In the early days the open fighting between the NetBSD (we won't take changes until hell freezes over) and the OpenBSD (we are the best, you suck) camps was pretty unattractive, to say the least.
--- I do not moderate.
What's your take on Apple putting a BSD-layer in their forthcoming Mac OS X? What effect do you see this having on the BSD community & your own distribution in particular?
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
I've read both the FreeBSD and OpenBSD looking for facts to support what is the best choice and only found OpenBSD claims for good security. From talking to people who use the BSD's more than I do I've heard FreeBSD is faster than OpenBSD on average. I've heard that FreeBSD is faster for running user applications and OpenBSD has faster networking code. Is this true and does the 2.8 release change any this?
Are there any plans to produce something like this? Something with a very simple user interface that is quick and easy to get set up? I'd love to play with OpenBSD and do it by hand but I simply do not have the time.
Oceania has always been at war with Eastasia.
With the effort underway by www.openpackages.com, and with the correlating efforts on the linux side by Connectiva to making a apt-rpm bridge, do you think it would be a good thing, from a security, and OS level point of view, to have a single type of package.
Does your team support the efforts towards a unified package structure?
Further down the road, if one package structure does develop for *BSD, would you also support an effort towards a common package from *BSD to linux?
Thanks for a great OS..
GPL'd web-based tradewars themed space game
Any advise for code auditers? Can you share any tips or techniques you have found useful in uncovering bugs? What do you first look for in a fresh piece of code? What about a mature piece of code?
Boxers or briefs ?
Elaborate.
From what I've heard, multiprocessing support is going to be a very tricky thing to implement, because it gives rise to so many possible exploits, particularly with regards to race conditions. I also understand that it would take a remarkable amount of effort and time to rewrite much of the code base for SMP without compromising the OS's integrity.
With that in mind, what kind of resources would you need before you could seriously consider attempting dual or quad processor support? And, if you were given unlimited access to those resources, how long would it take before a -stable release would be ready? I would really like to see this feature get implemented, although I know that at this point your developer team is busy enough as it is.
Free music from Jack Merlot.
Theo--
First of all, I want to thank you for the hard work you've done building OpenBSD. It truly is a wonderful package.
Much of the security in OpenBSD lies under the hood in the work you've done cleansing the source of unsafe library calls. While this work is appreciated, I've become more and more concerned lately about the fact that these changes are not necessarily documented and certainly not reflected in the version number of an application or utility.
Version numbers reflect a snapshot in the life of a codebase. They're used to reference unsafe editions or particularly stable builds. Major number reflect code branches, but minor numbers reflect specific states of the code--such is the expectation of a user or an administrator when a version number is detected. Without granularity of versioning, I have no reason to trust or distrust a given application by its number; I must personally audit its source--and end up giving it a number of my own.
You and your team are code auditing masters. Rather than pollute the namespace by making indistinguishable your securely built modified code and the original(and, by extension, your secure code and numerous unnamed distributions' "just get it to compile" modifications), wouldn't it be appropriate for OpenBSD to apply a name extension to any package which it has modified, and in the interests of full disclosure, to provide a reasonable CHANGELOG of the fixes contained therein?
Yours Truly,
Dan Kaminsky, CISSP
DoxPara Research
http://www.doxpara.com
I've seen reports of estimated CD sales per release at being as high as 10000. Add in t-shirt/poster sales and donations and a relatively considerable sum of money is flowing around OpenBSD. Combine this with the fact that checks are to be written to Mr. de Raadt and I get curious as to how the finances are handled. Not that I'm suggesting any misappropriation is occurring, I would just like to know who is in charge of the money and whether or not the OpenBSD project is registered as a non-profit organization (and if it is then checks should be made out to - and the CD image should be copyrighted to - that organization). Also, I would like to see a small financial report put out (as would be required if it were a non-profit organization in Alberta) so that users can see where their money is going. Plus, I would also like know exactly how many CDs are sold per release.
I greatly appreciate the work that the OpenBSD project developers have put in, and I plan on continuing to use, purchase, and donate to OpenBSD (and maybe even contribute when I get the technical skills) regardless of the answer to this question: Where exactly does the money go?
Thanks for your work, Theo. I use OBSD every day as a workstation and as a firewall, and the Cop-chasing-script-kiddie t-shirt is the best.
If you could time warp back to the beginning of OpenBSD's development (ignoring the scism that brought you to that point), what would you do differently? Would you have chosen a more commercial focus? Pushed SMP development earlier? Run around in circles waving your hands in the air?
On another note, what's your feeling about commercial use of OpenBSD? i.e., do you support it, tolerate it, or what? (better example, I make a set-top box running OpenBSD, and I need the OS to do "X". If I called you and said, "Theo, I need OpenBSD to support 'X'", would I be told to piss up a rope, write it myself, or would the OpenBSD team do it for a price?)
Potato chips are a by-yourself food.
Theo, what are your general thoughts on the other UNIX variants out there? Is Solaris too slow? Is IRIX waaay insecure?
Also, which UNIXes do you enjoy working with (other than OpenBSD)?
Would it be possible to, say, make a very small, very simple (read: no optimizations) cc compiler written in assembly for each architecture, and compile gcc (or whatever our system compiler is) with this trivial compiler first? It seems to me that this would eliminate the problem of having to know whether the entire history of whatever code we were running was trojan-free or not. If this is in fact possible, is it something that you would be interested in having in OpenBSD? In any event, keep up the good work!
As someone who has used (and still uses) OpenBSD from time to time I have been extremely impressed with the security and the fact that it installs a "minimal" system that you can later build up.
However, as a person that deals with new entries into the use of open-source/free software on a regular basis, I have often wondered about the possibility of an easy to use/install version of OpenBSD. I realize in the past that the OpenBSD team has sort of shrugged off the ease of use idea as un-important when compared to the security issues, and that is all well and good for the primary drive of OpenBSD. However, as a person that would like to see people become more security concious (or at least aware of security as an issue), and a person that would love to see common desktop systems become far more secure, I have often wondered about developing a solid desktop system on top of OpenBSD.
My question is not whether or not you and the OpenBSD team would themselves do this. I believe you have addressed this in the past (with a resounding "not now"). But, I would be interested in whether you would support an effort to do this sort of project or not. If a group were established with the sole purpose of developing a desktop distribution based on OpenBSD (and auditing every line of the desktop applications as well as your current teams does the base system), would you look at that as a positive for OpenBSD, or a negative? Would you be willing to commicate with the individuals that would be attempting this, and occassionally help them out with coding issues if they asked? Or would you at least voice support for an effort such as this? Or would you flat out seperate "real" OpenBSD from any attempt to make it more "user friendly"?
I would be very interested in your response.
------------
Given the proliferation of cheap (ala CheapBytes) and free (from zedz, for example) ISO images of OpenBSD CDs, and the far more "available" nature of your *BSD and Linux competition, do you believe that your copyright (and through it, the official OpenBSD policies you've created) on the layout of the OpenBSD CD still warranted? Why?
-Ed Felix qui potuit rerum cognoscere causas.
Hi Theo,
First, thanks for your work. I use OpenBSD every day for both workstations and servers. It's hard to beat.
My question is: How did you get started with OS programming? I guess reading books(Such as The design and implementation of 4.4BSD by McKusick & Bostic) together with source is one way to start. But which path did you take and how would you recommend getting into the details, given a solid knowledge of C, application development etc is present?
Good luck in the future!
Would you and/or other members of the OpenBSD coders consider writing a book on secure, bug-free coding and auditing? Most programming books feature sample code that is written for pedagogical purposes. Quite often this runs contrary to how secure code should be written, leaving a gap in many a programmers knowledge. A book on audinting and how to avoid security pitfalls when coding would also make your life easier - less code to audit for OpenBSD, and more time top concentrate on nifty new features!!!
Chris
My question is, has the OpenBSD team ever proposed looking into how to create a 'secured ports' tree, or some other similar system, that would ensure that many of the applications people specifically want secure platforms like OpenBSD to run could be as trusted as the platforms themselves?
--
You are not alone. This is not normal. None of this is normal.
Theo,
I also am an avid rock climber and I was wondering what level you climb at and what you feelis your biggest climbing accomplishment. Do you do big wall or any mountaineering, or do you just do sport climbing and bouldering?
--neutrino
History has the relation to truth that theology has to religion-i.e. none to speak of. - Lazarus Long
This probably has been commented a lot, and there are more issues than just pure technical ones for this not having happenned before. But, is there any thought on your part, of possibly more code sharing between the bsd's.
Maybe even creating an "architecture council" in which the core of each project would have a say on features that should/can/may be implemented on both kernel and userland?
This would not have to be a "you must do this" kinda thing, but rather and amicable forum to discuss new ideas and share implementations?
So what's your thought on this? do-able, possibility, of have i been smoking too much crack?
On a side note, is OpenBSD likely to ever head in the direction of being a distributed kernel? And, if so, how would security and resource management be maintained? (It's hard enough on a central kernel system.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
A lot of people know that OpenBSD forked from NetBSD, and there's still some animosity between the two groups. Personally, I think that the competition has helped both groups (NetBSD now ships with far fewer open services, for example).
Egos are delicate things, but do you see any chance for greater cooperation in the future, or do you see more forking and division as inevitable?
--
Forward, retransmit, or republish anything I say here. Just don't misquote me.
What do you think will be major Security improvements/features(kernel/base system) that are going to be added to OpenBSD?
Where is there still room for a lot of improvement? Also what are the goals of the OpenBSD project besides default Security?
"Mommy, mommy! The garbage man is here!" "Well, tell him we don't want any!" -- Groucho Marx