Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.0 Release, Interview with Theo

Posted by michael on from the wuftpd-not-installed-by-default dept.

mvw writes: "Here is an interview with OpenBSD's Theo de Raadt. Interesting is his comment on Soft Updates and the comparison to the rivaling Journaling file systems technology. Further he links to a very interesting paper by some Soft Updates researchers." And although OpenBSD 3.0 has an "official" release date of December 1 for whatever reason, it seems to be available by FTP or CD already. Lots of changes since 2.9.

8 of 307 comments (clear)

  1. The origin of OpenBSD by Gopher · · Score: 5, Informative
    As I sit here waiting for my copy of OpenBSD 3.0 to arrive, I've been reading the exchange of emails between Theo and the NetBSD core team, which is a history of how OpenBSD came to be.

    If you haven't read them before, it's quite a read, and a good lesson of how personal politics can fragment a collaborative project.

    Here's the link: http://zeus.theos.com/deraadt/coremail

    1. Re:The origin of OpenBSD by dghcasp · · Score: 5, Insightful
      Notably absent from the email exchange are any of the emails, ICB logs, or anything that show the basis for the whole problem.

      Basically, Theo had a history of being abusive and petty to anyone who didn't meet his standards of cluefulness. He pretty much admits this himself in the interview. This was alienating a large number of NetBSD developers who ended up leaving the project (I was one of them.)

      The Core team repeatedly asked him to tone it down; their feeling seemed more of a "anyone who wants to help with NetBSD will be welcome," instead of "You must be this elite to code NetBSD." Theo maintained that he was doing nothing wrong.

      Eventually, they shut Theo down, which is where the email thread starts. A large part of the thread deals with Theo's requests to regain CVS access. The Core group was willing to submit his code as patches themselves, but Theo would only submit code if he could have CVS write access. Core was worried that Theo might decide to get "revenge" by damaging the CVS tree; This might seem worry-warting, except they all knew that Theo had been previously fired from a SysAdmin job at the U of C for doing something like that.

      Eventually, Theo started OpenBSD and now has his own sandbox where nobody can tell him what to do. In the end, I guess that's good, because both OpenBSD and NetBSD regularly crib from each other's trees anyways and people now get the choice of whether they want to deal with Theo or not.

  2. MandrakeBSD? by timothy · · Score: 5, Insightful

    a) Theo and company (good company) don't need or seek new users just to be popular. They like doing what they do -- I know that. Don't take what I'm about to say as marketing advice to them, so much as a pleasant wish. It doesn't impose an obligation or demand on the OpenBSD guys, and I know it. Still ...

    b) I'm surprised (not to say hurt, disappointed and disconsolate) that no one (am I wrong?) has come out with the equivalent of Mandrake to at least one of the BSDs -- and by equivalent I mean in a certain superficial but important way: user-friendly, pretty install, emphasis on user experience, intelligibility.

    c) Really, I'm just talking about the install. Something with some graphical flair, built-in help system for new users, and a game or two, or a little slideshow, or some interesting history text files, *something* built in to play while slow parts of the install proceed. No accounting for taste, but I think there are a lot of good graphic artists (all the Ximian stuff, for instance, and many great KDE examples) working in the world of free software. (Hey, I also like the BSD art, so obviously I am open for attack by the art critics;)).

    I name Mandrake as my prototype here, just because I happen to like their stuff -- RH also makes a pretty install, not quite as cute, and so do several other distros. But Mandrake is in Walmart, which suits my example ("Walmart: making things accessable to the masses")

    Cheers,

    Tim

    --
    jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
  3. Re:As much as I by ^chuck^ · · Score: 5, Funny

    sigh, its been well explained that you don't need a journaling filesystem to be safe with transfering data to the harddrive. In fact, if you're clever enough, you can even get away safely writing without having to hold the entire system up (hence, softupdates). If you actually look through the interview, you'll find Theo actually pointing you to resources that quite seriously make this point (journaling not needed).
    take a look at this
    it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.
    Is waiting for fsck to finish really that much of a problem for you?

    --

    Lemure, wtf! Don't you mean Lemur?
  4. pf : an excellent packet filter by chrysalis · · Score: 5, Informative
    The big new feature in OpenBSD 3.0 is pf.
    • Interesting stuff in pf over ipf : the configuration file accepts a very similar syntax, but with very handy shortcuts, especially expansion. For instance you can write { pop,smtp,imap } in a rule to specify a list of ports, instead of creating multiple rules. It also accepts macro substitutions. You can easily write very clean configuration files.
    • Interesting stuff in pf over ipfw/ipfiler/iptables :
      • scrub : just give an interface name, and pf will "normalize" everything coming to this interface. Packets will get cleaned up and reconstructed : your local network will only see clean packets, nothing that could be dangerous for badly written IP stacks.
      • tcp state modulation : this feature dynamically remaps tcp sequence numbers, to give the excellent entropy of OpenBSD stack to all your traffic. It means that servers running Windows, badly configured Solaris or older FreeBSD versions can be protected from session hijacking, even through their stack has weak sequence randomization.

    pf seems to be very stable so far. Just don't forget to apply the related errata if you're planning to use IPv6.
    Another great feature of OpenBSD 3.0 regarding network filtering/routing is the integration of AltQ, that brings quality of service to your IP traffic. It basically has the same (but very flexible and efficient) algorithms and class system that Linux has. But it's very nice to see it in OpenBSD.

    --
    {{.sig}}
    1. Re:pf : an excellent packet filter by chrysalis · · Score: 5, Informative

      * For NAT:

      OpenBSD 3.0 has a transparent ftp proxy called "ftp-proxy". You have to run it through inetd (or any super server. I use it with tcpserver) . It listens to a local port, and you just have to redirect outgoing traffic for port 21 to the local ftp proxy port. It allows active and passive connections to NATed internal hosts.

      If it can help, my /etc/nat.conf file is :

      rdr on vr1 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
      nat on vr0 from 10.1.1.0/24 to any -> 195.132.209.36

      I start ftp-proxy like this :

      /usr/local/bin/tcpserver -H -R -q 127.0.0.1 8081 /usr/libexec/ftp-proxy &

      *WARNING*
      ftp-proxy has a nice security feature to only accept anonymous sessions (-A). But don't trust it : clients can bypass the restrictions with some buggy servers (the flaw works with proftpd and ncftpd. it doesn't work with pureftpd) .

      * For firewalling (without NAT) :

      You have to explicitely open some ports for active connections. For the minimum number of ports : choose at least twice the max number of simultaneous sessions you need. Open them on the firewall. Then, force your FTP server to only use these ports. On Pure-FTPd, it's with '-p :', example :

      pure-ftpd -4 -p 50000:51000 &

      (don't forget '-4' for OpenBSD) .


      --
      {{.sig}}
  5. ISO download by Syberghost · · Score: 5, Informative

    As Theo says himself in his interview, people who don't like his model of selling the ISOs are free to make their own. This will hopefully quiet the stupidity that usually follows this announcement:

    As usual, ISO images here.

  6. Re:file systems by mvw · · Score: 5, Informative
    Some links: