OpenBSD Lands $2 Million In DARPA Money

An anonymous reader writes "Canada's National Post is reporting today that DARPA is (indirectly) funding $2-million (US) to Theo de Raadt of OpenBSD. The article is available here." Update: 04/07 21:01 GMT by T : As several readers have pointed out, this blurb should credit instead The Globe and Mail rather than the National Post.

Don't look a gift grant in the mouth

[dtolton]

I don't understand why getting money from DARPA makes them uncomfortable. He mentions it comes with no strings attached.

Shouldn't we be happy about grants like this that will promote and advance Open Source software in general?

Re:Don't look a gift grant in the mouth

[nucal]

Actually, I think that he was just using this as an excuse to publicize his opinions about the war:

The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time developers to supplement the work of about 80 volunteers. And although he's happy about the extra support for the project, he's nervous that critics may get the idea he's working for the U.S. military.

"We're not doing anything for them. They just fund us to do what we do," said Mr. de Raadt, a 35-year-old graduate of the University of Calgary's computer science program. Mr. de Raadt is no fan of the U.S. military at the moment. He calls the war in Iraq an oil grab. "It just sickens me."

Re:Don't look a gift grant in the mouth

[47PHA60]

Mr. DeRaadt thinks software should be secure, and that people should be free. He is now being funded in part by DARPA, which is also designing the Total Information Awareness project. Its main platform will probably be OpenBSD. A lot of free software is used for purposes that the original authors might not like.

So why not question the source of a gift? That shows intelligence, thoughtfulness, and awareness of the effects of one's actions on the wider world.

I agree that we should be happy for the promotion and improvement of free software, but it is smart of anyone, no matter his or her politics, to keep an eye on the big picture to make sure that one does not explicitly take money to promote an agenda that is abhorrent to his or her morals.

Re:Don't look a gift grant in the mouth

[leery]

Sometimes it twists the other way, too, like the internet becoming a public conduit for slashdotters all over the world to trash the agency that funded it's development (DARPA). The interstate highway system was also DoD funded.

And sometimes the military takes advantage of privately developed technology and adapts it to improve weapons systems and training (e.g. PC's, laptops, war sims).

Look, as long as military money is going somewhere, isn't it a thousand million times better that it goes to an open source free software project than to a more lethal bullet or some TIA code that no one can ever see?

(Can any lawyers here tell us whether military use of OpenBSD would be bound by GPL? Is our next tank's source code going to be available for download?)

Also, I'm pretty sure the military didn't conceive or order this "oil grab". They're just stuck doing the dirty work. I'm not saying that makes them the good guys or the bad guys, but they're not THOSE bad guys.

Re:Don't look a gift grant in the mouth

[Dan+Ost]

Can any lawyers here tell us whether military
use of OpenBSD would be bound by GPL? Is our next
tank's source code going to be available for
download?

OpenBSD isn't GPL. Therefore, there's no reason
to believe that any modifications done to it
by the military would be GPL.

Re:Why open source works

[Lxy]

Why is this news?

$2 million is news. That's a lot of money to be out into open source.

Re:$2 million? For a Dead OS?

[4of12]

1. Posses huge, pain-in-the-ass ego.

Alas, this happens.

Highly talented and intelligent people get exasperated with us mortals and let us know in no uncertain terms that we are stupid. I knew someone in school like this once. He would put pointed questions out that would show people's stupidity in broad daylight. But he was so intelligent, and I had enough intelligence still left, to know when he was right.

True intelligence is being able to recognize someone more intelligent than you are and to be able to support their work even if they have a grating personality.

Don't ever make the mistake of putting them in a role of managing people, though.

What are the chances

[KnightStalker]

I reckon they thought they were using "hacker" in the sense that we would consider the "wrong" way, and got it right by accident. Besides, "globetechnology.com" sounds like a techie news site to me, even if it is a part of a general news outlet.

Crypto is good. Crypto is evil.

from the openbsd website:

"Today cryptography is an important means for enhancing the security of an operating system...

'...When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany...'

Gov spends millions to control crypto exports.

Gov spends millions to support OpenBSD which
bypasses US crypto export laws?!

Re:Do they pay up front?

[warpSpeed]

Do they give all the money up front or do they pay later? If the latter, what's stopping DARPA from refusing to pay at the end?

Why should it matter, if DARPA could not Coop Theo, they could just get the code and hire thier own "hackers" to modify it to thier own desires.

DARPA is a research oriented group, they are paying to continue the research and development of openBSD to keep thier (the DODs) options open. Not that the DOD is going to see the light any time soon and get off the MS software nipple.

Re:hOMeland Security/Patriot Act WORKING!

[gpinzone]

Author Steven Brill is experiencing total friction among his close circle of elitist liberal media associates after releasing a book which claims: Homeland Security under President Bush is working!

And why have there been no fresh terror strikes in the United States since the start of the war?

Coincidentally, I have a rock that keeps away tigers. I know it works because I don't see any tigers.

it depends on whether it makes a difference

[Trepidity]

If he were taking money to implement DARPA-requested features, I could see the issue. However, if all he's doing is taking no-strings-attached money to do work he'd be doing anyway, I don't see the moral conundrum. If there are any negative effects of his work (OpenBSD being used by TIA, for example), they'd exist even if he wasn't funded by DARPA; the only solution would be to stop developing OpenBSD entirely, not to keep doing it without DARPA funding. So insofar as DARPA funding doesn't change anything, I'd say take it. Plus, at least it ensures that this portion of DARPA's budget goes to something worthwhile and unobjectionable, rather than letting them keep it to spend on something else.

Re:it depends on whether it makes a difference

[drinkypoo]

DARPA is a portion of the US Government which spends money on development of technologies which are useful to the military. The military uses these technologies to further its goals. Arguably, certain actions of the US Government are, if not evil, at least less than honorable.

With all that said; OpenBSD is free software in all senses of the word. They can and will use it anyway. Might as well take their money.

Doesn't matter

[nuggz]

Theo is making OpenBSD. It is freely available to anyone who wants it. If the US military/gov wants it, they already have it and can use it for whatever unseen motive anyway.
As of now, they are just helping him do what he was doing anyway.

The motive of the US gov as it currently relates to OpenBSD is they want to help its development.
They can already incorporate it into closed source products, and they can't take it away and lock it up from everyone else.

Unequal Benefit In Mankind's Favour.

[Beautyon]

Since anyone anywhere can make use of the products that will come out of this two million dollars, the benefit to wider mankind far outbweighs the benefit to DARPA | TIA | $evil_project.

Now, if that same money went into one of the many secret software projects at Lawrence Livermore or teh NSA, then no one benefits except the evil parties.

The use of this money to develop OpenBSD can be nothing but a good thing, due to the security everyone will gain, world wide, which will further protect from the real bad guys.

Acorns grow to be oaks.

[GerardM]

Consider the cost involved. Compare it to some military hardware. Given how and where it can be used given its license, it will be used all over and will save lives as much as a pantzer does.

The brilliant thing here is that this move recognises the importance of communities; the OpenBSD community IS all over the world, with Mr de Raadt a Canadian the work can be done in Canada, in the USA, in India, wherever the TALENT is.

As the grant is intended to help "testing the security of commercial software systems against the security of open source software projects", it will point to the truth in this old dispute what makes better secure software AND it will help to point to the relative merits of "security by obscurity".

However to assess this, I expect DARPA not to select Microsoft Windows as the champion of the proprietary world, I would choose OS/400. Given the smaller size of the OpenBSD community, the effect of methodology can be better assessed.

As DARPA throws bread on the water, I hope they will land a big fish!

Thanks, Gerard

Re:Can you say, "Hypocrite?"

[Night+Goat]

The U.S. Government is a huge organization that sponsors all sorts of programs. DARPA didn't cause the war. NASA didn't cause the war. The IRS didn't cause the war. Like Theo said, taking the money prevented that money from being used on a cruise missile.

Re:Buy American!

[Malc]

red cananadian commie hippy bastard

I'm glad you believe in political freedom. You're an example to us all of how free Americans are: even small-minded bigots can voice their opinions!

Re:Can you say, "Hypocrite?"

[Sentry21]

But, MAN, how can he take $2,000,000 from the US Gov't and still criticize them at the same time?

He can do this because he's not selling out. He's taking the money to help him do what he's been doing all along, because it benefits everyone. Just because someone pays you to do something (business) doesn't mean you can't dislike them (personal), it just means you can't let your bias determine how you react.

This shows me that De Raadt is mature enough to know the difference between business affairs and personal affairs, and doesn't let his (world) politics get in the way of doing what he thinks is right, and getting paid for it to boot.

--Dan

Re:Lack of vulnerabilities

[Elwood+P+Dowd]

If "only one vulnerability or hole has been found in its software" means anything aside from "only one remote hole in the default install" (your suggested substitution), then it is completely meaningless.

If you are discussing non default configurations, there are infinite holes in all operating systems. For example, there is the non-default remote-root vulnerability when I set all my passwords to "PASSWORD".

I assume there were specific non-default remote roots you were thinking of, but still.

Re:Send a pic of the check to Sun

Sun just needs to decide: do we want US Government as a customer, or not? Turning down customers might be a popular business model in 1999, but many of the companies that used that model, aren't around in 2003.

Re:Niave?

[radon28]

I would consider it to be more of an investment on DARPA's part, rather than some sort of influence on the direction of OpenBSD development. They see a project that meets their needs, and they want to ensure that it does well, so it will serve them well. It's not that different from IBM spending $1 billion on Linux because they want to see it do well.

$2.3 mill = 4 Full Time Developers?!?

[XianDeath]

"The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time developers to supplement the work of about 80 volunteers."

I don't know what kind of developers he's hiring but for $500,000 a pop -- I'm sending him my damn resume.

Re:Maybe they can now afford GUI installer and

[karlm]

I can see a GUI packge/ports manager, but you have all of about 8 options in the installer. A GUI instller would be larger and more error prone. I've used GRUB to boot OpenBSD and it works fine, although it's a bit much for just a bootloader.

Theo de Raadt is right to be hesitant

Theo de Raadt is right to be hesitant, and to voice his hesitation publically. He is also correct to accept the grant, given that no strings are attached.

Stop being so hard on him for voicing his concerns. He does this merely to emphasize to the community that OpenBSD is still (and always will be) pig-headed, dogmatic, and not subject to corporate and governmental pressure. And that's the way the project should be.

Also, Mr. de Raadt wants to make sure that those who may receive money realize that they should not rely on these funds, and that DARPA support may be pulled if OpenBSD has goals that conflict with those of DARPA. However, I doubt that this will be the case, since DARPA knows what they are getting into with OpenBSD. If anything, OpenBSD has had the most consistent and specific philosophy of all the open-source OSes. Regardless, OpenBSD development should never be contigent on outside funding, and Mr. de Raadt wants to make sure that this is clear.

Re:BSD is dying...

[Bratch]

Yeah, they never should have wasted all that money on arpanet, since it was just going to die out. Microwave technology was another big waste of money. I suppose I could go one for quite a while with these.