Theo de Raadt gets 2004 FSF Award

Caligari writes "Richard Stallman, presents this year's award to Theo de Raadt. "For recognition as founder and project leader of the OpenBSD and OpenSSH projects. Theo de Raadt's work has also led to significant contributions to GNU/Linux and other BSD distributions. Of particular note is Theo's work on OpenSSH. Theo's leadership of OpenBSD, his selfless commitment to Free Software and his advancement of network security, were cited by this year's award committee.""

He killed telnet!

[ftoomch]

Imagine a world without the networking Swiss Army knife that is ssh.

OpenBSD is a totally underrated OS too. Even if it is a bit slow, its packet filter actually works.

Re:He killed telnet!

[drinkypoo]

ssh is a sort of Unix remote swiss army knife, whereas netcat is the TCP/IP swiss army knife. (Maybe UDP too, I have to admit I've never used netcat and only read the manpage once or twice.) ssh does everything rsh did, plus what rlogin does, plus it lets you create encrypted tunnels. That's pretty amazing. You can use ssh to move files from one system to another like so:

tar cvfz - files | ssh user@host '( cd /where/I/want/files ; tar xvfz - )'

In other words, the same thing as rsh, except it's encrypted which means you can safely use it over the internet. rsh brought computers on a given network together, and ssh brings computers cross WANs together. Sure you can do the same stuff with rsh, and then get rooted.

Re:BSD and FSF?

[fsmunoz]

Actually the differences in ideology between the GNU and BSD developers are more in the outlook and means than any other thing. Free software is free software for both camps, and most sane people in both sides shares a common idea of what free software is. The licences, that are generally the main difference between the two, try to achieve an end using different approaches, but all in all both GNU and BSD people are great contributors to a common free software community. The noise many times created is more on the "newly convert" section of each side :).

It's IMHO rather silly to watch the flame wars between the GNU/Linux and *BSD sides when there is so much more that unites us than what divides us. This award make perfect sense. In the end a gnu, a penguin and a daemon can sometimes be noisy neighbourghs, but in the end they stick together to defend their building. Shitty alegory, I know, eh.

cheers,

fsmunoz

Re:hard to believe

If you had any kind of clue about the way `proactive security' works, you wouldn't write such drivel.

Why is OpenBSD called OpenBSD ? because it was the first BSD to make its CVS tree accessible for everyone. That's right, anyone can subscribe to source-changes and see the commit messages. And anyone can get the sources.

Now, most security fixes are NOT tagged as security fixes. They're tagged as clean-up, or reliability issues, or normal bug-fixes.

Why is this so ?

Quite simply, because those fixes are done while reading the code, NOT in reaction to a security hole.

That's what `proactive security' means. When you find something fishy, you just go and fix it, you don't sit on your fat ass and wait for months until someone finds a way to exploit it.

As a result, OpenBSD is more secure than most other OSes out there. Not because of cool technology like ProPolice or W^X, but simply because of good engineering practices.

OpenBSD doesn't have the latest cool feature. It's never been about that. But it has obsessive-compulsive developers who care about security.

Security is not a plug-in. It's not something you add to a distribution after you've put in all the carelessly designed and dangerous features.

Security is a process.

Security is a state of mind.

Security is a priority: either you put it right there, in front of you, and FIX THINGS when you think they might get broken, or... you will run into actual nasty holes, and make the front page of bugtraq.

Re:Linus Torvalds?

[epine]

I've been personally involved with all these technologies. In my shop, we run two OpenBSD firewalls, one on each available broadband service. Our automated build system is based on SCons, and our scripts make heavy use of rsync internally. Our embedded surveillance project runs Linux which we compile in a chroot build environment along the lines of scratchbox (but scratchbox didn't exist when we started). We also have an ARM7 microcontroller in our product running on top of the GNU tools compilation environment, with some structural similarities to eCos/Redboot. Have I missed anyone?

I have a coworker here educated at the U. of Calgary (where I grew up myself) who knows (but does not enjoy) Theo through overlapping social circles. We had a short debate just a few weeks ago over a spicy Sichuan lunch special about where the boundaries between competence and personality belong. My coworker suggested "couldn't he accomplish as much without pissing people off?" I countered, "for someone with a knack for pissing people off, he retains some of the smartest out there within his circle. How does he do that?" There's a line I once read in Drucker that I've taken to heart "you're not in business to win friends". For me, the bottom line is that Theo delivers, and I admire the end results of his zealous rigour (regardless of where one might choose to draw the line between those qualities).

Before I became involved in this shop, I studied computational linguistics, which brought me into contact with just about everything in the area from which rsync originated. I was depressed that Tridge had to lose the award he deserves as much (well, almost as much, although it pains me to say it).

I've read all the benchmarks over the past year that show how OpenBSD is as slow as a senile dog. Whatever. For the purpose we employ those boxes, we've never had an iota of concern over performance level except for the negotiation phase on https. Guess what? Once Via/IBM finally coughs up the C7 Esther, OpenBSD running on a steroid enhanced 486 will crush the most expensive present day Pentium IV on our most essential performance metric.

The odd thing about OpenBSD, which many people never manage to assimilate, is that you have to look at that project through a very narrow gun turret to realize just how much they accomplish by entirely ignoring the whingings from everyone else.

It's an odd day in my personal universe to see RMS pat Theo on the back. I guess it takes one to know one after all.

Re:BSD and FSF?

[Ded+Bob]

You can't get hold of the propietary, extended code for windows networking to fix the operatability problem without NDA etc. You can only guess the BSD code up to the moment of forking. After the fork point, the code has been tweaked and closed and used to build a system that tries to lock you in forever after. That's the kind of danger the GPL protects you against.

If Microsoft does not use the code, they invent their own protocol. When Microsoft uses BSD code as a basis, they are at least easier to guess or work around. How long has it taken the people working on Samba to under all of the SMB protocol? Many years at least. Even Stallman has said the BSD license is good for standards.

BTW, the network stack in Windows has not been based on the BSD code for years.

The restriction of GPL protects the coders in the long run.

Protects coders from what? For example, when Microsoft embraces and extends a protocol (i.e., Kerberos, DNS, DHCP), they have no need for the source. They break the protocol. The GPL nor any other open source license would have power against that. You would need a patent (yuck).

The freedom of BSD can restrict the coders in the long run.

This is never true. I never need to use a proprietary vesion of open source. Which version of Kerberos do you use? With BSD-licensed code, I have very few restrictions placed upon me as a coder. Fewer than using GPL-licensed code.