Slashdot Mirror
Interview: Ask Theo de Raadt What You Will
Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.
Has the NSA scandal changed the status of the OpenBSD project?
Given the pervasive nature of NSA compromising, do you know of any attempts by the NSA to put in backdoors or otherwise compromise OpenBSD--either by approaching you directly, or by infiltration?
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
that's your opinion which is not widely shared by OpenBSD users. those of us who like to get things done w/o the opinionated whining and design by committee crap found in nearly every other open source project.
shut up and code.
more successful?
millions of devices (including those from Cisco, Juniper, NetApp, EMC, Apple, etc.etc.) and many OS use code from Theo's projects. Maybe you are just an asshole, but Theo is a hugely successful one?
If so, How do you think the community would react / correct the situation?
Restore the madness of youth's lechery
All BSDs are more robust than Linux as they follow a much more conservative development process. Linux is in a constant bleeding edge R&D mode (which of course also means that you get cool new features quickly).
actually, there used to be a dev/test web site but www always went to the main one. the openbsd.org one was never the main site. nowadays many browsers (improperly) stuff a www in front if nothing found at a domain name
Looking at a success of OpenSSL project in the private sector, key to this success is a very robust certification (FIPS and so on) effort. Are there any similar plans to dedicate resources to get OpenBSD endorse/certified?
I recently needed a free software operating system that could replace Solaris on a couple of Sun UltraSparc machines. After testing out the relatively small number of alternatives I found that OpenBSD had by far much better hardware support than the others. I know that a lot of this is the result from the effort your group spent a couple of years ago to get docoumentation from what used to be Sun. How would you describe collaboration with Oracle now when they run the remains of Sun, in particular around supporting modern Sparc64 based systems?
the rack picture on the lower right corner of the www.openbsd.org was taken in 2009. since architectures retired and some added since then, could we have a new circa 2014 picture?
Very often we admins have to make all kinds of hacks to get OpenSSH to support Chroot and ScpOnly. Would it be possible to make it simpler for these features to be added/configured without third party tools? OpenSSH is a foundational package, and making it easier to add these features would make it all that much better. Would be great to stick to your source 100%!! Thanks for your many contributions!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
I would like to run OpenBSD on the Raspberry Pi.
I understand, sympathize, and accept your decision to avoid that platform, but what would you recommend as a stable substitute?
The BeagleBone Black seems like the endorsed alternative, although there were stability warnings until recently. The current status reads: "There are generally still a fair number of things to do on each of these boards, however OpenBSD is generally considered to be usuable on them. The platform is now self hosting, however there is no SMP support."
Would you point OpenBSD users interested in this hardware class at the BeagleBone Black? Any other advice? SLC media preference?
TI has announced that it is discontinuing the OMAP line. Will Beagle move to another ARM licensee, and does that matter much for OpenBSD?
Pretty much that. My observations with FreeBSD at least have been that whilst Linux might get something FIRST, it will typically go through 3-4 (more?) iterations before the actual long term supported version emerges. Until someone decides to rewrite it anyway.
The FreeBSD (and likely other BSD) way seems to be to design things properly first (which takes some time that Linux skips), implement and then the user-facing interface stays the same for a long period of time.
Sometimes however, it does mean BSD gets features first. E.g., multichannel audio. Mixing has transparently happened via the FreeBSD audio driver for about 10 years now. Linux has gone through a bunch of different audio subsystems in that time.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Slashdot interviews for Richard Stallman, Eric Raymond, and now Theo, all in the last week?
What happened? Did someone at Dice push Slashdot management to try and "reclaim technical roots"? Is someone a little worried about http://soylentnews.org/? Or maybe this is part of a last-ditch effort to increase revenue^W^W reclaim reader loyalty?
Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
source.
Perhaps not, but really, you guys are still trying way too hard now. I'd have thought you realized by now that successfully running a site like this is a marathon, not a sprint. Throwing up a few half-baked interviews with prominent open source figures isn't the answer.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
OK, tongue-in-cheek question: did you cash in all those bitcoins before Mt Gox imploded?
More seriously: what are your thoughts on the future of ZFS, BHyve, non big-lock SMP, SMP-enabled pf (see NetBSD npf) on OpenBSD?
Related question: what is the future of OpenSSH-based VPN functions?
Even more seriously: in light of the recent Snowden revelations on NSA spying, can you tell us more about the audits realized after a few (past) developers were accused of creating backdoors in OpenBSD for the FBI?
Finally, and this is not a question: all my thanks for a great OS. I use it daily and truly appreciate all the hard work.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Last time I saw pictures, you and others were working from a home. How is everything structured now? Are you living alone and working from your house, or are there others there, too? How has this affected you long term with your personal life and relationships? What type of job did you have before OpenBSD? Assuming you did before, do you ever miss working in an office?
Sig: I stole this sig.
What are your thoughts on code signing, and do how do you see the development of such proceeding in the free unix world. In Powershell for example, i can set a system-wide policy to only run scripts if they are signed with a trusted certificate.
This means I can, for example, delegate script development to an underling, review the script and then sign and push into production, knowing that the script will not run if it has been modified in the field without authorization - enabling proper change management process to be enforced.
Other platforms require all code to be signed before it will run.
Do you foresee anything like this (obviously with the master signing authority being the local site admin) for OpenBSD?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I know it can sometimes be more of a burden, but thanks for all the work you have done Theo. I use OpenSSH everyday, and I find it to be one of the most reliable, most secure (even with all the NSA revelations) pieces of software in daily use around the world.
That being said, the more I investigate how to increase security, I am increasingly struck by how borked SSL is as a whole. (CA messes, vulnerable to MITM, DPI, etc).
My question is this: do you think at some point we should start re-evaluating our fundamental kernel architectures to help alleviate some of the security issues recently revealed? I mean, with hard-drive and bios level rootkits, etc, even SSH is standing on a foundation of sand it seems. Thoughts?
"It's ok, I'm completely secure as long as my iron is off"
Hi Theo, I'm a fan of OpenBSD partly for its hacker ethic and partly for the songs. A few of them don't have commentary, which I find sad. For songs like 'El Puffiachi' and 'I'm Still Here', what was your creative input if any?
Good people go to bed earlier.
I appreciate the fundamental work that OpenBSD does in security and other areas, especially things like the recent work in getting X to run without privileges.
AFAIK OpenBSD was the first to accomplish this, and I'm wondering how much of that research and know-how, maybe not code, can be used by other *NIXes? I know there are license conficts between the BSD's and Linux, but how much of the experience gained from that effort can be used to improve other *NIXes even if code cannot be reused? Is the OpenBSD project involved in sharing this experience, and others like it, with Linux distros or with NetBSD or FreeBSD?
The Information Revolution will be fought on the command line.
Do you realize your project would be more successful and provide more value to the community if you weren't such an asshole?
How screwed up would the project be had he not been such an "asshole" as you describe?
The truth hurts. Just because people can't handle it and get butthurt doesn't make the person an asshole for pointing out the truth.
I'd also like to know how you feel about other CEO's out there that have proven far more of an asshole than Theo could do in 20 lifetimes. He's a nice guy by comparison. Trust me.
Are there any efforts made to ensure that OpenBSD can run native apps written for other platforms, such as Linux or FreeBSD? Or is OpenBSD's target usage exclusively routers & firewalls?
Given that a lot of the platforms that OpenBSD was ported to are now dead - such as PowerMacs, Alphas, PA-RISC and so on, are there any efforts on to port OpenBSD to non-x64 platforms that exist today?
If you couldn't use OpenBSD anymore what other OS would you prefer to work with?
http://saveie6.com/
Why does OpenBSD use a CVS derivative for the code repository? Why not use a distributed VCS? Do you feel that there is an advantage to use the current repository or is there another reason to use it?
.
I know you are a proponent of strlcpy. Why do you think some projects resist using it so much?
It's actually a sad trend, but yeah, you'll find people with massive egos who don't mince words behind many successful projects. Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid, even if it means that person may quit/stop contributing.
Linux, Apple, and Microsoft all found their success with this type of personality at the helm.
It takes a very special person to be able to be an asshole and not alienate people. Steve Jobs is a famous example, but there's also Linux Torvalds, and Theo.
The asshole-ish nature of those people generally turns people off. However, they also have the rare ability to motivate people to doing the right thing. Jobs is an asshole, but he also managed to bring out people to do better work - he didn't accept crap if he knew it could be done better. Likewise, Linus and others are the same - they aren't afraid to call it crap.
The problem is, a lot of people don't realize that and try to emulate them by being assholes and making life miserable for everyone without any redeeming qualities. It's those qualities that allowed them to be assholes and still get stuff done, not the other way around.
You're name is synonymous with OpenBSD. If you were to get hit by the proverbial bus, does OpenBSD a plan to keep it going and relevant?
Why is openbsd.org such an ugly website? Is it because you want people to take it seriously or is it because no one on the project knows any CSS?
I respect your large brain and all your highly secure exploit-free software, but if I were responsible for view-source:http://www.openbsd.org/ I'd be pretty fucking embarrassed.
It seems like every time you turn around, another bitcoin exchange is hacked or some startup social network for dogs is secretly uploading all your phone contacts over clear text or a retailer is storing unencrypted cc numbers and passwords. Some of the worst offenders are brogrammers. Is there anything we can do?
Do you even lift?
These aren't the 'roids you're looking for.
I've been using OpenBSD as my wireless home router, server and development platform since 2005, and can from 9 years of experience safely say that the current state of OpenBSD's Wi-Fi drivers and 802.11 stack is troubling. On one hand, most chipsets out there have rudimentary driver support in OpenBSD, including WPA2 and CCMP facilities. On the other hand, the 802.11 stack still lacks 11n support (minor problem) but what's much worse is that while only two of the drivers - ral(4) and athn(4) - state that they can handle power-saving clients when running in HostAP mode, none of them actually do it properly. None of the support ral(4) chipsets can handle power-saving clients despite what the ral(4) man page claims, and while athn(4) works slightly better it's still flaky with unreliable results, no matter what wireless chipset the client uses. The effect is that OpenBSD is useless as a wireless access point without having the clients pull one of several tricks available to avoid them from entering power-saving mode, as have been posted and explained by troubled users on the OBSD mailing lists regularly over the years.
I understand that Wi-Fi portions of OpenBSD aren't exactly prioritized, but are these issues even on the roadmap?
In your opinion, what does OpenBSD/OpenSSL/etc. need from the community?
Now that you received a large donation to keep the lights on, what is next on the list of things that would help move things forward?
Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid
Yes, I agree that sometimes an anoplasty is needed. But that doesn't mean you have to use an abrasive tone while doing so. There are usually ways to get a point across with wit and good analogies instead of NSFW language. It worked for Jesus of Nazareth when he tore the leaders of Pharisaic Judaism a new one for their hypocrisy.--Matthew 23:1-39.
I applaud efforts to make slashdot more technically relevant and useful and interesting, keep trying too hard!
former Linux server advocate here, switched to OpenBSD as my favorite server OS 13 years ago after seeing how Theo was such an asshole about security, correctness, robustness, and preserving the BSD way and philosophy of systems admin
I see that GSOC 2014 has a proposal to port Capsicum to OpenBSD.
How screwed up would the project be had he not been such an "asshole" as you describe?
Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.
Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".
Linux had oprofile.
I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.
Further, most programs spent substantially less than 0.2% of their execution time in the main executable. -fPIE only affects the main executable; multiplying this together gives us 0.2% * 5.8% = 0.0116%. This means that, in any one hour period, if you could find a total of 0.42 seconds of CPU time (i.e. CPU at 50% for 0.84 seconds, CPU at 0% for 0.42 seconds, etc.), -fPIE would have zero real impact. If your system is pegged at 100% for 24 hours, it will be pegged at 100% for 10 seconds longer. In 60 seconds, you need 0.0070 seconds of additional CPU time to handle this optimization.
In short: Theo was wrong. He derailed the conversation off-list probably because he didn't have a real argument and was afraid of being proven wrong. He's never admitted he was wrong, and probably considers the whole argument a moral victory.
The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else. I wonder how many security holes have gone unseen, how many improvements have papered over unacknowledged previous issues, and so on. OpenBSD uses very specific language: only two remote exploits in the default installation in however many decades. That's because OpenBSD comes with everything switched off--like Ubuntu before Avahi--so there's no attack surface. It's great marketing, but it has no bearing on how much of the code base is secure or how risky it is to run OpenBSD vs Linux vs Windows.
Theo's manner says that the above assessment has a high probability of being valid. Not a majority probability, but a high probability: most people claim OpenBSD is "secure", and in fact I spent a time editing this out of Wikipedia because every security article cited OpenBSD--up to and including listing "use OpenBSD" under "ways to improve computer security". This was not NPOV, and I have found no empirical studies of OpenBSD security--Coverity hasn't even run their tools against the code base, and I've seen no widely published studies on number of practically exploitable local privilege escalations and shipped daemons and such comparing OpenBSD to FreeBSD and Linux and so on--so it was inappropriate. But it does say that the normal assessment is that OpenBSD is probably "secure"; and I find a lot of soft evidence suggesting that this assessment is not reliable without more hard scientific evidence. A lot has gone into showing why OpenBSD "is secure", and very little has gone into showing that it's "not as insecure".
Linus has a massive ego and can be harsh, but he admits this and admits he has been wrong and the culture around Linux is different. Linus is sub-optimal, and the poor handling of negotiation by the Grsecurity and PaX people stunted Linux security development for a while, as did a number of other things; but Theo is the quintessential off-the-deep-end egomaniac. His technical expertise is highly questionable.
Support my political activism on Patreon.
There is no need for third-party tools for what you want to achieve. While the solution is a bit ungainly, all of it is already supported by OpenSSH and its sftp subsystem. This is how I configured things on my system:
/sbin/nologin as shell to deny them shell access. Their home directories should be owned by root:sftponly, and within the home dir you then create relevant user-controllable directories which should be owned by :sftponly.
/usr/libexec/sftp-server
First off, add a group that you call f.e. "sftponly". New users that are to be allowed only sftp access should have "sftponly" as their login group, and have
Secondly, the sshd_config magic that makes the whole charade work:
Subsystem sftp
Match Group sftponly
ForceCommand internal-sftp
ChrootDirectory %h
Proper support for power-saving clients comes down to buffering outgoing packets until the client asks the AP for them, rather then instantly sending them to the client which may or may not be asleep at that point. This is not a driver firmware issue, it's a fundamental stack problem and lies entirely in the hands of the OpenBSD developers.
Small explanation: what happens is that when the SSHd matches the user's login group successfully, it forcefully switches over to the internal sftp component instead of the default external subsystem, which in turn makes it possible to chroot the user to his/her home dir without having to place a plethora of system files in each user's home directory.
Being nice takes up too much time, being terse and quick is key.
You can be terse and quick without profanity.
And for the record, please don't quote and site works of fiction
Wouldn't that apply to geeks' favorite SF as well?
which people on current team would be the best designated successor(s)?
How has OpenBSD managed to avoid these sorts of decisions historically?
In this context, asshole does not mean morally objectionable.
Theo is generally thought to be an asshole in that he's tremendously disagreeable and difficult to work with, but that's not to say he's actually evil and worth boycotting.
fsck-beta might well believe, as I'm sure many of us do, that Theo is an asshole (see early history of OpenBSD) who has done some very good work.
I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?
The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else.
What convinced me that openbsd was developed by whiny lazy babies was trying to use my Acer Aspire One D250, one of the commonest netbooks made. The commonest wlan card used in it is unsupported. So I went looking for any prior attempts and sure enough, someone had ported some changes to the driver from Linux and got it working in a substantially old revision. But even though one of the core developers has the same netbook with the same NIC, the patch was not accepted. The excuse given was FUD about licensing, but this was substantially after issues like that were settled. I didn't bother to ask on any lists to see if anyone was thinking about fixing it because I knew they weren't. The developer with the same machine had replaced the NIC rather than port the changes from Linux because they weren't interested.
OpenBSD's hardware support is shit, so unless you're building a machine specifically for a purpose odds are good you'll end up with Linux anyway. If you have or plan to inherit legacy machines, same thing. Wouldn't you rather run nominally the same OS everywhere, so you don't have to remember how to do the same thing ten different ways? If you're going to have to run Linux anyway, you might as well just run Linux.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Why is bigmem still off by default on x86 platforms?
You're not the first person to suggest something to Theo, only to have him shoot down your idea.
In my case, I suggested a profiler that you'd run an exe under, and it would catalog the syscalls that the binary made, and all the syscall arguments. That profile would be stored for that program in a repository.
After the profile was created, if the program ever deviated from its syscall profile, the syscalls would fail and the binary would be terminated.
The goal here would be to holistically stop programs from misbehaving when under control of an attacker.
Theo's comment was, basically, "this will never be part of openbsd, and you are perhaps the 10th person to suggest such a thing"
Well, sometime later, something similar to what I suggested did in fact become part of OpenBSD. I think it appeared on Linux first.
Did I begrudge Theo at the time? No. Do I begrudge him now? No.
Even Heroes are fallible people. Theo is just a guy. He's made my life remarkably better because ever since someone remote-rooted my IRIX box, I've had his Operating system as my edge device, and I've not detected any remote-roots ever since. All I did was buy a T-shirt and a couple CDs from him. Hell, I even contributed a fix (Back in the 2.x days).
I think your assessment of OpenBSD's security is shit. Go look at old bugtraq posts. They made a good point of cataloging who was affected. Notably absent was OpenBSD -- almost always. And not because nobody tried -- but because OpenBSD didn't fail.
These guys are serious about security, and the results are self evident. Your personal beef with Theo is your problem; not a reflection of lack of results on their part. The fact that you're editing Wikipedia about this indicates a legendary amount of butt-hurt.
The OpenBSD project has given us lots of goodness, above and beyond OpenBSD itself.
I have no idea why you would question his technical expertise. He has brought up a BSD kernel on countless different pieces of hardware. How many people can say that? How many unix kernel engineers can even say that?
My opinions are my own, and do not necessarily represent those of my employer.
If so, how did you make it a priority? More specifically, as the leader of OpenBSD what did you do to ensure great documentation?
As a software developer I know that documentation often falls to the wayside (features take priority, schedule already tight etc). As a project manager it's difficult to get good documentation (staff does poor job, stakeholders don't want to pay for it etc). OpenBSD has really good documentation (in my opinion) and it was really useful when initially getting to know OpenBSD, PF etc. Most of the pay for middleware I use has documentation that is absolute shit (incomplete, wrong, not up to date etc). To me the state of documentation in OpenBSD is more impressive than "Only two remote holes in the default install, in a heck of a long time!". Of course, "You'll love our man pages!" doesn't have quite the same ring to it.
"If you are going through hell, keep going." - Winston Churchill
tall fables of religions past
Please see my reply to bberens.
On top of that, how do you know what kind of language was considered profane or not back then?
Koine Greek is a fairly documented language. There is swearing in The Bible , and Paul of Tarsus was a lot dirtier than Jesus. On the other hand, maybe some people are right that perhaps we need a Theo for the same reason the characters in The Bible needed a Paul.
It's been reported that Mircea Popescu, owner of a bitcoin-only securities exchange, paid OpenBSD's 2014 power bill in full after learning of the project's financial difficulties. Was Popescu the first major donator, and after having been on the receiving end of such a large donation, what are your thoughts on bitcoin?
Insigntful? Wow. And when I asked that question about RMS I got kicked to the curb. de Raadt really isn't that bad. Maybe he used to be, I dunno, I wasn't here then.
There have been a whole lot of these question threads without any replies in the past few months (6 other threads in the past 3 months, all unanswered). Do these people actually know they are being interviewed, or are these just empty topics posted to bolster lagging page views/ad impressions?
"Even Prophets don't know everything"
Assuming what you said is 100% true, then yeah, I agree that he was probably too quick to dismiss your proposal (then again, I'm no expert). That said, I think it's a bit overboard to dismiss the entire OS because of that. OpenBSD has a very strong focus on security and stability. There are a lot of people, myself included, who care very much about those things, even at the expense of, say, optimization.
I see a lot of people say Theo's a jackass. I don't know if that's true or not, and frankly, I don't care. OpenBSD has a clear philosophy and focus and the team behind it, however they may act, have done a fantastic job at maintaining that focus and working toward building a better product in that vein. Maybe they would benefit from a little humility, maybe they wouldn't, but as long as they keep pumping out a system that improves upon the goals they've established (goals that I value extremely highly), I'm willing to let attitude problems slide.
I can build a car from parts. That makes me neither a mechanic, nor an engineer. You would be surprised the vast array of things I've accomplished without the correct technical skill. The problem here is I've also often addressed problems wholly incorrectly, and failed to recognize severe problems. Why? Because I'm functionally a trained monkey who can get from point A to point B if you tell me where the two points are; the fact that I can find a path doesn't mean I know a damned thing about what I'm doing.
Theo demonstrated to me, once clearly, that actual risk analysis and assessment isn't a part of OpenBSD or his personal behavior. Rather, whatever comes to mind is where they focus. He has asserted time and again that running source code analyzers is not useful because they reduce security. If a source code analyzer uncovers a flaw that nobody has noticed in 20 years, that's irrelevant; Theo's categorical argument is that source code analyzers teach people that bugs which analyzers don't notice do not exist, and so they start not finding bugs or start working around bugs by making the analyzer not bitch instead of by fixing the bug. Essentially he reinvented the Normalization of Deviance problem and hyper-applied it in a fallacious slippery slope argument (the slippery slope argument can be valid; in this case, it was more asserting that people would jump off a cliff).
He has also demonstrated to me, repeatedly, that his technical ability to evaluate the impact of a particular change is extremely weak. He relies more on his own image of self-worth, and has the mental profile of a PHB who knows something about programming and found out strcpy() can break shit.
Cleansing Wikipedia was an effort prior to interaction with Theo. There was a lot of general security framed as "OpenBSD of course doesn't have security problems in general and is superior to all other operating systems", such as the mentioned article on computer security in general which suggested "Run OpenBSD" as "Ways to improve computer security".
Finally, from what I can tell, there is no evidence that people on Bugtraq actually test everything or much of anything against OpenBSD. Redhat, SuSE, Debian, and Mandriva sometimes get tests; FreeBSD often escapes, PCBSD never shows up, other Linux distributions are hardly ever mentioned (Ubuntu has been in vogue for several years now though), and OpenBSD hardly shows up. Rather than assuming that most Linux, NetBSD, FreeBSD, and OpenBSD are all very secure and magically invulnerable, I assume none of them are much tested. As well, many such tests report systems which are invulnerable in the same way as OpenBSD: Firefox RCE vulnerabilities on Redhat would be subject to the same W^X and ASLR as OpenBSD, but Redhat is consistently listed because the bug does exist in Firefox packaged on RHEL--it's just harder to exploit; yet OpenBSD isn't listed.
The results are not self-evident; a large amount of marketing, a vocal minority, some dogma, and a huge amount of egotism and mishandling are highly visible, and even these things are not self-evident. Theo being a dick is not self-evident: somebody may have provoked him; but when you analyze the pattern behavior, it becomes evident by analysis that Theo's runaway ego is brandished at every turn against anyone who disagrees with him on any point, and thus that he is in fact a dick.
Try being rational. It's that thing where you analyze facts and probe into voids to decide how to think, instead of repeating dogma and clinging to comfortable ideas with no real support.
Support my political activism on Patreon.
Marcus Ranum bragged about OpenBSD and got hacked running Apache on OpenBSD. I generally feel that they have less understanding about security and more loud voices and marketing. OpenBSD secure is like MacOSX secure.
Support my political activism on Patreon.
That sounds like PEBKAC to me. He probably had a poorly configured Apache setup. I don't really have the qualifications to give an informed opinion about the state of OpenBSD security, but pretty much everything I do know points to very good practices on their part. I'm sure it's not perfect, but it seems to be head and shoulders above a lot of other systems.
Obviously someone who has never worked with Theo. Theo simply does not suffer fools and will call you out for being stupid.
That is it.
I have asked beginner level questions, and he had answered them politely. But if you come in with an attitude, or as a know-it-all and did not even bother to read the FAQ, he will treat you like the turd you are.
For whatever reason, people seem to think that's being an asshole. Theo's not your paid support monkey, and has no need to waste his time on people who refuse to read.
I look forward to reading a paper from you where you show, factually, that your use of source analysis tools finds vulnerabilities that the OpenBSD team missed.
It should be easy, right?
You'll be a hero. The first person, apparently, to ever look at OpenBSD critically. The first person to test it.
Get over yourself. Accept that they've put out a great product, your butthurt notwithstanding.
My opinions are my own, and do not necessarily represent those of my employer.
Where is the careers section? What am i missing?
Theo did that once. The result was embarrassing. Like a retarded farmer arguing vehemently about how to spell 'diary kaw'.
Now that I go back and look, post-flamewar, there's release notes for OpenBSD talking about importing a lot of fixes for stuff found by Coverity run against OpenBSD tools that were included in NetBSD, which got a Coverity report. It looks like there's a fair pile of improvements in OpenBSD kernel, OpenSSH, OpenSMTPD, and other OpenBSD projects that now come from static analysis.
I guess Theo was wrong then too.
He's been wrong every time we've gotten into an argument. Two samples isn't statistically significant, though; and I tend to only pick technical arguments where I have more complete knowledge than professionals.
My god, it was pre-2006. Well that makes sense: I was 19 at the time. How did this much time go by without me noticing? And who made these people swallow their own stupidity while I wasn't looking?
Support my political activism on Patreon.
My post was at +5, now it's at +2 once the OpenBSD friends were rallied :/
Link? Marcus Ranum seemed to like OpenBSD. A quick search gave me the following:
https://web.archive.org/web/20...
TOP OF THE NEWS
--OpenBSD Release Protected Against Buffer Overflow Attacks
(11 April 2003)
(Ranum): It's GREAT to see that at least a few people are smart enough
to try to attack problems like this systemically, rather than keeping
stuck in the fruitless "penetrate and patch" while loop. This is how
to make progress in security: fundamental protections.
https://web.archive.org/web/20...
“One of the BSD variants — OpenBSD (www.openBSD.org) — was constituted with security as its premise,” says Marcus Ranum. “They did some really interesting stuff; they did complete code audits of major hunks of the operating system and found huge, horrible, gigantic holes that all the other UNIX derivatives had been ignoring. They subsequently got fixed, but it was a huge reality check for the community.
Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.
Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".
Linux had oprofile.
I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.
Was this profiling done on Linux or OpenBSD?
The reason I ask is that the Linux model for 32 bit is to have a 4G/4G address space, where the user and kernel address space are completely disjoint, while the OpenBSD model was to have (initially) a 2G/2G split, later followed by a 3G/1G split.
With a disjoint address space, you aren't going to see tremendous performance degradation by going to PIE, even though you lose a register over it in 32 bit executables, since you are already paying the TLB flush overhead for the overlapping address spaces, and you are already paying the CR3 reload overhead for the mapping of copy buffers for the copyin/copyout operations. Assuming you do lazy mapping for the copy regions, you'll mask a pretty big chunk of the overhead, if the only activity you have on your system is your benchmarking process, as opposed to paying to move the copy window mappings around if you are doing a lot of context switching between processes that have even modest copyin/out requirements.
The overall overhead of this, according to Ingo Molnar, amounts to some 38% performance increase if you do not use a disjoint address space and copy windows.
This is practically the same performance you get from moving the kernel high (i.e. effectively, a negative offset) in a 64 bit system.
In addition, as long as you work around the Intel architecture TLB flush bug for the large vs. small page mappings covering the same physical memory region (i.e. the TLB flush would leave one of the TLB unflushed, and this is what caused issues with large page support to cover the kernel address space to get the TLB regions non-intersecting), you can get another up to 11% performance improvement by supporting all large pages in kernel space and all small pages in user space.
I suspect that the suggestion didn't get traction for 2 reasons:
(1) The above performance considerations, which were architecturally a performance win that OpenBSD could have and Linux couldn't, in the default case, for the default kernel and user address space mapping made the hit considerably more than the Linux-observed 5.8% on OpenBSD.
(2) ASLR (Address Space Layout Randomization), which is the primary reason for supporting PIE, is a means of security through obscurity, which relies on hiding the locations from the attack vectors, rather than actually having the code be secure, which is somewhat antithetical to normal security philosophy, which disdains obscurity as a protection mechanism (i.e. You can work around it using a relative return, unless you set the NX bit on all your DS/SS pages, which you should probably be doing anyway -- rendering the technique unnecessary in the first place).
I admit that PIE can be handy when you override shared libraries on the command line with environment variables passed to the run time linker, particularly for testing, but as a default mechanism, it's something of a dead end, particularly now that many architectures are taking the ARM 9 approach of a modified Harvard architecture. You can do a similar thing on recent Intel processors, although the recovery from a fault is you h
Ok, so your premise, from one email altercation, is that Theo's attitude is so intense, so "he can never be wrong", that openbsd has no security advantages. Never mind that the premise is ridiculous.
But the actual evidence suggests that internet arguing aside, openbsd eventually adopts valuable security practices and technologies that Theo initially disagrees with.
So, what was the point of your first post, exactly?
Are you going to modify your position on openBSD, now that you know the project incorporates outside feedback, even when they publicly disavow it at first? I mean, you're a rational guy, right?
My opinions are my own, and do not necessarily represent those of my employer.
I was asking the second question. I know anything can (w/ the required time, effort & manpower) be ported anywhere. My question was - is OBSD already, or can it be made capable of running Linux (or FBSD) binaries OOTB (w/ appropriate support packages installed)? Yeah, VMs are a fallback option, but then an argument would be made that if one has to run FBSD or Linux VMs, why not run those OSs on the bare metal?
So does OBSD have the same variety of software available as do the others? I'm not talking about firewalls or other utilities - I'm thinking things like say, video editors, graphic editors, games and so on. Yeah, even if the latest doesn't run, it's fine - I just want to know that OBSD has a good collection of software.
Doubt if this is something he can answer as I assume he spends his time coding, rather than playing with the different linux distros.
Do you have a plan to make OpenBSD widespread on the most popular wireless and wired routers, given that those boxes would benefit most from OpenBSD's security features? And in the process, gain more name recognition for your OS?
He is a license purist in the sense that he only distributes software that he is allowed to, by license. This is why OpenBSD has pf. The ipf author made a special exception for OpenBSD and said everyone can ship modified sources of ipf, except for OpenBSD. OpenBSD can only ship ipf as is. Since OpenBSD had a bunch of patches for ipf, they were screwed.
So they dumped ipf and wrote pf.
Where is the careers section? What am i missing?
It is at the bottom. Look again.
Recently both Debian and Ubuntu decided to make the switch to Systemd. With more and more distros switching to Systemd, will OpenBSD do the same?
Systemd's license is incompatible with OpenBSD, thus it would need to be rewritten from scratch (and it would probably refactored too). For systemd to appear in OpenBSD there needs to be a benefit to OpenBSD... not simply convenience for people moving from Linux. This is how pf was born: IPFilter was removed from OpenBSD due to concerns about its license and the pf developers refactored IPFilter's baroque rules syntax for simplicity and consistency.
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
Linux Torvalds? Really? On Slashdot? In 2014?
Come on...
Write boring code, not shiny code!
Exactly how much is "a heck of a long time" and for how much were those two remote holes exploitable ?
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
The reason I ask is that the Linux model for 32 bit is to have a 4G/4G address space, where the user and kernel address space are completely disjoint
A 4/4 split is completely impossible. x86 doesn't switch CR3 or TR automatically. At an absolute minimum, the kernel needs all its entry points (exception, interrupt and syscall/sysenter targets), and hardware structures (active pagetables, GDT, LDT and TSS) mapped into all virtual address spaces.
Is there any possibility to make OpenBSD more commercially viable (similar to what Red Hat Linux has done) so that in the upcoming years OpenBSD can avoid extinction or at least be more widely utilized?
A word fitly spoken is like apples of gold in pictures of silver --Proverbs 25:11
The last time I tried to run OpenBSD, it was so I could test our static analyzer Fortify SCA on the kernel.
One thing that really held me back in my research is that processes were limited to about 1 Gigabyte of RAM each. What exactly is the reasoning behind this hard limit?
Note: I never finished my work, but it would be totally cool to compete this someday.
Take off every 'sig' !!
I think you are confused; just because a couple of pages are dual mapped doesn't make the virtual address spaces *not* disjoint.
https://lkml.org/lkml/2003/7/1...
I don't even think they're even playing the same game, most assholes are just playing power games gathering sycophants, bullying those they can bully and sucking up to their superiors. Actual skill is mostly irrelevant and in fact superior skills and abilities might be threatening to them. The "good" assholes are usually trying to train their minions, like you can't cuddle a dog that just has chewed up your shoes unless you like having your shoes chewed up. You have to convey that it has been a bad dog and that you're angry with it. And the anger is more proportional to the level of expectations you have.
The good kind of assholes often chew out rather senior people - not to be confused with yelling at everybody - when they're doing things you know they can do better. They know what a release window is, they know how an RC patch should look like, they know not to break the user ABI, they know what kind of QA they should do themselves before sending review or pull requests. Good assholes often chew out people not because they're ignorant or incompetent but because they're being lazy, reckless or sneaky. It's not "it could have been done better" it's "you could have done better and you know it" but you tried pulling a fast one.
A little bluntness brings out a lot of the counterproductive characters, like the drama queens who don't take critisicm, those that will go in the trenches and you can change their design over their cold, dead hands, the dodgers who'll try to shift any blame away from themselves, who'll start throw ad hominems and so on. What goes around comes around though, if someone calls you out on your own turds you'd better be ready to handle it gracefully. That's something the bad kind of assholes never do, it's one set of rules for them and one for everyone else.
Live today, because you never know what tomorrow brings
FUD about licensing issues? The BSDs are under non-copyleft licenses, and can't use code released only under the GPL. That's a matter of legality, not an issue that can bet settled. If archangels were to descend with the perfect device code, blessed by God, Buddha, and Sheldon Cooper, but it released only under the GPL, neither Theo nor Microsoft could touch it.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
But they'll only be available Beta. Or maybe /. TV.
/.'s trying to win all the doubters back over.
I have wondered though - interviews with RMS, Theo De Raadt, Eric Raymond (lol) have all been promised. It's as if
Theo de Raadt: why the bitching about BSD code put in GPL?
http://kerneltrap.org/OpenBSD/Atheros_Driver_Developments
And that's not the only article I've seen about BSD advocates bitching about BSD code being put into GPL code.
I don't get it. BSD advocates are fine with MS taking BSD code, and claiming it as MS code, and releasing only in binary. But, the BSD advocates bitch about BSD code being put into GPL open-source? WTF?
As I understand it, BSD is almost public domain. I can take BSD code, and relicense it any way I please. If I don't want my code relicensed, then I shouldn't release it BSD.
When you release your code BSD, you allow relicensing. That's why MS prefers the BSD license.
I just don't get it. If you want kernel improvements to be implemented back, why license your code under the BSD to begin with?
I took a look at the BSD license, and I don't see anything prohibiting anybody from taking BSD code and putting into a GPL project.
If BSD advocates want to thump their chests about their licence being so free, then why do they bitch when Linux - but not Microsoft - takes them up on their offer?
It does not seem to make sense to me.
The OpenBSD project spends a lot of time on audits, but I know little about this process. How does it work? Do you just read the code and look for bugs based on experience? Do you use tools? Is there a audit-specific skill set that separates auditors from regular programmers? Are there specific books about audits that you would recommend? What is the best piece of code you have ever seen (or written?). Also, non-system programmers talk a lot about TDD and unit testing, but system programmers in general do not do that. Do you have an opinion about those techniques?
The point the parent was making is that catering to actual security and catering to egos are different things. And while it has been proven that Theo was wrong a whole bunch of times (and right a whole bunch of other times), it still has no effect on him. Smart people will often realize they were wrong and be happy with it (after all, they fixed a problem AND learned a new thing). Ego maniacs will silently ignore the fact and accept new change with smugness.
I'm an OpenBSD user since 2.9. I stopped using it in most professional setups around 4.2-4.4, because I find the maintenance cycle unnaceptable. However, I still buy both CDs and assorted merch from the project when I can, because I see real value in the team. But the truth is, while some of the side projects are quite alive (OpenSSH, PF stuff, OpenBGPD, etc), OpenBSD itself hasn't aged quite well. The VFS layer is a mess. Thread support is subpar. No container support whatsoever. No ACL support, no MAC. No virtualization support. Crappy SMP support. And this is so obvious, that some ex-developers decided to fork it and create https://www.bitrig.org./ And lets face it, it seems like local attacks aren't even considered vulnerabilities. The whole remote exploit stuff is such a bullshit - I remember one release that was antecipated 1-2 weeks so some Apache hole would not count. And while no one really cares about OpenBSD anymore, their subprojects are beneficial to almost every other operating system - if it wasn't for them (specially OpenSSH), I think OpenBSD would be long gone.
I should also add that, when OpenBSD added randomness to the ld.so and mmap(), a non-trivial amount of bugs was discovered in some well-known OSS projects. Probably every OSS user has benefited - either directly or indirectly - from OpenBSD; that doesn't mean we should build altars to worship Theo when - after all - it is a collective effort.
I read on the net You've got 10 cats. Is that true, and do You have other pets ? And don't You fear your cats to attack the ducks You feed ?
Do You speak French or another language ?
FUD about licensing issues? The BSDs are under non-copyleft licenses, and can't use code released only under the GPL.
Good thing the patch didn't use any code from linux, just some values garnered from one of the drivers. Reverse-engineering for the purpose of interoperability is explicitly permitted under the DMCA.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
ASLR is not security through obscurity. If that were true, regular encryption would be security through obscurity. Security through obscurity is an idiom, and it doesn't literally mean that nothing can be secure which depends on a secret.
ASLR is "secrecy through implementation to provide security"; that, according to Wikipedia, is the very definition: http://en.wikipedia.org/wiki/S...
And ASLR has other benefits beyond raising the bar for bug exploitation. When ASLR was enabled by default in OpenBSD many years ago, it uncovered a plethora of bugs, particularly in the ports collection. Not because those developers were depending on some particular pattern of allocation, but because bugs were exercised more frequently when the relative location of blocks became randomized. So ASLR ultimately resulted in OpenBSD and a ton of other free software becoming much more robust.
Sure; but like compiling for the DEC Alpha uncovered alignment issues that resulted in improved performance due to alignment exceptions and fixups for unaligned data accesses, it would not be necessary to leave the option on once the bugs were fixed; and indeed, the alignment check bit is not set in CR0 for Intel processors on Intel versions of OpenBSD, even though doing so would result in OpenBSD and a ton of other free software ending up with much better performance. So ASLR might have been handy to turn on temporarily for the purposes of finding bugs, but arguably alignment issues are also bugs, yet unaligned accesses are not resulting in faults, log messages, and software changes to fix those bugs.
Yes, OpenBSD's main projects make things like carp, pf, etc. That seems to be the focus, and how most users use OpenBSD systems. I'm not sure how the Firefox thing is a worry to most folks who use and trust OpenBSD for their use. I've had a lot of OpenBSD machines over the years, but I don't think I've installed X Window more than a couple times.
Hi Theo, it's hard to imagine a unix being written in anything other than C. But do you have feelings about how we should be writing code for application layers? Would you like to see less written in C, and more written in Ada, Scheme, Java or other languages that make leaks less likely. Have you played with Ada, do you think its type model is a general improvement over what's available in C?
Believe with me, my saplings.
Do you think it would be a good idea to have an 'OpenBSD from Scratch' project - to enable people to build the OS from ground up?
Why do you not have corporate sponsors as the FreeBSD project has? Given the NSA revelations it might be not to difficult to team up with some company related to secure router/server business.
Do you never approach companies or do companies never approach you (or both)?
What are the DO's and DON'Ts for those companies who would want to build their business around/involving OpenBSD?
Is there some plans to improve the performance of FFS and make it more robust and less-fsck-depedent. or rather, introduce another File System like HammerFS and ZFS. Thank you.
You're actually fundamentally wrong. Linux used to have a 4/4 split hack, but it's been 3/4 on x86 forever. 4/4 was added as an option, and hardly ever used--RedHat published a special kernel for it for a while.
-fPIE requires the use of 1 additional register in many contexts, and they're scarce on x86. The performance impact is real. That said, it only affects the main executable--it affects /bin/ls but not all the libraries it loads--and the libraries are PIC anyway. The argument from Theo was basically that 99.8% of the code executed on the system (measured by time spent executing, not code volume) could be PIC but making that last 0.2% PIC would be an extreme performance hit.
Support my political activism on Patreon.
and it benefits hundreds of millions of people
yes
In the past OpenBSD has been pushing hard for things like priv sep, stack layout changes and smashing protection, address randomness, guard pages, minimum permissions everywhere, more randomness everywhere, etc. The result is a system where sloppy code is very likely to just crash before causing any harm. It helps towards making the system secure, and it also makes software development on the OS oh-so-nice.
I realize OpenBSD's security isn't all about features like the ones listed above, but can we look forward to some new exciting techniques that push the idea further?
Thank you for a superb free operating system. And thank you for pushing the software ecosystem towards better quality standards!
The implementation of ASLR is not secret. It's not security through obscurity.
Compare with with cryptography: if someone makes his homebrew crypto algorithm and keeps it secret, hoping it is more secure because others don't know how it (the implementation) works, that is security through obscurity.
But if you use known, documented, public crypto primitives, you're not using a secret design or implementation. You still use random data in keys, nonces, etc. But that randomness is not secrecy of design or implementation. It is not security through obscurity, just as ASLR isn't.
Obviously someone who has never worked with Theo.
You got me.
Theo simply does not suffer fools and will call you out for being stupid.
That is it.
I have no personal experience here, but his Wikipedia article doesn't see things the way you do.
Can you point to all these ample examples so we can see and judge for ourselves?
It's not that they can't touch it. But they (OpenBSD) have decided not to incorporate any more nonfree code in to the project.
Only on i386. AFAICT Linux emulation isn't horribly accurate or complete anyway. It might be good for some applications and not for others.
Getting nonfree binary only software to run on the OS isn't a priority. At all. As Theo says, we live in a source world, and compiling software is the only way to get some of the security features on OpenBSD. Besides, binary compatibility leads to Windows & x86-esque horrible backwards compatibility bloat, with support for obsolete and outright broken interfaces...
Source portability is the right thing to aim for.
are you going to abandon CVS ? I mean, even in the fairly conservative environment where *I* work, CVS is considered a dinosaur. Mercurial ? Subversion ? Git ? C'mon, man !
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
It seems that in matters of secure computing, Mr de Raadt is seldom wrong.
Such behaviour appears to be unforgiveable.
By some.
--
BTW, Theo - thanks for the code goodness,
Do you see UNIX and the open web, such as ftp and email, being deprecated by proprietary services and protocols like dropbox and twitter, as the masses increasingly buy into these new technologies?
As a Canadian: had you gone to college in a less-than-generous country, for example the United States, would you have pursued higher education?
As software becomes more and more a part of our lives--from your experience with OS development and knowledge of security--what can we do to make the world a safer and more secure place?
What are some fallacies of security? What are things that people and organizations do which make them feel secure but really have no, or, limited impact? How might they go about things more effectively?
If you were to pass down the role of Release Engineer and project lead, what managerial/leadership advice would you give to your successor(s)?
You once said, "secure software only happens when all the pieces have 100% correct behavior." I was wondering if you could elaborate on this in the sense of shipping a product every 6 months and dealing with all the mess that upstream code may send your way. How much work is it integrating various "components from outside compliers" and how crucial is this process in creating a secure system?
OpenBSD is built using gcc 4.2, which is getting old by now.
While being old isn't an indication of being bad or wrong, is there any concrete plan
to either upgrade the base compiler, replace it with clang or some other compiler ?
For systemd to appear anywhere there has to be a benefit, and there isn't one.
I want to delete my account but Slashdot doesn't allow it.
Which man page(s)? None of the intro pages cover it nor does afterboot.
"If you are going through hell, keep going." - Winston Churchill
behind the bleeding edge? how do you explain OpenBSD having better and more wireless drivers than Linux in the late 00's?
A bit ungainly, but that's necessary. Redhat tried to make it look neater and ended up with https://bugzilla.redhat.com/sh...
Carl, Thanks!
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
You can search for them here: http://openports.se/
The only problem with OpenBSD in regards to 3rd party apps is that updates are only build against -current. So, if you run a release, you don't get any package updates, not even for security vulnerabilities. Only apps in the base install (like ssh and nginx) get updates. FreeBSD's ports tree, by contrast, is not separated by development branches, so you can always get the latest ports tree as long as the release is supported. The same tree that works for -current also works for the supported legacy release.
you're talking about less than the price of a good Bay area systems programmer on contract to fund an OS and related projects that benefit hundreds of millions (probably over a billion) people?
that amount of money is chicken feed. There's not enough there to even worry about someone taking a part for fraud.
you a whiner with no valid point
you are confused, poor coding is the source of countless security flaws, regardless of language.
Signed packages are a bit different to checking code signatures on executables/scripts at run time.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Theo, you left South Africa at the age of 9. Do you have any connection to the country? Have you been back? Do you think of yourself as a South African or a Canadian? Do you speak any Afrikaans? Places like Cape Town are beautiful and hike-worthy. I believe you enjoy hiking so was wondering if you've ever been back there for hiking.
Also, it is interesting that there are so many South Africans in tech. Elon Musk (Tesla), Mark Shuttleworth (Ubuntu), etc. Do you feel any connections to them due to a common heritage?
See BinpatchNG from m:tier. They've solved what you're asking for.
while not official, there's a semi-live conversion of the cvs tree to git. This has what you need: http://anoncvs.estpak.ee/cgi-b...
On one hand OpenBSD is focused on security, on the other hand it use a lot of 'unsafe' programming languages (for example C) where security is only achieved thanks to expert programmers, but even experts have bad days and make mistakes..
Wouldn't it make sense to push the usage of programming language which provide more security by default?
For example, encouraging developers to use Ada instead of C..