Theo de Raadt Responds

Here you go: straight answers to your questions from Theo de Raadt of OpenBSD. Read, enjoy, and comment away. (Theo might even check in with a comment or two of his own if he has time -- although he's been awfully busy lately, so please don't hold it against him if he can't, okay?)

A book on code auditing?
by LizardKing

Would you and/or other members of the OpenBSD coders consider writing a book on secure, bug-free coding and auditing? Most programming books feature sample code that is written for pedagogical purposes. Quite often this runs contrary to how secure code should be written, leaving a gap in many a programmers knowledge. A book on audinting and how to avoid security pitfalls when coding would also make your life easier - less code to audit for OpenBSD, and more time top concentrate on nifty new features!!!

Theo:

There is perhaps a split between the two issues you bring up. On the one side is secure coding, as in code written to be secure by the original author(s). On the other side, auditing, which is where an outsider (or an insider) later on goes and tries to clean up the mess which remains. And there is always a mess. Perhaps part of the problem is that a huge gap lies between these two. In the end though, I think that a book on such a topic would probably have to repeat the same thing every second paragraph, throughout the book: Understand the interfaces which you are coding to! Understand the interfaces which you are coding to! Most of the security (or simply bug) issues we audited out of our source tree are just that. The programmer in question was a careless slob, not paying attention to the interface he was using. The repeated nature of the same classes of bugs throughout the source tree, also showed us that most programmers learn to code by (bad) examples. A solid systems's approach should not be based on "but it works". Yet, time and time again, we see that for most people this is the case. They don't care about good software, only about "good enough" software. So the programmers can continue to make such mistakes. Thus, I do not feel all that excited about writing a book which would simply teach people that the devil is in the details. If they haven't figured it out by now, perhaps they should consider another occupation (one where they will cause less damage).

Making the rest secure
by squiggleslash

OpenBSD has a well deserved reputation for security "out of the box" and for the fact the inbuilt tools are as secure as they're ever likely to be. However, the Ports system is, perhaps, an example of where the secure approach currently has limitations - an installation of OpenBSD running popular third-party systems like INN can only be so secure because the auditing of INN, and other such software, is outside the scope of the BSD audit.

My question is, has the OpenBSD team ever proposed looking into how to create a 'secured ports' tree, or some other similar system, that would ensure that many of the applications people specifically want secure platforms like OpenBSD to run could be as trusted as the platforms themselves?

Theo:

We have our hands already pretty full, just researching new ideas in our main source tree, which is roughly 300MB in size. We also lightly involved ourselves in working with the XFree86 people a while back for some components there. Auditing the components outside of this becomes rather unwieldly. The difficulty lies not only in the volume of such code, but also in other issues. Sometimes communication with the maintainers of these other packages is difficult, for various reasons. Sometimes they are immediately turned off because we don't use the word Linux. Some of these portable software packages are by their nature never really going to approach the quality of regular system software, because they are so bulky.

But most importantly, please remember that we are also human beings, trying to live our lives in a pleasant way, and don't ussually get all that excited about suddenly burning 800 hours in some disgusting piece of badly programmer trash which we can just avoid running. I suppose that quite often some of our auditors look at a piece of code and go "oh, wow, this is really bad", and then just avoid using it. I know that doesn't make you guys feel better, but what can we say...

OpenBSD, security, et al.
by jd

With the release of SGI's B1 code, and the attempts by many U*ixen to secure their contents via capabilities, ACL's, etc, ad nausium, how is OpenBSD approaching the issue of resource control?

On a side note, is OpenBSD likely to ever head in the direction of being a distributed kernel? And, if so, how would security and resource management be maintained? (It's hard enough on a central kernel system.)

Theo:

On the first question, I think there is great confusion in the land of Orange Book. Many people think that is about security. It is not. Largely, those standards are about accountability in the face of threat. Which really isn't about making systems secure. It's about knowing when your system's security breaks down. Not quite the same thing. Please count the commercially deployed C, B, or even A systems which are actually being used by real people for real work, before foaming at the mouth about it all being "so great". On the other hand, I think we wil see if some parts of that picture actually start to show up in real systems, over time. By the way, I am surprised to see you list ACLs, which don't really have anything to do with B1 systems.

As to the second issue, I have no idea what a distributed kernel is, nor do I see how anything like that would improve security or quality of a system.

Forks and cooperation
by PapaZit

A lot of people know that OpenBSD forked from NetBSD, and there's still some animosity between the two groups. Personally, I think that the competition has helped both groups (NetBSD now ships with far fewer open services, for example).

Egos are delicate things, but do you see any chance for greater cooperation in the future, or do you see more forking and division as inevitable?

Theo:

Considering that NetBSD has maintained a black-hole route to the OpenBSD project networks for roughly four years, I don't see how any cooperation at higher levels are possible. However, there are developers who work on multiple projects. Some of them used to complain about having troubles from various groups. Nowadays, I think they've got it easier. Politics do not dictate developer relationships these days.

In Linux land, it appears that projects fork for financial reasons. In BSD land, it appears that the forks that have happened were purely political reasons. I don't know what will happen. It's been 5 years since the last fork in the BSD camp. Why are you guys so fork paranoid? Do you want everyone to vote for the same political party, too?

Kernel design
by laertes

I have only been using OpenBSD for a short while now, so forgive me if this question is based upon some incorrect assumtions.

OpenBSD's kernel design seems to be of the monolithic species. OpenVMS (no relation) and NT are two prominent operating systems that use a microkernel archetecture. The microkernel design seems to me to be fundamentally more secure, since there is less priveledged code. Further, if one of the servers is compromised, the damage is minimezed.

My question is this: Is the OpenBSD design fundamentally secure, or is it only a very well done implementation of a basically flawed design?

Theo:

I don't think it makes any difference, whatsoever. I think your computer science teachers are still teaching you from books written in the 80's, when the word "micro-kernel" was associated with a future utopia. We do not think that NT is a microkernel, and are you really so sure that OpenVMS is? A microkernel is not a kernel that does things through loadable modules. As well, I don't think it makes any difference, as long as a system does what it is supposed to do.

Where Did You Learn Your Code Audit Discipline?
by EXTomar

Did the drive to audit code come from the need or the design of BSD? Or was it initially a whim? More imporantly, where did you learn it from? Is their some "mentor" you looked too for ridge design? I have to admire your team's daunting code reviewing...I wonder if I'll ever have that kind of meticulous coding nature.

Theo:

The auditing process developed out of a desire to improve the quality of our operating system. Once we started on it, it becames fascinating, fun, and very nearly fanatical. About ten people worked together on it, basically teaching ourselves as things went along. We searched for basic source-code programmer mistakes and sloppiness, rather than "holes" or "bugs". We just kept recursing through the source tree everytime we found a sloppiness. Everytime we found a mistake a programmer made (such as using mktemp(3) in such a way that a filesystem race occured), we would go throughout the source tree and fix ALL of them. Then when we fix that one, we would find some other basic mistake, and then fix ALL of them. Yes, it's a lot of work. But it has a serious payback. Can you imagine if a Boeing engineer didn't fix ALL of the occurances of a wiring flaw? Why not at least try to engineer software in the same way?

Firewall/NAT box
by yamla

Linux has FreeSco, a product that fits on a 3.5 inch floppy disk and acts as a router and NAT (Network Address Translation). I always thought something like this would be ideal for OpenBSD. After all, I would rather trust OpenBSD than Linux for this.

Are there any plans to produce something like this? Something with a very simple user interface that is quick and easy to get set up? I'd love to play with OpenBSD and do it by hand but I simply do not have the time.

Theo:

I must say that I am not a fan of these floppy-based routers. Essentially, you are taking one of the most unreliable pieces of storage known to man, and trying to build security infrastructure on it. That's madness. Just buy a small disk. Perhaps somethings based on a CD plus some other (non-floppy) persistant storage might be sane. But please. Not floppies. Are you mad?

Code-auditing
by AT

Any advise for code auditers? Can you share any tips or techniques you have found useful in uncovering bugs? What do you first look for in a fresh piece of code? What about a mature piece of code?

Theo:

I suppose the biggest tip would be to become a better programmer. In particular, study what functions that programs are calling, and ensure that the calling code is following the rules of those functions 100%. How many of you understand the complete & correct semantics of every function in libc, or even just the libc functions being called by the program you are looking? (I mean, we went through our entire source tree, and about half the strncat() and strncpy() calls were subtly wrong, even if it only meant they copied a character extra and then zero'd it out -- it is still sloppy).

When you know exactly what the APIs are, you'll spot the bugs very easily. In my mind, it is the same as any other job that requires diligence. Be careful. Humans learn from examples, and yet, in this software programming environment, the tremendous complexity breeds non-obvious mistakes, which we carry along with us, and copy into new chunks of code. We've even found in manual pages where functions were mis-described, and when we found those, lots of programmers had followed the instructions incorrectly...

Dual Processor Support
by dragonfly_blue

Although there has been some indication that people are interested in running OpenBSD on machines with dual or quad processors, it appears that there are not enough resources and volunteers available to make this a reality. Although I use OpenBSD for my web server, I am by no means an expert, at this, but I'm curious nonetheless.

From what I've heard, multiprocessing support is going to be a very tricky thing to implement, because it gives rise to so many possible exploits, particularly with regards to race conditions. I also understand that it would take a remarkable amount of effort and time to rewrite much of the code base for SMP without compromising the OS's integrity.

With that in mind, what kind of resources would you need before you could seriously consider attempting dual or quad processor support? And, if you were given unlimited access to those resources, how long would it take before a -stable release would be ready? I would really like to see this feature get implemented, although I know that at this point your developer team is busy enough as it is.

Theo:

At this time, we are not working on SMP. It's a lot of work, and not considered the most interesting thing to our developers. Sorry.

Time warp
by rho

Thanks for your work, Theo. I use OBSD every day as a workstation and as a firewall, and the Cop-chasing-script-kiddie t-shirt is the best.

If you could time warp back to the beginning of OpenBSD's development (ignoring the scism that brought you to that point), what would you do differently? Would you have chosen a more commercial focus? Pushed SMP development earlier? Run around in circles waving your hands in the air?

On another note, what's your feeling about commercial use of OpenBSD? i.e., do you support it, tolerate it, or what? (better example, I make a set-top box running OpenBSD, and I need the OS to do "X". If I called you and said, "Theo, I need OpenBSD to support 'X'", would I be told to piss up a rope, write it myself, or would the OpenBSD team do it for a price?)

Theo:

The licence on our code is pretty clear. We want vendors to use our code. We want commercial operating systems to ship with OpenSSH. Not shipping with an SSH varient causes great grief, and it is time that ends.

Same goes for OpenBSD. We would prefer if companies building commercial network appliances used OpenBSD, rather than writing their own operating systems. Typically, these companies are very comfortable with solving the problems within their application space. Yet, there is a history of these companies writing their own cruddy operating systems, and at the same time writing worse applications.

It would be better if routers, firewalls, telephone switches, fileservers, and whatever else used reliable components, designed by people who care.

So go ahead, use any parts of OpenBSD as parts of commercial systems.

Full Disclosure And Version Numbering
by Effugas

First of all, I want to thank you for the hard work you've done building OpenBSD. It truly is a wonderful package.

Much of the security in OpenBSD lies under the hood in the work you've done cleansing the source of unsafe library calls. While this work is appreciated, I've become more and more concerned lately about the fact that these changes are not necessarily documented and certainly not reflected in the version number of an application or utility.

Version numbers reflect a snapshot in the life of a codebase. They're used to reference unsafe editions or particularly stable builds. Major number reflect code branches, but minor numbers reflect specific states of the code -- such is the expectation of a user or an administrator when a version number is detected. Without granularity of versioning, I have no reason to trust or distrust a given application by its number; I must personally audit its source -- and end up giving it a number of my own.

You and your team are code auditing masters. Rather than pollute the namespace by making indistinguishable your securely built modified code and the original(and, by extension, your secure code and numerous unnamed distributions' "just get it to compile" modifications), wouldn't it be appropriate for OpenBSD to apply a name extension to any package which it has modified, and in the interests of full disclosure, to provide a reasonable CHANGELOG of the fixes contained therein?

Theo:

Two numbers exist for every component of OpenBSD. One number is the release that the piece came in, ie. 2.8.

The other number exists in each source file that was built. And that number is also in each binary that was built from those files. You can use the what(1) command to determine the revisions of source files which make up each binary.

As to the "original" you talk about, there is no original. OpenBSD uses it's own components. I don't know what packages you are talking about. cat is cat. ftpd is ftpd. tar is tar. It's the one that came with a certain release. In the systems approach, the version numbering that other groups do is sometimes invalid, because pieces (such as libraries) are all part of the picture.

Was the last plane you were on using front wheel version 2.7 or 2.9? You don't care. You do however care greatly that a "systems approach" was used to ensure that it was whole. And in the OpenBSD case, that means pick a version, and install the patches.

Asking for more means that you want us to do less work on the system, and more version numbering.

Where does the money go?
by MrSparkler

I've seen reports of estimated CD sales per release at being as high as 10000. Add in t-shirt/poster sales and donations and a relatively considerable sum of money is flowing around OpenBSD. Combine this with the fact that checks are to be written to Mr. de Raadt and I get curious as to how the finances are handled. Not that I'm suggesting any misappropriation is occurring, I would just like to know who is in charge of the money and whether or not the OpenBSD project is registered as a non-profit organization (and if it is then checks should be made out to - and the CD image should be copyrighted to - that organization). Also, I would like to see a small financial report put out (as would be required if it were a non-profit organization in Alberta) so that users can see where their money is going. Plus, I would also like know exactly how many CDs are sold per release.

I greatly appreciate the work that the OpenBSD project developers have put in, and I plan on continuing to use, purchase, and donate to OpenBSD (and maybe even contribute when I get the technical skills) regardless of the answer to this question: Where exactly does the money go?

Theo:

We've not yet sold 10,000 CDs in a release. Hopefully we will soon. The project ends up with a bit less than 50% of the revenues from CD sales. The tshirt business is doing OK, but you make a lot less selling textiles. With posters we operate just above break-even. Even though some are sold on the web, most turn out to be free handouts at most conferences. That is how I planned the posters to operate.

We have thought about becoming a non-profit organization, but it is not really a good idea. It would not provide any real benefit -- to you -- as the masses. Especially in Canada, there are costs and serious responsibilities associated with doing such a thing. We would be giving up a lot of freedom, and would need to hire someone to do a lot of accounting. Also, since many of our donations come from outside Canada, we still could not really generate taxable benefits to you. (And I must ask, why are people so cheap, that they only give donations when it provides a partial reduction in their taxes, rather than a real donation? I actually find that pretty fake.)

Money from the project goes to various things. First off, it ensures that I can work full time on OpenBSD, and not need another job. I am also hoping to do the same for other developers in the project, who have indicated that they are interested in doing so. Secondly, certain grimey, unenjoyable, and very important development tasks sometimes put a bit of money in developer pockets. Some OpenSSH work was funded by matching OpenBSD money against donations from a Van Dyke. Thirdly, the project buys a fair amount of hardware: In powerpc land alone, 4 machines this year. Fourth, shipping costs to conferences sometimes severely cut into profits from sales. And finally, when developers get together to do hacking, project money sometimes pays for various things, like airplane tickets, accomodation, and sometimes even some beer. And beer results in ideas, which results in new code.

--------------

Before you ask: yes, we'll be doing Slashdot interviews with people from other *BSD projects in the near future - Robin

Re:But he doesnt follow his own advice

I got the same impression. What is with the attitude? I thought the question about producing a book was an excellent idea. There are always students wanting to learn the things that Theo does everyday but instead of trying to teach others these skills they get the brush off. From his arguement, why produce any books at all? Everything that's contained in a book people have figured out on there own so if your not smart enough to think of it, tough luck bud.

Are you retarded?

This has nothing to do with email bombs. This has to do with wanting to get the last word in. He is trying to subvert email filters through the use of anon remailers. What's so hard to understand about this?

Re:But he doesnt follow his own advice

As an OpenBSD user who also reads /. (along with seveal other Linux -or- BSD oriented web sites) and its interviews, I was thinking this past summer that if /. interviewed Theo, it would suck. I was dreading Theo's interview, hoping it would not happen. Not because of Theo, but because of the /. community. A community that is by and large linux centric and generally lacking knowledge of BSDs. Someone would certainly over scrutinize and search for something that would slight or insult them. And find it, and make themselves believe it exists, and post something just inflammatory enough to turn people off.

In the end, I felt an interview would not *help* the OpenBSD community really, because someone would find fault in *something* and draw it out, enhance it, to really no good point at all. Well, it seems that CyberKNet's post is a nice example of that. It's classic /. style of find some insignificant error (that is in itself debateable) and make it some felony.

You think his answers were belittling? Look at your questions, for crying out loud:

LizardKing's Q on a code auditing book--Answered on the OBSD newsgroup already. Search deja.

Making Ports Secure--Gee, let's ask a question to the person resonsible for OS security about ALL program security that might run on the OS. iow, if there was an interview with Linus, it would be like asking him why perl on some Linux distributions had a security hole because the developers were stupid enough to hard code /usr/bin/mail when they compiled it.

B1 and OpenBSD Q--Asked and answered when Trusted BSD came out. Search deja and misc.

Working with other BSD distributions--Communication is a two way road. Look, this is a silly question to ask, not because of the question, but because the answer is so readily apparant. The comments by the NetBSD and FreeBSD groups as well as users is plain to see on the newsgroups, on web pages, etc. It's all *very* public.

SMP and dual-processor support--Search the mailing lists. Asked and answered.

Version numbering--Already addressed when there were comments about the lack of a stable branch in OBSD.

$ issues--Lovely. As if that wasn't an insulting question.

The "I don't want to teach you" mentality is really the "No, I don't want to feed you with a spoon." No one, including the moderators, checked to see if these questions were asked and answered by simply grepping an email archive. No Linux user in the community is going to point out that, "Hey, last year or so, there was a posting on a Debian mailing list about developers getting sick of answering lame questins too."

As to the BSD and Linux community differences, well, they are different communities. I moved away from Linux because the communities just got bogged down *for my tastes*. My take is that the Linux community is *incredibly* ignorant of the BSD community, not vice versa.

filtering by FreeBSD/NetBSD

> Considering that NetBSD has maintained
> a black-hole route to the OpenBSD
> project networks for roughly four years,

Those who do not familiar with Mr. Theo de Raadt's usual action about BSDs should know the following history about the mail filtering.

• not only NetBSD, but also FreeBSD maintain such filtering.
• the reason why the filtering exists is that Mr. de Raadt made threat that he will send mail bomb, and he never retract that. You can confirm this by mailing list archive of FreeBSD or NetBSD.
• NetBSD doesn't maintain a black-hole route to the OpenBSD project networks, but did make a black-hole route to Mr. de Raadt's network. Other OpenBSD developer should not have problem, and there are many developers who have both OpenBSD and NetBSD developers' account. For example, one of NetBSD's core member is a OpenBSD's developer.

This issue is once raised by a OpenBSD developer in DaemonNews forum which has neutral position between FreeBSD, NetBSD and OpenBSD, and its conclusion is that the forum should never have posted the topic. I don't know why Mr. de Raadt mentioned this filtering again in slashdot. Perhaps He'd like to show that he is still ready to post mail bomb to FreeBSD/NetBSD mailing list?

Re:filtering by FreeBSD/NetBSD

[scrytch]

> I'm NetBSD user. I won't tell you whether there is 140, 1400 or 14000 NetBSD users because I don't really know ...

YHBT. HAND. This guy you responded to is a troll who posts the exact same post in every single BSD article. Just ignore him, he's just another reason I normally browse at threshold 2 til I get bored.

--

Re:filtering by FreeBSD/NetBSD

[EverCode]

You forgot about Mac OS X

;-P

Re:filtering by FreeBSD/NetBSD

[net-fu]

If you're scared of spamming and mail bombing, stay off the internet. Frankly, any good admin worth his salt would want to see how his boxes stand up under such a load, rather than be a big weenie and run away from a fight.

So what I read is: Theo threatened to mailbomb, and didn't? Link to mail thread

Just bizarre. Frankly there are a lot of high horses out there. OpenBSD is a good system. I'm not a big fan of BSD, but I encourage people to use OpenBSD just to try it and learn. (I did run it for a while on a sparc and it ran better than linux on that box.)

Every OS has it's place. OpenBSD is just canadian and has balls (big encrypted balls.) It's neat and it ships with things like ssh out of the box.

I'm just very depressed lately (lately being a long time now) of hate-mailers and winers on slashdot--- the people who write the software (free) that we use (quality) often don't get the respect they deserve.

Anyway, that's my 2 cents.

Re:filtering by FreeBSD/NetBSD

[wjw]

Industry analysts have concluded that *BSD is declining. Let's look at the numbers.

I'm NetBSD user. I won't tell you whether there is 140, 1400 or 14000 NetBSD users because I don't really know. I can tell you that the number isn't declining - how did you draw such conclusion?

I haven't heard of BSD being sick - in fact we are having lots of fun writing BSD code.

Re:filtering by FreeBSD/NetBSD

[espo812]

First, Usenet posts don't count how many people are using an OS. I understand OpenBSD specifically does a lot on mailing lists.

Second, FreeBSD did not go out of buisness. Walnut Creek was bought by BSDi. Walnut Creek simply sold copies of FreeBSD on CD. Conversely, FreeBSD is still here (not owned by anyone), and doing just fine.

Re:Theo: Version Number Specifics

This has been discussed on the OpenBSD mailing lists. Theo is quite disingenuous when he claims the he wants people to "use his code". He has said in so many words that he really only wants OpenBSD to use his code. The versioning discrepancies are intentional on his part to make it difficult for third parties to track OpenBSD. I'm sorry that I must resort to ad hominum attack, but in Theo's case it's warranted: Theo is a paranoid twit. For example he thinks he "owns" OpenSSH. When a third party started a web site devoted to OpenSSH Theo started a fight over who owned the domain and threatened legal action. He is deathly afraid of other projects "stealing" his code. If you want to truly understand his bizarre mind, you have to read the mailing lists where he lets his true nature be known. Don't fall for his phony public PR persona. As is well known to most members of the *BSD community, Theo has serious problems.

Re:Missing the point on floppy-based routers?

[Alex]

"The hardware advantage of a system without a hard disk is the reduction of heat generation, meaning they're easier to put in heat-hostile environments like telephone closets. System upgrades are a snap, since you just move the disk to another platform."

And what are floppy disks are senstive to what?

Oh heat.....

Re:Theo and Microkernels

[X]

First off, most security holes that I hear about tend NOT to be in the OS kernel's themselves, but rather userland software. The assumption that having more or less code running in the kernel changes security in any kind of a significant way is incorrect.

Secondly, pay attention to what Theo is saying: most security problems come from incorrect use of interfaces. In the microkernel world, you may indeed have fewer interfaces to the kernel, but understanding how to use those interfaces can be an extremely daunting tasks (just ask anyone who's hacked on Mach before). Furthermore, you still need interfaces to all the userland code that's running on top of the kernel (i.e., if you need to interface with the filesystem, it doesn't matter whether it's in the kernel or not, you can still get the interface wrong and thereby create a security problem). In HURD, for example, the interfaces and interdependancies between modules are MORE complex, particularly given that you have to allow for an infinite number of implementations of said interfaces.

Re:Working with microkernels

[X]

You're ignoring 3 major problems:

• While there are supposed to be fewer interfaces in a microkernel, it tends to require a great deal of sophistication to understand how to use them correctly.
• Even if an interface isn't in the kernel, it still has to be somewhere. Getting it out of the kernel doesn't improve security in any way. If you need to talk to the filesystem, you still can misunderstand the filesystem's interface regardless of whether it's in the kernel or not.
• In multi-server microkernel systems (such as HURD), you have additional complexity (and therefore security problems) with the interactions between the different servers that make up the operating system. You have to allow for each of the servers to be replaced with something which behaves entirely different (although hopefully fulfills the interface contracts... IF they are understood... ;-). So, you make the problem worse rather than better.

Econ 102...

[Christopher+B.+Brown]

... indicates that the costs of accounting for the charitable organization eat up much of the would-be benefits.

... And if the purchaser pays for an "invoice" for "software/services," then the money given may be deductable as a business expense.

The big "merit" in the "donation" thing is if this allows the organization to receive individual contributions from individuals that wouldn't otherwise be able to "deduct" the payment for tax purposes.

While, when you add this sort of thing up across thousands of churches, it adds up to real money, it's not going to be spectacularly worthwhile for a software project that might get $30K in donations and have to spend a chunk of that on organizational costs.

A reply to his reply to my questions. :)

[jd]

First off, I agree 100% that the Orange Book is not about security in the conventional sense of preventing intruders from gaining access.

However, some form of resource control is essential to preventing users authorised for one thing from doing something else.

ACL's are -one- way of doing this, the schemes described in B1 are another. You're again 100% right that they're not the same thing. However, they both attempt to deliniate exactly what a user is and is not able to do.

(As for foaming at the mouth, I'm going to go out on a limb here and guess you've met some pseudo-nerds who're drunk on a mix of power & Agent Orange, and who believe that if it's "Official", it's somehow "better" or mysteriously "all-encompasing". I'm not about to start a cult to the Mighty OB1. :)

Distributed Kernels are kernels which divide low-level tasks between sub-kernels, where each sub-kernel runs on a seperate processor or even a seperate machine.

Distributed Kernels are one way of doing hardware-independent parallel processing. You're not tied to SMP, you're not tied to a single motherboard, you're not even tied to a specific manufacturer.

From a security standpoint, it has two major impacts. On the one hand, breaking one component of the system does NOT necessarily compromise any other component. They run on seperate CPUs, after all. This means that you can have secure intrusion detection at the kernel level, with secure fail-over to a non-compromised system in the event of intrusion.

On the other, you're now ferrying very low-level data across a network of unknown security. The risk of someone compromising the system by compromising the network is obviously much higher than for a stand-alone kernel.

Last, but not least, to anyone who may be critical of him, Theo de Raadt is perhaps the most brilliant guy in the BSD world and I'd place him as one of the top 3 coders in the world.

As for his infamous "moods" - if he's bipolar, HFA or AS, then his moods (and his brilliance) are entirely explicable and nothing to condemn him for.

Re:A reply to his reply to my questions. :)

[scrytch]

> Could you back up this statement?

Bill Joy was one of the original authors of BSD. And vi too (*sigh*).

--

Re:A reply to his reply to my questions. :)

[Fourthstring]

Could you back up this statement? Without breaking an NDA?

I'm sure Vi is nice, but I'm sure you're not basing your comment on that...

Re:A reply to his reply to my questions. :)

[bellings]

Theo de Raadt is perhaps the most brilliant guy in the BSD world and I'd place him as one of the top 3 coders in the world.

So... you'd put put Theo on a level above Bill Joy? I'm having a real hard time with that.

Re:A reply to his reply to my questions. :)

[drinkypoo]

As for his infamous "moods" - if he's bipolar, HFA or AS, then his moods (and his brilliance) are entirely explicable and nothing to condemn him for.

Even if he isn't, he's still one badass coder. Sure, he can be arrogant. How many people are capable of doing what he does, and capable of finding the motivation? And then do it?

He also makes very good points, though I think some of his answers are unnecessarily short. Perhaps he will never learn good people skills. That didn't stop me from ordering an OpenBSD 2.8 CD-ROM and a T-Shirt.

Re:No plans for SMP...

[Jason+Earl]

Exactly, Choice is good. The important fact is that all of these OSes are a mere hop, skip, and a jump from each other. All of them also have their technical advantages as well.

And yes, that includes Linux.

The beautty is that once compatibility is out of the picture you are free to choose your OS for purely technical reasons.

Re:No plans for SMP...

[Jason+Earl]

SMP is plenty interesting to the Linux crowd. They have spent a huge amount of time working on it. The fact that it isn't interesting to Theo and the folks working on OpenBSD simply highlights one of the benefits to the Open Source way of getting things done.

If you start your project on OpenBSD and decide that you need SMP to get the performance you need "porting" to Linux shouldn't be much harder than moving your source to a Linux box and typing "make." If, on the other hand, you develop on Linux and then decide that Linux's security isn't good enough for implementation, you can just as easily port to OpenBSD.

There is never going to be an Uber OS that is specialized for every task (although the generic Unix way of recompiling the kernel does come close). That's why standardized APIs are so important. That way you can change your OS midstream if it isn't giving you what you need. The Open Source community has done a pretty good job of matching up APIs.

re. Are you mad?

[bobalu]

I thought those were the best parts!

Re:No upstream

[Effugas]

You are very much misssing the point.

OpenBSD is not "300MB of source" that Theo thought up. There's quite a bit--likely a majority--of stuff brought in from other coders *WHICH RETAIN IDENTICAL VERSION INFORMATION*.

Go query Perl. Or vi. Or httpd. They're all external packages, with their own internal version. If Theo wanted to reversion them to "Perl OBSD 2.8" and "Apache OBSD 2.8" and so on, that's fine. But that Perl ain't 5.6.0 unless it was built from the 5.6.0 tree.

--Dan

Re:No upstream

[Effugas]

Yes, alot of other distributions do it.

Now, why would I put the question to the number one distribution known for doing it right, when everybody else does it to?

To redefine that which is known as "doing it right", so we don't get any more Debian Secret Backported Bugfixes.

:-)

--Dan

Re:Theo: Version Number Specifics

[Effugas]

Meow:

Yes, I can definitely hunt down the changes, and Theo is well within his rights to change the source. Hell, I'm thrilled he's fixing problems.

But should I have to check a changelog to know there's a change?

That's the bottom line question. Should not a version reflect a snapshot of code? Should not I be able to trust a given codebase by its version alone, rather than have to audit the source by hand?

If a version *doesn't* refer to a snapshot of code...well, what does it refer to?

--Dan

Re:Security...

[Effugas]

(Why was there bash in your shell?)

Because I wanted command completion. What, you think sh is the height of security? Among other things, *any* shell can be trojan'd to attack replace su, or even /bin/su, with a mod that captures the root password. The advice to never log in as root, and rather to su to it, is thus rather dangerous.

You are correct, of course. Most things shouldn't be done as root. I could theoretically have checked versions without it. This is somewhat on the order of a spelling flame, but I'll take it in stride.

As for my qualifications, feel free to scan my BugTraq posts, and thank you for helping to prevent my ego from growing too large.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:No upstream

[Effugas]

Actually, that's pretty interesting! Here's my output on OpenBSD for Sparc. Note the lack of "Locally Applied Patches", which I appreciate.

Still, I question if the version number should stay stable. Suppose, for a moment, that the rest of the world finally discovers major holes in 5.6.0. Should OpenBSD administrators have to root around the Changelogs to realize they're running a safe build? Wouldn't it be better for them to be running 5.6.0_OB2.7 and see that, heh, the Changelog shows that the new stuff protects them?

===

$ perl -v

This is perl, v5.6.0 built for sparc-openbsd

Copyright 1987-2000, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5.0 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'. If you have access to the
Internet, point your browser at http://www.perl.com/, the Perl Home Page.

$ perl -V
Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
Platform:
osname=openbsd, osvers=2.7, archname=sparc-openbsd
uname='openbsd'
config_args='-Dopenbsd_distribution=defined -dsE'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=undef d_sfio=undef uselargefiles=define
use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
Compiler:
cc='cc', optimize='-O2', gccversion=2.95.2 19991024 (release)
cppflags='-fno-strict-aliasing -I/usr/local/include'
ccflags ='-fno-strict-aliasing -I/usr/local/include'
stdchar='char', d_stdstdio=undef, usevfork=true
intsize=4, longsize=4, ptrsize=4, doublesize=8
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=8
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, usemymalloc=n, prototype=define
Linker and Libraries:
ld='ld', ldflags =''
libpth=/usr/lib
libs=-lm -lc
libc=/usr/lib/libc.a, so=so, useshrplib=true, libperl=libperl.so.6.0
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=define, ccdlflags=' '
cccdlflags='-DPIC -fPIC ', lddlflags='-Bshareable '

Characteristics of this binary (from libperl):
Compile-time options: USE_LARGE_FILES
Built under openbsd
Compiled at May 5 2000 12:35:29
@INC:
/usr/libdata/perl5/sparc-openbsd/5.6.0
/usr/local/libdata/perl5/sparc-openbsd/5.6.0
/usr/libdata/perl5
/usr/local/libdata/perl5
/usr/local/libdata/perl5/site_perl/sparc-openbsd
/usr/libdata/perl5/site_perl/sparc-openbsd
/usr/local/libdata/perl5/site_perl
/usr/libdata/perl5/site_perl
/usr/lib/perl5/site_perl
.

===

Re:No upstream

[Effugas]

Is it really too hard to read the errata?

YES! It IS! It's too hard for me to read the source code to every app I run. I admit it. I want to trust Theo. I want to believe his prying eyes are protecting me from danger. I don't *want* to have to go diving into the code he writes or even the fixes he claims when a new vulnerability comes out. I want to know: Is this the exact same code that is vulnerable everywhere else? Then upgrade. Is this NOT the exact same code, and therefore I should check the Changelog?

I'm not asking alot. I'm merely asking the question: What do version numbers mean, if they *aren't* snapshots of code?

--Dan

Re:No upstream

[Effugas]

Umm, you seem reasonably intelligent, would you mind explaining how you got my desire for unique version numbers to mean "I want no fixes"?

--Dan

Re:No upstream

[Effugas]

My point is, if you have to check to see if *your* version of 5.6.0 is the same as the dangerous version of 5.6.0, that version number just lost a hell of alot of relevance and is essentially meaningless.

--Dan

Theo: Version Number Specifics

[Effugas]

Theo:

I don't think it's fair to say, as you did, that "ftpd is ftpd" or "tar is tar" for all of OpenBSD. Examples from version lines throughout OpenBSD:

spork# perl -v
This is perl, v5.6.0 built for sparc-openbsd

bash-2.04# ./troff -v
GNU troff version 1.15

bash-2.04# nawk -V
awk version 19990620

bash-2.04# gcc -v
Reading specs from /usr/lib/gcc-lib/sparc-unknown-openbsd2.7/2.95.2/s pecs
gcc version 2.95.2 19991024 (release)

bash-2.04# ./cvs -v
Concurrent Versions System (CVS) 1.10.7 (client/server)

[vi :ve]
Version 1.79 (10/23/96) The CSRG, University of California, Berkeley.

bash-2.04# ./tcpdump -V
tcpdump version 3.4.0
libpcap version 0.5

bash-2.04# ./httpd -v
Server version: Apache/1.3.12 (Unix)
Server built: May 5 2000 14:44:59

Look. Some of these you modified. Maybe all of em. Maybe one of em(I *know* you touched Perl.) Lets take the example of tires, why don't we. If I've got Firestone Model X432LFR tires on my car, and I run down to the dealership asking why I'm driving a deathtrap, is he allowed to laugh at me because "Of course *we'd* never put the deadly X432LFR tires on your car, we'd only put the *good* X432LFR tires on! Stupid customer."

That's essentially what happened with Debian a while back, and it was infuriatingly unfair.

I'm not asking you to do more work, Theo--you've *done* the work. I'm asking you to admit it, mark it, brand it in such a way that we know you've been forced to do something to it to make it secure. And then all of us can bitch and moan to the author's of whatever package you've taken and say, "Heh, he changed your stuff, maybe there's something you should look at." Maybe we'll be ignored. But, in the end, *you* did the right thing.

Theo: You and your team rewrote much of an early build of SSH. Technically, you could have said, "Here's SSH1.2.1x, as part of the OpenBSD system." But then nobody would have known what you had pulled off, and people would have had trouble finding your specific improvements. I'm not saying you need to rename every package to show how much you've added. But to keep the original version numbers is to conflate your secure and solid version with whatever bugs you *know* lurk in other people's code. When Foobar 1.2 comes out with a remote root, and OpenBSD ships with Foobar 1.2, do you like--or enjoy--when system administrators frantically upgrade your *already fixed version* of Foobar 1.2 with the original author's possibly broken Foobar 1.3?

Because that's what your version numbers cause.

They're easy to fix, Theo. It's just a tag to let us know you fixed something. It's something for us to differentiate your code with. (Incidentally--what does little on my 2.7 Sparc build.) Consider this: As much as you say you've only dealt with the system, I *know* many of the packages from Ports have had patches that didn't modify version numbers--and I have *no* idea if anything's been modified in your packages section. I just don't know.

This is not a problem specific to you, but I think OpenBSD is in the right place to change what I consider to be a particularly pernicious industry practice. I believe in your systems approach, but a secure system cannot be built from insecure parts. If you've secured your parts--show this, and perhaps let us know where to look to find out how.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:This is ridiculous.

[Big+Dave+Diode]

Don't blame C, blame the C libraries. A well thought out and documented API would make a world of difference. Why does strcpy even exist if there is a more secure alternative like strncpy available?

This is a good point...

[slothbait]

The BSD's don't necessarily share code, even on simple packages like "ls". They all have their own package, and while it may be true that they steal back and forth, there is certainly a lot of duplicated effort. In the case of OpenBSD, they want their own versions for a simple reason -- they audited them, and they trust them. But for the other BSD's, there isn't a particularly good reason for the redundency.

Recently I was listening to a recording of a table discussion at some BSD conference. One guy brought up this very point: how in the Linux world, all the distros send bugfixes to a single maintainer -- GNU for tar, Apache for httpd, or whatever. That way, it was easier for all distros to receive the benefit. Debian / Red Hat / whatever all just use the same code. (within bounds, of course).

Before this guy even finished his point, 3-4 other guys on the panel jumped on him, practically shouting. It was quite clear that they didn't like the idea of common packages one bit. I didn't even hear any arguments, they just 1) wouldn't consider cooperating like that 2) didn't like being compared to Linux.
No justification provided: those guys were just being close-minded and vicious. I lost a lot of respect for the BSD's right there.

--Lenny

Re:Theo and Microkernels

[Lally+Singh]

Not really

What userland protection helps is stability ; less code that can deref a bad pointer, etc. What it can't help is the quality of the code. At the end of the day, an attempted attack will try to make the code make the wrong decision; i.e. allow something to happen that shouldn't have, or do something that is shouldn't have. That has nothing to do with whether or not it causes a segfault somewhere else.

Although some attacks could make monolithic kernel code do something to other code segments somewhere else, it really isn't all that likely or often used. Attacks tend to be against making code call the wrong routine, set a variable the wrong way, etc. That stuff can't be helped with microkernels.

Sorry, all microkernels are really good for are (1) loadable features (no recompiling), (2) crash protection. But, they do the traditional tradeoff of speed for it (multiple context switches for a single system call, etc.).

But, anyone else get the feeling that a good portion of the questions Theo did respond to were all asking the same thing: what common errors do you end up fixing? Not a horrible question to answer by far. Sure you could say 'bad code,' but a list of good examples of security-critical mistakes are far more helpful.

--

Re:Theo: Version Number Specifics

[Mawbid]

Don't fall for his phony public PR persona.

If what I just read is Theo putting on the charm, I don't want to experience him being himself; I'd rather read more from easy going Richard M. "Get Along" Stallman.

But seriously, the picture painted of Theo by some people is so horrid that it just can't be true. And even if it were true, why should I care? Honestly, Theo could kick puppies and trick his retarded sister into blowing him for all I care. It doesn't diminish the worth of his code or his opinions about code quality.
--

Re:why bother?

[Loundry]

5) Theo has a right to be elitist...he's earned it.

He has no such right. No one has the "right" to be an asshole. And yes, being elitist is being an asshole. Theo may be able to speak with authority on the subject of programming because of his intelligence and his experience, but that does not give him the right to be condescending or rude.

"But it works."

[John+Siracusa]

"The repeated nature of the same classes of bugs throughout the source tree, also showed us that most programmers learn to code by (bad) examples. A solid systems's approach should not be based on "but it works". Yet, time and time again, we see that for most people this is the case. They don't care about good software, only about "good enough" software."

See also: the "HTML" on the supposed "geek web site" called Slashdot. (as well as, to be fair, the rest of the web.)

Plan 9?

[RelliK]

Just wondering: sin't that how plan 9 works? As I understand it, it's basically a Unix with distributed processes, storage, authentication, etc. built in.
___

I would've asked about automation of analysis...

[otis+wildflower]

... or is poring thru lines of code screenfuls at a time just too darned fun?

What kind (if any) of automated tools does the OBSD team use to find the most common security / sloppiness flaws in code? Any 'openbsd-lint code.c' kind of thing? Since Theo et al. finds the same trash over and over one would think it would be time to automate the analysis, thus leaving behind only the fun subtle stuff..


Your Working Boy,

Re:Know your interfaces? Bah!

[dvdeug]

And how is any of this the GNU C Libraries fault? Every single function you mentioned has its behavior dictated by an internation standard that is based off Unix's C library, which had all the same behavior and problems. GNU libc must behave as it does to remain conformant to every other C implementation in the world.

Re:seems

[howardjp]

Due to the troubles of Walnut Creek

What troubles at WC?

FreeBSD went out of business

How can a nonprofit go out of business?

BSDI who sell another troubled OS.

BSDi has a troubled product? I thought their only products were BSD/OS version which make money hand over fist.

Hey, where's my question?

[maggard]

Whassup? The question I asked made it into the top-10 ranking yet didn't get addressed...

Mac OS X & BSD

I'm curious about how the BSD folks view the impending couple million new users they've got heading their way when MacOS X is released.

Please, no Mac-rants, they're trite & off-topic. I just wanna know about the question.

Re:Hey, where's my question?

[JatTDB]

Maybe because it doesn't really have any relevance to what Theo does?

Quite simply, it's about like asking him what he thinks of some large company deploying BSD/OS.

The users aren't heading at Open/Net/FreeBSD, they're heading at Apple. Not like Theo's gonna get any emails from Joe Machead asking him how to change the system event sounds in OS X or anything.

Re:Forks are Good!

[Ross+C.+Brackett]

The thing is, the Linux kernel debugger isn't enough to cause a fork, at least. Linus has already stated that he doesn't care if a Linux kernel debugger exists, nor will he ignore patches that were debugged using such a hypothetical debugger per se. He just believes that the current "only the best coders who can see the problem beyond a debugger can do any kernel work at all" system allows for a darwinism that the touchy-feely "debugger for the people" system wouldn't. And, elitist as this may be, I think he's right. The debugger folks could fork - then again they could just write the damn debugger and have it be unofficial. But they haven't. Because with Linux especially, it's the toughest bastard wins, and the kernel debugger faction is less of a bastard than Linus, which is why their arguments sound so good, but they are ultimately doomed. If they fork, they'll be squashed.

No upstream

[Ed+Avis]

As a Linux user, one comment Mr de Raadt made surprised me:

As to the "original" you talk about, there is no original. OpenBSD uses it's own components. I don't know what packages you are talking about. cat is cat. ftpd is ftpd. tar is tar.

In Linuxland, cat is GNU cat, tar is GNU tar, httpd comes from the Apache project, rpm comes from Red Hat, and so on. There is always an upstream maintainer for any particular package and no distributor (AFAIK) tries to maintain its 'own' releases of things. If a bug is found, the fix tries to swim upstream to the breeding ground, where it can add itself to the gene pool for future releases of all distributions. (Alas, I do not have a ten-man team auditing my comments for dodgy metaphors.)

I suppose it makes sense in a way to have your own codebase, especially if you are concentrating more on security than on adding new features. You have control over every line of code that goes in, and you don't mind missing out on new versions of stuff that is released. Also, if your original 'upstream source' is a group of people you split acrimoniously from, you might prefer not to rely on them. (Although I can't help feeling that if the OpenBSD and NetBSD people made more of an effort to commonize code in both directions, the feud wouldn't have lasted as long. This sort of thing going on between two Linux distros - eg Mandrake and RedHat - would be unthinkable.)

But not relying on an upstream maintainer for packages does not mean you can't contribute your fixes back. All the BSDs originate from a common code base, right? There must surely be at least 95% common code in the shell and shell utilities (which change relatively slowly), even if the kernels have diverged. So what effort do they make to avoid reinventing the wheel? And when OpenBSD fixes a set of bugs, do they report them to the maintainers of the original package?

Perhaps the problem would be that they couldn't agree on who should be the original source. Imagine if NetBSD claimed that they were now the 'official' maintainers of BSD make, for example. Would OpenBSD accept that? Perhaps some neutral 'BSD Foundation', with support from all three free BSDs, could take over maintenance of the common or fairly-common BSD code. Or somebody from Berkeley (Bill Joy perhaps?) could make a ceremonial proclamation.

Re:No upstream

[Balp]

Why in OpenBSD on my Debian system a loot of the code has patches to make them work nice with the rest of the operations system. And when SOMEONE find a problem in the code I still have to find out if that applies to my distribution. Usally I do the by keeping track of the Debian mailling lists. As i do for OpenBSD.

/ Balp, yes and the perlversion i Debian still shows as 5.6.0 last time i tried perl -v

Re:No upstream

[Balp]

For OpenBSD i have this source:

* http://www.se.openbsd.org/security.html

And maybe this page:

* http://www.se.openbsd.org/plus.html

For Debian I have:

* http://www.debian.org/security/

If I need to get the code difference I use diff either on the OpenBSD source tree of the debian source tree. But when there comesa security hole it's usally a note on what OS the hole works on. If a patchg exists the time to find out if one need to add the patch is usally very small. (Actually it's selldom upgrade to this new version that has this fix and all this new features...)

Re:No upstream

[T-Ranger]

You are very much missing the point of what he is talking about.

OpenBSD is OpenBSD. Its ~300MB of sources, and applications that are not in those sources are not OpenBSD. The OpenBSD team is responsible for OpenBSD only, and what they produce is OpenBSD.

(are you noticing a pattern here?)

There souce is open, so if you 'upstreem' maintainers want to use the OpenBSD code they can - the same way that Mozilla hackers could use code from Opera if they wanted. Im sure the maintainers are told if there are massive problems, and probably with any changes either.

The packages that are part of OpenBSD vX are tested agianst each other, and are declared secure. I dont imagine that they start the code autit over for each package from the 'upstreem' maintainer when they go to vX+1. For some packages that have a friendly developement team, they might.

Sure OpenBSD would 'accept' it (as likely as anyone else would) if someone declared them the maintainers of make. Of course if make is currently in OpenBSD, they would continue to maintain it in //, choosing to ignore as much of the standard make as they do now.

Re:No upstream

[T-Ranger]

Ok, your right.

But a lot of other distirbutions do this too: Debian definatly does, and all the commercial unix's hack up things like bind and sendmail.

Re:No upstream

[Chris+Pimlott]

I don't know what OpenBSD does, but in Debian, every package's source is distributed in two files - the original upstream version and a diff of everything changed in the Debian release (even if it's only the Debian build scripts).

In addition, every packages has a Debian.changelog that should have information about what changes have been added in the Debian version.

Re:No upstream

[wozz]

> But that Perl ain't 5.6.0 unless it was built from
> the 5.6.0 tree.

It was built from the 5.6.0 tree with (as far as I can see) one local patch to fix some problems with suidperl

If you look at the version output from

dcfe-fw# uname -a
OpenBSD dcfe-fw 2.8 HSAGEN#2 i386
dcfe-fw# perl -v

This is perl, v5.6.0 built for i386-openbsd
(with 1 registered patch, see perl -V for more detail)

perl -V provides you with this info:

Characteristics of this binary (from libperl):
Compile-time options: USE_LARGE_FILES
Locally applied patches:
SUIDMAIL - fixes for suidperl security

Looks like its pretty clearly identified to me.

Re:No upstream

[wozz]

Is it really too hard to read the pages at http://www.openbsd.org/errata.html and http://www.openbsd.org/plus.html? And if you want even more detail, subscribe to the source-changes mailing list.

Re:No upstream

[wozz]

So, what you're saying is you'd like one of two things

1) don't patch bugs they know about in other folks code that is incorporated into the OS
2) don't incorporate anyone elses code in the OS

I vote for you reading errata.html. If its so hard for you to actually go to a web page, join the cvs changes list and filter for the errata.html page, its in CVS just like everything else.

Re:No upstream

[wozz]

You haven't explained why you need unique version numbers. I can think of several downsides to this, and no pluses. For one, packages that check version numbers for compatibility reasons would possibly fail. If you want to know if a package has been changed, check 3 things, errata.html, plus.html and the cvs comments. If you can't bear to do this in a web browser, subscribe to the cvs changes list and write a procmail filter. I'm not sure why its Theo or anyone else responsibility to help you avoid using the provided resources for these types of issues.

Re:No upstream

[CyberKnet]

but nobody is suggesting that the other distributions shouldnt be held accountable for this (I dont think). Just that OBSD should take a look from the users perspective *if only to help us NOT upgrade secured packages*. Its a real pain in the backside to upgrade to package x.y.z-abc2 because there is a bug in x.y.z-abc only to find out what you REALLY had was version x.y.z-abc_OBSD-PATCHED. Especially since x.y.z-abc2 hasnt been code audited, and could be subject to new security flaws. Theo and his guys do a FANTASTIC job auditing code, and deserve a lot of credit for it. A HUGE amount of credit. I'd just like to see something to reassure me when x.y.z-abc is announced to have a bug so I dont upgrade it.

---

Re:No upstream

[CyberKnet]

No, I suppose not. but then again, I suppose that's why I only said I'd like to see it, instead of jumping up and down screaming at the top of my voice just dying for a new feature. *shrug*. I would *like* to see it. but I wont die waiting for it either.

---

Re:No upstream

[CyberKnet]

That is a very fine arguement. I shall think about that before posting again.

Thanks,

CK

---

Re:No upstream

[Marc.Espie]

Use the source tree. Remember that this is an Open project, the CVS tree is readable for anyone.

A fairly large subset of the tree is actually recorded properly in the CVS repository. You can see the differences between the vendor version and what's in the OpenBSD current tree.

Also note that OpenBSD has a six months gap between releases, which does not match the release schedule of most other software that ships with it. Which is a large reason why you will find divergence between what's in the tree and what's in the latest stable version of that software.

Whenever it's practical, we do send changes back to the original software authors.

Re:So You WANT to Be Exploited?

[dynamo]

Ok, someone _has_ to moderate this message's parent as Funny.

Re:Yeah kinda how the 'original' unix forked...

[Mr+Z]

There's no "global maxima" associated with the concept of "better". Different flavors are better at different things. I suppose that's the concept you were grasping for? If so, why invoke the concept of "winning", when you're not necessarily pitting the different flavors head to head?

--Joe
--
Program Intellivision!

Re:So You WANT to Be Exploited?

[Art+Tatum]

I don't even know where to start. First of all, RMS can't be rolling over in his grave because HE'S NOT DEAD! Second, if someone chooses to make their work available to others that's not called stealing--it's called a GIFT. Third, the license was clear; if the other developers didn't like the idea, they didn't have to write the code.

Now, before anyone else says it, I'll say it myself: IHBT, IHL, HAND. C'est la vie.

About a secure ports tree

[Art+Tatum]

Theo, If you get the chance to read this, I'd just like to make a comment or two. First, we are fully aware of the human resource restraints for security audits; however, would it be possible to have third parties audit their own code? I want to see GNUstep security tested and we're working on getting it running well under OBSD anyway right at the moment? Would you trust us to do it ourselves? Would you still have to look at it first?

Re:About a secure ports tree

[_peter]

There's an issue or three here that I think you might be missing.

OpenBSD, like all the BSDs, is maintained as a coherent system. They want to replace strncat with an less error-prone function, and change everything in the system to use it? Done. The ports tree is considered explicitly separate from this ``system''.

Second, nothing that is not essential will ever be included in that base system unless it's BSD-licensed.

The ports are considered untrusted by nature, so there's no issue of Theo or anyone else trusting your code audit.

GNUstep is an application, and I don't know its licensing terms but I think I could probably hazard a guess. If you want it to be part of the base system, then you're just SOL. If you want it to be a port, then there's almost nothing stopping you. Read the documentation on creating a port. Be aware that the port system is a bit of a moving target, so join the ports mailing list. Don't forget to search the archives before posting any questions.

Theo himself very rarely gets his hands dirty with the ports system; you'll learn who his generals are if you stay on the mailing list.

Re:About a secure ports tree

[Marc.Espie]

Well, GNUStep is probably running much better since 2.8, now that Objective-C is completely functional again... We have someone who said he was working on a GNUStep port. Joining efforts would be cool. E-Mail me privately about this.

Re:About a secure ports tree

[I+Am+Wrong]

Not a chance, ever. I'll bet Theo can't sleep at night when anyone but himself does the physical auditing - even somone else who is part of the OBSD "crew". Maybe I find it easy to see since I'm the same way to a fault, but with all the time and energy he has pumped through this project, there is absolutely no way a piece of code with the OBSD "stamp of approval" will be audited by an outside source. Never.

Re:Forks are Good!

[pqbon]

SGI has two kernel debuggers...

One is a stub for GDB serial debugging. Many other kernels have GDB serial stubs.

The other is a limited use shell like debugger built into the kernel. Kind of a alt-sysrq on crack.

So the code exists. Linus has said: "I didn't have a debugger. So that must mean real men don't need it." It is this reason a handfull of professional kernel coders I know from the private sector decided not to help with the linux kernel as developers.

Linus also booted core dumps from the kernel on oopses. He figures you should just do the back trace and such your self. He did this under the same reasoning as the kernel debugers.

These are the reasons I don't work on the kernel. Call me a soft wuss but I like that fact that the kernel I work on has a intigrated core dump, and gdb stub. So instead of the kernel I try to work on XFree.

Re:This is ridiculous.

[pen]

Yes, I feel similarly about this. I respect Theo, and I respect the project. It definitely has its place. However, it occurs to me that Theo has learned to do something very well and is hanging on to it until the last moment because he feels safe there. He has learned to audit code for buffer overruns (OK, I'm oversimplifying), and he has been doing it for a very long time, afraid of trying something new.

Perserverence is not always a sign of strength or skill. Once you learn how to add, you move on to multiplication.

I have a similar tendency to like DOS. I have spent a whole lot of time playing with it, and am not afraid to say that I know it well. DOS is very simple, but very stable, meaning that there is rarely anything new for it. I know that the latest version of Norton Utilities for DOS will be 8.0, and the latest version of NC will always be 5.0. I know how to fix things in it.

However, I also know that it is old and not good, which is why I don't use it anymore (except for the occasional 5-day contract at some company with a bunch of 386es). I am instead trying new things.

Single processor x86 Unix and C are nice and safe. SMP is new stuff, and you no longer feel warm and comfy there, sort of like getting out of bed on a winter morning. But you have to get out of bed... that's the way the whole thing works. :-)

--

Re:Working with microkernels

[GypC]

Microkernels are just a whole lot more work to implement... they don't have the resources or the interest.

I think OpenBSD just wants to produce a simple and secure BSD variant for uniprocessor micros... not be the Ultimate OS.

"Free your mind and your ass will follow"

Theo misses a point

[fishbowl]

The point of the question about a "floppy based"
system (firewall/router, et.al.) is not to use
the floppy, but, to make it simpler to configure
than "BOOTP/Diskless".

In a floppy-based system like that (firewall), the
floppy would be used to boot the host, that is all. The goal is to have *NO* disks, or any other
moving parts.

Re:Theo misses a point

[jkf]

In a floppy-based system like that (firewall), the floppy would be used to boot the host, that is all. The goal is to have *NO* disks, or any other moving parts.

That is easy. Use Flash RAM. CompactFlash cards, with the proper interface can emulate an IDE hard drive. Now you can have a very small "disk" with a decent capacity. No moving parts and very little heat. Just don't write to it alot. :)

Even better, boot from the flash, and then run out of a ram drive.

Re:Theo misses a point

[eightball]

I agree with you in principal. I would like to have a nice setup using solid state disks without breaking the bank.

However, the question posed was just that, [do you have plans for a floppy based distro], not 'do you have plans for a distribution small enough to fit on a floppy or more expensive hardware'.

I have had more floppy drives fail on me than hard drives and many, many more floppy disks fail than either. I can understand why he would not want to code strictly for this situation.9

Re:GPL?

[Balp]

You probably could use GPL is you like to on modified BSD-copyright code. But I don't think it's right to take away the users rights like that...

Re:BAH!

[Balp]

Not realy, if going to sports, comparing with boxing of Ju-Jutsu that train will give a better view.

Question:
How do I became a good refeeree?

Answer:
I suppose the best tip is to go a loot of fights.

(Even thous one could wonder if this fits to boxing.)

/ Balp

Re:Where the money goes

[k8to]

Hi.

Canadians are Americans. Look at a map. I thought it was us United States residents that were supposed to be so geographically challenged...

Re:Pizza 'n' Beer

[scrytch]

> I'm glad that there are still geeks out there that aren't ashamed to admit to enjoying steriotypical geek food like Pizza and Beer

Pizza maybe, I've never seen beer associated with geekdom. Bunch of namby-pambies with their Jolt Cola usually, I prefer to code with a nice thick guiness in hand (tho not with beer, i like fat tire with my pizza)

For the record, I also hate twinkies.

--

Re:Theo and Microkernels

[scrytch]

If I understand correctly HURD and probably other Microkernels can run at lot more stuff in userland and that could at least be a advantage when you try to build a very secure system. If Theo is really posting on ./ today, it would be nice of him to eloborate a little more about this general thoughts on kernel design.

In theory. In theory, microkernels could just swap out pieces of the system for independently developed implementations, and a change in one component need only affect that component (orthogonality). In practice, microkernels tend to just replace function calls with messages and their components remain tightly coupled as ever, so a failure (such as a security flaw) in one will tend to cascade to the other components in the system. Projects like OSKit offer hope for a more orthogonal OS design, but I'm not holding my breath.


--

Re:But he doesnt follow his own advice

[scrytch]

> I said utopia

An all-too appropriate word, considering the word means "nowhere". Show me paradise in any OS today. Lead me to the Buddha in the machine.

--

Re:Where the money goes

[scrytch]

Just because Americans can't make beer that doesn't taste like mouldy water doesn't mean that Canadians are equally challenged.

Next time you're up in the great white north try and get your hands on something made by Big Rock breweries of Calgary. That's good beer.


Never heard of them. Just as you've likely never heard of Left Hand or Wynkoop or Broadway Brewing or any of the HUNDREDS of craft breweries in the US, probably an order of magnitude more than any other country in the world. Those three are just three ones in Colorado alone (home of Coors, lightly flavored spring water in a can) that I could name off the top of my head.

We all carry six-shooters and wear stetson hats too, you know?

--

Re:Mr.Sparkler

[scrytch]

> Why must it be a non-profit?

So that he doesn't get taxed as a for-profit business. Non-profit doesn't mean you can't draw a reasonable (or even comparatively handsome) salary if you choose to take one.

--

Re:why bother?

[scrytch]

> 4) If you don't like it, don't use it. Better yet, if you don't like it, fix it! There's nothing stopping you from writing better documentation if you find it

You want documentation written by people who needed the documentation in the first place and didn't get any? Neat trick. I think I'll write a treatise on nuclear physics in order to teach myself.

See Dick ... um ... move his legs real fast.

--

Re:why bother?

[scrytch]

Last I checked, physics students get textbooks too. Last I checked, I wasn't enrolled in a semester-long course on how to use your goddamn application (the generic "you"). If it isn't worth the bother to document, it isn't worth mine to use. And there *are* alternatives I will pay for if necessary.

--

Re:Why didn't he address my question?

[elflord]

Why is it that openbsd has far better support for java than for perl?

Answer: it doesn't.

Kaffe has been ported to openbsd for quite some time now,

... yet kaffe is still useless for developing java applications.

and yet the perl port,

... actually works and runs the vast majority of perl scripts.

Re:But he doesnt follow his own advice

[T-Ranger]

You confused about your second point.

He said that software should be 'good' not 'good enough'. While what he said about kernel design might boil down to 'good enough', he dose explain that its more complex then that.

Monolythic kernels have been the way that its always been, and he mentions in the 80s microkernels were being sold as a grand utopia. There hasent been a grand utopia built on a microkernel yet; his point is that while its possible that a microkernel design would be better, it probably wouldnt be (the proof being that there isnt a 'good' microkernel based OS around.

Re:But he doesnt follow his own advice

[T-Ranger]

I said utopia. Yes there are OSs built on microkernels. I dont think any of them are special because of that, excepy possible QNX. But its clearly a special case.

Why you should be afraid of forking.

[Syberghost]

Sometimes communication with the maintainers of these other packages is difficult, for various reasons. Sometimes they are immediately turned off because we don't use the word Linux.

snip

Why are you guys so fork paranoid?

Looks to me like you've already answered your own question, Theo.

-

Before flaming Theo ...

[OWJones]

... try and think about what his priorities are. I admit that when I read over the interview my first reaction was "What an ass! People are trying to give him serious questions and he's blowing them off!" Which is half true. Subscribers to Bugtraq will be a bit more familiar with Theo's, uhm, interpersonal style. :) In reality I suspect Theo just wants to write, maintain, and release good, bug-free, secure code and not be hassled with feature creep or random things a good number of his users won't care about or really use.

And what's wrong with that?

OK, he's no "Dear Abby", but neither is RMS. I know many here aren't big RMS fans, but are you insecure enough about your own little world that when someone says, "Quit bothering me with stupid details, just write the code" you start flipping out? I attended Supercomputing '99 and went to a talk by Thomas Sterling, one of the original Beowulf pioneers at NASA. A good chunk of his talk was spent complaining about "Linux cruftiness" and "why are you people here when you could be writing code"? I admit I was somewhat pissed coming out of it, but it did have the effect of motivating me to start programming again. I think sometimes we just need a swift kick in the arse from someone (hi Greg!) to get motivated.

Bottom line: ignore the stupid "Are you mad?" comments from someone whose ego is a bit too big to take the time to be polite, and focus on the "learn your APIs, understand your APIs, and stop writing shitty code." Learn the message, ignore the messenger.

-jdm

(I'm ready for my big Mod-down, Mr. Director :)).

Re:Before flaming Theo ...

[kill-1]

Write it properly the first time, dammit.

You will never write code properly the first time.

Re:Before flaming Theo ...

[binner]

I actually found the 'are you mad' comment rather amusing!

It could just as easily be taken in jest as a blow off.

-Ben

Re:Before flaming Theo ...

[Wraithlyn]

While it is true that it is almost impossible to write bug-free code in a complex system on the first try, what I meant by "write it properly" is to code the most efficient algorithm for the problem, put it appropriate error-checking code, and test and comment it thoroughly.

What I see all around me in today's world is second rate coders who hack together an inefficient piece of code until it works "just good enough", with no error checking and often without even completely understanding the ramifications or performance costs of the API functions or objects they are using. This leads directly to bloated, resource hogging, buggy software.

A properly written program is more flexible for future expansion and easier to debug and work with in general.

Re:Before flaming Theo ...

[Wraithlyn]

Absolutely... if you don't like what he has to say or how he says it, don't interview him, or don't read it. It's not like he came to Slashdot begging to answer our questions. I happen to agree with him about coding practices... there are far too many programmers out there who stop coding a feature as soon as it compiles and (more or less) does what it's supposed to do, regardless of how efficient/bug free/foolproof it is or isn't. This only leads to more and more problems later on when the code is copied, reused, or modified. Write it properly the first time, dammit.

I have actually met Theo in person and he is NOT egotistical or arrogant in the slightest. He's quiet, reserved, and interesting. I think he's just impatient with a world where software quality standards aren't as high a priority as they should be.

I've paid for it

[pivo]

Twice even. But both releases (2.6 and 2.7) didn't work with my IDE controler. My IDE controler! On the other hand, they recognized both NICs, which weren' recognized at all by Linux without new drivers.

Re:Theo: Version Number Specifics

[superdoo]

"I'm sorry that I must resort to ad hominum attack..."

I used to do that too, but then I figured until I had a six-pack of my own I couldn't really criticize anyone else's abs... oh wait.

Re:This is ridiculous.

[ethereal]

strcpy exists because in some environments you can trust your input to be null-terminated. It's a performance feature AND a security hole, depending on how you use it.

I have to take exception to the comment about documenting the C library API too - just in terms of the number of users since its creation and the number of books that have been written on it, it's hard to imagine a more thoroughly documented API. Theo pointed out that the big problem is not documenting the API, but rather coders abusing the API through sloppiness or lack of understanding of some of the subtler points of it.

I will agree that a more well-thought-out API would have few to none of the opportunities for coding error because there would be fewer subtle/confusing uses of the API (my personal favorite example being realloc(3)), but again it's a tradeoff versus the performance-enhancing tricks you can do with a richer API. Until the rewards of known-secure code are high enough, people will continue to code for performance in insecure languages with insecure libraries, and security will suffer from buffer overruns, etc.

Re:Missing the point on floppy-based routers?

[swb]

You never do anything but READ the floppy at boot time. The rest of the filesystem is in RAM, always. Floppies that are never written to last a long time, I have several that have lasted years without any problems. A hard disk is just inappropriate in this environment. Too much heat, too much overhead.

The further advantage is that in a routing environment you ought never be rebooting; uptimes ought to be in the months range, not hours or days.

Missing the point on floppy-based routers?

[swb]

I think he's missing the point on floppy based routers. The goal of using a floppy is to eliminate the hard disk, both for cost purposes and hardware performance.

Flash RAM would be perferred, but flash disks are hardly ubiquitous and free-for-the-taking x86 systems that work great as routers don't generally have flash-based disks installed. A floppy drive is almost a given in any system.

The hardware advantage of a system without a hard disk is the reduction of heat generation, meaning they're easier to put in heat-hostile environments like telephone closets. System upgrades are a snap, since you just move the disk to another platform.

As far as security goes, other than floppy disks general lack of reliability, what's the problem with them? They're physically write-protecable, which many IDE disks aren't. Sure it's easier to swap a floppy out than a HD, but if your machine doesn't have physical security to begin with you've failed the first checklist item for security.

Re:Missing the point on floppy-based routers?

[Clover_Kicker]

It's not like these guys are morally against the very existance of floppy-based routers. Theo doesn't feel it to be worth *his* time, he's got different priorities.

There's nothing stopping you (or anyone else) from rolling your own floppy-based OpenBSD router.

Re:Missing the point on floppy-based routers?

[gdon]

Well, I'm in the making of a GNU/Linux router. I chose to use mainly a CD and a floppy holding the kernel and some config files. I know floppies are unreliable but I want a read-only medium (hardware protected) that garantees the integrity of the system and I don't want to burn a new CD each time I have to add a route or upgrade the kernel (in case there is a bug in the TCP/IP stack). I understand Theo's point about floppies but I've yet to find a better solution. If someone has a hint ...
--

Re:Missing the point on floppy-based routers?

[Peter+H.S.]

We run a floppy based firewall for the reasons that you give. But furthermore; a floppy disk based firewall, will automagically be restored to a sane state in case of a powerfailure.
It seems very difficult to obtain the same characteristics from a harddisk (or flash ram); I don't know how to physically prevent writing on a standard IDE hd. And if you use the hd just to load the FW into ram, and "hot-swap" it out, then it won't come back up, after powerfailure (even UPS's have their limits).

Floppy disk reliability is not much of an issue, i think, since the floppy isn't used to as a long term storage medium. Remember your friend dd:

"$ dd if=/dev/fd0H1440 of=floppy-image
2880+0 records in
2880+0 records out
$ dd if=floppy-image of=/dev/fd0H1440
2880+0 records in
2880+0 records out
$ The first dd makes an exact image of the floppy to the file floppy-image, the second one writes the image to the floppy." (SAG v. 0.6.2)
(And of course, one can always mount the dd-image; "mount -t ext2 -o loop")

So you develop, maintain and store, the actual FW information on another box, then write the image to a floppy (and making a backup fd image on the development box). All the floppy has to do, is to survive the initial boot. It may have to survive reboots, caused by powerfailure, but even if it does not (harddisks may fail too), a disaster recovery plan is part of the floppy disk based FW scheme; just write a new image, and boot. How many hd-based FW's has a spare harddisk, with a synced and updated system on it?

If you just have a slight suspecion, that the FW is compromized, then a reboot will flush out any trojans and root kits. The firewall may still contain som sort of security hole, but rebooting may give you time to discover what the hole was, and deploy a new FW.

Floppy based firewall is a very cool thing. It doesn't fit everybodies need, but it may be a viable solution to a great many.

Cdroms may offer similar advantages, but they may be slightly more difficult and expensive to develop and maintain.

In short; Firewalls on write protected media, seems to be a very good idea.

Re:Missing the point on floppy-based routers?

[Stinking+Pig]

well if $480 means so little to you, I'll be happy to take it off your hands... To me that looks like a few hours of work, a couple of days at the beach, a bunch of other goodies/necessities.

Besides, why would you dedicate a box that big to routing, unless it's running Check Point FW-1 or something? And if you didn't dedicate it to routing, why enter it into a security discussion at all?

Re:Missing the point on floppy-based routers?

[Stinking+Pig]

Floppies are the only physically write-protected media that lets you return and change data later (excepting CD-RW since I haven't seen any decent support in *nix please correct me if I'm wrong thank you) and so it's the best solution for now. I've written a FAQ on this point and others at http://www.monkeynoodle.org/lrp/LRP-why.html.

It's interesting that someone as massively detail-oriented as Theo de Raadt seems to be shooting from the hip so much when just talking/typing -- maybe Katz should write an expose about detail oriented people being sloppy and neo-Luddite Harper's readers on their off hours.

Re:Missing the point on floppy-based routers?

[divec]

If someone has a hint ...

md5sum the whole floppy[*]. On booting, if the floppy image does not have the same checksum, abort. Then it's possible that the router might not boot one day, but it's impossible for the disk to corrupt without you noticing.

[*]ok, md5sum all of the floppy apart from a file containing the md5sums.

Re:Missing the point on floppy-based routers?

[scumdamn]

See, it doesn't matter how flaky the medium is. Everything is expanded to ram anyway. Right? So the only time it matters is at boot. Right? So if you have a floppy that failed to boot up you keep a spare on hand. Treat it like a hardware failure and just swap disks (they're HOT SWAPPABLE!!!!!).
If you don't trust keeping a backup, just keep an image of the original backed up on a hard disk and burn it to another floppy. How difficult is that?

Re:Missing the point on floppy-based routers?

[treat]

Sorry, you're wrong, and the internationally renowned genius is correct.

Floppy disks are extremely unreliable. The last time I went through a bunch of two-year-old floppies, about 2/3 were unreadable. Floppy disks are too unreliable to use for anything important. Hard disks are cheap. The cost of downtime when your floppy drive or disk fails will exceed the cost of a small HD.

Re:Missing the point on floppy-based routers?

[john@iastate.edu]

Older machines can boot from floppy, but not from CD.

Here's how I make use of my old machines -- I stack them in a pile in the basement.

We bought a new eMonster 600 (PIII 600, 64MB, 10GB, 8x DVD, TNT2, etc) for $480 last month at Staples -- when a decent new machine was ~$3K reusing an older clunker made some sense -- now they are essentially free -- assuming a 3 year life I'll spend more on electricity to run it than it cost!

Re:Missing the point on floppy-based routers?

[john@iastate.edu]

To me that looks like a few hours of work...

Indeed, time is money (4 hours in this case).

If you're just playing around, by all means use an old clunker, but personally, I don't want to waste time fiddling with some old CD-ROM-less P.O.S. for my firewall for basically what amounts to 'look, I did it with a floppy' dick-waving rights.

Especially when it's probably going to end up costing me money when it goes toes-up! There was a time when floppies were the best we could do for portable media, but that day is past, let's move on...

IMO, Theo was right here when he called it penny-wise/pound-foolish.

Re:Missing the point on floppy-based routers?

[wganz]

I am at the same point as you are. My tack is to write protect the IDE hard drive. At the local resell shop, 120-240meg HDs are USD$1.00. I am trying to confirm that cutting the line for pin #23 would write protect the HD the same as write protecting a floppy drive. Still searching for an answer.

A 120 - 240 meg HD has lots of advantages

• speed compared to either a floppy or ZIP
• capacity esp. with a 240HD vs a floppy
• ease of install vs the ZIP
• durability esp. vs the ZIP

Maybe some wizard will read && enlighten us on the subject.

Re:Missing the point on floppy-based routers?

[limbostar]

Maybe *I'm* missing something...

My workstation has a CD burner. 1x CDROM drives can be taken from old machines. You can buy a stack of 50 blank CDs for about $15.

If floppy reliablity is an issue, wouldn't it make sense to use a CD-based system instead? It has all the same advantages (assuming the BIOS can boot from CD; most can), with the added bonus that since you'll never be opening the tray, or moving the CD around, it's highly unlikely that the media will ever fail. Therefore, the system will only fail to boot due to a failure in the drive or the motherboard.

Sure, you'd have to burn another CD if you needed to upgrade the system, but with a system like that, you'd only have to upgrade it once every two years.

--sjd;

Re:Missing the point on floppy-based routers?

[CBoy]

The problem is he's concentrated on the floppy, which (AFAIK) is not the point of making a floppy distribution.

In my eyes a floppy distribution includes features such as
* Write protection
* VERY VERY MINIMAL install (smaller than openbsd's 60-70 MB minimal install)

NOT that it sits on a floppy. I usually make a good LRP disk and make a bootable cd. Reburn every month with updated nat forwardings and a new password.

If someone DID hack into that box, there is no ftp/ssh/telnet on there for them to connect out! There is no way to write to a CD-R in a regular CD-ROM drive.

Re:Missing the point on floppy-based routers?

[yamla]

I wrote the original question. I am indeed a little disappointed that Theo seemed to miss the point. While I personally wouldn't mind a floppy-based firewall, my point was that I am looking for something that takes up very little disk space and provides only firewall and NAT. Why the heck should I need even a 100 meg hard drive? Sure, hard drives are cheap. But I have some spare hard drives sitting around and, therefore, free!

It would also have to provide a nice (albeit simple and text-based) configuration tool or something similar to set up said box.

Of course, it could provide more than just NAT and firewall. I don't care. But I do care about keeping the install minimal. That is why I mentioned FreeSco, a floppy-based product. Unfortunately, it seemed as though I was implying that I was only interested in firewall-on-a-floppy. Oh well.

Re:Missing the point on floppy-based routers?

[drinkypoo]

As far as security goes, other than floppy disks general lack of reliability, what's the problem with them?

That IS the problem, reliability. Consider the cost of a hard drive these days; A 30gb UDMA100 disk is $100 at Fry's (The Supermarket of Electronics) on a regular basis. Now, it's true that a 3.5" 1.44MB disk drive is $5. But a 2.1gb EIDE disk is $45 and up (according to pricewatch) and really, isn't another $40 worth it to have the basic expectation that the machine will boot on a regular basis?

EMJ Embedded will sell you a M-Systems 16MB IDE-connected flash disk for $69 (In quantity:1.) A 32MB will run you $160 though, so if you can't fit it in 16MB, you probably want a hard disk. Of course, if you can't fit it in 16MB, you *definitely* can't fit it on a floppy disk. This is an ISA card (8-bit) which will provide you with up to 5.76MB (2.88MB of flash, max, but you can fill the thing with SRAM and it has a lithium cell to power it) so maybe that's more your speed; I don't know how much it costs. There are certainly more products available than just those, though. If you could get your hands on one, and figure out how to program it, the Cisco PIX-520 firewall uses either a 2MB or 16MB (Or was it 32MB?) flash ISA card, depending on revision.

Re:Missing the point on floppy-based routers?

[drinkypoo]

If your machine is booting on a regular basis, then you're doing something wrong.

Perhaps. But it would be nice to have some faith that it will boot when you feel a need to reboot it for whatever reason. A floppy just doesn't give me that kind of faith; Floppies that I've had sitting around in a completely benign environment (IE, floppy in a dust cover in a box in a cabinet near nothing magnetic) have gone bad too many times for me to have any faith that a floppy will work ONCE, let alone twice.

Re:Missing the point on floppy-based routers?

[mrbinary]

Depends on what you consider an older machine - my P200 can boot from CD (IIRC it was after a BIOS upgrade that the option became available). It's got an Asus mobo (P55????something something something) and prolly wouldn't cost more than 40 bucks US for the barebones mobo, p/s and a puny 200 meg h/d. And for those concerned with heat generation by those old drives rest easy, they'll almost never spin up after booting in a router / fw config plus they run very cool anyways. Floppies are also not to be trusted in very dusty or high-temp enviros, way back in the bad old days we had a critical remote server that had to reboot off of a floppy in a warehouse, we ended up enclosing the damned thing in a garbage bag after getting tired of replacing the floppy drive. Please if someone knows if you can make them RO by cutting the correct pin connect reply to the poster who asked the question!

----

Re:Missing the point on floppy-based routers?

[m2e]

Your arguments seem to apply to routers on a CD-ROM as much as to floppy disks. The CD drive is more expensive but the CD itself is more reliable than the floppy disk. CD's are also physically write-protected.

Older machines can boot from floppy, but not from CD.

Re:Missing the point on floppy-based routers?

[rot26]

Floppy disks are extremely unreliable. The last time I went through a bunch of two-year-old floppies, about 2/3 were unreadable

YMMV, but I have a lot of old junk archived on floppies, some of it almost 20 years old, and I bust it out sometimes when I'm looking for an old DOS game or an incriminating email to embarass someone with. I NEVER have problems reading them. (Oldest are 5.25", newer are 3.5").

BAH!

[Roofus]

Question:
Any advise for code auditers?

Theo:
I suppose the biggest tip would be to become a better programmer.

Bah Humbug! Thats equivalent to
Question:
How do I become a better sprinter??

Theo:
I suppose the biggest tip would be to just to run faster

Re:BAH!

[Wah]

but what kind of practice? What drills should you focus on? Any stretches you've found that help particularly? What about your running technique? Practice might make perfect, but perfect practive makes it happen faster.

If you think you can become a world-class runner by "just running" I think you are sadly mistaken.

Besides, he even mentions that many programmers learn how to do it poorly, but when asked how to learn to do it correctly, he says, just do it.

Overall this is a pretty shallow interview, it's obvious he'd rather be coding than answering questions. A good thing for OpenBSD the software, a bad thing for the image of OpenBSD.

$.02

--

Re:BAH!

[Fourthstring]

That is really it. A good writer? Thinks. Writes. Reads. All sorts of things that may or may not be orthogonal to the act of writing. And a programmer? Is there a cookie-cutter way to become one? And would you want this cookie-cutter way? The fact remains that only you know what helps you learn, how you go about things, and all deRaadt can do is provide some encouragement.

Re:BAH!

[nanodroid]

And that's exactly how a trainer will tell you how to become a better sprinter. How else would you become a better sprinter? Eating more protein? Teach yourself to run faster, you will become a faster runner. Teach yourself not to code stupid mistakes, you will become a better programmer. -nanodroid

Re:BAH!

[nanodroid]

How else would you become a better sprinter? By running slower?
How else would you produce better code? By never coding?
Practice.

Re:Pizza 'n' Beer

[Pope]

I wish more of the uber-computer geeks I have worked with in the past would drink more beer (instead of just loading up on Jolt and Mountain Dew) simply so they could chill the fuck out for a change.

Oh, and if you want a break from coding, don't play Quake. Go for a walk and rest your eyes and hands. You'll last longer.

Pope

Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!

Re:GPL?

[great+om]

why can't you gpl bsd code? Doesn't BSD say you can use the code in any manner you wish (plus some credit to the authors?)

Yeah kinda how the 'original' unix forked...

[FatSean]

...many moons ago...and how there is only one (superior) varient around.

Unneeded complexity is bad, mkay?

Re:Yeah kinda how the 'original' unix forked...

[bugg]

Superior? In what way?

The "forks" of UNIX have given us UNIX on machines that aren't PDP mainfraimes. They've given us virtual memory, demand paging, page replacement, networking support (sockets!), FREE software! They've given us job control, reliable signals, groups (for permissions), termcap, vi! They've given us NFS and RPC!

Look, there are some unixes that haven't offered much more over other versions. And they aren't terribly popular, either. But even if you look at one of the most "blah" UNIXes out there, you'll still see valuable contributions: like cscope (anyone who's used it, loves it)

Relax..

Re:Yeah kinda how the 'original' unix forked...

[Kiss+the+Blade]

You are correct:Unneeded complexity is bad.

You are assuming that if there is only one version of a program, then that is somehow simpler. If there are two versions, then the better one will win.

'Better' meaning:it has more features, or it does it job faster/more efficiently, or the program is smaller, or any one of a million reasons.

Suppose there were only one version of Linux, or only one version of BSD. How would you know that the codebase was at its best? Having competitors to steal from and copy is no bad thing, IMO.

You seem to be saying that there should be only one model of car, the Ford Model T, and only as long as its black.

I think that having many different models is good for the end user and good for the quality of the models that get produced.

KTB:Lover, Poet, Artiste, Aesthete, Programmer.

Re:Yeah kinda how the 'original' unix forked...

[Kiss+the+Blade]

There's no "global maxima" associated with the concept of "better"

I never suggested there was.

why invoke the concept of "winning", when you're not necessarily pitting the different flavors head to head?

Well, it's complex. Consider Gnome & KDE - they are in competition in the most general sense. It may be that for some specific purposes, one can do something that the other cannot, and in these instances there is no competition. But when that occurs, I would suggest that the time has come for a code fork, or for some other flavour to be modified so it can do the same task.

I can't believe that it would be good for Linux or BSD to have a completely minimalist overall code base, with one program for each task. That would sterilize it.

KTB:Lover, Poet, Artiste, Aesthete, Programmer.

GPL?

[cpeterso]

If Theo is so afraid that others will steal his code, why does OpenBSD use BSD license? I imagine he cannot "relicense" the original BSD code under GPL, but perhaps he can GPL his new code..?

SMP isn't a show-stopper

[jslag]

What is the point? Why bother if you aren't even going to put in SMP?

When you consider how many high-volume web sites are run by farms of uni-processor web servers, you'll start to see the point.

Re:No plans for SMP...

[jslag]

market leading products will not be produced because parts of that product will not be "sexy" enough to develop.

Wrong. Whatever you consider "market leading" to mean, OpenBSD is an excellent counterexample; it is clearly the most secure network OS available, and it reached that status via a non-sexy path: digging through every line of the code, over and over.

Unless by "market leading" you mean "buzzword enhanced", which is another story entirely.

Crypto edge has been lost

[gruntvald]

I recently got OpenBSD 2.7. It came wrapped in a canadian newspaper, which, in itself was quite fun. Well, imagine my surprise during the (freakin' horrible) install, to discover that it *didn't* have openssh out the box, that it would have to be downloaded. Bah. 2 weeks later, my corporate subscription to RedHat dropped 7.0 in my mailbox. Openssh and openssl were part of the standard install. Bam.

Re:This is ridiculous.

[FiDooDa]

"What is the point? Why bother if you aren't even going to put in SMP?"

Maybe being able to use a system as a firewall/gateway that makes me sleep at night because i feel confident that it will not get h4X0red.

I really don't give a fsck if it doens't have SMP support. What's the REAL percentage of online SMP boxes anyway? I'll admit the it is really nice (and usefull) but i'm sure there's a majority of sites that simply don't need it (yet).


---------------------------
"What is the most effective Windows NT remote management tool?

Re:This is ridiculous.

[DeathBunny]

Nice theory kid. Meanwhile Theo has put his money (or at least his labor :-) where is mouth is and and written an OS with an unmatched security track record.

Before you go shooting you mouth off saying that OpenBSD is "ridiculous" an "should be scrapped" why don't you show us the security record of the OS you've written?? Oh wait, I forgot, you haven't written jack....

I agree that Theo comes across as pretty abrasive, but I can't fault the caliber of the code he's produced.

>4. Theo is obviously so closed minded that no
>efficiency ideas are ever going to occur to him

There's a fine line between closed minded, and very, very focused.

Re:why bother?

[wozz]

A few points

1) OpenBSD's documentation is probably the best there is on a UNIX derivative OS. I've never seen another that could hold a candle to OpenBSD's man pages.

2) Who says OpenBSD is interested in a huge market share. Microsoft has a huge market share, and their products blow goats. I've been using OpenBSD since their first CD was released, and I think I have a fairly good idea of the mindset behind the developers (or at least Theo). They want to produce the best piece of software they possibly can. Forget all the rest. Everything else is secondary to that goal. OpenBSD's code is probably the cleanest and most correct of any operating system on the planet and every minute they spend away from keeping it that way is a minute wasted (at least in my mind)

3) Anyone who picks an operating system based on how nicely the developers treats you isn't an engineer, they're a mindless sheep. If you chose Linux over OpenBSD because, for example, you need SMP, that is an engineering decision. If you chose Linux over OpenBSD because Theo was mean to you, thats a mindless sheep decision.

4) If you don't like it, don't use it. Better yet, if you don't like it, fix it! There's nothing stopping you from writing better documentation if you find it lacking. I, as a long time OpenBSD user, would prefer the OpenBSD community stay filled with folks who are willing to use their minds (and the excellent documentation and source code) to solve problems, rather than complaining on mailing lists where the questions been answered 300 times this month already.

5) Theo has a right to be elitist...he's earned it.

Re:why bother?

[wozz]

I don't need anyone to write more documentation. I find the included documentation just fine. If you don't, write your own, I'm sure developers would be happy to answer your questions if they knew it was going into some documentation for others to use. Developing documentation for something is a great way to learn. Thats why they make you do all that writing stuff in college. What do you think physics students write about?

Re:I/O bound?

[stab]

Mind you, a box like that would never, ever, face the Internet directly.

That's the key point - I wouldn't really use OpenBSD for what you describe; probably one of the commercial unices which are tuned to the specific multi-proc hardware that they run on.

For x86 and single-proc Sparcs though (the only archs I've used OpenBSD on), it rocks hard! SMP would be 'nice', but certainly not something I'd lose sleep over not having. Also, I would prefer it to be implemented properly, and not with horrible global kernel locks lying all over the place ...

Re:This is ridiculous.

[stab]

For these types of ultra secure tasks, there should be extremely limited cases, and ideally no class of errors that would be "subtle" when it comes to standard library calls. I would suggest that C is not a good language to write a secure operating system in, because it very obviously requires too much manual labour to weed through the subtleties of it's operation

Uh, right. So go ahead and write an entire operating system in a new language then. Don't forget to design the language first though! Remember the C-bashing thread on Bugtraq over the summer? Whatever its limitations, we are stuck with C ...

2. The proper approach seems to be a very limited operating system, perhaps in C, with a virtual machine over that which is proven secure, thereby giving at least strong security to every application then running ontop of that VM.

Nice theory, much like many of the other 'ground-up' papers I've read. And meanwhile, while you sit posting and postulating on the great designs that will rule the operating systems world, I'll just use OpenBSD, and be happy with the stability and reliability of the system. Perhaps I'll look you up in ten years when you've finished this idea?

What is the point? Why bother if you aren't even going to put in SMP?

I really, really don't care whether or not OpenBSD has SMP. If I need a faster box, I'll just upgrade to a faster processor. The majority of server systems these days are either I/O or connectivity bound these days.

Re:So You WANT to Be Exploited?

[Lazaru5]

It wouldn't kill it off because you would continue to work on your BSD Licensed software. You, as most OSS developers, do what you do because you enjoy it. Relating it to the current story..Theo has said that he would still work on OpenBSD even if he was the ONLY user.

The only 'killing off' would be from a marketing and economic angle, which doesn't matter to the up-all-night hacker types. If it does, then don't write free software.

Do you write it so you can sell lots of copies (Media sales or Linux based dot.coms, whatever) or so you can have good software and be respected by your peers?

Life is better in the Bazaar.

Re:So You WANT to Be Exploited?

[Lazaru5]

Why are you so shocked? It's BSD.

It is NOT exploitation. Nothing is stolen.

The CVS repository does not disappear when a commercial company uses the software it contains.

The people behind a given project continue to work on their project. That does not suddenly stop because some company is selling it or something based on it.

6 months later the project releases a new version. The company is still behind. They could work on it from the point they started using it, or they could use the new release. Since they have to keep tracking new rleases anyway, they could even (and many do) help by giving their changes back to the project.

And even if they don't (and many do), the project members spent those hundreds of hours of work doing what they loved and could care less what some company does. They want the fruits of their labor to fall into as many hands as possible. BSD allows and encourages that.

GPL zealots are hypocritical. If you're so worried about The Man making money off of you, why are you writing free software?

Tell me, would you rather write free software because you WANT to or because you HAVE to?

Re:This is ridiculous.

[Matt2000]

That's a good point about firewalls, that's an important use of this OS. However, I would have though it would be easier to lock down a firewall machine with existing the existing OS than audit the whole thing? It's my understanding that this audit will attempt to make the OS more secure for more "dangerous" tasks, where more ports need to be open, more applications are running and generally the machine is used for more things.

In that case, then I think SMP starts to become a necessity for any major server OS, otherwise it'll never be put on any of the really big machines that could benefit from all the enhanced security.

This is ridiculous.

[Matt2000]

Here's the main point, before we even get started: This project should be scrapped, there are easier and better ways to do what is being done here.

Now the reasons.

1. The fact that you need to go back and hand audit libc calls for "subtle" errors means that the wrong language is being used for the majority of these tasks.

For these types of ultra secure tasks, there should be extremely limited cases, and ideally no class of errors that would be "subtle" when it comes to standard library calls. I would suggest that C is not a good language to write a secure operating system in, because it very obviously requires too much manual labour to weed through the subtleties of it's operation.

2. The proper approach seems to be a very limited operating system, perhaps in C, with a virtual machine over that which is proven secure, thereby giving at least strong security to every application then running ontop of that VM.

Yes you'll need to audit that first limited OS and kernel, and yes it'll probably be in C, but let's limit the scope of that code severely. Plan to take a huge performance hit on running everything on that VM but make sure that it's totally secure, do whatever it takes to make sure that everything running on it is protected from itself and other programs. This is the only possible way to make an extensible operating system that is in any way secure, otherwise any software that is later added to the system will either need to be painstakingly audited or not installed. Performance should be a minor concern at this point as VMs can later be optimized, and security should be of prime importance.

3. After they finish all this auditing, we're left with a non-SMP capable OS with limited software of a similarily secure nature to use it with.

What is the point? Why bother if you aren't even going to put in SMP?

4. Theo is obviously so closed minded that no efficiency ideas are ever going to occur to him.

Witness his response to the question about distributed kernels - (in summary) "I have no idea what they are, but they're not useful to me." Great.

It is my opinion that people of this caliber of programming should be spending their time at doing more useful, or perhaps better thought out work.

Moderate at will.

Re:This is ridiculous.

[Hard_Code]

There are plenty of operating system projects taking different approaches and making innovative, if not immediately useful, new operating systems. And in fact I agree with you that the purpose and utility of operating systems, of software development itself, is shifting and needs to be continuously rethought. But I don't understand why you are suggesting OpenBSD developers drop everything they are doing and become computer science grad students playing with theoretical operating systems. They are trying to make BSD Unix more secure. If you don't like that, fine. But you might as well ask me to build a new house instead of "wasting" my effort insulating my current one this winter.

Re:This is ridiculous.

[drinkypoo]

In that case, then I think SMP starts to become a necessity for any major server OS, otherwise it'll never be put on any of the really big machines that could benefit from all the enhanced security.

SMP may become a requirement for EVERY OS before we reach 4GHz. I was extremely disappointed to see that Microsoft had not put dual-processor support into the Personal version of Whistler, especially since MacOS is SMP.

Anyway, when you get up into the range of microwave radiation (Actually everything between 100MHz and around 120GHz, but for our purposes, things get really interesting around 4GHz) then it becomes difficult (in theory) to make a chip that doesn't simply cook itself.

At that point, it would seem to make systems simply more and more parallel. Hopefully one day you'll be able to plug chips of various types into the same machine and assign various tasks to them (including kernels) but I'd be happy with simple 8-way SMP.

However, since we're quite a ways off from that point, I can see how Theo wouldn't be worried about it at the moment...

Re:This is ridiculous.

[spud_daemon]

I must say that I have trouble sharing your view point of all this work being useless.

If we forget for a minute that the primary motive of all this work is to build a secure OS, lets see what else this programing style achieves. First off their approach is to fix implementation errors and remove poor programing in order to achieve their security. So not only are they building a secure OS, but it will lead to a well designed and stable OS. I must say that I wish more software was built with this rigorous testing and auditing. PC's have been around for pretty much 20 years now and in that time the philosophy of "if it works its good enough" has yet to bring us a robust and stable OS. I think that this style of testing and system approach is long over-due. Thanks OBSD.

Re:This is ridiculous.

[rpeppe]

2. The proper approach seems to be a very limited operating system, perhaps in C, with a virtual machine over that which is proven secure, thereby giving at least strong security to every application then running ontop of that VM.

Yes you'll need to audit that first limited OS and kernel, and yes it'll probably be in C, but let's limit the scope of that code severely. Plan to take a huge performance hit on running everything on that VM but make sure that it's totally secure, do whatever it takes to make sure that everything running on it is protected from itself and other programs. This is the only possible way to make an extensible operating system that is in any way secure, otherwise any software that is later added to the system will either need to be painstakingly audited or not installed. Performance should be a minor concern at this point as VMs can later be optimized, and security should be of prime importance.

this is exactly the approach taken by Inferno, which was designed and built by some of the best minds in computer science. (e.g. Dennis Ritchie, Rob Pike)

the approach works very well; the only downside is that because you are doing things better, they are different which means you actually have to learn some new stuff. even if the new stuff is actually more simple, easier to use, and safer than the original. people seem to prefer to learn new immensely complex interfaces such as Windows or Java... beats me why!

you can get it from http://www.vitanuova.com/inferno/.

and it's not slow either.

Pizza 'n' Beer

[drenehtsral]

I'm glad that there are still geeks out there that aren't ashamed to admit to enjoying steriotypical geek food like Pizza and Beer. I remember years and years ago I was reading some book on learning UNIX (I can't for the life of me remember what. This was a long time ago...) but it suggested that if a user got stuck with a particularly tough problem, and they'd tried all the obvious approaches, they could probably convince their local UNIX guru to give it a shot in exchange for pizza and beer.
In any case, lately I've noticed that a lot computer geeks have been trying very hard to shake that reputation, image, and social stigma. The modern "tech boom" has created this new social respect for people who used to be misunderstood, and so many of these people (luckily not including me) have been trying very hard to shake those easily caricatured "typical geek behaviors" while they have their time in the sun.
I'm glad to see traditional geeks, down to caustic remarks about other people's coding (who else but a geek could that get worked up about it that it's a personal matter!). I'm glad, it makes me smile, 'cause that is the sort of person who made life interresting for me as a young geek, and hell, i hope they are around for ever...

Re:Pizza 'n' Beer

[Tower]

Hey, another Guinness drinker - you wouldn't believe the strange looks you get in MN when you have a beer that you can't read your watch through... You'd think I was from another planet (well, I *am* from NJ...)

--

Re:Pizza 'n' Beer

[bscanl]

Pizza maybe, I've never seen beer associated with geekdom. Bunch of namby-pambies with their Jolt Cola usually, I prefer to code with a nice thick guiness in hand (tho not with beer, i like fat tire with my pizza) Gah. Unless you have a tap in your gaff. Guinness is piss out of a can.

Re:Pizza 'n' Beer

[l-ascorbic]

Inspired, thoughtful, intelligent code comes from sticking with my trusty bag of skunk. Does slow you down a bit, mind.

Re:So You WANT to Be Exploited?

[Bob+Uhl]

It's not caring about someone making money off of one's software--that's a given under any OS license. What GPL-types worry about is someone taking that code base, then closing it off--thus getting all that development work for free. If, say, M$ took a BSD'd Linux and slapped M$ Linux on a thousans store-shelves with a few proprietary incompatibility extensions, it might very well kill off the real 'BSD-Linux.'

BSD advocates believe, I think, that given a choice between X for free and X' for a price, X' will cost only what the added value of the ' is worth. I would like to agree, and in a perfect market I would agree. But there is no perfect market in the world today. People, being morons, are quite happy to pay $x for X', where $x is the total value of X', not simply the added value, even though economically it would be smarter to use X for free, getting all the functionality of X' save ', but saving an amount of money equal to functionality(X)+'.

People are the problem.

The GPL is a nuisance, I agree. If this were a sufficiently more perfect world then I would most definitely use BSD. But it's not, and thus I don't. The BSD license allows more freedom--that's a good thing. But the GPL protects freedom. The one is like three acres of apples, exposed to the birds and the beasts. The latter is like an acra of apples, with farmhands to scare away the animals. At the end of the day, the tended land has more apples. Thus with the GPL.

Re:No plans for SMP...

[CSC]

Well, just go ahead and implement it yourself. That's just what open source is about... stop bitching, help instead of complaining!

This is not intended as a troll. This is a quite serious answer.

Re:I would've asked about automation of analysis..

[DarkMan]

I would disagree.

Automated code modification would lead to a situation where the developers would just sit around and think of vunerabilites.

Rather than haveing to look over the same code 14 times, and get to know it. There is something to be said for forcing yourself to pore over every line, every bracket, every semicolon of the code, and check everything.

From what Theo said, it sounds like while they are fixing one sloppy piece of code, they note another bit when they are part way through.

This makes lots of sense.

Where are they going to find new mistakes from if they don't go through all the code.

This is not just of the top of my head, btw. I write scientific code that has to be correct, where there is no way of testing the output. It's amazing how often subtle bugs are missed.
--

Re:Forks are Good!

[PapaZit]

Theo Said:
In Linux land, it appears that projects fork for financial reasons. In BSD land, it appears that the forks that have happened were purely political reasons. I don't know what will happen. It's been 5 years since the last fork in the BSD camp. Why are you guys so fork paranoid?

I suspect that the question was rhetorical, but it deserves an answer. I'm putting it here, with the other fork comment, even though it wasn't written as a follow-up to that comment.

Simply put, it's (too) often used as an object lesson in Linux land. Whenever an argument gets too heated, someone jumps in with "if we keep acting like this, we'll end up like the BSDs." Meaning, I suppose, "fighting over a very tiny percentage of mindshare instead of working together to take over the world."

I suspect that Linux is headed toward a fork. Linus and Alan Cox have been leaving things out of the kernel (like a debugger) that a lot of people want. As there's no charter or formal organizational structure, I think that a coup of some sort is inevitable. When it happens, the interest in the Net/Open split will rise to a crescendo.

I have friends who are OpenBSD advocates, and others who are NetBSD advocates. To hear each side talk, the other side writes crappy code between bouts of trying to ruin BSD for everybody. It's depressing, particularly when I think about what could happen if their talents could be combined. Or, if they would just shut up, stop sniping at each other, and code.

I'd love to see some sort of cross-bsd advocacy organization to help users take that middle step. Help with porting of cool shit between the BSDs. Make generic cross-BSD documentation. Help people decide which OS and user/developer community is right for them. etc.

Unfortunately, that requires a friendlier attitude than I often see between the BSDs. Charges of "code theft" particularly frustrate me. That's the whole damned point of open source: Seeing the good stuff, learning from it, and using it.

--

Re:Do it right!

[Omar+Djabji]

Come on!

There is a big difference between adding big new features and fixing the features that are already there.

If you want to squeeze everything into the airplane metaphore, its like saying:
"We dont want to add a second set of wings to our jumbo jet, thereby reducing wingspan and increasing lift, untill we have fixed all the wiring problems that our current jets have."

Re:Why didn't he address my question?

[Omar+Djabji]

What people like you fail to realize is that people like Theo fail to care if you use their software. They put in the work because they want to make a good operating system. If people use it, then great.

What Theo seems to care about is that people use good software. He is putting his efforts into making OpenBSD good, and thus providing people with an option to get good software.

Even if the userbase dropped down to just the developers for some reason, I bet that they would continue to build the project because they take pride in making a system that doesnt suck.

If you think that quality is all about the number of users, then go use Win98. I am sure you will be much happier.

Re:Where the money goes

[CBravo]

I guess there is a difference between you and Theo :-)

Re:distributed kernel ...

[Zurk]

Simple. distributed kernels run on more than one machine at once with an interconnect between them. The interconnect can be NUMA/CrayLink/Ethernet/TCP/IP or something which passes data fast and the kernels have to share memory and processors across differing architectures and types. a good example is MOSIX..which is basically simple extensions to the linux kernel to make it distributed as far as processes go. Add LVM and GFS to distribute disk resources and reasonably fast internconnects and youre all set.

Re:Forks Are Good?

[Tower]

Oddly enough, it's easy(or easier) to eat ice cream with a fork (as opposed to chopsticks). Better for most soups, too - although you just can't beat a spork, especially one that has been properly fooned.

--

Re:Where the money goes

[Tower]

Au contraire - I was finishing up a small project for a course I'm taking (pipelined risc processor in Verilog(yuck)) and nothing gets the gate-level modeling flowing like a good pint of Guinness.
I'll agree that the US and Canada can't seem to make a decent beer... the US has a real bad track record... midwest megabrews, Natural Light, Utica, Keystone, anything that says 'ice', etc...

Of course, the Guinness doesn't taste as good here in the Midwest, either...
--

Re:Where the money goes - Totally OT

[Tower]

I've had plenty of Sam Adams (better than most)... I wouldn't even call it local anymore - If I can buy it in NJ/NY, WI/MN, CA, LA, then it's not really 'local' anymore.

I know of many pubs that brew their own stuff on the East coast, and it's worth the trip.
--

Re:Where the money goes

[Tower]

Maybe I'll try something from Big Rock, but most of the Canadian "beer" that I've seen (especially the big brews) has been as cruddy as the "Rocky Mountain Urina^H^H^H^H^HStreams" that this other "beer" comes from.

My favorite Canadian beer is Elsinore, since I found a mouse in the bottle...
--

Re:No plans for SMP...

[Tower]

SMP got a lot of attention when NT showed that they scaled significantly better than Linux... Generally, that's all that's needed, is for MS to claim a (legitimate) technical superiority to Linux, then a bunch of people work like hell to improve it. The 2.4 SMP is significantly improved from 2.2. MS doesn't really benchmark against OpenBSD (they aren't the "Big Threat"), and even if they did, security >> performance for OpenBSD, and I doubt that there would be tons of effort poured into performance enhancements...

As for the UberOS(TM) - That's where the ideas of microkernels and modules really comes into play. Granted, there are always tradeoffs, but theoretically, a microkernel is infinitely adaptable...
--

Re:No plans for SMP...

[Tower]

Note that the POWER/PowerPC line is well past 500MHz, but the dual-core chips with Altivec are the ones that can't make it... kinda sounds like that ceiling on the PPro. Once you lower the clock to the L2, or move it onto the same die, it makes it easier (clock wise, not necessarily yield wise).

I wouldn't blame IBM for this, but then again, they give me a piece of paper twice a month... that, and I've seen [CENSORED - IBM Confidential]. So there! ;-)
--

I/O bound?

[chazR]

The majority of server systems these days are either I/O or connectivity bound these days.

Numerically 'the majority', maybe. If you count every pathetic little Intel box connected to a DSL line a 'server'.

I am happily able to nail 64 processors on a Starfire to the ground without filling up 8*1Gb/s outbound pipes. All you need is a big database and 30,000 users.

Real computers, properly configured, running real tasks run CPU-bound. If yours isn't, hire a real engineer.

Mind you, a box like that would never, ever, face the Internet directly.

Talk is cheap. Write the code

[chazR]

Your point being?

If you want SMP on OpenBSD, download the source, buy a selection of SMP boxes (twin-processor Intel is not enough to be useful, really), and spend a year or so hacking out the code. If you find it interesting, that is.

OpenBSD is a free operating system. It's actually very good. If you want to add stuff, all you have to do is write it and compile it in.

If you lack the skills to add a feature you want, you can hire someone to do it.

Go for it. If it matters that much to you, an investment of maybe as little as $250,000 will be worth it. But either put your time or your money where your mouth is.

Share and Enjoy.

Versioning...

[HMV]

Was the last plane you were on using front wheel version 2.7 or 2.9? You don't care.

If I'm flying on the plane, no, I don't care. But if it's my job to assure to the plane's occupants that it is in the best possible working order, you're damn right I need to know everything down to which tires are on the plane.

Do you think the owners of Ford Explorers care a little bit about which version of Firestone tires are on their vehicles?

Design vs. Implementation

[cyanoacrylate]

Theo complained about people doing implementations that had subtle bugs. Further, he didn't have confidence, in the masses doing coding, to learn about those subtle bugs and to actually learn how to use the interfaces correctly.

He then goes on to say that he really doesn't care about kernel design, so long as the kernel design works.

These two issues are completely different.

Lets face it - he's an implementation junkie. Which I would guess was not, and still is not, popular with the NetBSD crowd, as he probably had to step on a few toes...

'You're not using strcat correctly. You've introduced 6 exploitable bugs into the kernel'

'What do you mean I'm not using strcat correctly?? I've been coding since I was twelve years old!'

Cyano

Re:Design vs. Implementation

[MycroftXXX]

Just as a factual point: Theo left NetBSD long, long before OpenBSD was started, and even longer before OpenBSD started touting itself as "ultra-secure". So, this had absolutely nothing to do with "stepping on toes" to make code more "secure".

Forking

[kubalaa]

Why are you guys so fork paranoid? Do you want everyone to vote for the same political party, too?

I just have to point out the flaw in this reasoning. A political party represents a unique ideology in an abstract sense. A fork also represents a unique ideology, but in a practical sense. If you're a democrat, you believe in welfare. If you're an OpenBSD developer, you believe in security AND you develop software towards that belief.

The problem with too many forks (not that some aren't good) is that it thins programmer resources. The differences in implementation between two forks are, by definition, going to cause incompatibilities between them, meaning at some level programmers have to "choose sides" and decide which ideology to develop for, or do LCD compatibility. If you get too many forks in the open-source, it will be impossible to maintain the critical mass of programmers necessary for providing a comprehensive library of software which takes advantage of the specialties of any single system.

In a political party, on the other hand, while many parties exist, "development" (i.e. practical implementation of ideology) is only going on in ONE place: the government. Your analogy would be more like if each political party decided to take over a different part of the US and declare itself sovereign, which is at this point clearly unproductive and inefficient given the way the US has adapted itself to function well as a single entity.

The corrected analogy carries through well; in other countries we have good forks, which represent ideologies so different that forking is inevitable and staying together would be a resource drain.

Of course, these things are self-limiting; an unnecessary fork will simply not be able to survive for long, or one of two similar projects will eventually end up gaining dominance and reducing the other one to a minority. The point is, forks are only good sometimes, and it's got nothing to do with political parties.

What is a "black hole route"?

[divec]

NetBSD has maintained a black-hole route to the OpenBSD project networks for roughly four years

What exactly does this mean? That packets from openbsd.org to netbsd.org are just swallowed without trace?

Re:What is a "black hole route"?

[billstewart]

The classic meaning of the term is that not only do packets from blackhole-perp.org to target.org vanish without a trace, but that blackhole-perp.org is advertising "Hello, world, I'm a great way to reach ip_address_of_target.org", so that packets floating nearby destined for target.org get sucked into the black hole.

I have entirely no knowledge of what events occurred between the two groups or whether they were fighting over a network and its routes, but that's the usual meaning.

Re:Out of Context you fucking moron

[Fourthstring]

He is, but he probably believes in his misquote.

Do it right!

[devphil]

Can you imagine if a Boeing engineer didn't fix ALL of the occurances of a wiring flaw? Why not at least try to engineer software in the same way?

Hear, hear! Two of my pet peeves right there:

(1) Why is it that the same bugs keep reappearing? Why is it that we assume bugs only occur in one place? Why is it that we hear, "I fixed the bug," as if a programmer can only screw up in one place?

(2) Every other piece of engineering goes through major scrutiny. Teams are brought in from the outside to look over blueprints. For open source software, we assume that just because anybody can look at the code, that everybody is. Even in OSS, we need to go to outside, objective reviewers and say, "Here's some money, and here's our code [or maybe, here's the URL for our code :-) ]. Please review it and tell us where we screwed up."

Mr. de Raadt knows his stuff; the coders do this themselves, and they take it seriously.

Re:Do it right!

[eightball]

Not having SMP is not a flaw, it is a lack of a feature.

Considering how much scrutiny their code goes through it would be quite a lot of work to get SMP code up to OBSD's standards.

Re:Do it right!

[jon_c]

Can you imagine if a Boeing engineer didn't fix ALL of the occurances of a wiring flaw? Why not at least try to engineer software in the same way?

but what if?

it's a lot of work, and not considered the most interesting thing to our developers. Sorry

shit. what if it's not interesting to fix a big fat gaping hole? what if it's too much work, and "just not interesting!"

gasp.

-Jon

what theo might say to this...

[_peter]

Here's the main point, before we even get started: This project should be scrapped, there are easier and better ways to do what is being done here.

"And what have you done so far?"

If you have a better idea, then by all means, implement it.

Re:distributed kernel ...

[jovlinger]

Given that Theo indicated that an SMP kernel was currently infeasable, I'd suspect that a distributed kernel (of which an SMP appears to be a special case) is pretty unlikely.

charitable donations

[Trailer+Trash]

(And I must ask, why are people so cheap, that they only give donations when it provides a partial reduction in their taxes, rather than a real donation? I actually find that pretty fake.)

Econ 101, Theo. It provides you with more money if people don't have to pay taxes on the money that they give. It's the same way that sales taxes are split between the store and the consumer simply because in the absence of sales taxes, the store could charge slightly more for a product.

Don't make me start drawing supply & demand curves.

Michael

Re:charitable donations

[nzkoz]

ECON201

The distribution of sales tax between consumer and producer depends on the elasticities of supply and demand of the good in question.

Goods with a highly elastic demand will lose HUGE amounts of demand if they increase price with a sales tax.

But of course you knew that didn't you :-)

Re:Theo: Version Number Specifics

[uSuRa]

Theo never treathened us with legal action in regard with the openssh.org domain dispute.

--

Don't knock Canadian Beer!

[Evil+Dr.+Go]

Eh! Whenever I'm at a new pub, I usually go through my beer choices by listing everything that isn't a Labatt or Molson product. Usually results in microbrew choice. Better than drinking the brown water in those brown bottles...

Re:But he doesnt follow his own advice

[lscoughlin]

Lets see... your comment would be useful and interesting except... it's so utterly and completely out of context it's not even funny. In the first case, he was talking about implementation. Just "Good Enough" implementation is a very bad thing, leaves all sorts of issues open. In the second case, he's talking about a specific conflict of design consideration in the context of inherit security to a given design. He doesn't think that either design has any inherit benefit as far as security goes, as long as the implementation is more than "just good enough". Perfectly consistent. oh no... I've been trolled... damn oh well. -T

Re:Where the money goes

[0xA]

Hang on there buddy,

Just because Americans can't make beer that doesn't taste like mouldy water doesn't mean that Canadians are equally challenged.

Next time you're up in the great white north try and get your hands on something made by Big Rock breweries of Calgary. That's good beer.

I will agree that anything they put 'ICE' on the label of isn't fit for dogs.

No plans for SMP...

[selectspec]

At this time, we are not working on SMP. It's a lot of work, and not considered the most interesting thing to our developers. Sorry.

sigh...sigh...sigh...

Re:No plans for SMP...

[selectspec]

There's a difference between bitching as you call it and being disappointed. I'm not interested in implementing SMP on any of the BSD's, because linux works pretty well, and if I'm going to use more than 8 CPU's I should be able to afford Solaris. However, if any of the BSD's are every going to get past running my router and my firewall, they'll need some support for SMP.

Re:No plans for SMP...

[jon_c]

That quote got me to. as a matter of fact I made it my sig. An argument i hear frequently against the "OpenSource(tm) Movement" is that market leading products will not be produced because parts of that product will not be "sexy" enough to develop.

this certainly verified that point. can anyone think of other features that open source projects need that aren't done because there not interesting?

-Jon

Re:No plans for SMP...

[DrgnDancer]

YOu ignore a couple things in this though. First, I can't implement it myself, I am a medicore programer at best, and would not know where to begin. The poster was commentlin on the commercial viability of Open Source. Let's say my dad needs an OS for his bussiness, and somehow you mananged to dodge all the issues of actualy teaching him Unix, and getting him accept that that was some valid reason he should learn all this new stuff rather than just pointing and drooling through Windows. So dad here you go.. OpenBSD, the most secure OS in the world, course if you want to use on you dual CPU server, you are going to have to learn how to rewrite the Kernal for SMP support. Dad would laugh all the way to CompUSA. Commercial success is going to require more than "Just develop it yourself", if people were willing and able to do that, Windows would not have a 90 % marketshare.

Re:No plans for SMP...

[drinkypoo]

OpenBSD, the most secure OS in the world

This is possibly a misnomer. OpenBSD is not necessarily the most secure OS in the world. It is certainly the most secure free UNIX in the world, and more secure than any M$ offering.

Commercial success is going to require more than "Just develop it yourself"

I don't think Theo is that worried about it. He would like people to use his OS, but he's not going to beat himself up over it. He writes OpenBSD for himself first, and the world second; He would like the work he does to be for more than himself, but I don't think he loses sleep over the fact that some people don't use OpenBSD because they need SMP.

Re:No plans for SMP...

[mrbinary]

I agree with both sides on this unfortunately... I too would love to know that OBSD was able to scale to multi-processors, but I realize that compared to other Open-Source projects it's dev team is miniscule at best.

Linux has been pushing hard to be the best that it can be on a wide range of fronts including SMP, so to the external world the Linux kernel team is competing with NT/Slowlaris/AIX/..., even though internally they (Linux kernel team) may have just thought that it was a task worth tackling or something that interested them. The OBSD team doesn't find SMP that interesting and because of their size maybe that's not too surprising. The more people on the team the greater the likelihood of somebody wanting to get feature X done.

But while the Linux team has been pushing the edge of the envelope on several fronts, security is not necessarily one of them. Please no flame responses, I'm not trying to knock Linux or any of the Open Source projects lumped under that banner but my assertion holds water. This is where the OpenBSD team pushes the envelope, because this is what interests them.

Also, if some company wanted it badly enough, they could ask the OBSD team to develop it for a fee (several posters have indicated they use it on production machines - hint, hint). As a casual user of OBSD with no need for SMP support (also a mediocre at best programmer - I wish I could be of help), I'm satisfied with what I get from OpenBSD currently, even though I'd love to know it could do more.

Bottom line I'd say use OpenBSD for a secure workstation and firewall, and Linux or a commercial *NIX if your installation really requires an SMP server OS.

----

Re:No plans for SMP...

[l-ascorbic]

This does seem suprising. It seems that they take powerpc seriously (especially if they've bought four). You would think they'd take into account the fact that all the top end Macs are dual-processor. This will remain the case until Motorola and IBM emerge from the Great Clock Freeze and get past 500MHz.

Re:What an asshole

[TheKodiak]

It's interesting how little someone's intelligence comes up when they're not an asshole, isn't it? Nobody talks about how it's hard it is for Knuth to relate to morons.

Hey! I've got an answer!

[TheKodiak]

"(And I must ask, why are people so cheap, that they only give donations when it provides a partial reduction in their taxes, rather than a real donation? I actually find that pretty fake.)"

I've got an answer for this one! Well, sort of - I don't know why people are cheap. But I do know why people who AREN'T cheap still would prefer to donate to a non-profit organization. First, the constrictions placed on a non-profit organization reassure some people that their donation stands some chance of being used for the purpose they think they're donating it to. Second, if I have $10,000 I don't need, and want to donate it to someone, if I donate it to a charitable organization in the U.S., I can donate $12,000 for the same eventual out-of-pocket as if I donated $10,000 to an organization without charitable tax-exempt status. So the second organization would have to convince me that it will make better use of my money.

Sure, most people don't explicitly view it that way, but when you look at the bottom line, there's not much difference between "if I give $500 to them, I get $100 back. if I give $500 to THEM, I get nothing." and "if I give $400 to them, I could actually give $500. if I give $400 to THEM, I can only give $400."

Is it any wonder?

[Pinback]

I begin to see why the branch happened. How many people could stay on a team with Theo?
The poseur attitude is getting pretty common around slashdot.
I've never met a Linux devotee who wasn't absolutely sure there was nothing better in the world than Linux.
They know very little, but they are sure they're right.
Perhaps the only thing sadder than a bunch of Linux freaks, are the apple people. Or maybe the OS/2 mutants.
Its funny how a good OS has attracted such a bunch of idiots.

Re:Forks are Good!

[jhines]

OpenBSD is also Canadian, so it is free of the sometimes petty US software export rules.

Re:Forks are Good!

[kkenn]

This has been relevant in the past, but it's basically a non-issue at the present time. For example, FreeBSD has blanket export permission for all things crypto thesedays.

Re:distributed kernel ...

[holzp]

hmmmmmmm... half a kernel over here, half a kernel over there?

Re:Using your own numbers.

[mr]

So who knows what the market penetration of any Open Source OS is?
The 'problem' is these numbers are 'sold' (some of this selling is alledged) by varing orginizations. Some of the numbers would be more correct (say netcraft) VS others (say gardner group)

The Open Source solution to the problem would be to have web server logs go to a central database. However, tampering could not be stopped with such an effort. The next type of solution is to scan the entire IP space and see what kind of OS is out there. The last public project shows in April 1999 that the BSD/Linux ratio is 1:2 (more or less).

Places like google or yahoo would also have a large enough sample space to provide useful numbers. If they chose to enlighten us.

At the moment however, all that exists on /. is a common AC troll who keeps claiming that BSD's numbers are dropping, yet has never provided an actual link, or actual numbers. Said person is unwilling to post these numbers, because, well, said troll doesn't have them. This same troll USED to claim that Applixware knew that BSD was dying, and that is why there would never be an appixware 5.0. Yet look, Applixware 5.0. Another person claims a web site that counts the number of linux distros, and this link has yet to be seen.

I was kinda hoping calling linux doomed on /. would have gotten some actual links. But alas, no such luck.

How can anybody get reliable numbers?
Buildiung to building searches looking for such installs?

Using your own numbers.

[mr]

(note how the BSD troll is responded to in kind. Numbers can be twisted any damn way a person wants. I'd like to see a %age breakdown of what each linux distro has. So, if you have a link to such a %age, please post it! About the only real point is when comparing BSD/Linux market share, FreeBSD has the advantage of market differentation vs the average Linux distro in the Open Source OS market. Otherwise, enjoy the flaming troll twisting of numbers in the spirit of the original AC's post. Merry Xmas!)

Bob Bruce of BSDi (previously of Walnut Creek) says FreeBSD's user amount is 20% of the size of the linux market.

If you consider FreeBSD and Linux all fighting for the same slice of the pie, how many of the 180+ linux distros have 20% marketshare? Lets see...given all distros have the same kernel, they are all alike. So the average market share for any linux distro is 0.55% or 1011 users per distro. So FreeBSD has a far greater marketshare and number of users than the average Linux distro for the Open Source OS market.

36400*5=182000 total linux users. counter.li.org says there are 162,680 Linux users. As you can see, the numbers presented as to why BSD is doomed are similar.

It looks like the individual linux companies, none of them strong enough to get any useful market share (1,011 users per distro) will doom the Open Source OS market to appear as a failure.

As you can see, Linux is very, VERY sick and its long term survival is very dim. And the stock prices of Linux companies show how doomed linux is. If Linux survives, it will be among OS hobbyists and die-hard users who read /. . But BSDi, having 20% market at present will rise to the top and become the default Open Source OS.

With the release of Apple's Mac OS X - based on BSD and selling 2 million units a quarter, you can see how just one quarter of Apple sales will outsell *ALL* of the Linux users.

(So there. Nahy!)

Re:Using your own numbers.

[epcraig]

So who knows what the market penetration of any Open Source OS is?
How can anybody get reliable numbers?
It's possible that every obsolete computer still in use is running an Open Source OS. Well, unlikely, but nobody can know how many copies there are, let alone how many get installed.

Re:But he doesnt follow his own advice

[naasking]

a 'good' microkernel based OS:

-QNX
-VSTa
-xMach
-Darwin
-MorphOS
-L4

-----
"People who bite the hand that feeds them usually lick the boot that kicks them"

Re:But he doesnt follow his own advice

[naasking]

a 'good' microkernel based OS:

-QNX
-VSTa

-----
"People who bite the hand that feeds them usually lick the boot that kicks them"

Re:Theo: Version Number Specifics

[thelaw]

we have to cut theo some slack in this area: he just doesn't have the kind of socially beneficial conditioning that others of us have.

in other words, he's tactless.

he once nailed me, adding (quite gratuitously) that he couldn't understand why people had problems understanding (now obsolete) patent issues with RSA in the U.S. but he does recognize a good idea, and he's not unwilling to take suggestions. i suggested that he add the information he had grudgingly given me to the openssh faq, and voila, number 19 on the openssh web page. granted, it's subtly biting, but it gets the job done.

jon

Does BSD + Public Validation of Code == GPL?

[cburley]

Reading this interesting interview, it occurred to me that an advantage of Theo&co's approach to OpenBSD amounts to a public validation of the source code for the system, because they, or, more precisely, their careful review of the source, is widely recognized as being of substantial value.

Now, if OpenBSD was GPL'd, a company couldn't normally extend it with, say, SMP support in the kernel and release it without source.

But it is BSD (X?) licensed, so a company can do that legally.

But what is the practical benefit of such a move, if done to provide a "better", e.g. more feature-ful, OpenBSD variant?

After all, without the source, if the proprietary modifications are substantial, customers of the proprietary variant will be less inclined to view it as being as "robust" as OpenBSD itself. (I'm assuming here that Theo&co haven't been hired/paid to say "we've done the same kind of review on the extensions [and signed NDA's], it's all fine", but even if so...?)

And if the distributor claims "the sources haven't been modified enough to risk harming security", wouldn't most who understand software respond "well, then, you can't have improved it enough to justify a proprietary release"?

See, I've long believed the real value of the GPL is to the end users who should/would/will/might demand source code for any software on which they depend enough to pay $$ for it.

But I've also long believed that this is not a value the customer places on the GPL per se; rather, programmers would tend to value it to ensure reaching those customers with their software, even in modified form, if they intend to sell their services to those customers down the line.

So other mechanisms that reinforce, for the customer, the perception that having the full source code could be just as effective as the GPL's requirement that source-code availability propagate with variants.

It could be the case that public validation of source code by known experts is one of these "other mechanisms".

Just a thought.

A checklist?

[NearlyHeadless]

Is there a list of the specific frequent mistakes found? This would be helpful so we could avoid making those mistakes in the future.

Also, we could perhaps work on creating less error-prone interfaces, as advocated in the "Candy-Machine Interfaces" chapter of Writing Solid Code.

Re:But he doesnt follow his own advice

[Smitty825]

the proof being that there isnt a 'good' microkernel based OS around.

While this is a very subjective topic, many people would argue that the Mach Microkernel found in Next/Open Step is pretty good, and IIRC, the BeOS is pretty good Microkernel, too.

Heh, I bet even l33t j03 would say Windows 2000 is a great Microkernel! :-)

Re:Er :Missing the point on floppy-based routers?

[limbostar]

Most of us don't have access to cyrogenic storage chambers, vacuum sealed sterile canisters lined with lead, or other methods of keeping a flimsy disk of plastic and metal from being destroyed by a determined four year old with a box of crayons, a screwdriver, and a refrigerator magnet.

One day that sacred copy of CPM/86 on original floppies will fail to boot and I'll laugh at you. Then I'll take a CD down from my shelf, make floppies from the images on them, and send them to you with a note reminding you not to trust floppies no matter how diligent in handling them you are.

--sjd;

Bashing Theo

[nanodroid]

Personally, I don't believe anyone has the right to bash Theo, especially when they haven't met him; and I believe that this kind of personal slander has no place in the 'open' world, and is simply immature.

Get those common bugs online!

[Scarblac]

So they've looked at 300M of source code, found *all* the common mistakes and fixed them, there must be hundreds of different typical errors.

Those should be online!! I don't know if they are, but that would be a really valuable resource for C programmers who want to improve.

Re:Hmmn?

[jallen02]

Thats not what I was pointing out.

When he speaks he just speaks in very certain terms, Okay I was being sarcastic, very obvious and pointed sarcasm, I like him I am serious about that

And now your doing the same thing I did making you a hypocrit by pretending to know my knowledge level, At least I was being sarcastic and trying to be a little cyinically humurous.

Lighten up, I know nothing about OpenBSD, What Theo De Raadt knows, how old he is or anything other than what he said in this article... anyways I tend to not evaluate something after JUST saying I have no idea about it nor the parameters it works in, even in the context of security you cant speak with certainty it will or will not improve something, most likely it will not, but how do we really know?

Jeremy

Re:Hmmn?

[jallen02]

Why dont you get a user account so we can discuss name calling and vulgarity directed at a person?

Jeremy

Re:Theo's Flare :-)

[hubertf]

Well, at least for the USB part, we don't have to want it as we already have it. 8-)

SMP is partly there (and wait until it's all ready in NetBSD, then everyone in need of it will be happy to grab it, too!). Journaling Filesystem? Hum, we'll see...

- Hubert

How it's done elsewhere

[hubertf]

FYI: If there are significant functional changes (i.e. changes that go beyond getting a package building and running properly) in NetBSD, it will get a "nbX" suffix, where "X" is a running number.

foo-1.2 => foo-1.2nb1 => foo-1.2nb2 => foo-1.3
(You get the idea).

- Hubert

Re:Hmmn?

[DrXym]

Would you care to explain what a distributed kernel is then since you seem to know?

Re:Know your interfaces? Bah!

[Pflipp]

There is some truth in what you are saying. And for the most ugly POSIX functions, glibc does even provide "GNU extentions"; alternative functions which are a little less ugly.

However, I can't see how it would harm any standard when some of these functions just wouldn't crash "as would be expected", but instead just did their job "against all odds". I don't think preventing crashes would be a violation of standards :-)

A good example are these funcs that crash upon NULL input. They wouldn't crash if they used NULL as a signal like "hey, there's no value here".

Or at least I expect glibc to fail safely instead of accessing memory it shouldn't. That would make stuff much more secure AFAIK. And you wouldn't always need a debugger to tell where the crash was.

The only reason I could think of for not doing these checks, is speed, but concerning string functions, it might pay to trade speed for security.

It's... It's...

Know your interfaces? Bah!

[Pflipp]

I have to admit I never gave any of the *BSD's a serious try, although I do realize how most of their culture works and how this culture differs from Linux (which it does a lot: note how Theo didn't even *understand* there could be different versions of system utitities such as tar available for one system -- or did he fake that? :-).

But I have been compiling against the GNU C library a lot, and I loathe it for the most part. Examples? Examples.

- from man strcpy:
If the destination string of a strcpy() is not large enough (that is, if the programmer was stupid/lazy, and failed to check the size before copying) then anything might happen. Overflowing fixed length strings is a favourite cracker technique.

- from man strcat:
The strcat() function appends the src string to the dest string overwriting the `\0' character at the end of dest, and then adds a terminating `\0' character. The strings may not overlap, and the dest string must have enough space for the result.

Yes, I especially loathe the string functions. If you feed them too small buffers, or NULL pointers, glibc just plain old crashes. In my not so humble opinion, it is glibc's _responsability_ as a C library to be flexible enough to allocate that stupid little buffer itself, or at least not to crash with segmentation violences! If I do the same things with GTK+'s glib, my program fails with a nice message, like "assert string != NULL failed" -- but even more often, it just allocates that stupid little buffer!

Now before you're going to say "look, if you want someone to keep your hand, go play with Java, not with C", please realize that all this could just simply _work_ in C with a few checks, and that not a single line of code would need auditing for these "vulnerability" anymore, if only this check had been made in glibc! That's the use of programming libraries, right? Not having to do soemthing again and again, so that you work with well-known interfaces and do not run the risk of making much mistakes.

You know, even Richard Stallman, author of this particular C library, agrees with me upon this point:

- from info libc
It's fairly common for beginning C programmers to "reinvent the wheel" by duplicating this functionality in their own code, but it pays to become familiar with the library functions and to make use of them, since this offers benefits in maintenance, efficiency, and portability.

Now the only sad thing from this quote is that it actually comes from the part "Strings and Array Utilities" of info libc, about which _I_ would like to say "It's fairly common for beginning C programmers to become familiar with the library functions and make use of them, but it pays to duplicate this functionality in your own code" -- if you catch my drift ;-)

Which makes me wonder how secure OpenBSD (and *BSD) is at the libc level, that is, how flexible and careful does it work with its input.

[Hmm and while I'm at it, is char++ endian-independent? Just wondering :-)]



It's... It's...

Never?

[TheLink]

If you want a chance to write code properly the first time it is a good idea to think through everything first before writing stuff and also write stuff well within your capabilities.

If you do that, it does happen. The code does what you intend it to, and your intentions were correct.

Cheerio,
Link.

don't like it?

[ArchieBunker]

Then don't use his OS. Its that simple.

Re:But he doesnt follow his own advice

[DrgnDancer]

OK, I agree that the original poster was blowing a debateable point out of proportion, but you are now doing something similar. First, you are taking taking one poster, and indicating that because this one guy misunderstood something (or even deliberatly blew it out of proportion), the whole interview is a wasted excersize, and possibly an indication of the lack of openmindedness and out right ignorance of the Linux community. This is Slashdot, people make comments that represent their opinions, not those of a communinty or of the site itself. What you are basically saying is "I don't think Slashdot should do interviews on subjects that are important to me, because someone will misunderstand something or disagree with me." If you don't want to find opinions that vary from yours, or want everyone to have your level of knowledge, don't read here. Similarly, Theo seem like a smart guy, he probably knows that his interview will have its share of trollish or ignorant comments and chose to do it anyway. He obviously thought it was worthwhile. As to your reaction to the questions, I think you are being a bit silly. This is an interview, sometimes in intereviews people get asked questions that they have already answered at some point in their lives. I personally do not spend large amounts of time puruseing the OBSD Usenet groups. I found the interview thought provoking and interesting. It put information into a digestable form and told me things that I would not have known otherwise. Obviously you know alot about Theo and OBSD... Good for you, perhaps you would not find a general information interview very interesting then. I doubt that personal friends or devoted fans of moviestars find interviews with them very interesting either, but the interviews are not aimed at personal friends and devoted fans. Most of what I learned in this interview, I would never have known otherwise, eihter I lacked the interest to research the topic or would not have thought of certain question. That is the purpose of an interview on a general interest website.

Re:But he doesnt follow his own advice

[DrgnDancer]

You probably won't read this at this point, since the story is pretty old, but I thought I'd reply. Certainly there are (were) quite a few negative comments to this article, just as there are to nearly every article on this site. Many of them made unreasonable criticisms, but I think you will find that the same happens to articles on Linux. In a community where fanatics are almost as common as neutrals, every article is going to have a healthy population of people who disagree with any given statement just on principle.

My UID is well over 100K and I have been around for a couple years... There are probably close to 3 or 4 hundred thousand people wandering around this place, and at any time half of them are either trolls (who will disagree and denigrate any proposition just to be contrary), or fanatics of a platform other than the one being discussed. I can recall seeing upward of half the comments on a recent article on Linux security being to effect of "to secure Linux, format the hard drive and install OBSD". Finding negative and even unreasonably negative comments is par for the course in this place. Personally I generally try to ignore it and move on, except when a certain comment strikes me (Like yours did). To me, the purpose of this site is to present information that I will find either personally or profrssionally interesting. I think what keyed me off about your comment was your implication that the article was somehow wasted because the Slashdot community was somehow unable to really comprehend the wonderfulness of OBSD. Sure there were negative comments, there always are, but for each of those negative comments there were probably a thousand people who read the article and just filed the information, and a hundred people who (Like me) had their interest piqued and went and learned more.

I actually rather like man pages, but previous to this article I never had any great interest in finding info on OBSD. I stated in my original reply that the purpose of a general interest interview is to give people with no (or minimal) background enough information to decide if they'd like to learn more. This interview accomplished exactly that in my case, and probably in the cases of others as well. I don't see how I could be relying on false info, since the only info I had up to this point was the info from the interview, and that was from the horses mouth.

As for the whole "If you don't like it, don't read here" thing, you missed the point. I was basically trying to say that if you are so sensitive that the comments of fanatics and trolls upset you this badly, you might be happier not reading /. I base this on the fact that "we" infact "cannot change". "We" are infact over a hundred thousand people, only one of whom is me. Certainly I can change me to an extent, but somehow I don't think that either of us can change "cyber monkey". I agree that the purpose of the dicussion forum is (or should be) discussion, which is exactly why I feel that responding to an infamitory rant with another inflamitory rant (Which is what I felt you did) is counterproductive if you really want to change opinions.

Re:But he doesnt follow his own advice

[dencarl]

That's not how I would paraphrase Theo's comments.

You wrote ... he contradicts his own previous argument by saying "I don't think it makes any difference, as long as the system does what it is supposed to" ... to paraphrase "As long as it is good enough".

In his first reponse, Theo wrote They don't care about good software, only about "good enough" software. Which I would paraphrase as software that doesn't make security a design goal.

In his other response, Theo wrote As well, I don't think it makes any difference, as long as a system does what it is supposed to do. Which I would paraphrase as software should achieve it's design goals, like security, no matter how it's implemented.

There is no contradiction in those two statements.

Re:The Death of *BSD

[connorbd]

For what NetBSD is trying to do, though, it's all that's required. If you don't like it, well, go fork yourself.

/Brian

Ego based contradictions

[schulzdogg]

Yet, time and time again, we see that for most people this is the case. They don't care about good software, only about "good enough" software.

As well, I don't think it makes any difference, as long as a system does what it is supposed to do.

This is a fairly asinine thing to say, especially since the second post had a very good point (Micro vs Monolithic kernels). My opinion of Theo is fairly low after this. Instead of responding with a mea culpa (yes a micro kernal is better, of course it's better to keep privledged code to a minimum, but it's also difficult to totally re-engineer a kernel especially when it works) we get mindless thrashing about micro kernals..

(an operating system based on 70's technology dissing ideas from the 80's as obsolete? Kind of ironic..)

Re:Ego based contradictions

[ranessin]

What does the decade that a technologgy was created have to do with whether or not it's obsolete?

Ranessin

Lighten up!

[Eric+Gibson]

I thought the guy's responses were informative, and entertaining. It's really silly how some people go out of thier way to point out how somebody else is being insulting or rude. I thought it was pretty damn funny. It seemed to me that you could take what he was saying in many different ways. You just chose to take it in a way that was insulting. Maybe you need to reread it a little less carefully, get a sense of humor and a hide. He's not an HR representative, though you might expect him to be. He's not a salesman, and isn't obligated to entrance users with his charisma. He's a dude that has spent 5 years of hise life redoing a bunch of peoples crappy code. What kind of personality would you expect from a person who is willing to do that? He has better things to do that to cater to what you appreciate... Why don't you appreciate him a little more by assuming that he means well, especially since he is the one that is giving YOU the software.

In a word: He has no obligation to you, no matter how hard you try to rationalize that he does. He isn't charging you for software, he isn't forcing you to listen, he isn't infringing on your on any aspect of your reality... unless you let him.

Re:Mr.Sparkler

[sethgecko]

is this the "Lighter Side of OpenBSD?" Or is your name really Dave Berg?

Re:Forks Are Good?

[j-pimp]

Chop sticks are far superior. Forks are like notepad. Very easy to learn how to use, however not that versatile. Chop sticks, on the other hand are very versitile instruments. They can be used to eat ice cream, certain soups and for catching flys. They can be compared to an advanced text editor like vi or emacs. Not very easy to learn how to use, but very versatile when properly weilded

Re:Forks Are Good?

[j-pimp]

Well it depends on the state of the ice cream. Ultra hard fork is best but you'll find that at optimum levels of consumption temperature chop sticks become better for the task.
Of course comparing forks to notepad is unfair. A better analogy would be that chop sticks are like real vi, or vim in vi compatability mode, forks are like one of those notepad replacements that are worth the 20 bucks to register and sporks are like emacs in all its glory with the built in tetris game.

Re:Mr.Sparkler

[thulorn]

So the donation to the non-profit is received untaxed. Then he draws out a salary... and guess what, it's taxed! More paperwork, no savings.

Now, at some point enough money can be received so that he can draw out a salary, which he pays taxes on, but there's lots of other money usable for buying computers or paying office rent or other 'business' expenses. But if at the moment most of the money is going into salaries there's not much point in non-profit hassle.

Re:Where the money goes

[aint]

Obviously you've not seen Strange Brew.

-- .sig --

Re:But he doesnt follow his own advice

[CyberKnet]

cyber monkey. *grin* I actually kinda like that. My real beef wasnt really with the not following his own advice. that point was dodgy at best. I just figured someone of his standing could at least answer questions in an interview without the childish, churlish attitude which prevailed the whole thing. In hindsight, I would recant the advice issue. It didnt help anything. But i stand by what I said about his attitude. 100%

---

But he doesnt follow his own advice

[CyberKnet]

After reading carefully the entire response, I get the renewed feeling that there are a lot of predjudices between the linux and BSD communities, perhaps more so than the microsoft and bsd communities. And it doesnt help when highly recognised people like Theo de Raadt answer questions with (paraphrased) 'If you're not clever enough already I dont want to teach you' creating feelings of inferiority.

In the answer to the first question Theo goes into detail about why software should be good, not just "good enough". However in answer to the 5th question "Kernel Design" he contradicts his own previous argument by saying "I dont think it makes any difference, as long as the system does what it is supposed to" ... to paraphrase "As long as it is good enough". Why?

Theo, throughout your responses, you have personally insulted the intelligence of the people who ask you questions. You have insulted the intelligence of the people who either use, pan to try, or know more than most of the dawdling masses about your distrobution. What I dont understand is why. If you could answer that, I would appreciate it. And if you could answer it without the typical belittling that is ever present throughout the answers to the questions asked before, I would appreciate it even more.

Sincerely,

CyberKnet

---

Re:But he doesnt follow his own advice

[tolan-b]

i agree completely, he was replying like a churlish child.
(and i use oBSD and SuSE Linux so ner!)

Re:But he doesnt follow his own advice

[squiggleslash]

Making Ports Secure--Gee, let's ask a question to the person resonsible for OS security about ALL program security that might run on the OS. iow, if there was an interview with Linus, it would be like asking him why perl on some Linux distributions had a security hole because the developers were stupid enough to hard code /usr/bin/mail when they compiled it.

No, it isn't. The question looked at a serious issue - you go out, get an OpenBSD box set up, because you want it as secure as possible, and then you install a bunch of stuff from INN to tircproxy and your machine (potentially) isn't secure any more. Has any thought been done towards a secure ports tree? Theo's answer suggested that it wasn't on the agenda because of manpower, not because of some idiotic assumption that OpenBSD's security ethos isn't undermined by the applications people want to use OpenBSD for.

I use OpenBSD personally. It makes a great firewall. But other than prevent external access to internal services, there's not much I can do to prevent daemons I run from being compromised if they haven't been through the vigourous code audit that the rest of OpenBSD has been through.

I asked my question as an OpenBSD user, not as a Linux user. I wouldn't dream of using Linux as a firewall when OpenBSD is open to me. But at the same time, I'm painfully aware that OpenBSD only goes so far.

I do want to see similar auditing efforts applied to the third party servers, in particular, as are currently applied to OpenBSD. If I had time, I'd start the ball rolling myself...
--

Re:But he doesnt follow his own advice

[squiggleslash]

Yes, it is. You're just stuck in a Linux mentality, even if you do use OBSD. You think a program that is included with an OS is the OS. It's not.

I'd like you to point at anything I've said that even remotely resembles that point of view. Ironically, that point-of-view actually relatively close to the Unix modus-operandi, tools like BIND, sendmail, etc, which were generated outside of the OpenBSD group, have been subjected to the same standards of auditing as the rest of the operating system. Perhaps you'd like to review your history of Unix - Linux wasn't the first Unix, and it was Unix, not Linux, that set in place most of the modes of operation we see in Unixen today, from source-available software to bluring the line between the OS and third party tools when it comes to system software.

Note my post is not to say the secured ports tree is a bad idea. It's just an utterly silly question to ask. Perl's source is the responsibility of the Perl maintainers. You have to change how they code, not how the OBSD developers do.

And I guess BSD's source is the responsibility of the University of B. to get sorted out. What tosh. The OpenBSD team currently maintains a ports tree. It would be nice to have a seperate tree, or a categorisation within that tree, of ports that have gone through the same rigorous standards of auditing that the source code to the operating system has done, for some critical tools. Asking the OpenBSD team if they could organise this, as they already organise a ports tree, is perfectly reasonable.

Nobody other than you seems to regard this as an unfair request. Given Theo's reputation, I wouldn't have expected a non-candid answer if he had felt the question was unfair. If he feels the question is unreasonable or silly, he certainly isn't showing it.

The reason why people like me use OpenBSD is because it's been through that audit. When we install critical third party tools like INN, we know that the hard work of the OpenBSD developers to make it easy to secure a box has just been compromised. If you think we should just wait on the original third-party developers to announce that their programs have been "secured", you don't have a clue why we're running OpenBSD in the first place.
--

Re:But he doesnt follow his own advice

[MrBlue+VT]

The impression I got from reading Theo's answers were, "I don't really want to be here, explaining this crap to people with the brains of a 5 year old."

Almost every question was answered in an abrupt tone that doesn't really help anyone.

Just my 2.

-MrBlue VT

Re:But he doesnt follow his own advice

[Marc.Espie]

Actually, some ports are more secure than they used to be. They don't quite receive the same amount of attention that the source tree does, but a large number of porters are somewhat security-conscious.

• We do follow security resources routinely, so that we won't miss on important bug-fixes.
• We do take a conservative stance on security issues. Ports with problems are instantly marked as broken, until we know better.
• We systematically fix a number of known security issues.
• We do keep auditing logs public, in pkg/SECURITY.

Not all ports have received that treatment. It doesn't matter for some of them. We do try to avoid simple problems, and to audit important ports more thoroughly.

As has been stated again and again in this discussion, the OpenBSD team is rather small. We're always looking for talented, dedicated people to do more porting work.

When I say dedicated, I mean it. We've had hundreds of people who said they were going to help us, but not do anything at all in the long-term. OpenBSD is pretty much a doers operation. Want to join ? just start improving the code.

Theo and Microkernels

[Cmdr.+Marille]

first off, I'm neither a kernel hacker nor a comp sci type, so I'm probably writing bullshit right now
Set aside discussions about NT or OpenVMS, wouldn't a design like the HURD(I'm not saying MK's are better or that I like theme more the monolithic systems) at least be a reasonyble approach to more system security.

If I understand correctly HURD and probably other Microkernels can run at lot more stuff in userland and that could at least be a advantage when you try to build a very secure system. If Theo is really posting on ./ today, it would be nice of him to eloborate a little more about this general thoughts on kernel design.

You can secure quite a bit against that.

[Estanislao+Mart�nez]

You can mount your ram disk noexec-- this precludes executables from being run from them. It doesn't stop scripts from being run, though, but presumably in a small enough system you will avoid having Pearl.

There's a large difference between...

[ranessin]

As long as it is good enough and as long as the system does what it is supposed to do. So paraphrasing the second as the first makes no sense.

A system is supposed to be good, according to Theo, not good enough.

Ranessin

Charitable Donations

[amward]

Also, since many of our donations come from outside Canada, we still could not really generate taxable benefits to you. (And I must ask, why are people so cheap, that they only give donations when it provides a partial reduction in their taxes, rather than a real donation? I actually find that pretty fake.)

From a different point of view (for Canadians, at least), you can look at the tax break for "charitable donations" as a way of directing government money to the organizations you would like supported. From my point of view, a $100 chariable donation is really only an ~$80 donation from me, plus ~$20 of the government's money that I want directed to organizations I feel are important.

That's not to say that (non|not-for)-profit is the way to go for OpenBSD, but it may convert a few more anti-charitable donations people to support organizations they feel are important. I only support to those organizations that I feel are important (whether they get me a tax deduction or not), since you don't actually get more out of the tax deduction than you put into the donation.

andrew

Re:Petty?

[mancuskc]

>OpenBSD is only the single most secure operating system on the planet OpenSource or otherwise.

No it's not - some closed source (gasp!) operating systems have a similarly secure reputation and history.

Example: IBM OS/400.

It's been out for 10+ years.

Number of 0Wn£D production boxes = 0

I'm not contradicting your point about OBSD being secure, or great, just making the point that there are more operating systems on this planet than you think.

Working with microkernels

[Pink+Daisy]

His view of microkernels is pretty standard, but I wonder one thing. As he says, many code errors are due to poor understanding of API's. A microkernel should proved a smaller and more uniform set of API's that are easier to locate and work with. Wouldn't this make correctness easier to obtain? Or is this a goal that is lost in the real world?

This is So Funny

[The+Bungi]

The guy steps all over you people, calls you morons and retards and still you say "wow, what a wonderful guy! Thanks a lot for the insight!". That's just too funny. If Torvalds were to strut in here and give you all the finger you'd just be slobbering and giving thanks to the almighty.

At least we pay for our abuse!

wow, bitter dude!

[KernelBloat]

The OS is cool, but Theo is one bitter guy!

Re:Hmmn?

[tolan-b]

dumbass, that's not the point is it?

you're all criticising this guy for not knowing about distributed kernels/obsd etc etc, when he was making a very simple point that is totally unrelated to the topic. it goes like this;

i know nothing about 'X' (no not that X), therefore i have no way of knowing whther X is useful or not.

it has nothing to do with oBSD or distributed kernels, just basic logic!

*sigh*

Re:Theo: Version Number Specifics

[MeowMeow+Jones]

1) There's changelogs at openbsd.org. The ABBREVIATED LIST shows something like 700 changes between 2.8 and 2.9.

2) It's open source and the 'original' programs are open source. There's a program called diff that will allow you to see what is different.

3) OpenBSD doesn't release Binary upgrades between major releases. They release patches and expect you to be able to re-compile the system. One of the big reasons to do this is so that anyone who feels like it can look at the patches and see what is really being changed.

I don't know what your situation is, so I don't want to flame you personally, but I think they provide more than enough information for anyone who has the skills to look at changes and see what effects they have. For people who don't have the skills to be able to do this, no amount of documentation/versioning is going to accomplish anything.

Forks Are Good?

[user+flynn]

Well, they work better than chopsticks.

Forks are Good!

[Kiss+the+Blade]

In Linux land, it appears that projects fork for financial reasons. In BSD land, it appears that the forks that have happened were purely political reasons. I don't know what will happen. It's been 5 years since the last fork in the BSD camp. Why are you guys so fork paranoid? Do you want everyone to vote for the same political party, too?

I think he is totally correct with this point. The point of a codefork is that you end up with two variants, only one of which, in the long term, will survive (usually). It leads to a sort of Darwinian survival of the fittest, and improves the overall code base in the long term as well as giving people options - they can mould their distro to their needs. I have often wondered why the Linux people are so scared of code forks also - could it be because they look back at the Unix wars of the eighties and shudder? This would suggest that the BSD'ers have not inherited the UNIX philosophy to the same degree as the Linux community - that may give them more freedom.

I am not suggesting that forks be encouraged, though, rather that people stop whining when they occur, and recognise them as an opportunity.

Perhaps forks will not be a good thing for Linux in ten years or so, but given that it is presently a sort of 'primordial ooze', and very creative, I do not think it is bad thing for the moment.

KTB:Lover, Poet, Artiste, Aesthete, Programmer.

Re:Forks are Good!

[oconnorcjo]

I think Linux has not "really" forked (yet) because of the strong leadership in the main linux tree (Linus Torvalds and Alan Cox being the two most prominent). When I read the linux kernel mailing list, Torvalds gets a lot of respect and deference whith regard to design decisions (which thwarts a lot of branch spliting).

Mr.Sparkler

[DavidBerg]

Damn, you seem to want to know how much the guy makes. In my opinion, it's none of your business. Sure you can get software for free, but I bet the majority of people would not mind paying for something of value. To me, $30 for the cd is worth every penny. Getting Linux for free is an option, but you do get what you pay for. I have no problem whatsoever with people making a living. He is not raping customers, he is living his life producing software that some people do not mind spending money on. For the fair disclosure, I do run 2 Linux boxes, 2 OBSD boxes, 1 BSDi box and a half dozen W2K boxes.

Re:Mr.Sparkler

[DavidBerg]

First off, thanks for the intelligent response. It wasn't the typical "M$ sux" mentallity. Why must it be a non-profit? Granted, he lives in Canada and is not in capitilistic US, he is entitled, in my opinion, to earn whatever he can. I like the idea of donating to the cause. The cause being, a secure OS. What would we gain other than a tax benefit to making it a non-profit? From a business point, this is US based,if I give him a check it is an expense. If I give him hardware, it is an expense. So I do get some tax relief. As I stated, I like the software, I think the value is worth it. BTW, I do like the Tshirts as well :) Dave

Re:Mr.Sparkler

[MrSparkler]

You'll notice I didn't ask anywhere in my question "How much do you make, Theo?" I have no problem spending money on OpenBSD (I don't have much choice, I like the t-shirts too much and run all my systems on it), and as I said, regardless of Mr. de Raadts answer I would still continue to use and purchase OpenBSD. OpenBSD is lucky to have someone as dedicated as Mr. de Raadt. However, I would still feel more comfortable writing checks to a registered non-profit rather than straight to Theo (and yes, there are other ways to donate, but I think you know what I mean). I have been involved in several non-profit organizations, specifically with fundraising, and I know for a fact that donations are much easier to obtain if the money is going to the organization and not into my pocket. I don't even want to go into the tax problem (any donations given directly to Mr. de Raadt could be considered personal income). Also, I think you misread my question if you think that I'm suggesting that OpenBSD is too expensive. Personally I would pay more, but my company runs on OpenBSD only, and thus we value it highly.

Re:Yes

[Mark+Roberts]

Yes, everyone must vote for Ralph Nader!!!

Silly troll - everyone does vote for Ralph Nader! (The evil capitalists hide the votes in their top hats.)

OpenBSD 2.8 is great!

[Ravioli]

Hey, I just installed OpenBSD 2.8 on my notebook a few hours back, and its rocking! I just simply love the NIC support, and the soundcard support too. I seriously do not understand why people have to whine about Theo's personal preferences, such as disliking the not-so-smart -- He & his team still generate quality code, that you use -- So why not help, if you can, or shut up and put up? Generate something better, if you can. Anyways, Great going OpenBSD! -ravi

Re:Why shouldn't he dislike Linux?

[__aakpxi9117]

BSD's been around longer, gotten a less restrictive license, gotten the attention of many more programmers and much more press time.

Wouldn't you be pissed if some idiot sysadmin was praised while you-knowing much more and being more experienced-were mosty written off?

I can't blame him. People are idiots. Why use linux instead of BSD? There is not one solitary logical reason that you can give as to why to use Linux rather than BSD.

Re:Petty?

[__aakpxi9117]

Oh, such a horrible guy is he? OpenBSD is only the single most secure operating system on the planet OpenSource or otherwise.

It's a great OS. It's got great software to go along with it, and again, through your rant you haven't given any reason what-so-ever

Re:seems

[streetermurdock]

off topic!?

Re:lets kiss theos arse...

[streetermurdock]

i swear that x was in there when i hit submit
damned /. gnomes

-:-:-:-:-:-
visit and take part in my experiment in the post on 121100
thanks

Where the money goes

[Anoriymous+Coward]

beer results in ideas, which results in new code

I find the ideas that I get from beer are generally along the lines of "I think I'll have another beer". TdR is obviously made of sterner stuff than I. Or it could just be that Canada has the 2nd worst beer in the world (after the US).

why bother?

[matlock151]

if this guy's opinions and attitude are at all indicative of the overal mood, feel and attitude at openBSD, why do they bother marketing the products at all? if he were any more elitist, i doubt that he would have bothered to reply at all. i mean: all of his programmers are sloppy and stupid; the end-users aren't bright enough to use it anyway, so why bother to explain it; selective development based on personal interest; exceptionally poor documentation is acceptable because we [he] know what we're doing; learn to program better if you can't make it work? did he *try* to be abrasive, prickish and condescending?

if these responses are the best that he can do, he might better prove his intellectual superiority by opting to hand those questions over to someone who will answer them; rather than letting us know why he isn't going to answer them... in longform.

folks, this interview is strongly representative of the precise reason that OpenBSD can exist as a superior OS, but hold such a minimal share of users and interest within the *nix community.

Re:So You WANT to Be Exploited?

[eXtro]

Yeah, you're a troll and nobody should reply, but you raise a common question.

Even if Theo wants the products of his own labors stolen, what about the others who have contributed? Have they no say?

They've got a say, only release their code under the GPL. As amazing of a concept as it may sound programmers have the right to release under whatever license they want. Is the GPL to restrictive? Try BSD. Do you feel BSD is too corporation friendly? Try GPL. If you can't justify releasing the source code release your binaries under whatever license you want.

Re:Why didn't he address my question?

[Marc.Espie]

Nice Troll... OpenBSD is running perl 5.006, not 5.005_03.

Selective Answering?

[IanA]

Correct me if I'm wrong, but did anyone else see that Theo seemed to only answer parts of questions?
For example, a question may be 3 parts and he only answered (IMO) the least controversial and just skipped the rest.
Anyone else agree with this?