Slashdot Mirror
Interview: Ask Theo de Raadt What You Will
Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.
Has the NSA scandal changed the status of the OpenBSD project?
Given the pervasive nature of NSA compromising, do you know of any attempts by the NSA to put in backdoors or otherwise compromise OpenBSD--either by approaching you directly, or by infiltration?
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Its a valid question.
Why YOU are such asshole? Think about it, how peope see themselves and how they justify their actions.
that's your opinion which is not widely shared by OpenBSD users. those of us who like to get things done w/o the opinionated whining and design by committee crap found in nearly every other open source project.
shut up and code.
Comparing the most recent stable distros of each, what areas would you say OpenBDS is better/faster/more robust etc. than Linux?
Up until recently http://openbsd.org/ went to the OpenBSD website. Now the "www." is needed to get there. Why the change? Are there security implications to having a host on yourdomain.tld?
good, then stop using any and all openssh software. show theo you mean it!
more successful?
millions of devices (including those from Cisco, Juniper, NetApp, EMC, Apple, etc.etc.) and many OS use code from Theo's projects. Maybe you are just an asshole, but Theo is a hugely successful one?
If so, How do you think the community would react / correct the situation?
Restore the madness of youth's lechery
Looking at a success of OpenSSL project in the private sector, key to this success is a very robust certification (FIPS and so on) effort. Are there any similar plans to dedicate resources to get OpenBSD endorse/certified?
I recently needed a free software operating system that could replace Solaris on a couple of Sun UltraSparc machines. After testing out the relatively small number of alternatives I found that OpenBSD had by far much better hardware support than the others. I know that a lot of this is the result from the effort your group spent a couple of years ago to get docoumentation from what used to be Sun. How would you describe collaboration with Oracle now when they run the remains of Sun, in particular around supporting modern Sparc64 based systems?
Theo,
From all of us in the open source community, why are you such a dick? Honestly, why do you feel the need to verbally abuse everyone who annoys you in the slightest way?
Sincerely,
Concerned Members of the Community
the rack picture on the lower right corner of the www.openbsd.org was taken in 2009. since architectures retired and some added since then, could we have a new circa 2014 picture?
Very often we admins have to make all kinds of hacks to get OpenSSH to support Chroot and ScpOnly. Would it be possible to make it simpler for these features to be added/configured without third party tools? OpenSSH is a foundational package, and making it easier to add these features would make it all that much better. Would be great to stick to your source 100%!! Thanks for your many contributions!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
I would like to run OpenBSD on the Raspberry Pi.
I understand, sympathize, and accept your decision to avoid that platform, but what would you recommend as a stable substitute?
The BeagleBone Black seems like the endorsed alternative, although there were stability warnings until recently. The current status reads: "There are generally still a fair number of things to do on each of these boards, however OpenBSD is generally considered to be usuable on them. The platform is now self hosting, however there is no SMP support."
Would you point OpenBSD users interested in this hardware class at the BeagleBone Black? Any other advice? SLC media preference?
TI has announced that it is discontinuing the OMAP line. Will Beagle move to another ARM licensee, and does that matter much for OpenBSD?
Slashdot interviews for Richard Stallman, Eric Raymond, and now Theo, all in the last week?
What happened? Did someone at Dice push Slashdot management to try and "reclaim technical roots"? Is someone a little worried about http://soylentnews.org/? Or maybe this is part of a last-ditch effort to increase revenue^W^W reclaim reader loyalty?
Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
source.
Perhaps not, but really, you guys are still trying way too hard now. I'd have thought you realized by now that successfully running a site like this is a marathon, not a sprint. Throwing up a few half-baked interviews with prominent open source figures isn't the answer.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
While there is much creative energy diverted into who has the One True Licensing scheme, is it possible that the global economy is better served by licenses that respect the diverse motives of humans?
I'd group them as proprietary, GPL, and BSD, to offer a rough taxonomy. These groups seem to correspond to the wallet, the heart, and the mind, or, three of the main drivers for hacking code.
Our energies might be better spent making sure that lawfare and legislation doesn't devour any one group.
Does that make any sense?
Cheers, Theo.
OK, tongue-in-cheek question: did you cash in all those bitcoins before Mt Gox imploded?
More seriously: what are your thoughts on the future of ZFS, BHyve, non big-lock SMP, SMP-enabled pf (see NetBSD npf) on OpenBSD?
Related question: what is the future of OpenSSH-based VPN functions?
Even more seriously: in light of the recent Snowden revelations on NSA spying, can you tell us more about the audits realized after a few (past) developers were accused of creating backdoors in OpenBSD for the FBI?
Finally, and this is not a question: all my thanks for a great OS. I use it daily and truly appreciate all the hard work.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Last time I saw pictures, you and others were working from a home. How is everything structured now? Are you living alone and working from your house, or are there others there, too? How has this affected you long term with your personal life and relationships? What type of job did you have before OpenBSD? Assuming you did before, do you ever miss working in an office?
Sig: I stole this sig.
What are your thoughts on code signing, and do how do you see the development of such proceeding in the free unix world. In Powershell for example, i can set a system-wide policy to only run scripts if they are signed with a trusted certificate.
This means I can, for example, delegate script development to an underling, review the script and then sign and push into production, knowing that the script will not run if it has been modified in the field without authorization - enabling proper change management process to be enforced.
Other platforms require all code to be signed before it will run.
Do you foresee anything like this (obviously with the master signing authority being the local site admin) for OpenBSD?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I know it can sometimes be more of a burden, but thanks for all the work you have done Theo. I use OpenSSH everyday, and I find it to be one of the most reliable, most secure (even with all the NSA revelations) pieces of software in daily use around the world.
That being said, the more I investigate how to increase security, I am increasingly struck by how borked SSL is as a whole. (CA messes, vulnerable to MITM, DPI, etc).
My question is this: do you think at some point we should start re-evaluating our fundamental kernel architectures to help alleviate some of the security issues recently revealed? I mean, with hard-drive and bios level rootkits, etc, even SSH is standing on a foundation of sand it seems. Thoughts?
"It's ok, I'm completely secure as long as my iron is off"
I recall the whole budget shortfall story of not all that long ago (Past few months or whatever it was) where you had to seek out donations in what sounded like something of a somewhat dire situation in order to be able to pay the power bills for your dev shed, which I also gather is attached to your home. I recall when I was in Alberta, the fossil fuel-dependent electricity system gave me bills that were something like 2-5x higher than what I was used to back in BC, and everyone was all entranced by oil heaters which also cost way too damn much... whereas back in BC, I wouldn't even run over 50 dollars in, say, December, even if I was running a space heater for most of the month and my computers would be on 24/7. Have you ever considered relocating to Vancouver or somewhere else with a cheaper avg power bill (And plenty of hiking/mountains/fresh air as well) in order to cut the costs of that end of the project down? Why Calgary?
Hi Theo, I'm a fan of OpenBSD partly for its hacker ethic and partly for the songs. A few of them don't have commentary, which I find sad. For songs like 'El Puffiachi' and 'I'm Still Here', what was your creative input if any?
Good people go to bed earlier.
I appreciate the fundamental work that OpenBSD does in security and other areas, especially things like the recent work in getting X to run without privileges.
AFAIK OpenBSD was the first to accomplish this, and I'm wondering how much of that research and know-how, maybe not code, can be used by other *NIXes? I know there are license conficts between the BSD's and Linux, but how much of the experience gained from that effort can be used to improve other *NIXes even if code cannot be reused? Is the OpenBSD project involved in sharing this experience, and others like it, with Linux distros or with NetBSD or FreeBSD?
The Information Revolution will be fought on the command line.
Do you realize your project would be more successful and provide more value to the community if you weren't such an asshole?
How screwed up would the project be had he not been such an "asshole" as you describe?
The truth hurts. Just because people can't handle it and get butthurt doesn't make the person an asshole for pointing out the truth.
I'd also like to know how you feel about other CEO's out there that have proven far more of an asshole than Theo could do in 20 lifetimes. He's a nice guy by comparison. Trust me.
Are there any efforts made to ensure that OpenBSD can run native apps written for other platforms, such as Linux or FreeBSD? Or is OpenBSD's target usage exclusively routers & firewalls?
Given that a lot of the platforms that OpenBSD was ported to are now dead - such as PowerMacs, Alphas, PA-RISC and so on, are there any efforts on to port OpenBSD to non-x64 platforms that exist today?
If you couldn't use OpenBSD anymore what other OS would you prefer to work with?
http://saveie6.com/
Why does OpenBSD use a CVS derivative for the code repository? Why not use a distributed VCS? Do you feel that there is an advantage to use the current repository or is there another reason to use it?
.
I know you are a proponent of strlcpy. Why do you think some projects resist using it so much?
It's actually a sad trend, but yeah, you'll find people with massive egos who don't mince words behind many successful projects. Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid, even if it means that person may quit/stop contributing.
Linux, Apple, and Microsoft all found their success with this type of personality at the helm.
It takes a very special person to be able to be an asshole and not alienate people. Steve Jobs is a famous example, but there's also Linux Torvalds, and Theo.
The asshole-ish nature of those people generally turns people off. However, they also have the rare ability to motivate people to doing the right thing. Jobs is an asshole, but he also managed to bring out people to do better work - he didn't accept crap if he knew it could be done better. Likewise, Linus and others are the same - they aren't afraid to call it crap.
The problem is, a lot of people don't realize that and try to emulate them by being assholes and making life miserable for everyone without any redeeming qualities. It's those qualities that allowed them to be assholes and still get stuff done, not the other way around.
Says an AC, all the while not providing a linky.
You're name is synonymous with OpenBSD. If you were to get hit by the proverbial bus, does OpenBSD a plan to keep it going and relevant?
Why did it take the project so long to start package signing over insecure mediums such as FTP?
What do you consider to be the most elegant or well-designed API in BSD?
Why is openbsd.org such an ugly website? Is it because you want people to take it seriously or is it because no one on the project knows any CSS?
I respect your large brain and all your highly secure exploit-free software, but if I were responsible for view-source:http://www.openbsd.org/ I'd be pretty fucking embarrassed.
It seems like every time you turn around, another bitcoin exchange is hacked or some startup social network for dogs is secretly uploading all your phone contacts over clear text or a retailer is storing unencrypted cc numbers and passwords. Some of the worst offenders are brogrammers. Is there anything we can do?
Do you even lift?
These aren't the 'roids you're looking for.
I've been using OpenBSD as my wireless home router, server and development platform since 2005, and can from 9 years of experience safely say that the current state of OpenBSD's Wi-Fi drivers and 802.11 stack is troubling. On one hand, most chipsets out there have rudimentary driver support in OpenBSD, including WPA2 and CCMP facilities. On the other hand, the 802.11 stack still lacks 11n support (minor problem) but what's much worse is that while only two of the drivers - ral(4) and athn(4) - state that they can handle power-saving clients when running in HostAP mode, none of them actually do it properly. None of the support ral(4) chipsets can handle power-saving clients despite what the ral(4) man page claims, and while athn(4) works slightly better it's still flaky with unreliable results, no matter what wireless chipset the client uses. The effect is that OpenBSD is useless as a wireless access point without having the clients pull one of several tricks available to avoid them from entering power-saving mode, as have been posted and explained by troubled users on the OBSD mailing lists regularly over the years.
I understand that Wi-Fi portions of OpenBSD aren't exactly prioritized, but are these issues even on the roadmap?
In your opinion, what does OpenBSD/OpenSSL/etc. need from the community?
Now that you received a large donation to keep the lights on, what is next on the list of things that would help move things forward?
production hosts usually don't have compilers on them unless they are really needed but openbsd distributes security patches instead of precompiled binaries which could easily replace the old ones. this makes patching a production system more complicated than on linux servers and lead to a more insecure system which should not have any compiler installed. why is this the case and will this change in future?
Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid
Yes, I agree that sometimes an anoplasty is needed. But that doesn't mean you have to use an abrasive tone while doing so. There are usually ways to get a point across with wit and good analogies instead of NSFW language. It worked for Jesus of Nazareth when he tore the leaders of Pharisaic Judaism a new one for their hypocrisy.--Matthew 23:1-39.
To me it seems the OpenBSD project is one of the most organized open source projects out there. It's release scheduled chimes like clockwork and it has been going like this for many years now. I have read that "Dictatorships" (read Corporations) are generally more efficient than "Democracies" (read Volunteer Communities) as bureaucracy is reduced and decisions are swift, do you consciously lean to the "Dictatorship" leadership style for the project guidance of OpenBSD and do you think it is because of that style that the OpenBSD project is run so efficiently?
(Ok I think that might have been 2 questions.. but I only used one question mark so i think it will pass)
I applaud efforts to make slashdot more technically relevant and useful and interesting, keep trying too hard!
former Linux server advocate here, switched to OpenBSD as my favorite server OS 13 years ago after seeing how Theo was such an asshole about security, correctness, robustness, and preserving the BSD way and philosophy of systems admin
I see that GSOC 2014 has a proposal to port Capsicum to OpenBSD.
So what is going on with OpenCVS?
Its been coming soon for a very long time!
Almost any software that is available for Linux or FreeBSD is (or can be) ported to OpenBSD.
Or maybe you are asking if OpenBSD can run binary executables targeted for other operating systems? FreeBSD can run Linux binaries (when appropiate support packages are installed), and of course there are several emulators / virtual machines to run non-native programs.
I read your question as meaning that you find the amount of available software lacking, and I really don't think that is the reality. There is a lot of software, most free (beer/speech) software runs very well and is already ported and ready to go. But if you want to play the latest triple-A blockbuster game, then no, that is not something you can run on OpenBSD.
Full disclosure: I've run OpenBSD as my primary desktop and server OS for a few years now. Why? Because system administration is so simple and straight forward. For me (YMMV) it is much more logical and grokkable than Linux. Not to say Windows, which I never got the hang of, administration wise.
How screwed up would the project be had he not been such an "asshole" as you describe?
Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.
Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".
Linux had oprofile.
I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.
Further, most programs spent substantially less than 0.2% of their execution time in the main executable. -fPIE only affects the main executable; multiplying this together gives us 0.2% * 5.8% = 0.0116%. This means that, in any one hour period, if you could find a total of 0.42 seconds of CPU time (i.e. CPU at 50% for 0.84 seconds, CPU at 0% for 0.42 seconds, etc.), -fPIE would have zero real impact. If your system is pegged at 100% for 24 hours, it will be pegged at 100% for 10 seconds longer. In 60 seconds, you need 0.0070 seconds of additional CPU time to handle this optimization.
In short: Theo was wrong. He derailed the conversation off-list probably because he didn't have a real argument and was afraid of being proven wrong. He's never admitted he was wrong, and probably considers the whole argument a moral victory.
The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else. I wonder how many security holes have gone unseen, how many improvements have papered over unacknowledged previous issues, and so on. OpenBSD uses very specific language: only two remote exploits in the default installation in however many decades. That's because OpenBSD comes with everything switched off--like Ubuntu before Avahi--so there's no attack surface. It's great marketing, but it has no bearing on how much of the code base is secure or how risky it is to run OpenBSD vs Linux vs Windows.
Theo's manner says that the above assessment has a high probability of being valid. Not a majority probability, but a high probability: most people claim OpenBSD is "secure", and in fact I spent a time editing this out of Wikipedia because every security article cited OpenBSD--up to and including listing "use OpenBSD" under "ways to improve computer security". This was not NPOV, and I have found no empirical studies of OpenBSD security--Coverity hasn't even run their tools against the code base, and I've seen no widely published studies on number of practically exploitable local privilege escalations and shipped daemons and such comparing OpenBSD to FreeBSD and Linux and so on--so it was inappropriate. But it does say that the normal assessment is that OpenBSD is probably "secure"; and I find a lot of soft evidence suggesting that this assessment is not reliable without more hard scientific evidence. A lot has gone into showing why OpenBSD "is secure", and very little has gone into showing that it's "not as insecure".
Linus has a massive ego and can be harsh, but he admits this and admits he has been wrong and the culture around Linux is different. Linus is sub-optimal, and the poor handling of negotiation by the Grsecurity and PaX people stunted Linux security development for a while, as did a number of other things; but Theo is the quintessential off-the-deep-end egomaniac. His technical expertise is highly questionable.
Support my political activism on Patreon.
There is no need for third-party tools for what you want to achieve. While the solution is a bit ungainly, all of it is already supported by OpenSSH and its sftp subsystem. This is how I configured things on my system:
/sbin/nologin as shell to deny them shell access. Their home directories should be owned by root:sftponly, and within the home dir you then create relevant user-controllable directories which should be owned by :sftponly.
/usr/libexec/sftp-server
First off, add a group that you call f.e. "sftponly". New users that are to be allowed only sftp access should have "sftponly" as their login group, and have
Secondly, the sshd_config magic that makes the whole charade work:
Subsystem sftp
Match Group sftponly
ForceCommand internal-sftp
ChrootDirectory %h
When the hardware vendors release their hardware documentation, proper drivers can (and will) be written. Until that time, no dice.
It isn't lack of priority, it is lack of (non-restricted, non-NDA) access to the chipset documentation.
Small explanation: what happens is that when the SSHd matches the user's login group successfully, it forcefully switches over to the internal sftp component instead of the default external subsystem, which in turn makes it possible to chroot the user to his/her home dir without having to place a plethora of system files in each user's home directory.
Being nice takes up too much time, being terse and quick is key.
You can be terse and quick without profanity.
And for the record, please don't quote and site works of fiction
Wouldn't that apply to geeks' favorite SF as well?
which people on current team would be the best designated successor(s)?
openbsd carp squats the mac address range that's assigned to vrrp and this causes severe connectivity problems if users run both protocols on the same lan with the same vhid/vrrp group id. why did you/the openbsd developers deliberately make this choice when you knew full well that it would cause breakage for end users due to the same mac addresses being used?
How has OpenBSD managed to avoid these sorts of decisions historically?
In this context, asshole does not mean morally objectionable.
Theo is generally thought to be an asshole in that he's tremendously disagreeable and difficult to work with, but that's not to say he's actually evil and worth boycotting.
fsck-beta might well believe, as I'm sure many of us do, that Theo is an asshole (see early history of OpenBSD) who has done some very good work.
The burning question on everyone's mind.
I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?
That logic doesn't follow. I can use the products of an asshole, it doesn't mean they aren't one.
I've used OpenBSD and its adjunct projects for over a decade, I still think Theo is an ass.
The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else.
What convinced me that openbsd was developed by whiny lazy babies was trying to use my Acer Aspire One D250, one of the commonest netbooks made. The commonest wlan card used in it is unsupported. So I went looking for any prior attempts and sure enough, someone had ported some changes to the driver from Linux and got it working in a substantially old revision. But even though one of the core developers has the same netbook with the same NIC, the patch was not accepted. The excuse given was FUD about licensing, but this was substantially after issues like that were settled. I didn't bother to ask on any lists to see if anyone was thinking about fixing it because I knew they weren't. The developer with the same machine had replaced the NIC rather than port the changes from Linux because they weren't interested.
OpenBSD's hardware support is shit, so unless you're building a machine specifically for a purpose odds are good you'll end up with Linux anyway. If you have or plan to inherit legacy machines, same thing. Wouldn't you rather run nominally the same OS everywhere, so you don't have to remember how to do the same thing ten different ways? If you're going to have to run Linux anyway, you might as well just run Linux.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Why is bigmem still off by default on x86 platforms?
You're not the first person to suggest something to Theo, only to have him shoot down your idea.
In my case, I suggested a profiler that you'd run an exe under, and it would catalog the syscalls that the binary made, and all the syscall arguments. That profile would be stored for that program in a repository.
After the profile was created, if the program ever deviated from its syscall profile, the syscalls would fail and the binary would be terminated.
The goal here would be to holistically stop programs from misbehaving when under control of an attacker.
Theo's comment was, basically, "this will never be part of openbsd, and you are perhaps the 10th person to suggest such a thing"
Well, sometime later, something similar to what I suggested did in fact become part of OpenBSD. I think it appeared on Linux first.
Did I begrudge Theo at the time? No. Do I begrudge him now? No.
Even Heroes are fallible people. Theo is just a guy. He's made my life remarkably better because ever since someone remote-rooted my IRIX box, I've had his Operating system as my edge device, and I've not detected any remote-roots ever since. All I did was buy a T-shirt and a couple CDs from him. Hell, I even contributed a fix (Back in the 2.x days).
I think your assessment of OpenBSD's security is shit. Go look at old bugtraq posts. They made a good point of cataloging who was affected. Notably absent was OpenBSD -- almost always. And not because nobody tried -- but because OpenBSD didn't fail.
These guys are serious about security, and the results are self evident. Your personal beef with Theo is your problem; not a reflection of lack of results on their part. The fact that you're editing Wikipedia about this indicates a legendary amount of butt-hurt.
The OpenBSD project has given us lots of goodness, above and beyond OpenBSD itself.
I have no idea why you would question his technical expertise. He has brought up a BSD kernel on countless different pieces of hardware. How many people can say that? How many unix kernel engineers can even say that?
My opinions are my own, and do not necessarily represent those of my employer.
What do you see OpenBSD best utilized as by multi-OS power users who aren't afraid of trying new things? A firewall? Number crunching platform base? Cluster node platform? Refined DNS server? Minimalized desktop environment?
I'm not afraid to get my hands dirty, or look under the hood at kernel ops, but I'd like to know what you think your platform is best at if I'm going to consider it. What sets it apart?
If so, how did you make it a priority? More specifically, as the leader of OpenBSD what did you do to ensure great documentation?
As a software developer I know that documentation often falls to the wayside (features take priority, schedule already tight etc). As a project manager it's difficult to get good documentation (staff does poor job, stakeholders don't want to pay for it etc). OpenBSD has really good documentation (in my opinion) and it was really useful when initially getting to know OpenBSD, PF etc. Most of the pay for middleware I use has documentation that is absolute shit (incomplete, wrong, not up to date etc). To me the state of documentation in OpenBSD is more impressive than "Only two remote holes in the default install, in a heck of a long time!". Of course, "You'll love our man pages!" doesn't have quite the same ring to it.
"If you are going through hell, keep going." - Winston Churchill
Said an asshole.
If you want to cheaply attack Theo, maybe you should fuck off and do it elsewhere, instead of stinking up this topic with your huge ego.
tall fables of religions past
Please see my reply to bberens.
On top of that, how do you know what kind of language was considered profane or not back then?
Koine Greek is a fairly documented language. There is swearing in The Bible , and Paul of Tarsus was a lot dirtier than Jesus. On the other hand, maybe some people are right that perhaps we need a Theo for the same reason the characters in The Bible needed a Paul.
It's been reported that Mircea Popescu, owner of a bitcoin-only securities exchange, paid OpenBSD's 2014 power bill in full after learning of the project's financial difficulties. Was Popescu the first major donator, and after having been on the receiving end of such a large donation, what are your thoughts on bitcoin?
Insigntful? Wow. And when I asked that question about RMS I got kicked to the curb. de Raadt really isn't that bad. Maybe he used to be, I dunno, I wasn't here then.
What are the top 5 things you would like to see happen in OpenBSD? Time and money are no constraint in this question :-)
Tom VL
There have been a whole lot of these question threads without any replies in the past few months (6 other threads in the past 3 months, all unanswered). Do these people actually know they are being interviewed, or are these just empty topics posted to bolster lagging page views/ad impressions?
"Even Prophets don't know everything"
Assuming what you said is 100% true, then yeah, I agree that he was probably too quick to dismiss your proposal (then again, I'm no expert). That said, I think it's a bit overboard to dismiss the entire OS because of that. OpenBSD has a very strong focus on security and stability. There are a lot of people, myself included, who care very much about those things, even at the expense of, say, optimization.
I see a lot of people say Theo's a jackass. I don't know if that's true or not, and frankly, I don't care. OpenBSD has a clear philosophy and focus and the team behind it, however they may act, have done a fantastic job at maintaining that focus and working toward building a better product in that vein. Maybe they would benefit from a little humility, maybe they wouldn't, but as long as they keep pumping out a system that improves upon the goals they've established (goals that I value extremely highly), I'm willing to let attitude problems slide.
I can build a car from parts. That makes me neither a mechanic, nor an engineer. You would be surprised the vast array of things I've accomplished without the correct technical skill. The problem here is I've also often addressed problems wholly incorrectly, and failed to recognize severe problems. Why? Because I'm functionally a trained monkey who can get from point A to point B if you tell me where the two points are; the fact that I can find a path doesn't mean I know a damned thing about what I'm doing.
Theo demonstrated to me, once clearly, that actual risk analysis and assessment isn't a part of OpenBSD or his personal behavior. Rather, whatever comes to mind is where they focus. He has asserted time and again that running source code analyzers is not useful because they reduce security. If a source code analyzer uncovers a flaw that nobody has noticed in 20 years, that's irrelevant; Theo's categorical argument is that source code analyzers teach people that bugs which analyzers don't notice do not exist, and so they start not finding bugs or start working around bugs by making the analyzer not bitch instead of by fixing the bug. Essentially he reinvented the Normalization of Deviance problem and hyper-applied it in a fallacious slippery slope argument (the slippery slope argument can be valid; in this case, it was more asserting that people would jump off a cliff).
He has also demonstrated to me, repeatedly, that his technical ability to evaluate the impact of a particular change is extremely weak. He relies more on his own image of self-worth, and has the mental profile of a PHB who knows something about programming and found out strcpy() can break shit.
Cleansing Wikipedia was an effort prior to interaction with Theo. There was a lot of general security framed as "OpenBSD of course doesn't have security problems in general and is superior to all other operating systems", such as the mentioned article on computer security in general which suggested "Run OpenBSD" as "Ways to improve computer security".
Finally, from what I can tell, there is no evidence that people on Bugtraq actually test everything or much of anything against OpenBSD. Redhat, SuSE, Debian, and Mandriva sometimes get tests; FreeBSD often escapes, PCBSD never shows up, other Linux distributions are hardly ever mentioned (Ubuntu has been in vogue for several years now though), and OpenBSD hardly shows up. Rather than assuming that most Linux, NetBSD, FreeBSD, and OpenBSD are all very secure and magically invulnerable, I assume none of them are much tested. As well, many such tests report systems which are invulnerable in the same way as OpenBSD: Firefox RCE vulnerabilities on Redhat would be subject to the same W^X and ASLR as OpenBSD, but Redhat is consistently listed because the bug does exist in Firefox packaged on RHEL--it's just harder to exploit; yet OpenBSD isn't listed.
The results are not self-evident; a large amount of marketing, a vocal minority, some dogma, and a huge amount of egotism and mishandling are highly visible, and even these things are not self-evident. Theo being a dick is not self-evident: somebody may have provoked him; but when you analyze the pattern behavior, it becomes evident by analysis that Theo's runaway ego is brandished at every turn against anyone who disagrees with him on any point, and thus that he is in fact a dick.
Try being rational. It's that thing where you analyze facts and probe into voids to decide how to think, instead of repeating dogma and clinging to comfortable ideas with no real support.
Support my political activism on Patreon.
Marcus Ranum bragged about OpenBSD and got hacked running Apache on OpenBSD. I generally feel that they have less understanding about security and more loud voices and marketing. OpenBSD secure is like MacOSX secure.
Support my political activism on Patreon.
Don't forget to add 'and never looked back' so everyone knows you're an individualistic brainiac in computers...
That sounds like PEBKAC to me. He probably had a poorly configured Apache setup. I don't really have the qualifications to give an informed opinion about the state of OpenBSD security, but pretty much everything I do know points to very good practices on their part. I'm sure it's not perfect, but it seems to be head and shoulders above a lot of other systems.
Obviously someone who has never worked with Theo. Theo simply does not suffer fools and will call you out for being stupid.
That is it.
I have asked beginner level questions, and he had answered them politely. But if you come in with an attitude, or as a know-it-all and did not even bother to read the FAQ, he will treat you like the turd you are.
For whatever reason, people seem to think that's being an asshole. Theo's not your paid support monkey, and has no need to waste his time on people who refuse to read.
I look forward to reading a paper from you where you show, factually, that your use of source analysis tools finds vulnerabilities that the OpenBSD team missed.
It should be easy, right?
You'll be a hero. The first person, apparently, to ever look at OpenBSD critically. The first person to test it.
Get over yourself. Accept that they've put out a great product, your butthurt notwithstanding.
My opinions are my own, and do not necessarily represent those of my employer.
Theo is an asshole. Frankly I think he has some kind of personality disorder.
But Theo is a good engineer. He's also surrounded by several engineers at least as good as he is. Theo doesn't have much of anything to do with OpenSSH, for example.
OpenBSD is a team. It's not just Theo.
you really also look like an asshole, ;)
Where is the careers section? What am i missing?
Theo did that once. The result was embarrassing. Like a retarded farmer arguing vehemently about how to spell 'diary kaw'.
Now that I go back and look, post-flamewar, there's release notes for OpenBSD talking about importing a lot of fixes for stuff found by Coverity run against OpenBSD tools that were included in NetBSD, which got a Coverity report. It looks like there's a fair pile of improvements in OpenBSD kernel, OpenSSH, OpenSMTPD, and other OpenBSD projects that now come from static analysis.
I guess Theo was wrong then too.
He's been wrong every time we've gotten into an argument. Two samples isn't statistically significant, though; and I tend to only pick technical arguments where I have more complete knowledge than professionals.
My god, it was pre-2006. Well that makes sense: I was 19 at the time. How did this much time go by without me noticing? And who made these people swallow their own stupidity while I wasn't looking?
Support my political activism on Patreon.
My post was at +5, now it's at +2 once the OpenBSD friends were rallied :/
Link? Marcus Ranum seemed to like OpenBSD. A quick search gave me the following:
https://web.archive.org/web/20...
TOP OF THE NEWS
--OpenBSD Release Protected Against Buffer Overflow Attacks
(11 April 2003)
(Ranum): It's GREAT to see that at least a few people are smart enough
to try to attack problems like this systemically, rather than keeping
stuck in the fruitless "penetrate and patch" while loop. This is how
to make progress in security: fundamental protections.
https://web.archive.org/web/20...
“One of the BSD variants — OpenBSD (www.openBSD.org) — was constituted with security as its premise,” says Marcus Ranum. “They did some really interesting stuff; they did complete code audits of major hunks of the operating system and found huge, horrible, gigantic holes that all the other UNIX derivatives had been ignoring. They subsequently got fixed, but it was a huge reality check for the community.
Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.
Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".
Linux had oprofile.
I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.
Was this profiling done on Linux or OpenBSD?
The reason I ask is that the Linux model for 32 bit is to have a 4G/4G address space, where the user and kernel address space are completely disjoint, while the OpenBSD model was to have (initially) a 2G/2G split, later followed by a 3G/1G split.
With a disjoint address space, you aren't going to see tremendous performance degradation by going to PIE, even though you lose a register over it in 32 bit executables, since you are already paying the TLB flush overhead for the overlapping address spaces, and you are already paying the CR3 reload overhead for the mapping of copy buffers for the copyin/copyout operations. Assuming you do lazy mapping for the copy regions, you'll mask a pretty big chunk of the overhead, if the only activity you have on your system is your benchmarking process, as opposed to paying to move the copy window mappings around if you are doing a lot of context switching between processes that have even modest copyin/out requirements.
The overall overhead of this, according to Ingo Molnar, amounts to some 38% performance increase if you do not use a disjoint address space and copy windows.
This is practically the same performance you get from moving the kernel high (i.e. effectively, a negative offset) in a 64 bit system.
In addition, as long as you work around the Intel architecture TLB flush bug for the large vs. small page mappings covering the same physical memory region (i.e. the TLB flush would leave one of the TLB unflushed, and this is what caused issues with large page support to cover the kernel address space to get the TLB regions non-intersecting), you can get another up to 11% performance improvement by supporting all large pages in kernel space and all small pages in user space.
I suspect that the suggestion didn't get traction for 2 reasons:
(1) The above performance considerations, which were architecturally a performance win that OpenBSD could have and Linux couldn't, in the default case, for the default kernel and user address space mapping made the hit considerably more than the Linux-observed 5.8% on OpenBSD.
(2) ASLR (Address Space Layout Randomization), which is the primary reason for supporting PIE, is a means of security through obscurity, which relies on hiding the locations from the attack vectors, rather than actually having the code be secure, which is somewhat antithetical to normal security philosophy, which disdains obscurity as a protection mechanism (i.e. You can work around it using a relative return, unless you set the NX bit on all your DS/SS pages, which you should probably be doing anyway -- rendering the technique unnecessary in the first place).
I admit that PIE can be handy when you override shared libraries on the command line with environment variables passed to the run time linker, particularly for testing, but as a default mechanism, it's something of a dead end, particularly now that many architectures are taking the ARM 9 approach of a modified Harvard architecture. You can do a similar thing on recent Intel processors, although the recovery from a fault is you h
Ok, so your premise, from one email altercation, is that Theo's attitude is so intense, so "he can never be wrong", that openbsd has no security advantages. Never mind that the premise is ridiculous.
But the actual evidence suggests that internet arguing aside, openbsd eventually adopts valuable security practices and technologies that Theo initially disagrees with.
So, what was the point of your first post, exactly?
Are you going to modify your position on openBSD, now that you know the project incorporates outside feedback, even when they publicly disavow it at first? I mean, you're a rational guy, right?
My opinions are my own, and do not necessarily represent those of my employer.
Why is he such an asshole? Probably for the same reason a dog licks his balls - because he can!
Do you have a plan to make OpenBSD widespread on the most popular wireless and wired routers, given that those boxes would benefit most from OpenBSD's security features? And in the process, gain more name recognition for your OS?
Why did a whole bunch of developers leave to start bitrig?
Where is the careers section? What am i missing?
It is at the bottom. Look again.
I fail to see sufficient grounds that "use OpenBSD" as one of the "ways to improve computer security" is not NPOV (neutral point of view).
Re-phrased to reduce some of the negation: I propose that "use OpenBSD" may be a valid way to improve security, and that may be a sufficiently neutral statement.
Let's look at your arguments:
"Coverity hasn't even run their tools against the code base"
So? An organization called Coverity has made a decision to not bother including OpenBSD in Coverity's tests. Why does that decision affect whether or not OpenBSD improves security?
I haven't included Gentoo in a custom test that I wrote. Now, I grant you that I might not be as prominent as Coverity. Still, my actions have not had any impact on the quality or effectiveness of Gentoo. For the same reason, your conclusion does not follow from your statement.
"I've seen no widely published studies on number of practically exploitable local privilege escalations"...
So? Maybe OpenBSD has severe "local privilege escalations". That could, in theory, be a security issue.
However, I do have a counter-point. You mention running avahi. In a later post, you mention "Firefox".
Frankly, I may not care if an OpenBSD machine has tons of "local privilege escalations", or if running avahi or Firefox results in contacting a remote server and giving away remote root access. I know this sounds like I'm being silly (because security bugs are, in all honesty, scary), but I'll explain how this is a serious point.
I do run an OpenBSD-based firewall. Consider, for a moment, that I might never log into that computer unless I am wanting to make changes to the firewall policy. That requires root, and so I am really not going to do anything as non-root, because there is nothing useful to do as non-root. In this case, "local privilege escalations" are not a threat, because anyone running software locally is already escalated. Likewise, a third party application (avahi or Firefox) is not a threat because it never gets run (and is not installed, and in FIrefox' case, the software would require X which might also not be installed on a firewall).
I think OpenBSD's main focus is on handling network traffic without being compromised from remote attacks. I say this, because undeadly.org's news about the OS's development efforts seem to be focused on that goal. The reason that almost no third parties bother widely publishing studies about "practically exploitable local privilege escalations" may simply be that almost nobody cares, because there isn't a bunch of non-escalated software running locally on these machines.
If OpenBSD and its included "pf" software does a more perfect job than a Linux-based system using iptables, then I would say that OpenBSD successfully improves security. Even if OpenBSD does not provide as many defenses against certain types of attacks, which OpenBSD is not focused on, using OpenBSD (in the way that it is designed) can be an effective technique that improves security.
It seems that your justification to remove Wikipedia content is that the statements did not address your desire to use OpenBSD with a bunch of third party software (like avahi), possibly as a desktop operating system (capable of running Firefox). Well, Wikipedia's article didn't say "use OpenBSD with a bunch of third party software" for security. Based on your text, it seems that Wikipedia just said to use OpenBSD for security. Sounds accurate to me.
If OpenBSD+avahi is less secure than Linux+avahi, this doesn't mean that OpenBSD is less secure. It may be true that a lot of third party software has substantially more development effort for excellent Linux support than excellent OpenBSD support. This might mean that the combination is less secure in OpenBSD (which may be avahi's fault, although blaming avahi still wouldn't change the fact that the OpenBSD solution would be less secure). Even if you prove problems with the OpenBSD scenario, then all that really concludes is that OpenBSD + third
You should have a look at Bitrig, an OpenBSD fork, which is actively working on the armv7 platform.
I can recommend i.MX6 based boards. It's a powerful chip, has SATA, PCIe and Gigabit Ethernet (limited to 420MBit/s).
If you're interested, have a look at the RIoTBoard, CuBox-i, Utilite, Wandboard or the UDOO (with Arduino). Those are a bit more expensive, but some really nice machines.
We're also working on Samsung Exynos and Allwinner/Cubieboard. Personally, I prefer the i.MX6.
Recently both Debian and Ubuntu decided to make the switch to Systemd. With more and more distros switching to Systemd, will OpenBSD do the same?
Systemd's license is incompatible with OpenBSD, thus it would need to be rewritten from scratch (and it would probably refactored too). For systemd to appear in OpenBSD there needs to be a benefit to OpenBSD... not simply convenience for people moving from Linux. This is how pf was born: IPFilter was removed from OpenBSD due to concerns about its license and the pf developers refactored IPFilter's baroque rules syntax for simplicity and consistency.
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
Linux Torvalds? Really? On Slashdot? In 2014?
Come on...
Write boring code, not shiny code!
Exactly how much is "a heck of a long time" and for how much were those two remote holes exploitable ?
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
This story has been on slashdot for 5 hours without us being reminded that netcraft confirms that BSD is dying.. Obviously slashdot is dying. Please being back more trolls.
The reason I ask is that the Linux model for 32 bit is to have a 4G/4G address space, where the user and kernel address space are completely disjoint
A 4/4 split is completely impossible. x86 doesn't switch CR3 or TR automatically. At an absolute minimum, the kernel needs all its entry points (exception, interrupt and syscall/sysenter targets), and hardware structures (active pagetables, GDT, LDT and TSS) mapped into all virtual address spaces.
Is there any possibility to make OpenBSD more commercially viable (similar to what Red Hat Linux has done) so that in the upcoming years OpenBSD can avoid extinction or at least be more widely utilized?
A word fitly spoken is like apples of gold in pictures of silver --Proverbs 25:11
Considering C is the source of countless security flaws. Why did you pick C?
If you had to start over what would you do to improve security?
Have you considered using the capability model and homomorphic encryption to isolate processes? If not why not?
How do you view BitRig? Does it remind you of OpenBSD's conception?
How do you convince users to follow you through painful upgrades like stack protection and 64 bit time_t changes? Why does OpenBSD do this sooner than other Unices?
The last time I tried to run OpenBSD, it was so I could test our static analyzer Fortify SCA on the kernel.
One thing that really held me back in my research is that processes were limited to about 1 Gigabyte of RAM each. What exactly is the reasoning behind this hard limit?
Note: I never finished my work, but it would be totally cool to compete this someday.
Take off every 'sig' !!
I think you are confused; just because a couple of pages are dual mapped doesn't make the virtual address spaces *not* disjoint.
https://lkml.org/lkml/2003/7/1...
The focus in computing in general has been to make it more mobile and accessible. None of the big players have no real interest in free code, especially in mobile computing, and most end users / consumers have, at best, only a foggy idea of what the issues are when it comes to free code and proprietary blobs. You have labored long and faithfully to produce the best and most secure OS available without compromising on the root issue of open source vs. blobs. I'd be very interested to hear your thoughts on what "the community" (choke, gag) should be doing that it has failed to do so far.
I don't even think they're even playing the same game, most assholes are just playing power games gathering sycophants, bullying those they can bully and sucking up to their superiors. Actual skill is mostly irrelevant and in fact superior skills and abilities might be threatening to them. The "good" assholes are usually trying to train their minions, like you can't cuddle a dog that just has chewed up your shoes unless you like having your shoes chewed up. You have to convey that it has been a bad dog and that you're angry with it. And the anger is more proportional to the level of expectations you have.
The good kind of assholes often chew out rather senior people - not to be confused with yelling at everybody - when they're doing things you know they can do better. They know what a release window is, they know how an RC patch should look like, they know not to break the user ABI, they know what kind of QA they should do themselves before sending review or pull requests. Good assholes often chew out people not because they're ignorant or incompetent but because they're being lazy, reckless or sneaky. It's not "it could have been done better" it's "you could have done better and you know it" but you tried pulling a fast one.
A little bluntness brings out a lot of the counterproductive characters, like the drama queens who don't take critisicm, those that will go in the trenches and you can change their design over their cold, dead hands, the dodgers who'll try to shift any blame away from themselves, who'll start throw ad hominems and so on. What goes around comes around though, if someone calls you out on your own turds you'd better be ready to handle it gracefully. That's something the bad kind of assholes never do, it's one set of rules for them and one for everyone else.
Live today, because you never know what tomorrow brings
Ok, so after your rant we know:
Theo doesn't make changes people suggest... until Theo does make changes people suggest.
Theo doesn't use code analyzers... except when he does use code analyzers.
And the product is demonstrably better.
So???
FUD about licensing issues? The BSDs are under non-copyleft licenses, and can't use code released only under the GPL. That's a matter of legality, not an issue that can bet settled. If archangels were to descend with the perfect device code, blessed by God, Buddha, and Sheldon Cooper, but it released only under the GPL, neither Theo nor Microsoft could touch it.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
But they'll only be available Beta. Or maybe /. TV.
/.'s trying to win all the doubters back over.
I have wondered though - interviews with RMS, Theo De Raadt, Eric Raymond (lol) have all been promised. It's as if
What are your thoughts about open source hardware projects like Novena which focusses on blob free hardware?
Theo de Raadt: why the bitching about BSD code put in GPL?
http://kerneltrap.org/OpenBSD/Atheros_Driver_Developments
And that's not the only article I've seen about BSD advocates bitching about BSD code being put into GPL code.
I don't get it. BSD advocates are fine with MS taking BSD code, and claiming it as MS code, and releasing only in binary. But, the BSD advocates bitch about BSD code being put into GPL open-source? WTF?
As I understand it, BSD is almost public domain. I can take BSD code, and relicense it any way I please. If I don't want my code relicensed, then I shouldn't release it BSD.
When you release your code BSD, you allow relicensing. That's why MS prefers the BSD license.
I just don't get it. If you want kernel improvements to be implemented back, why license your code under the BSD to begin with?
I took a look at the BSD license, and I don't see anything prohibiting anybody from taking BSD code and putting into a GPL project.
If BSD advocates want to thump their chests about their licence being so free, then why do they bitch when Linux - but not Microsoft - takes them up on their offer?
It does not seem to make sense to me.
Which software/tools do you and the developers of OpenBSD prefer for everyday work on OpenBSD notebooks and workstations? (e.g. window manager, web browser, word processing, spreadsheets, presentations, organizer, mail, chat, music, programming, editing, pdf viewer, video, image viewer, tor, ad blocking etc.)
We can see from GSoC that you would like having capsicum, but is there anyting that isn't on most people's radars yet, and you'd like to see in say 5.6?
ASLR is not security through obscurity. If that were true, regular encryption would be security through obscurity. Security through obscurity is an idiom, and it doesn't literally mean that nothing can be secure which depends on a secret.
And ASLR has other benefits beyond raising the bar for bug exploitation. When ASLR was enabled by default in OpenBSD many years ago, it uncovered a plethora of bugs, particularly in the ports collection. Not because those developers were depending on some particular pattern of allocation, but because bugs were exercised more frequently when the relative location of blocks became randomized. So ASLR ultimately resulted in OpenBSD and a ton of other free software becoming much more robust.
I am going to do a leap of faith and believe that you actually exchanged mails on this topic and that the content was roughly as you say.
My naivety, however, won't go as far as to believe Theo would be arguing for performance gains over security.
That's what Linux people do. Theo's OS is the only major OS that has PIE among many other exploit mitigation features enabled(Of course I am not counting self-compiled versions of Linux in someone's mother's basement).
This is how it probably went:
The OpenBSD project spends a lot of time on audits, but I know little about this process. How does it work? Do you just read the code and look for bugs based on experience? Do you use tools? Is there a audit-specific skill set that separates auditors from regular programmers? Are there specific books about audits that you would recommend? What is the best piece of code you have ever seen (or written?). Also, non-system programmers talk a lot about TDD and unit testing, but system programmers in general do not do that. Do you have an opinion about those techniques?
OpenBSD has had kern.emul.linux for approximately forever.
The point the parent was making is that catering to actual security and catering to egos are different things. And while it has been proven that Theo was wrong a whole bunch of times (and right a whole bunch of other times), it still has no effect on him. Smart people will often realize they were wrong and be happy with it (after all, they fixed a problem AND learned a new thing). Ego maniacs will silently ignore the fact and accept new change with smugness.
I'm an OpenBSD user since 2.9. I stopped using it in most professional setups around 4.2-4.4, because I find the maintenance cycle unnaceptable. However, I still buy both CDs and assorted merch from the project when I can, because I see real value in the team. But the truth is, while some of the side projects are quite alive (OpenSSH, PF stuff, OpenBGPD, etc), OpenBSD itself hasn't aged quite well. The VFS layer is a mess. Thread support is subpar. No container support whatsoever. No ACL support, no MAC. No virtualization support. Crappy SMP support. And this is so obvious, that some ex-developers decided to fork it and create https://www.bitrig.org./ And lets face it, it seems like local attacks aren't even considered vulnerabilities. The whole remote exploit stuff is such a bullshit - I remember one release that was antecipated 1-2 weeks so some Apache hole would not count. And while no one really cares about OpenBSD anymore, their subprojects are beneficial to almost every other operating system - if it wasn't for them (specially OpenSSH), I think OpenBSD would be long gone.
I should also add that, when OpenBSD added randomness to the ld.so and mmap(), a non-trivial amount of bugs was discovered in some well-known OSS projects. Probably every OSS user has benefited - either directly or indirectly - from OpenBSD; that doesn't mean we should build altars to worship Theo when - after all - it is a collective effort.
I read on the net You've got 10 cats. Is that true, and do You have other pets ? And don't You fear your cats to attack the ducks You feed ?
Do You speak French or another language ?
FUD about licensing issues? The BSDs are under non-copyleft licenses, and can't use code released only under the GPL.
Good thing the patch didn't use any code from linux, just some values garnered from one of the drivers. Reverse-engineering for the purpose of interoperability is explicitly permitted under the DMCA.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
ASLR is not security through obscurity. If that were true, regular encryption would be security through obscurity. Security through obscurity is an idiom, and it doesn't literally mean that nothing can be secure which depends on a secret.
ASLR is "secrecy through implementation to provide security"; that, according to Wikipedia, is the very definition: http://en.wikipedia.org/wiki/S...
And ASLR has other benefits beyond raising the bar for bug exploitation. When ASLR was enabled by default in OpenBSD many years ago, it uncovered a plethora of bugs, particularly in the ports collection. Not because those developers were depending on some particular pattern of allocation, but because bugs were exercised more frequently when the relative location of blocks became randomized. So ASLR ultimately resulted in OpenBSD and a ton of other free software becoming much more robust.
Sure; but like compiling for the DEC Alpha uncovered alignment issues that resulted in improved performance due to alignment exceptions and fixups for unaligned data accesses, it would not be necessary to leave the option on once the bugs were fixed; and indeed, the alignment check bit is not set in CR0 for Intel processors on Intel versions of OpenBSD, even though doing so would result in OpenBSD and a ton of other free software ending up with much better performance. So ASLR might have been handy to turn on temporarily for the purposes of finding bugs, but arguably alignment issues are also bugs, yet unaligned accesses are not resulting in faults, log messages, and software changes to fix those bugs.
Yes, OpenBSD's main projects make things like carp, pf, etc. That seems to be the focus, and how most users use OpenBSD systems. I'm not sure how the Firefox thing is a worry to most folks who use and trust OpenBSD for their use. I've had a lot of OpenBSD machines over the years, but I don't think I've installed X Window more than a couple times.
Recently both Debian and Ubuntu decided to make the switch to Systemd. With more and more distros switching to Systemd, will OpenBSD do the same?
Systemd's license is incompatible with OpenBSD, thus it would need to be rewritten from scratch (and it would probably refactored too). For systemd to appear in OpenBSD there needs to be a benefit to OpenBSD... not simply convenience for people moving from Linux.
This is how pf was born: IPFilter was removed from OpenBSD due to concerns about its license and the pf developers refactored IPFilter's baroque rules syntax for simplicity and consistency.
More to the point, OpenBSD is not a "distro," and the BSDs are not Linux. Linux is a kernel, with GNU userland tools added. The BSDs are complete operating systems. Most BSDs, and particularly OpenBSD, would rather avoid the "Linuxation" of BSD.
Aside from that, systemd is crap, and there's no good reason to port it to the BSDs. It flies in the face of the Unix way.
Don't you think that at least some parts of the OpenBSD project (such as the ports and the web source code) could get improvements/fixes more easily? Could you explain the main reasons behind still using CVS for base?
Thank you!
Do you plan to give the corporate image a refresh? And what about using Comic Sans in most of your slides? :D
>>> I have found no empirical studies of OpenBSD security
https://www.usenix.org/legacy/events/sec06/tech/ozment.html
Pretend someone asked you to lay the architectural foundation of a new computer system that has security in mind, and given the fact that you could step out of a programmers shoes for a second into a computer engineers shoes, is there anything you would do different in hardware design? There is a canadian company making quantum computers, how interested would you be in sharing your ideas with them if they asked you?
What are top 10 things Theo would like to see moving in OpenBSD (either serious improvements or new features/technology)?
What are your views about the OpenBSD community? What do you want them to do as users (apart from buying DVD sets, etc.)?
In the recent Michael W. Lucas book "Absolute OpenBSD, 2nd ed" he wrote: "...The OpenBSD folks don’t care if they take over the world or not. They don’t really care if you use their software. If other people can get use out of it, that’s great. If not, oh well. They will happily assist you with OpenBSD specific problems, but they don’t really care about your database issues or your website....".
Don't you think it would be very helpful to state something like that in the official webpage? A section about Community explaining User Rights *and Duties* (like reading the man pages, faq, etc.) would be interesting.
more successful?
millions of devices (including those from Cisco, Juniper, NetApp, EMC, Apple, etc.etc.) and many OS use code from Theo's projects. Maybe you are just an asshole, but Theo is a hugely successful one?
If you consider it a success when corporations take your code, embed it in products and don't contribute back.
Hi Theo, it's hard to imagine a unix being written in anything other than C. But do you have feelings about how we should be writing code for application layers? Would you like to see less written in C, and more written in Ada, Scheme, Java or other languages that make leaks less likely. Have you played with Ada, do you think its type model is a general improvement over what's available in C?
Believe with me, my saplings.
Do you think it would be a good idea to have an 'OpenBSD from Scratch' project - to enable people to build the OS from ground up?
Why do you not have corporate sponsors as the FreeBSD project has? Given the NSA revelations it might be not to difficult to team up with some company related to secure router/server business.
Do you never approach companies or do companies never approach you (or both)?
I would really appreciate if you would make the change to git. Everyone agrees CVS sucks, why do you not see this. It may actually have more people contribute.
systemd sucks really badly, please keep it away because everything it touches turns to shit
What are the DO's and DON'Ts for those companies who would want to build their business around/involving OpenBSD?
bitrig seems to be a failure. IIRC its amd64 only and competes thereby with linux on the desktop. So they take a server os, use the most common platform there is for OSs and create yet another desktop OS.
If they would have targeted legacy hardware or small embedded devices or anything more specialized, it would have actually been interesting, the way they did it, no one really cares about them.
please have a freenode IRC channel for quick support, IRC is hip again for open source and I couldn't find an official OpenBSD channel, is there really none?
Is there some plans to improve the performance of FFS and make it more robust and less-fsck-depedent. or rather, introduce another File System like HammerFS and ZFS. Thank you.
Will OpenBSD devs keep improving Linux emulation in OpenBSD? I see it's only usable in i386 and, to some extent, incomplete. Thanks.
"The sky is falling, the sky is falling!" "We need $xxx,xxx or OpenBSD will be SHUT DOWN!". "We don't have the money to make our electric bill!" Bullshit
You got your $20k for electric. You got (last time I checked) $140k of $150 for 2014 donations.
Let's see some actual accounting of where this money goes, or did Theo just want a paid trip to Las Vegas?
Call me what you will, I don't care. Until I see detailed accounting of where the money goes, I call fraud.
You're actually fundamentally wrong. Linux used to have a 4/4 split hack, but it's been 3/4 on x86 forever. 4/4 was added as an option, and hardly ever used--RedHat published a special kernel for it for a while.
-fPIE requires the use of 1 additional register in many contexts, and they're scarce on x86. The performance impact is real. That said, it only affects the main executable--it affects /bin/ls but not all the libraries it loads--and the libraries are PIC anyway. The argument from Theo was basically that 99.8% of the code executed on the system (measured by time spent executing, not code volume) could be PIC but making that last 0.2% PIC would be an extreme performance hit.
Support my political activism on Patreon.
The answer to this question and many more are in the man pages.
and it benefits hundreds of millions of people
yes
In the past OpenBSD has been pushing hard for things like priv sep, stack layout changes and smashing protection, address randomness, guard pages, minimum permissions everywhere, more randomness everywhere, etc. The result is a system where sloppy code is very likely to just crash before causing any harm. It helps towards making the system secure, and it also makes software development on the OS oh-so-nice.
I realize OpenBSD's security isn't all about features like the ones listed above, but can we look forward to some new exciting techniques that push the idea further?
Thank you for a superb free operating system. And thank you for pushing the software ecosystem towards better quality standards!
The implementation of ASLR is not secret. It's not security through obscurity.
Compare with with cryptography: if someone makes his homebrew crypto algorithm and keeps it secret, hoping it is more secure because others don't know how it (the implementation) works, that is security through obscurity.
But if you use known, documented, public crypto primitives, you're not using a secret design or implementation. You still use random data in keys, nonces, etc. But that randomness is not secrecy of design or implementation. It is not security through obscurity, just as ASLR isn't.
Obviously someone who has never worked with Theo.
You got me.
Theo simply does not suffer fools and will call you out for being stupid.
That is it.
I have no personal experience here, but his Wikipedia article doesn't see things the way you do.
When will you make OpenBSD a comparable system to Windows Server 2012 R2? All other platforms are pathetic jokes compared to it's awesomeness. It's clearly the best in security, ease of use, available applications and affordability.
Where do you see OpenBSD heading in the compiler department? GCC 4.2.1 is now almost seven years old. Do you expect OpenBSD to keep using it indefinitely? If not, what is more likely - a switch to a GPL3 version of GCC or a switch to Clang? NetBSD and DragonFly BSD have taken the former approach, FreeBSD the latter. Is OpenBSD comfortable being the only major OS to stick with such an old compiler version, or will something have to be done about it eventually?
Hello !
What are your thoughts about Plan 9, how do you consider it ?
It's not that they can't touch it. But they (OpenBSD) have decided not to incorporate any more nonfree code in to the project.
Do you still think that Linux is buggy and bloated, or have you changed your mind - a couple of years has passed since you said that.
are you going to abandon CVS ? I mean, even in the fairly conservative environment where *I* work, CVS is considered a dinosaur. Mercurial ? Subversion ? Git ? C'mon, man !
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
It seems that in matters of secure computing, Mr de Raadt is seldom wrong.
Such behaviour appears to be unforgiveable.
By some.
--
BTW, Theo - thanks for the code goodness,
The ports tree has had package signing capability for some years, but it was left to users to implement.
New with 5.5 will be both signed kernels and filesets for the base OS, and signed packages, using a simple public/private key pair system with a newly developed signify(1) tool and related infrastructure and install/upgrade/sysmerge changes.
Do you see UNIX and the open web, such as ftp and email, being deprecated by proprietary services and protocols like dropbox and twitter, as the masses increasingly buy into these new technologies?
As a Canadian: had you gone to college in a less-than-generous country, for example the United States, would you have pursued higher education?
As software becomes more and more a part of our lives--from your experience with OS development and knowledge of security--what can we do to make the world a safer and more secure place?
What are some fallacies of security? What are things that people and organizations do which make them feel secure but really have no, or, limited impact? How might they go about things more effectively?
If you were to pass down the role of Release Engineer and project lead, what managerial/leadership advice would you give to your successor(s)?
You once said, "secure software only happens when all the pieces have 100% correct behavior." I was wondering if you could elaborate on this in the sense of shipping a product every 6 months and dealing with all the mess that upstream code may send your way. How much work is it integrating various "components from outside compliers" and how crucial is this process in creating a secure system?
Are you going to switch away from gcc?
C is old, not very well suited for multiple cores. As the future will bring us even more cores, do you think that a replacement of C with a more suited programming language will take place as *the* programming language of the future *nix OS?
Do you find this can be done with *nix like OSes or another type of OS?
OpenBSD is built using gcc 4.2, which is getting old by now.
While being old isn't an indication of being bad or wrong, is there any concrete plan
to either upgrade the base compiler, replace it with clang or some other compiler ?
Theo is the project and also runs most if not all of the infrastructure related to the OpenBSD and OpenSSH project from what I've read. Who will be your successor?
Thanks for taking the time to reply.
For systemd to appear anywhere there has to be a benefit, and there isn't one.
I want to delete my account but Slashdot doesn't allow it.
Wouldn't the OpenBSD project benefit from switching to Git? I know the answer is that centralized CVS workflow works best for you, but Git can be used with a CVS workflow if that's what you want. However, CVS commits are file based (which makes changes review needlessly hard IMHO), doing a bisect is a nightmare, it's slow, OpenCVS looks dead, CVS is regularly being shouted at on ports-changes@, and so on.
By default, OpenBSD includes binary firmware for wireless cards where no free firmware exists, such as many Intel cards. Do you think this poses any problem from a security point-of-view?
If Go were available for all the platforms supported by OpenBSD, do you think it would make sense switching some parts of the system from C to Go?
You mention the wireless in the old AspireOne - it's not quite like you made out. The diff for the AR5424 worked on the submitters card (seemingly an older hw/firmware revision than anyone else who tried the diff had), but caused hangs on more common AR5424 revisions and iirc there was also a report of it breaking connecting to networks with hidden ssid on older cards (AR5212 etc). If the diff had worked better, there would have been a high likelihood of it being committed.
A bit ungainly, but that's necessary. Redhat tried to make it look neater and ended up with https://bugzilla.redhat.com/sh...
How come? You didn't even bother to benchmark your changes on /OpenBSD/,
but you insisted that he should take your claims at face value?
Should he have spent time instrumentalizing your changes and prove that the're quite expensive?
And, BTW, using sock-puppets to moderate up you whinings on slashdot is dumb and despicable.
Hi Theo,
I know you have been very vocal against MAC because you considered it too complex to be of any practical help and would continue hardening OpenBSD from getting rooted. Many practitioners however take a more pragmatic stance as they point out that an OpenBSD box (in fact any box) which act as a network server could be vulnerable if the services that are provided were to be compromised. I compare this situation with a fortress, so OpenBSD is more like a traditional fortress which will fall if the attackers find a way to get inside and I consider the other camp to act more like a Ninja Castle, with a lot of hidden functionality that can be exactly enough when an attacker gets into the Castle. How could OpenBSD be augmented to include some functionality that make it harder to crack even if network servers are compromised? Do you have plans to include such functionality?
Carl, Thanks!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
What hardware manufacturers does Theo recommend? I know some Taiwanese corps have released full documentation to OpenBSD but can't find out who these companies are.
what are your top 5 articles/papers about security ever?
Signed packages are a bit different to checking code signatures on executables/scripts at run time.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I find this amusing. It is clear that Linux and as far as I have worked with FreeBSD, have nice friendly people in their forums, who are always friendly and helpful.
I used OpenBSD for a while, and the first time I asked for help (and it most certainly was not a dumb question) I got similar treatment like this nutbag I am replying on. You know OpenBSD, if you want people to use your software (which apparently you dont), BE NICE!!!
I was quite impressed with the software, but the people around it...? No
Theo, you left South Africa at the age of 9. Do you have any connection to the country? Have you been back? Do you think of yourself as a South African or a Canadian? Do you speak any Afrikaans? Places like Cape Town are beautiful and hike-worthy. I believe you enjoy hiking so was wondering if you've ever been back there for hiking.
Also, it is interesting that there are so many South Africans in tech. Elon Musk (Tesla), Mark Shuttleworth (Ubuntu), etc. Do you feel any connections to them due to a common heritage?
Have you ever tried FreeNode #openbsd?
Hello Theo, can you make source-changes@ mail diffs along with the commit logs? Having to extract the diff for each individual file via /cgi-bin/cvsweb or cvs log is rather tedious & inconvenient, and the end result is I don't review as many changes as I should. Having the complete diffs for each commit drop in my mailbox would make it so much easier to review things, and likely I'd at least skim through even the commits that do not sound very interesting to me. That would be more eyeballs to make sure things like goto fail do not accidentally slip in!
Are you or your team concerned at all with the upcoming switch (mainly from the Linux side of the OSS world) from Xorg to Wayland (or if you're in Canonical land Mir)? How will the OpenBSD team be dealing with such a drastic change? Are you planning to port wayland at all to OpenBSD in the near future or will continue using your own fork of X11?
On one hand OpenBSD is focused on security, on the other hand it use a lot of 'unsafe' programming languages (for example C) where security is only achieved thanks to expert programmers, but even experts have bad days and make mistakes..
Wouldn't it make sense to push the usage of programming language which provide more security by default?
For example, encouraging developers to use Ada instead of C..