OpenBSD Lands $2 Million In DARPA Money

An anonymous reader writes "Canada's National Post is reporting today that DARPA is (indirectly) funding $2-million (US) to Theo de Raadt of OpenBSD. The article is available here." Update: 04/07 21:01 GMT by T : As several readers have pointed out, this blurb should credit instead The Globe and Mail rather than the National Post.

BSD is dying...

[rudib]

...well, wealthy... I guess...

Re:BSD is dying...

[Guppy06]

If government spending on something isn't an indication that that something is dying, I don't know what is.

Re:BSD is dying...

[Bratch]

Yeah, they never should have wasted all that money on arpanet, since it was just going to die out. Microwave technology was another big waste of money. I suppose I could go one for quite a while with these.

Don't look a gift grant in the mouth

[dtolton]

I don't understand why getting money from DARPA makes them uncomfortable. He mentions it comes with no strings attached.

Shouldn't we be happy about grants like this that will promote and advance Open Source software in general?

Re:Don't look a gift grant in the mouth

[nucal]

Actually, I think that he was just using this as an excuse to publicize his opinions about the war:

The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time developers to supplement the work of about 80 volunteers. And although he's happy about the extra support for the project, he's nervous that critics may get the idea he's working for the U.S. military.

"We're not doing anything for them. They just fund us to do what we do," said Mr. de Raadt, a 35-year-old graduate of the University of Calgary's computer science program. Mr. de Raadt is no fan of the U.S. military at the moment. He calls the war in Iraq an oil grab. "It just sickens me."

Re:Don't look a gift grant in the mouth

[47PHA60]

Mr. DeRaadt thinks software should be secure, and that people should be free. He is now being funded in part by DARPA, which is also designing the Total Information Awareness project. Its main platform will probably be OpenBSD. A lot of free software is used for purposes that the original authors might not like.

So why not question the source of a gift? That shows intelligence, thoughtfulness, and awareness of the effects of one's actions on the wider world.

I agree that we should be happy for the promotion and improvement of free software, but it is smart of anyone, no matter his or her politics, to keep an eye on the big picture to make sure that one does not explicitly take money to promote an agenda that is abhorrent to his or her morals.

Re:Don't look a gift grant in the mouth

[leery]

Sometimes it twists the other way, too, like the internet becoming a public conduit for slashdotters all over the world to trash the agency that funded it's development (DARPA). The interstate highway system was also DoD funded.

And sometimes the military takes advantage of privately developed technology and adapts it to improve weapons systems and training (e.g. PC's, laptops, war sims).

Look, as long as military money is going somewhere, isn't it a thousand million times better that it goes to an open source free software project than to a more lethal bullet or some TIA code that no one can ever see?

(Can any lawyers here tell us whether military use of OpenBSD would be bound by GPL? Is our next tank's source code going to be available for download?)

Also, I'm pretty sure the military didn't conceive or order this "oil grab". They're just stuck doing the dirty work. I'm not saying that makes them the good guys or the bad guys, but they're not THOSE bad guys.

Re:Don't look a gift grant in the mouth

[Dan+Ost]

Can any lawyers here tell us whether military
use of OpenBSD would be bound by GPL? Is our next
tank's source code going to be available for
download?

OpenBSD isn't GPL. Therefore, there's no reason
to believe that any modifications done to it
by the military would be GPL.

Re:Don't look a gift grant in the mouth

[agentZ]

Is sending a missle running GPL'ed software considered "distribution?" Could the victim of a missle attack request the source code?

(Then again, if you're already war, going to court over a licensing agreement might not matter too much.)

Re:Don't look a gift grant in the mouth

[sandoz]

Then don't take the frickin money, if it bothers him that much!!

Re:Don't look a gift grant in the mouth

[dolmant_php]

Do you honestly believe that Theo is taking millions of dollars just so he can say "I don't like the war"? There are others forums for that. This grant started long before the war. Get your facts straight.

Re:Why open source works

[Lxy]

Why is this news?

$2 million is news. That's a lot of money to be out into open source.

cash versus equipement

[st0rmcold]

I completly understand how an OSS project can require funds for further development, what I worry is how these funds are donated, is it all contributed in cash?

Problem with that is some people can easily take advantage of a situation like that, I think funding should instead come in required equipement and/or other expenses, but not cash, because there are many contributors (coders) to projects like this, and no one should be taking coin from it.

Can someone shed some light? maybe I am off base...

Re:cash versus equipement

[NetJunkie]

Equipment doesn't pay bills. My grocery store won't take a hard drive as payment. Many of these large projects have core developers that work on it full time. They have to make money to live. That's where this money is going. If you read the article it says they can now hire a few more full time developers which will get more features in the software faster.

Hacker

[arvindn]

The U.S. military believes the work of a Calgary hacker may be its best bet to protect its computer networks from so-called cyber-terrorist attacks.

Non-techie news site gets "hacker" right? Very surprising.

no words can describe

[frankm_slashdot]

well.. yeah, they can...

holy fucking shit.... this is turly beautiful.

there are two types of people in this world (well.. actually more, but ill narrow it down here), those who talk about needing - have their needs filled- then still dont produce... and then there are those who need - and once those needs are met.. they DO produce...

i hope theo and the rest of obsd are of the latter...

-frank

That much money...

[GldisAter]

... can buy a lot of poutine!

Send a pic of the check to Sun

[uiil]

and maybe theo will finally get the sparc docs he needs.

OSS

[chunkwhite86]

It's a very positive thing to see government funding OSS software. This is something that gives positive returns to everyone.

Errr... National Post?

"U.S. military helps fund Calgary hacker

By DAVID AKIN
From Monday's Globe and Mail"

I think you've attributed it to the wrong paper, that's quite clearly from the Globe and Mail (as if the url, globetechnology.com wasn't a give away), the other national Canadian paper.

Can you say, "Hypocrite?"

[mgessner]

Oh, man...

First, I like OpenBSD. I'm in a "network free-state" so I can run NAT to allow me to let my kids play on their machine while I compute on mine and we can all get to the internet... OpenBSD lets me do this.

But, MAN, how can he take $2,000,000 from the US Gov't and still criticize them at the same time?

No backbone? No ethics?

Give us a break; if he felt that strongly about the war, he could've said, "Thanks, but I'll wait till you guys leave Iraq before I'll accept your money."

Come ON already!

Re:Can you say, "Hypocrite?"

[Night+Goat]

The U.S. Government is a huge organization that sponsors all sorts of programs. DARPA didn't cause the war. NASA didn't cause the war. The IRS didn't cause the war. Like Theo said, taking the money prevented that money from being used on a cruise missile.

Re:Can you say, "Hypocrite?"

[Sentry21]

But, MAN, how can he take $2,000,000 from the US Gov't and still criticize them at the same time?

He can do this because he's not selling out. He's taking the money to help him do what he's been doing all along, because it benefits everyone. Just because someone pays you to do something (business) doesn't mean you can't dislike them (personal), it just means you can't let your bias determine how you react.

This shows me that De Raadt is mature enough to know the difference between business affairs and personal affairs, and doesn't let his (world) politics get in the way of doing what he thinks is right, and getting paid for it to boot.

--Dan

Re:Can you say, "Hypocrite?"

[astroboy]

Give us a break; if he felt that strongly about the war, he could've said, "Thanks, but I'll wait till you guys leave Iraq before I'll accept your money."

So it's your opinion that money should buy silence? That anyone who accepts money from the governement is morally required to not criticize the government that funded them? Or is it your position that the government should only fund researchers who agree with the current administration?

I think just the opposite; unless you want all research to lose its independance, you should criticize even your patrons if that's how you feel. That comment might cost him similar money in the future; but he said what he believed anyway. That does show backbone and ethics.

For all I know, The rationalle might be that he's accepting this money exactly because it'll be $2M that is not going to develop bombs or other WMDs. That seems like a completely self-consistant moral position.

Re:Can you say, "Hypocrite?"

[Minna+Kirai]

He's been spending the money he gets from us buying oil to build WMD's.

No, US citizens don't buy oil from Iraq. However, they do purchase it on the international market, which drives up the price, and slightly increases Saddam's profits from his buyers.

But there's no reason to look for such an indirect money trail. 25 years ago, US tax dollars directly suppied Iraq with chemical weapons.

Best quote from the article:

[Saint+Aardvark]

"Low code quality keeps haunting our entire industry. That, and sloppy programmers who don't understand the frameworks they work within. They're like plumbers high on glue," Mr. de Raadt said.

BTW, anyone else notice the article was actually from The Globe and Mail?

Lack of vulnerabilities

[deepchasm]

From the article:

OpenBSD, which does not develop as many products as Microsoft, says only one vulnerability or hole has been found in its software in the past seven years.

Erm, shouldn't that be "only one remote hole in the default install"?

Re:Lack of vulnerabilities

[Elwood+P+Dowd]

If "only one vulnerability or hole has been found in its software" means anything aside from "only one remote hole in the default install" (your suggested substitution), then it is completely meaningless.

If you are discussing non default configurations, there are infinite holes in all operating systems. For example, there is the non-default remote-root vulnerability when I set all my passwords to "PASSWORD".

I assume there were specific non-default remote roots you were thinking of, but still.

Re:Lack of vulnerabilities

[drinkypoo]

Actually, local vulnerabilities are worth mentioning when it comes to a multiuser/security-enabled operating system. I'm sure that if there were a local hole on Windows XP which would allow a Guest user or a "Limited" (read: Not an Administrator) user to gain Administrator privileges, you would consider that a vulnerability/hole.

Re:$2 million? For a Dead OS?

[4of12]

1. Posses huge, pain-in-the-ass ego.

Alas, this happens.

Highly talented and intelligent people get exasperated with us mortals and let us know in no uncertain terms that we are stupid. I knew someone in school like this once. He would put pointed questions out that would show people's stupidity in broad daylight. But he was so intelligent, and I had enough intelligence still left, to know when he was right.

True intelligence is being able to recognize someone more intelligent than you are and to be able to support their work even if they have a grating personality.

Don't ever make the mistake of putting them in a role of managing people, though.

Motive?

[pmz]

When asked about his brand-new 24K gold biking helmet, Theo pointed behind the reporters and exclaimed "What's that!". With the reporters distracted, he promptly ran the other direction and hid behind some bushes. The reporters, being only average journalists, published that OpenBSD's leader can turn himself invisible at will and cited that OpenBSD appears to be some sort of Canadian rap group.

guess the name of the command shell interpreter...

[xv4n]

cash$

=)

What are the chances

[KnightStalker]

I reckon they thought they were using "hacker" in the sense that we would consider the "wrong" way, and got it right by accident. Besides, "globetechnology.com" sounds like a techie news site to me, even if it is a part of a general news outlet.

Crypto is good. Crypto is evil.

from the openbsd website:

"Today cryptography is an important means for enhancing the security of an operating system...

'...When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany...'

Gov spends millions to control crypto exports.

Gov spends millions to support OpenBSD which
bypasses US crypto export laws?!

..in other news...

[SubtleNuance]

Mr. de Raadt is no fan of the U.S. military at the moment. He calls the war in Iraq an oil grab. "It just sickens me."

IN other news, Theo de Raadt is held by the Department of Homeland Security in Seattle while attending an OpenBSD conference. Mr De Raadt, in the country to give a speech at the conference is whisked away by unknown persons in a black van. Other conference goers are later told by organizers that a quote by Mr. de Raadt is being held under the US PATRIOT Act for "'aiding and giving comfort to Evil Ones."

The Canadian high counsel in Washington lodges a formal condemnation of the act -- demanding that the Canadian Citizen be released. Washington replies "It is quite obvious that Canadians and The Canadian Regime has been overrun by The Evil Ones. Like Syria and Iran, Canada must learn that their Either With Us or Against Us." In Ottawa, American ambassador Cellucci says "yeah, what he said, Canadians baaaaad"

Republican Senator U.S. Nitwitt says "Why should righteous Americans be giving their defense funds to this communist^H^H^H^H^H^Hterrorist? Its obvious he's a terrorist - at least. This is a threat to our security. The Department of Homeland Security may or may not be justified in siezing him if they did or didnt... uhm, filthy Un American... i hear he rides the bus!"

Re:..in other news...

[QwkHyenA]

Very funny! But sadly true.

With the new powers given to the government and the current WitchHunt in progress, all us geeks need to keep a low profile before M$, BSA, RIAA or MPAA declare you a terrorist in a public forum..Ops..already happened...

Timmy says: "Bill? what's that on the ground?"
Bill says: "Don't know Timmy. But if it moves I say we hit it with a big stick!"

Re:Do they pay up front?

[warpSpeed]

Do they give all the money up front or do they pay later? If the latter, what's stopping DARPA from refusing to pay at the end?

Why should it matter, if DARPA could not Coop Theo, they could just get the code and hire thier own "hackers" to modify it to thier own desires.

DARPA is a research oriented group, they are paying to continue the research and development of openBSD to keep thier (the DODs) options open. Not that the DOD is going to see the light any time soon and get off the MS software nipple.

Great PR campaign

[Florian+Weimer]

OpenBSD, which does not develop as many products as Microsoft, says only one vulnerability or hole has been found in its software in the past seven years.

It's good to see that OpenBSD magnificient PR campaign finally pays off.

Sarcasm aside, I believe the government is the only part (apart from Microsoft with its cash reserves) which can invest in secure software development at the moment, so this is a step in the right direction.

Re:hOMeland Security/Patriot Act WORKING!

[gpinzone]

Author Steven Brill is experiencing total friction among his close circle of elitist liberal media associates after releasing a book which claims: Homeland Security under President Bush is working!

And why have there been no fresh terror strikes in the United States since the start of the war?

Coincidentally, I have a rock that keeps away tigers. I know it works because I don't see any tigers.

Has anyone else heard about this DARPANET?

[Mothra+the+III]

Its supposed to hook scientists and researchers together over a "network" where computers can exchange information. It would be neat if this technology would some day be available to everyone!

Re:Hardly New

[Oswald]

Nice. +2 Informative for an unsubstantiated allegation by an AC. Good moderation is the key to keeping Slashdot a valuable source of information.

it depends on whether it makes a difference

[Trepidity]

If he were taking money to implement DARPA-requested features, I could see the issue. However, if all he's doing is taking no-strings-attached money to do work he'd be doing anyway, I don't see the moral conundrum. If there are any negative effects of his work (OpenBSD being used by TIA, for example), they'd exist even if he wasn't funded by DARPA; the only solution would be to stop developing OpenBSD entirely, not to keep doing it without DARPA funding. So insofar as DARPA funding doesn't change anything, I'd say take it. Plus, at least it ensures that this portion of DARPA's budget goes to something worthwhile and unobjectionable, rather than letting them keep it to spend on something else.

Re:it depends on whether it makes a difference

[drinkypoo]

DARPA is a portion of the US Government which spends money on development of technologies which are useful to the military. The military uses these technologies to further its goals. Arguably, certain actions of the US Government are, if not evil, at least less than honorable.

With all that said; OpenBSD is free software in all senses of the word. They can and will use it anyway. Might as well take their money.

Doesn't matter

[nuggz]

Theo is making OpenBSD. It is freely available to anyone who wants it. If the US military/gov wants it, they already have it and can use it for whatever unseen motive anyway.
As of now, they are just helping him do what he was doing anyway.

The motive of the US gov as it currently relates to OpenBSD is they want to help its development.
They can already incorporate it into closed source products, and they can't take it away and lock it up from everyone else.

Re:Doesn't matter

[drinkypoo]

In fact this is the best possible thing that could happen. Think about it, they could have spent that US$2.3M on hiring a programmer or two and forking OpenBSD internally. (They of course have probably already done that too, and we'll just never hear it - Not DARPA, but some other branch of the gov't.) Instead, everything done with their money will either go into the OpenBSD codebase, or into or onto Theo's body. (Got to remain clothed and fed...)

Unequal Benefit In Mankind's Favour.

[Beautyon]

Since anyone anywhere can make use of the products that will come out of this two million dollars, the benefit to wider mankind far outbweighs the benefit to DARPA | TIA | $evil_project.

Now, if that same money went into one of the many secret software projects at Lawrence Livermore or teh NSA, then no one benefits except the evil parties.

The use of this money to develop OpenBSD can be nothing but a good thing, due to the security everyone will gain, world wide, which will further protect from the real bad guys.

Acorns grow to be oaks.

[GerardM]

Consider the cost involved. Compare it to some military hardware. Given how and where it can be used given its license, it will be used all over and will save lives as much as a pantzer does.

The brilliant thing here is that this move recognises the importance of communities; the OpenBSD community IS all over the world, with Mr de Raadt a Canadian the work can be done in Canada, in the USA, in India, wherever the TALENT is.

As the grant is intended to help "testing the security of commercial software systems against the security of open source software projects", it will point to the truth in this old dispute what makes better secure software AND it will help to point to the relative merits of "security by obscurity".

However to assess this, I expect DARPA not to select Microsoft Windows as the champion of the proprietary world, I would choose OS/400. Given the smaller size of the OpenBSD community, the effect of methodology can be better assessed.

As DARPA throws bread on the water, I hope they will land a big fish!

Thanks, Gerard

Believe it or not...

[13Echo]

Believe it or not, there is a lot that you can do with $320,000 USD worth of CD sales *alone* each year. That can make a few people live comfortably, paying the bills and meeting the need for servers. That doesn't take into account the sales of other merchandise.

This is how open source products like OpenBSD and Slackware have been profitable. OpenBSD *is* a product, in a way. Theo seems to make it a full-time effort, as far as I can tell, just as Patrick does with Slackware.

The extra 2 mil is just a bonus. But it goes fast if you're paying for 4 full-time coders to work on the project for a few years.

Re:Believe it or not...

[miniver]

It goes fast? Let's say each coder costs $100,000 a very liberal estimate.
4 coders * $100,000 = $400,000
$2,000,000/$400,000 = 5 Years
That's a very long time to be guarenteed a job.

Obviously you've never actually hired anyone or run a company. I don't know about Canada, but in the US, you can figure the overhead on a position to be anywhere from 50% to 100% above and beyond the salary of the position. Consider the following factors:

• Social Security (employer pays half, typically 7.5% of salary).
• Health insurance (typically $3600 per employee).
• Other benefits (matching 401k / pension / softdrinks / whatever).
• Equipment (PC, mail servers, file servers, etc.)
• Power, telephones, bandwidth, water, heat, etc.

Another problem with this type of payment is that typically the funds have to be spent within a specific time period, and any unspent funds have to be returned to DARPA...

Maybe they can now afford GUI installer and

[LM741N]

a >8Gb bootloader. I'm a big OpenBSD fan (own all the teeshirts), but those two items are a big pain in the butt.

Re:Maybe they can now afford GUI installer and

[karlm]

I can see a GUI packge/ports manager, but you have all of about 8 options in the installer. A GUI instller would be larger and more error prone. I've used GRUB to boot OpenBSD and it works fine, although it's a bit much for just a bootloader.

Re:No it isn't.

[SN74S181]

The thing people forget is that OpenBSD is a much more tightly organized project than Linux or OSS in general. The OpenBSD developers are used to doing their work in a limited environment of reduced cost. The 'Image' of OpenBSD, i.e. the artwork, etc. has that kind of an aura about it (not meant at all as a put-down, more can often be done with less when the people involved are good at what they do).

The Red Hat organization was already getting crowded with the regular 'expense account' types by the time of their IPO. Obviously $2M wouldn't go far at that place.

Re:Buy American!

[Malc]

red cananadian commie hippy bastard

I'm glad you believe in political freedom. You're an example to us all of how free Americans are: even small-minded bigots can voice their opinions!

So if BSD Is now Rich AND Dying...

[X-treme-LLama]

If BSD is now Rich AND Dying,

Where is Anna Nichole ???????

=)

Re:OpenBSD cd images

[methodic]

Not at all..

Theo just sent this to misc@openbsd.org:

it may seem like a lot of money, but there are overheads, and some of
the funding was also absorbed by upenn (that is how grants work when
you involve a US university)

however, the grant only runs for about another 6 months.

CD sales are more important now than ever. He mentions that CD sales in the U.S. have been dropping as FTP installs have been rising. Any open-source project will take all the help they can get.

Re:Niave?

[radon28]

I would consider it to be more of an investment on DARPA's part, rather than some sort of influence on the direction of OpenBSD development. They see a project that meets their needs, and they want to ensure that it does well, so it will serve them well. It's not that different from IBM spending $1 billion on Linux because they want to see it do well.

$2.3 mill = 4 Full Time Developers?!?

[XianDeath]

"The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time developers to supplement the work of about 80 volunteers."

I don't know what kind of developers he's hiring but for $500,000 a pop -- I'm sending him my damn resume.