Slashdot Mirror
OpenBSD: Hackers Meet Soldiers
BSDForums writes "OpenBSD has a well-deserved reputation for fanatical security. Why is the U.S. military funding it? What do you get out of it? Cameron Laird and George Peter Staplin investigate and talk to Theo de Raadt, the creator, overseer, and taskmaster of the OpenBSD project!"
In a nutshell, not everyone in the "government" is a complete idiot ... *gasp* ... and sometimes ... just sometimes these "agencies" come up with supporting something that is actually useful to them and what they're trying to do.
OpenBSD is designed with security in mind. The article goes into great lengths about OpenBSD and what they've managed to acheive.
Anyone who has read my comments knows that I'm pretty much a BSD cheerleader because when I start to work with servers I will always pick a BSD solution wherever possible.
For many reasons there is a level of obscurity (try explaining to a "1337 h4x0r" what a "wheel" is ...) which also goes along with that there is some differences in the file structure as well (slackware doesn't count).
Plus theres the stability, I know linunx is stable, but the BSD stability is tested for stability and there isn't any "new exciting" features plugged in and not tested (okay at least in OpenBSD ... NetBSD does NOT count for this argument *grin*)
And my absolute favorite NO MORE THAN YOU NEED is installed!!! Something that I have also been arguing over in the SuSE disucssion ...
So what do we have, Simple, Stable, and Secure ... KISSS!!
Go DARPA, I've got tuition to pay so I can't buy an OpenBSD CD Set this semester :-(, but I did pay income taxes (so I guess I did kinda fund OpenBSD!!!)
Ignore the "p2p is theft" trolls, they're just uninformed
My guess would be that the military will either take OpenBSD, combine it with some code from the NSA, and make a really secure OS, or take some code from it and add it to an OS they already use.
What do you get out of it?
It's Free Software so we get to see the source code that's being developed as part of the project. We get to tweak that code, make it better, port it to another system, etc.
I think it's pretty cool the US Gov. is partially funding OpenBSD. I guess it's no different that government grants to universities for medical research and such.
I was not touched there by an angel.
>If BSD really is as secure as it has been touted, why keep your choice private "for security reasons"?
Security through obscurity should never be one's ONLY line of defense, but as anyone truly into security knows, it IS a good idea to have it as a PART of one's defense. There's absolutely NO reason, other than OS evangelism, to advertise what kind of security you have. It's not the business of businesses to worry about helping advertise their choice of OS or security technology.
Fortunately, it's open source. We can learn from it and take the lessons with us to other code. While there are a lot of people getting mileage out of the amount of malware out there that attacks Windows, one of the reasons there is so much of it is that it is absolutely no challenge to find Windows machines on the net because of their sheer number. And many of them are poorly secured because Windows is the OS that is shipped on machines that are sold to people who have neither the knowledge to secure a computer nor the time to learn how.
There are several efforts to improve the security of Linux and *BSD. In the end, I think they'll benefit us all. Bruce Schneier talks about the window of exposure in his book Secrets and Lies. Efforts to improve the security of open source OSs have several benefits in reducing that window.
Some bugs will be fixed before they are ever exploited. A security vulnerability is still a vulnerability. But the damage is much less in this case.
Some bugs will be fixed faster after they are first exploited. Again, this reduces the damage that is done.
But in the long run, a greater benefit is the number of people who acquire some knowledge of how to analyze and test for security vulnerabilities and how to fix them. That is going to be greatest in open source. It provides the opportunity for competent programmers to wear the white hats.
The net will not be what we demand, but what we make it. Build it well.
BSDForums writes "OpenBSD has a well-deserved reputation for fanatical security. Why is the U.S. military funding it? What do you get out of it? Cameron Laird and George Peter Staplin investigate and talk to Theo de Raadt, the creator, overseer, and taskmaster of the OpenBSD project!"
/. posting.
OpenBSD has a reputation for very good security. I wouldn't consider the quest for strong security "fanatical" any more than I would consider the quest for a bug-free operating system "fanatical."
Why is the U.S. military funding it? What do you get out of it?
The U.S. military is funding it because it makes sense to do so. Anyone who looks at OpenBSD's record for security and stability, the fact that it is free to use and modify in any way you desire, and doesn't consider it as a potentially cheap and useful platform for security applications...well, they aren't thinking clearly.
What do you get out of it?
I find it makes a great platform for firewalls and terminal servers, among other things. Ones that are reliable, very secure, with no software cost and lot of online support information.
Cameron Laird and George Peter Staplin investigate and talk to Theo de Raadt, the creator, overseer, and taskmaster of the OpenBSD project!"
They may have talked to Theo, but they sure didn't *quote* him much. The article was very thin on information. In my opinion it hardly merited a