Slashdot Mirror
Learn From Robert Watson Of FreeBSD And TrustedBSD
Robert Watson is a core developer for FreeBSD, and a member of the TrustedBSD project. He is one of the best people in the world to ask about FreeBSD security, and about FreeBSD development in general. Please post your questions below. We'll send 10 of the highest-moderated ones to Watson by email, and post his responses verbatim as soon as we get them back.
What similarities and differences do you see between the TrustedBSD project and the type of security work undertaken by the OpenBSD team? How do their goals and philosophies differ?
I was reading some documentation on VMS the other day (don't ask), and found out something really interesting. VMS has per-thread security. Thus, a multi-threaded database application could still have ridged security even though it is one process.
I'm a UNIX admin, and don't wish to admin VMS, but this blew me away. Are there any other VMS you are or are considering adding to make TrustedBSD a more solid and extendable OS?
OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?
FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.
I am a Windows guy, only because my job says so.
What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?
What do you see in the future for *BSD, with the huge amount of popularity that linux keeps on receiving, not to mention attention, esp. from our buddy Bill Gate$...
Do you think it will remain the strong, viable but simply less popular free OS it is now, hiding behind the limelight of linux, or will it come up in popularity, esp with the codebase for Apple's Darwin, which is all BSD based?
Stop over-analyzing your analizations
i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?
signatures are for fools with hands
Everybody knows there's no such thing as a perfect system. As such, what do you think is the most, and least perfect points regarding security in FreeBSD.
Also, in terms of security, what do you think the most common dangerous behaviours are by FreeBSD users and admins? What would you change about the FreeBSD userbase if you could?
--
"Don't trolls get tired?"
There seem to be a proliferating number of proposed extensions to
*NIXes with ruleset-based mandatory access controls. Is
standardisation important? What influence do you see of NSA's
recently released `security enhanced linux' having on other systems
(like that in TrustedBSD)?
While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills. Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!
How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?
And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")
What's your opinion on the Open Packages project? Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...
Stating on Slashdot that I like cheese since 1997.
What is the exact relationship between the Darwin Kernel and the FreeBSD kernel? How much FreeBSD code is in Darwin and how much Darwin code is in FreeBSD?
Burn Hollywood Burn
A while ago there was some hubbub in our community regarding the concept unifying the ports trees of the the different BSD flavors. It seems to me that this would be a mostly good thing, reducing duplication of work and making the ports both more plentiful and of a generally higher quality. Has there been any discussion of this in core? If so, does it look like this will ever happen?
--
SecretAsianMan (54.5% Slashdot pure)
Washington, DC: It's like Hollywood for ugly people.
Is there a need for something like Bastille for FreeBSD? There shouldn't be a need for it with TrustedBSD, should there?
Have you looked at what the NSA did to Linux and attempted to extract from it? Are there modifications they made that apply to TrustedBSD, either in source code or in spirit?
I love vegetarians - some of my favorite foods are vegetarians.
Hi,
I'd like to thank you for all the work and effort you and your fellow developers are putting into this project. I currently use FreeBSD and have plans to try out your work on my next server configuration.
Could you give us a short overview of the process you're taking to make FreeBSD more secure? In particular, how does the TrustedBSD project compare with OpenBSD, which has been undergoing a line-by-line security audit for years? Most importantly, what are the advantages of choosing TrustedBSD over OpenBSD (besides the obvious project-loyalty factors)?
Kindest regards,
NGH
Given that X is an inherently insecure system (though great strides have been made to rectify this), how do you see the relationship between X and FreeBSD going forward? xfree86 v3.x is nice, v4.x is nicer (though it hasn't made it to the "default" windowing system for FreeBSD, presumably because of some gaping security holes). Surely, for the mindless masses, X (or some derivative) is a necessary part of the complete OS distribution. What does the core feel is a reasonable tradeoff between security and functionality, WRT this issue, and to what extent will the core move to "correct" any serious problems (non-platform specific) with future releases of X?
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
I run FreeBSD on 3 machines here. I felt in love with it.
/usr/src ?
One thing I was wondering about is how decision are taken about what goes in the real system (/usr/src) and what does not. For instance, rcp is in the base system, while rsync is in the port tree. When I started, less was not in the distribution, but now is. Why ? Will FreeBSD grow and accumulate more and more tools in
Something somewhat related that bother me is that as soon as I get away of the base system, things are much less clean. Even if the port tree is wonderfull, there is no simple command that will enable me to stay in sync with non-standard stuff. I would love beeing able to do something analogous to cvsup + make world to keep an up-to-date X / gnome / mozilla installation, with a defaut window manager and configuration that make sense. Is there any work in that direction ?
Cheers,
--fred
1 reply beneath your current threshold.
1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution
2) Are there plans to rewrite the TCP/IP stack to be multi threaded
3) Will BSD ever migrate away from UFS to a more modern file system?
4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations
All the best,
--Bob
I've heard it said numerous times that "Linux is more successful than BSD because of the license". The argument is that hackers prefer the GPL because their code can't be "stolen", whereas nothing stops Microsoft from using the BSD licensed code. I've even seen some Linux advocates point to Darwin as the ultimate example of exploitation.
What are your views on this from a perspective as a BSD hacker? Can free software really be stolen? Is BSD open for exploitation (in the negative sense)?
A Government Is a Body of People, Usually Notably Ungoverned