Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

OpenBSD Lands $2 Million In DARPA Money

Posted by timothy on Mon Apr 07, 2003 11:56 AM
from the laundering-through-pennsylvania dept.
Operating Systems Security BSD
An anonymous reader writes "Canada's National Post is reporting today that DARPA is (indirectly) funding $2-million (US) to Theo de Raadt of OpenBSD. The article is available here." Update: 04/07 21:01 GMT by T : As several readers have pointed out, this blurb should credit instead The Globe and Mail rather than the National Post.
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

OpenBSD Lands $2 Million In DARPA Money 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • BSD is dying... (Score:5, Funny)

    by rudib (300816) on Monday April 07 2003, @12:00PM (#5679731) Homepage
    ...well, wealthy... I guess...

  • Don't look a gift grant in the mouth (Score:5, Insightful)

    by dtolton (162216) on Monday April 07 2003, @12:01PM (#5679736) Homepage
    I don't understand why getting money from DARPA makes them uncomfortable. He mentions it comes with no strings attached.

    Shouldn't we be happy about grants like this that will promote and advance Open Source software in general?
    • Actually, I think that he was just using this as an excuse to publicize his opinions about the war:

      The DARPA grant enabled Mr. de Raadt to add the equivalent of four full-time developers to supplement the work of about 80 volunteers. And although he's happy about the extra support for the project, he's nervous that critics may get the idea he's working for the U.S. military.

      "We're not doing anything for them. They just fund us to do what we do," said Mr. de Raadt, a 35-year-old graduate of the Universi

    • Re:Don't look a gift grant in the mouth (Score:5, Insightful)

      by 47PHA60 (444748) on Monday April 07 2003, @12:20PM (#5679856) Journal
      Mr. DeRaadt thinks software should be secure, and that people should be free. He is now being funded in part by DARPA, which is also designing the Total Information Awareness project. Its main platform will probably be OpenBSD. A lot of free software is used for purposes that the original authors might not like.

      So why not question the source of a gift? That shows intelligence, thoughtfulness, and awareness of the effects of one's actions on the wider world.

      I agree that we should be happy for the promotion and improvement of free software, but it is smart of anyone, no matter his or her politics, to keep an eye on the big picture to make sure that one does not explicitly take money to promote an agenda that is abhorrent to his or her morals.
      • If he were taking money to implement DARPA-requested features, I could see the issue. However, if all he's doing is taking no-strings-attached money to do work he'd be doing anyway, I don't see the moral conundrum. If there are any negative effects of his work (OpenBSD being used by TIA, for example), they'd exist even if he wasn't funded by DARPA; the only solution would be to stop developing OpenBSD entirely, not to keep doing it without DARPA funding. So insofar as DARPA funding doesn't change anything, I'd say take it. Plus, at least it ensures that this portion of DARPA's budget goes to something worthwhile and unobjectionable, rather than letting them keep it to spend on something else.

      • Re:Don't look a gift grant in the mouth (Score:5, Insightful)

        by leery (416036) on Monday April 07 2003, @01:13PM (#5680200) Journal
        Sometimes it twists the other way, too, like the internet becoming a public conduit for slashdotters all over the world to trash the agency that funded it's development (DARPA). The interstate highway system was also DoD funded.

        And sometimes the military takes advantage of privately developed technology and adapts it to improve weapons systems and training (e.g. PC's, laptops, war sims).

        Look, as long as military money is going somewhere, isn't it a thousand million times better that it goes to an open source free software project than to a more lethal bullet or some TIA code that no one can ever see?

        (Can any lawyers here tell us whether military use of OpenBSD would be bound by GPL? Is our next tank's source code going to be available for download?)

        Also, I'm pretty sure the military didn't conceive or order this "oil grab". They're just stuck doing the dirty work. I'm not saying that makes them the good guys or the bad guys, but they're not THOSE bad guys.

        • Re:Don't look a gift grant in the mouth (Score:5, Insightful)

          by Dan Ost (415913) on Monday April 07 2003, @01:22PM (#5680251)
          Can any lawyers here tell us whether military
          use of OpenBSD would be bound by GPL? Is our next
          tank's source code going to be available for
          download?

          OpenBSD isn't GPL. Therefore, there's no reason
          to believe that any modifications done to it
          by the military would be GPL.

  • cash versus equipement (Score:4, Interesting)

    by st0rmcold (614019) on Monday April 07 2003, @12:06PM (#5679765) Homepage

    I completly understand how an OSS project can require funds for further development, what I worry is how these funds are donated, is it all contributed in cash?

    Problem with that is some people can easily take advantage of a situation like that, I think funding should instead come in required equipement and/or other expenses, but not cash, because there are many contributors (coders) to projects like this, and no one should be taking coin from it.

    Can someone shed some light? maybe I am off base...

    • Re:cash versus equipement (Score:5, Informative)

      by NetJunkie (56134) <jason.nash@gm[ ].com ['ail' in gap]> on Monday April 07 2003, @12:11PM (#5679796)
      Equipment doesn't pay bills. My grocery store won't take a hard drive as payment. Many of these large projects have core developers that work on it full time. They have to make money to live. That's where this money is going. If you read the article it says they can now hire a few more full time developers which will get more features in the software faster.

  • Hacker (Score:5, Informative)

    by arvindn (542080) on Monday April 07 2003, @12:07PM (#5679774) Homepage Journal
    The U.S. military believes the work of a Calgary hacker may be its best bet to protect its computer networks from so-called cyber-terrorist attacks.

    Non-techie news site gets "hacker" right? Very surprising.

    • I reckon they thought they were using "hacker" in the sense that we would consider the "wrong" way, and got it right by accident. Besides, "globetechnology.com" sounds like a techie news site to me, even if it is a part of a general news outlet.

  • no words can describe (Score:4, Interesting)

    by frankm_slashdot (614772) on Monday April 07 2003, @12:08PM (#5679778)
    well.. yeah, they can...

    holy fucking shit.... this is turly beautiful.

    there are two types of people in this world (well.. actually more, but ill narrow it down here), those who talk about needing - have their needs filled- then still dont produce... and then there are those who need - and once those needs are met.. they DO produce...

    i hope theo and the rest of obsd are of the latter...

    -frank

  • That much money... (Score:3, Funny)

    by GldisAter (138585) on Monday April 07 2003, @12:12PM (#5679803) Journal
    ... can buy a lot of poutine!

  • Send a pic of the check to Sun (Score:5, Funny)

    by uiil (413131) on Monday April 07 2003, @12:13PM (#5679809)
    and maybe theo will finally get the sparc docs he needs.

  • OSS (Score:3, Interesting)

    by chunkwhite86 (593696) on Monday April 07 2003, @12:14PM (#5679818) Homepage
    It's a very positive thing to see government funding OSS software. This is something that gives positive returns to everyone.

  • Errr... National Post? (Score:3, Informative)

    by Anonymous Coward on Monday April 07 2003, @12:17PM (#5679835)
    "U.S. military helps fund Calgary hacker

    By DAVID AKIN
    From Monday's Globe and Mail"

    I think you've attributed it to the wrong paper, that's quite clearly from the Globe and Mail (as if the url, globetechnology.com wasn't a give away), the other national Canadian paper.

  • Best quote from the article: (Score:5, Funny)

    by Saint Aardvark (159009) on Monday April 07 2003, @12:18PM (#5679845) Homepage Journal
    "Low code quality keeps haunting our entire industry. That, and sloppy programmers who don't understand the frameworks they work within. They're like plumbers high on glue," Mr. de Raadt said.

    BTW, anyone else notice the article was actually from The Globe and Mail [theglobeandmail.com]?

  • Lack of vulnerabilities (Score:5, Informative)

    by deepchasm (522082) on Monday April 07 2003, @12:19PM (#5679846)

    From the article:

    OpenBSD, which does not develop as many products as Microsoft, says only one vulnerability or hole has been found in its software in the past seven years.

    Erm, shouldn't that be "only one remote hole in the default install"?

    • If "only one vulnerability or hole has been found in its software" means anything aside from "only one remote hole in the default install" (your suggested substitution), then it is completely meaningless.

      If you are discussing non default configurations, there are infinite holes in all operating systems. For example, there is the non-default remote-root vulnerability when I set all my passwords to "PASSWORD".

      I assume there were specific non-default remote roots you were thinking of, but still.
      • Actually, local vulnerabilities are worth mentioning when it comes to a multiuser/security-enabled operating system. I'm sure that if there were a local hole on Windows XP which would allow a Guest user or a "Limited" (read: Not an Administrator) user to gain Administrator privileges, you would consider that a vulnerability/hole.

  • Motive? (Score:5, Funny)

    by pmz (462998) on Monday April 07 2003, @12:20PM (#5679858) Homepage
    When asked about his brand-new 24K gold biking helmet, Theo pointed behind the reporters and exclaimed "What's that!". With the reporters distracted, he promptly ran the other direction and hid behind some bushes. The reporters, being only average journalists, published that OpenBSD's leader can turn himself invisible at will and cited that OpenBSD appears to be some sort of Canadian rap group.

  • guess the name of the command shell interpreter... (Score:4, Funny)

    by xv4n (639231) on Monday April 07 2003, @12:22PM (#5679869)
    cash$
    =)

  • Crypto is good. Crypto is evil. (Score:5, Insightful)

    by Anonymous Coward on Monday April 07 2003, @12:28PM (#5679894)

    from the openbsd website:

    "Today cryptography is an important means for enhancing the security of an operating system...

    '...When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany...'

    Gov spends millions to control crypto exports.

    Gov spends millions to support OpenBSD which
    bypasses US crypto export laws?!

  • ..in other news... (Score:5, Funny)

    by SubtleNuance (184325) on Monday April 07 2003, @12:28PM (#5679896) Journal
    Mr. de Raadt is no fan of the U.S. military at the moment. He calls the war in Iraq an oil grab. "It just sickens me."

    IN other news, Theo de Raadt is held by the Department of Homeland Security in Seattle while attending an OpenBSD conference. Mr De Raadt, in the country to give a speech at the conference is whisked away by unknown persons in a black van. Other conference goers are later told by organizers that a quote by Mr. de Raadt is being held under the US PATRIOT Act for "'aiding and giving comfort to Evil Ones."

    The Canadian high counsel in Washington lodges a formal condemnation of the act -- demanding that the Canadian Citizen be released. Washington replies "It is quite obvious that Canadians and The Canadian Regime has been overrun by The Evil Ones. Like Syria and Iran, Canada must learn that their Either With Us or Against Us." In Ottawa, American ambassador Cellucci says "yeah, what he said, Canadians baaaaad"

    Republican Senator U.S. Nitwitt says "Why should righteous Americans be giving their defense funds to this communist^H^H^H^H^H^Hterrorist? Its obvious he's a terrorist - at least. This is a threat to our security. The Department of Homeland Security may or may not be justified in siezing him if they did or didnt... uhm, filthy Un American... i hear he rides the bus!"

  • Great PR campaign (Score:3, Funny)

    by Florian Weimer (88405) <fw@deneb.enyo.de> on Monday April 07 2003, @12:30PM (#5679914) Homepage
    OpenBSD, which does not develop as many products as Microsoft, says only one vulnerability or hole has been found in its software in the past seven years.

    It's good to see that OpenBSD magnificient PR campaign [openbsd.org] finally pays off.

    Sarcasm aside, I believe the government is the only part (apart from Microsoft with its cash reserves) which can invest in secure software development at the moment, so this is a step in the right direction.
  • Its supposed to hook scientists and researchers together over a "network" where computers can exchange information. It would be neat if this technology would some day be available to everyone!

  • Unequal Benefit In Mankind's Favour. (Score:3, Insightful)

    by Beautyon (214567) on Monday April 07 2003, @12:56PM (#5680088) Homepage
    Since anyone anywhere can make use of the products that will come out of this two million dollars, the benefit to wider mankind far outbweighs the benefit to DARPA | TIA | $evil_project.

    Now, if that same money went into one of the many secret software projects at Lawrence Livermore or teh NSA, then no one benefits except the evil parties.

    The use of this money to develop OpenBSD can be nothing but a good thing, due to the security everyone will gain, world wide, which will further protect from the real bad guys.

  • Acorns grow to be oaks. (Score:3, Insightful)

    by GerardM (535367) on Monday April 07 2003, @01:04PM (#5680144)
    Consider the cost involved. Compare it to some military hardware. Given how and where it can be used given its license, it will be used all over and will save lives as much as a pantzer does.

    The brilliant thing here is that this move recognises the importance of communities; the OpenBSD community IS all over the world, with Mr de Raadt a Canadian the work can be done in Canada, in the USA, in India, wherever the TALENT is.

    As the grant is intended to help "testing the security of commercial software systems against the security of open source software projects", it will point to the truth in this old dispute what makes better secure software AND it will help to point to the relative merits of "security by obscurity".

    However to assess this, I expect DARPA not to select Microsoft Windows as the champion of the proprietary world, I would choose OS/400. Given the smaller size of the OpenBSD community, the effect of methodology can be better assessed.

    As DARPA throws bread on the water, I hope they will land a big fish!

    Thanks, Gerard

  • a >8Gb bootloader. I'm a big OpenBSD fan (own all the teeshirts), but those two items are a big pain in the butt.

    • Re:$2 million? For a Dead OS? (Score:5, Insightful)

      by 4of12 (97621) on Monday April 07 2003, @12:20PM (#5679854) Homepage Journal

      1. Posses huge, pain-in-the-ass ego.

      Alas, this happens.

      Highly talented and intelligent people get exasperated with us mortals and let us know in no uncertain terms that we are stupid. I knew someone in school like this once. He would put pointed questions out that would show people's stupidity in broad daylight. But he was so intelligent, and I had enough intelligence still left, to know when he was right.

      True intelligence is being able to recognize someone more intelligent than you are and to be able to support their work even if they have a grating personality.

      Don't ever make the mistake of putting them in a role of managing people, though.

    • Do they give all the money up front or do they pay later? If the latter, what's stopping DARPA from refusing to pay at the end?

      Why should it matter, if DARPA could not Coop Theo, they could just get the code and hire thier own "hackers" to modify it to thier own desires.

      DARPA is a research oriented group, they are paying to continue the research and development of openBSD to keep thier (the DODs) options open. Not that the DOD is going to see the light any time soon and get off the MS software nipp

    • Nice. +2 Informative for an unsubstantiated allegation by an AC. Good moderation is the key to keeping Slashdot a valuable source of information.
    • Believe it or not, there is a lot that you can do with $320,000 USD worth of CD sales *alone* each year. That can make a few people live comfortably, paying the bills and meeting the need for servers. That doesn't take into account the sales of other merchandise.

      This is how open source products like OpenBSD and Slackware have been profitable. OpenBSD *is* a product, in a way. Theo seems to make it a full-time effort, as far as I can tell, just as Patrick does with Slackware.

      The extra 2 mil is just a b
        • It goes fast? Let's say each coder costs $100,000 a very liberal estimate.
          4 coders * $100,000 = $400,000
          $2,000,000/$400,000 = 5 Years
          That's a very long time to be guarenteed a job.

          Obviously you've never actually hired anyone or run a company. I don't know about Canada, but in the US, you can figure the overhead on a position to be anywhere from 50% to 100% above and beyond the salary of the position. Consider the following factors:

          • Social Security (employer pays half, typically 7.5% of salary).
          • Hea
    • Theo is making OpenBSD. It is freely available to anyone who wants it. If the US military/gov wants it, they already have it and can use it for whatever unseen motive anyway.
      As of now, they are just helping him do what he was doing anyway.

      The motive of the US gov as it currently relates to OpenBSD is they want to help its development.
      They can already incorporate it into closed source products, and they can't take it away and lock it up from everyone else.
      • In fact this is the best possible thing that could happen. Think about it, they could have spent that US$2.3M on hiring a programmer or two and forking OpenBSD internally. (They of course have probably already done that too, and we'll just never hear it - Not DARPA, but some other branch of the gov't.) Instead, everything done with their money will either go into the OpenBSD codebase, or into or onto Theo's body. (Got to remain clothed and fed...)
    • I would consider it to be more of an investment on DARPA's part, rather than some sort of influence on the direction of OpenBSD development. They see a project that meets their needs, and they want to ensure that it does well, so it will serve them well. It's not that different from IBM spending $1 billion on Linux because they want to see it do well.

    • Re:Can you say, "Hypocrite?" (Score:5, Insightful)

      by Night Goat (18437) on Monday April 07 2003, @01:27PM (#5680275) Homepage Journal
      The U.S. Government is a huge organization that sponsors all sorts of programs. DARPA didn't cause the war. NASA didn't cause the war. The IRS didn't cause the war. Like Theo said, taking the money prevented that money from being used on a cruise missile.
    • But, MAN, how can he take $2,000,000 from the US Gov't and still criticize them at the same time?

      He can do this because he's not selling out. He's taking the money to help him do what he's been doing all along, because it benefits everyone. Just because someone pays you to do something (business) doesn't mean you can't dislike them (personal), it just means you can't let your bias determine how you react.

      This shows me that De Raadt is mature enough to know the difference between business affairs and pers

    • Re:Can you say, "Hypocrite?" (Score:5, Interesting)

      by astroboy (1125) <ljdursi@gmail.com> on Monday April 07 2003, @01:49PM (#5680379) Homepage
      Give us a break; if he felt that strongly about the war, he could've said, "Thanks, but I'll wait till you guys leave Iraq before I'll accept your money."

      So it's your opinion that money should buy silence? That anyone who accepts money from the governement is morally required to not criticize the government that funded them? Or is it your position that the government should only fund researchers who agree with the current administration?

      I think just the opposite; unless you want all research to lose its independance, you should criticize even your patrons if that's how you feel. That comment might cost him similar money in the future; but he said what he believed anyway. That does show backbone and ethics.

      For all I know, The rationalle might be that he's accepting this money exactly because it'll be $2M that is not going to develop bombs or other WMDs. That seems like a completely self-consistant moral position.

    • Re:Take it back... (Score:5, Insightful)

      by Tom (822) on Monday April 07 2003, @02:28PM (#5680659) Homepage Journal
      Too bad I don't have any mod points left to mod you down.

      Let's see - not liking someone means I can't accept something good from them? What kind of black/white primitive world-view is that? It seems Theo is bright enough to understand that even people who you largely disagree with can make a right decision every once in a while, and the correct answer is to encourage them, not brush them off.

        • That's because Canada hasn't FOUGHT any.

          See how smart they are?

          If your country chooses not to contribute in any meaningful way to global security, fine.

          My country contributes. By not creating a new random enemy every few years, by not first financing, then pissing off the likes of Osama and Saddam and by not overthrowing democratically elected governments whenever the CIA feels like it.

          Guess what, the best contribution to peace is not making war.
      • Canada was fighting the Nazi's long long long before the US decided to step in.
        Good call, dude! Canadians sacrificed plenty lives to beat down the Nazis. It's insulting to hear slurs like 'Canada refuses to fight for freedom' just because we're not joining in bullying a 3rd world country for selfish interests.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.