as someone who a) used to run an openbsd site (deadly.org) for years, b) written a book on openbsd (secure architectures...) c) used openbsd for five years d) had commit access and e) was kicked out (for shutting down deadly.org), i've seen theo and the rest of the project up close and personal. my subject line says it all: you reap what you sow.
theo's constantly been adversarial, even to his supporters, and no one likes that. shitting on your enemies is one thing, shitting on people who are trying to be friends is another. while theo's not the sum and substance of the project, he's a) it's more forefront spokesman and b) reflecting poorly on the project and c) responsible for driving away many talented developers over the years. the project is suffering for this.
pounding adaptec, sun, and many other vendors publicly and privately just gets you only so far in a positive direction, but a lot further in a negative direction. anyone who has watched openbsd over the years knows what i'm talking about.
while i see openbsd suffering financially and lots of people using the code without contributing anything substantial back, the license allows this (and even encourages this) and the project itself has really suffered for theo's mistakes in the past. don't like it? change the license to force people to contribute money or code or something.
example: the company i work for implemented TCP MD5 and agreed to share it with the project. it took a while to clear management, but eventually it did. harassing emails (from theo) for weeks on end were unwelcome and no way to say "thanks" for what is a donation. this is typical theo. openbsd project members work here and contribute fixes we find to the project, and i think we all expect that will continue.
if this is how the project reacts to people trying to help, why should anyone bother?
i looked at this a few years ago ...
on
Do You Code Sign?
·
· Score: 1
in 2002, a series of high profile compromises of internet software servers resulted in the alteration of software archives. this prompted an evaluation of the state of trust of the signed software distribution system. over 2800 archives representing over 1400 unique software packages were downloaded and their corresponding signatures evaluated for validity. these software packages were pulled from over 260 different sites and the keys retrieved only during the verification stage. of the over 2800 archives checked, only 5 errors were found, three of which were found to be false negatives. additionally, the characteristics of the keys used to sign these archives along with the key distribution systems were studied. these findings highlight weaknesses in the signed archive distribution system and demonstrate clear vulnerabilities facing several projects.
i posted a brief description on wormblog earlier today. conclusions: decent start at a tool, not comprehensive and in no way a replacement for continually running AV software.
you can also get involved in teaching or education. you don't have to make money, although you can, but it doesn't hurt to make an effort to do some good.
reverse engineering for worm defense isn't timely. look at how long it took them and look at how it was stopped in the meantime. as an example, the body doesn't dissect germs to generate antibodies, it simply finds an antigen and uses that. you basically do the same, either a network footprint (ie "spreads using direct to MX methods") or some static simple signature, like a filename or a piece of the header that's constant.
for me it was all about the rise in expectations of a system after seeing BeOS. suddenly you wanted a seamless UI, a familiar and powerful CLI (they chose bash), a clean API, and great performance. compared to MacOS, Windows, and Linux at the time, it was light years ahead. in some ways it still is.
after BeOS, using Mac OS pre-X was painful and boring. Windows felt clunky, and Linux felt too unpolished. after BeOS i chose Linux (then BSD a couple of years later) as my primary system, but i've always lamented the compromises in some areas. i didn't, however, miss having applications to do my work (the main reason i never went very far with BeOS). i still have and use the powermac 8500 i ran BeOS on, it now runs NetBSD.
thanks to all of the amazing Be engineers, you guys made something truly inspiring. you made people remember how exciting it is to see emerging systems and usable desktops. in many ways we're all still trying to catch up.
i have a review of the syngress book on ethereal due to be posted to slashdot very soon now (it's been submitted). it's a good book for those wishing to get more productivity out of their ethereal use.
downloaded both the latest release and the cvs version. it has paths and modules hardcoded into the Makefile, it would take some work to make it portable across other codebases (ie *BSD, Apache, etc).
Slashdot Mirror
yeah, this is nice. i hate wordpress, using it is a pain. and i hate blogger, some really annoying crap in there.
having MT move to (as i recall BACK to) an OSS license is good, some of us can use it again in certain situations and not violate the license.
-- jose
as someone who a) used to run an openbsd site (deadly.org) for years, b) written a book on openbsd (secure architectures ...) c) used openbsd for five years d) had commit access and e) was kicked out (for shutting down deadly.org), i've seen theo and the rest of the project up close and personal. my subject line says it all: you reap what you sow.
theo's constantly been adversarial, even to his supporters, and no one likes that. shitting on your enemies is one thing, shitting on people who are trying to be friends is another. while theo's not the sum and substance of the project, he's a) it's more forefront spokesman and b) reflecting poorly on the project and c) responsible for driving away many talented developers over the years. the project is suffering for this.
pounding adaptec, sun, and many other vendors publicly and privately just gets you only so far in a positive direction, but a lot further in a negative direction. anyone who has watched openbsd over the years knows what i'm talking about.
while i see openbsd suffering financially and lots of people using the code without contributing anything substantial back, the license allows this (and even encourages this) and the project itself has really suffered for theo's mistakes in the past. don't like it? change the license to force people to contribute money or code or something.
example: the company i work for implemented TCP MD5 and agreed to share it with the project. it took a while to clear management, but eventually it did. harassing emails (from theo) for weeks on end were unwelcome and no way to say "thanks" for what is a donation. this is typical theo. openbsd project members work here and contribute fixes we find to the project, and i think we all expect that will continue.
if this is how the project reacts to people trying to help, why should anyone bother?
i posted a brief description on wormblog earlier today. conclusions: decent start at a tool, not comprehensive and in no way a replacement for continually running AV software.
i am wholeheartedly against "benevolent worms".
you can also get involved in teaching or education. you don't have to make money, although you can, but it doesn't hurt to make an effort to do some good.
these thoughts and more on my post on wormblog on the subject.
after BeOS, using Mac OS pre-X was painful and boring. Windows felt clunky, and Linux felt too unpolished. after BeOS i chose Linux (then BSD a couple of years later) as my primary system, but i've always lamented the compromises in some areas. i didn't, however, miss having applications to do my work (the main reason i never went very far with BeOS). i still have and use the powermac 8500 i ran BeOS on, it now runs NetBSD.
thanks to all of the amazing Be engineers, you guys made something truly inspiring. you made people remember how exciting it is to see emerging systems and usable desktops. in many ways we're all still trying to catch up.
i have a review of the syngress book on ethereal due to be posted to slashdot very soon now (it's been submitted). it's a good book for those wishing to get more productivity out of their ethereal use.
not to say that people shouldn't try ...