Slashdot Mirror

← Back to Stories (view on slashdot.org)

Theo De Raadt Says FreeBSD Is Just Catching Up On Security

Posted by timothy on from the diplomatic-mission dept.

An anonymous reader writes "The OpenBSD project has no reason to follow the steps taken by FreeBSD with regard to hardware-based cryptography because it has already been doing this for a decade, according to Theo de Raadt. 'FreeBSD has caught up to what OpenBSD has been doing for over 10 years,' the OpenBSD founder told iTWire. 'I see nothing new in their changes. Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone.'"

12 of 280 comments (clear)

  1. Framing the debate by Anonymous Coward · · Score: 4, Informative

    As usual:

    - Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the
    times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.

    - FreeBSD really is stupid about some things.
    Let's take for instance their complete refusal to implement any strong security in their distribution chain.
    You can't verify their ISO's or packages back to their source in any way. Their repo is ancient svn, not
    git or monotone, so they have no signable hashes in their repos. There's no deterministic builds. etc.
    And when you bring it up, they just handwave about process and workflow as reasons to continue
    doing the same. FreeBSD is pretty damn good as an OS, but their standing on these things is BULLSHIT.

    1. Re:Framing the debate by styrotech · · Score: 5, Informative

      - Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.

      Yeah the bit that struck me here was that Theo was relatively complimentary about Linux and Linux devs. eg mentioning Linux also did this stuff ages ago and that OpenBSD used some research from Ted Ts'o (and others) in their implementation.

      So the complaint wasn't about credit for who was first, just about how FreeBSD got a bunch of Snowden related media coverage for something practically everyone else did ages ago as if it was something new to worry about.

    2. Re:Framing the debate by Phs2501 · · Score: 3, Informative

      And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.

      Citation needed. I can't find a published example of any actual SHA-1 collision, much less one from a Git repo.

    3. Re:Framing the debate by Anonymous Coward · · Score: 3, Informative

      But in the mail you link to, Linus was talking about collisions of the *first 7 characters* of the SHA1-Hash, not a full SHA1 collision. This is opnly important, because in many situations, git defaults to printing only the first 7 digits of the hash, not the full hash. It is *not* a SHA1-collision.

      Up to this date, there is no (public) known SHA1 collision, and there is no (public) known method to generate one within any reasonable time frame.

  2. Re:Do these projects OpenBSD, FreeBSD matter anywa by Anonymous Coward · · Score: 2, Informative

    aaa.... everywhere? just cause you are living under a rock, doesnt mean that everybody else is. dunno what os you're using right now, but chances are pretty high you're using a tool/technology/library developed by one of these bsd's.

    windows - shitton of tools are taken verbatim from freebsd (network related)
    mac - is a freebsd 5 clone, with improvements made to it (plus a ui) and backported from the main release. they have on payroll a fair few of the freebsd folks.
    all of them (linux included): anything security related, that's openbsd. when they dont take from openbsd they do it wrong and they have holes.
     

  3. Re:Do these projects OpenBSD, FreeBSD matter anywa by utkonos · · Score: 4, Informative

    You may want to pose that question to Netflix. They account for about 1/3 of the traffic on the internet and all that traffic is served from FreeBSD servers.

    Also, Mac OS X is essentially a fork of FreeBSD.

    The OS on all Juniper equipment is a modified version of FreeBSD.

    The Playstation 3 and 4 OS are both modified FreeBSD.

    Plus more.

  4. Re:Quick Wiki Summary by broken_chaos · · Score: 3, Informative

    Linus is a bit more restrained in his flaming. Typically he only does it when the person on the receiving end has done something dumb-to-monumentally-dumb and is someone Linus trusted to not do such things.

  5. Re: Now, if... by Anonymous Coward · · Score: 3, Informative

    The openbsd installer is one of the fastest and easiest installers I have seen. I prefer the developers work on developing a secure and functional system then waste time making a pretty GUI for the people who have phobias of text interfaces, or can't be bothered to learn how to edit a text file.

  6. Not really by Sycraft-fu · · Score: 3, Informative

    He's often "technically correct". What I mean is that OpenBSD is really secure in its default setup... because it doesn't do fuck-all. Security via turning off everything isn't really that impressive. When something is supposedly so much superior on a security front, yet seems to get very little usage, well, there's a reason.

    Also, even if you are right, you shouldn't be a dick about it. Perception matters in the world and if you want to persuade people to your position, you need some empathy. If you act like a jerk all the time, it puts people off and makes them dislike you, and thus not consider the content of your claims.

    1. Re:Not really by Clsid · · Score: 3, Informative

      Not having stuff running by default is not the only thing OpenBSD does. It has a crapload of features regarding security, starting with the very nice firewall, so please go educate yourself and then comeback. That system is perfect for production systems like web servers and proxy servers which is where I use it.

  7. Re:Do these projects OpenBSD, FreeBSD matter anywa by RLiegh · · Score: 2, Informative

    Also, Mac OS X is essentially a fork of FreeBSD.
     

    Bull-fucking-shit.
    I know this is slashdot, but for fuck's sake you should still know better than that! And +5 informative too?
    What the fuck is wrong with you people?

  8. Re:Do these projects OpenBSD, FreeBSD matter anywa by Uberbah · · Score: 2, Informative

    Bull-fucking-shit.

    Pedant fail. The basis for OS X was NeXTSTEP, and the basis for NeXTSTEP was BSD.

    What the fuck is wrong with you people?

    Have you considered switching to fucking decaf? Then you might notice that operating systems are more than just a kernel.