OpenBSD Foundation Announced 151
OpenBDSfan writes "KernelTrap is reporting on the creation of the OpenBSD Foundation, a Canadian not-for-profit corporation intended to support OpenBSD and related projects, including OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. The announcement explains, "the OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms.""
Accounced? (Score:5, Funny)
Re: (Score:1, Offtopic)
Re: (Score:2, Funny)
Heh... actually, the spell-check-it dept. accounced they are absconscding, it seems they have abandondoned
NOT a mispelling. (Score:2, Funny)
Accountable, but... (Score:2)
Yes, that's great. But... does it actually have drivers for modern hardware?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Informative)
OBSD's focus is not a multimedia desktop. Routers, bridges and wireless access points don't need 3D.
Re: (Score:2, Funny)
When spell-naziing, don't ever forghet (Score:2)
OpenBSD Logo (Score:3, Insightful)
not-for-profit vs. non-profit (Score:2)
OpenCVS? (Score:3, Insightful)
You're a codin' machine Theo, but I wish you could learn to play well with others.
Re: (Score:1, Troll)
Re: (Score:2, Flamebait)
This is a pretty common pattern. Complex == insecure to them. Which, to me, implies that secure == poverty. I like security as much as the next guy, but living in poverty because you're p
Re:OpenCVS? (Score:4, Insightful)
Complex == insecure to them. Which, to me, implies that secure == poverty.
No, you have your negation wrong.... If Complex == Insecure then !Complex = !Insecure, and thus Simple = Secure. The funny thing is: you cannot argue with that: simple is easier to audit and thus easier to audit. It really is that simple (Dah-dum!). Simple doesn't equate poverty, or a Lotus Elise is a poor-mans-car. (Having no radio, AC, etc...) Sorry for the "bad car analogy"(tm).
You also forget the target demographic for OpenBSD: this is not for your Desktop, nor even for your high-load server. You can use it for that, but the niche in which it lives is firewall, NAT, transparent bridging. Places where security matters more than anything else. Sure, a bit more complex to set up, you need to work more, but this is not your moms OS.
Re: (Score:2, Informative)
simple is easier to audit and thus easier to audit.
Should be: simple is easier to audit and thus easier to secure.
Re: (Score:3, Interesting)
Re: (Score:2)
Yeah, figured.
Re: (Score:1)
You do realise that their revision control server is accessible from the outside world over the internet, don't you? It probably sits behind a firewall, but the CVS ports must still be open.
Re:OpenCVS? (Score:5, Informative)
If Complex -> Insecure, then:
!Insecure -> !Complex; and
Secure -> Simple
Otherwise your method of reasoning would go like this:
Square = Four-sided-figure
!Square = !Four-sided-figure
. . . which doesn't make sense because then you could say "and thus, a non-square rectangle isn't a four-sided figure".
Good old Wikipedia has the details [wikipedia.org].
Re:OpenCVS? (Score:4, Funny)
Logical terminology! So We Meet Again, My old Arch Nemesis. ;-)
That's for clearing that up, you are of course 100% right.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2, Informative)
Yes? Which is based on FreeBSD and not OpenBSD. FreeBSD which is also used by many people on the desktop (I did a while ago, but that laptop died, unrelated to FreeBSD of course ;-) ). They are really only related by their name and their license. OpenBSD is a fork of NetBSD, which came from 386BSD which also forked into FreeBSD. [wikimedia.org] Let's say OpenBSD and PC-BSD are something like cousins.
Re: (Score:2, Funny)
Re: (Score:1)
Re: (Score:1)
they have created multiple tests for various platforms but that's not the point
on your pic, i see PART 1 Service Packs and hotfixes, again this is something windows specific after that
we go on and see registry permissions and file and registry auditing again this is mostly windows only
the rest do seem to be platform independant
but still you'll have to substract at least 12000 points from that score to be somewhat viable
Re:OpenCVS? (Score:5, Insightful)
Besides, choosing a stable and secure algorithm is not a bad idea. See this post for a valid example [undeadly.org].
Finally, I can't help but notice that Subversion is available as an OpenBSD package [openbsd.org], so quit your yakking already.
Sheesh, anti-OpenBSD trolls these days.
Re: (Score:2)
Re:OpenCVS? (Score:4, Insightful)
Perhaps for your purposes. However, the CVS license it not consistent with the goals and philosophies of OpenBSD. So they created OpenCVS with a license that is appropriate.
the main source of theo thinking SVN isn't secure, is because that control freak didn't write it himself.
Do you have a link pointing to his quote on that?
openssl and openssh are 2 packages responsible for huge security holes over the years, both of which are his babies.
OpenSSL [openssl.org] is not Theo's "baby".
OpenSSH's security, while not perfect, has been excellent. Your unsubstantiated attribution of "huge security holes" to it seems to be intended as little more than a troll, since you did not provide any citations.
Re:OpenCVS? (Score:5, Insightful)
Except, of course, you have no fscking idea what you are talking about, since OpenSSL is not developed, or related to, OpenBSD and Theo de Raadt in any way [openssl.org].
As far as OpenSSH security holes [secunia.com] are concerned, please excuse me while I laugh. Most of these vulnerabilities are either denial of service, or someone who messed up with their OpenSSH implementation. A lot of people think they can improve on a perfectly good product by adding security holes in it.
As far as OpenCVS is concerned, they explain their rationale quite clearly:
Now, let me ask you: what part of "development has been mostly stagnant in the last years and many security issues have popped up" don't you understand?
Allow me to finish by adding this: read up a little bit before you start trolling. But that would be a waste of a perfectly good troll, right? Sheesh. Go back under your bridge, little troll.
Re: (Score:2)
All we're saying is that we should work together instead of fragmenting all the time.
Why is that a troll?
Re: (Score:2)
Re: (Score:2)
hell it might save them wasting their spare time, get the point?
Re: (Score:1)
Re:OpenCVS? (Score:5, Informative)
OpenBSD has a long history with CVS. It was the first open source project to run a public CVS server; previously all open source projects had run a private CVS server that only a few people could access, and published snapshots as tarballs.
They have a lot of revision history in their CVS repository, and feel it's important to maintain this due to the way in which their auditing process works. They might switch to something else at some point, but for now CVS is the best way they have of ensuring compatibility with CVS.
Currently, they use GNU CVS, but there have been a number of security problems with it in the recent past. Part of this comes from the fact that, when it was written, GNU projects used the private-CVS-public-snapshots development model, so only trusted people got access to the CVS server anyway. After fixing a few security holes in GNU CVS, the team decided that the code was in such a state that doing a full audit and getting it up to the standard required by OpenBSD would be more effort than writing a replacement, so they decided to replace it instead. So far, they have OpenRCS, which is a drop-in replacement for GNU RCS (on which CVS is built). Now they are working on the CVS component, and seem to be making good progress.
It's really not hard to understand. Considering the code quality of the rest of OpenBSD, I'd be more inclined to use their version than the GNU one if I needed CVS. Take a look at the recent BIND vulnerability that affected every platform except OpenBSD for an example.
Re: (Score:1)
However, I must echo the sentiments above. CVS is problematic partially
Re: (Score:3, Interesting)
Almost every other major source control system would have allowed him to maintain his own fork and publish it, keeping his software synced with or development integrated with the main source tree: Bitkeeper, git, Subversion, Perforce, etc. CVS fails this task pretty s
Re: (Score:1)
What in the world are you talking about?! The OpenBSD tree was originally created from source that was downloaded as source tar balls (in some way or the other) from NetBSD since no project before OpenBSD allowed anonymous access to their development tree! The NetBSD CVS server was not publically available. CVS (and atleast Subversion) requires that you have access (and sufficient permissions) to the revision system server to be able to create a branch. Thus, it wouldn't had matter what revision system soft
Re: (Score:1)
That said, subversion does not support this type of thing, although the other tools do to a larger or smaller degree. (Perforce very much smaller; git, bitkeeper very much larger.)
It's a kind of silly observation though since essentially none of those tools were available at the time.
Re: (Score:2)
Re: (Score:1)
Sorry, I am a newbie
Re: (Score:2)
Re: (Score:2)
It seems I cannot compile it on linux
Re: (Score:1)
Re: (Score:2)
they are not afraid of complexity. Examples that come to mind are pf
I don't know about the backend, but pf's frontend is a study in elegant simplicity. Seriously, it's just about as clean as such a potentially complicated system can be made. If it's underlying code really is complex, then I'd say that they made the tradeoff of keeping the frontend simple because that's what most people will see and shifting the tricky bits to the hidden backend where the experts can hover over it.
Re: (Score:2)
CVS has had plenty of security holes
Re: (Score:2)
Yep, I agree. It seems that the OpenBSD folks (not just Theo) think that SVN is too complicated to be secure. They want to stick with the "proven" CVS protocols and RCS file formats. And yeah, they always start from scratch because they've gotta make it BSD licensed.. and besides, it gives them a feeling of ownership.
This is a pretty common pattern. Complex == insecure to them. Which, to me, implies that secure == poverty. I like security as much as the next guy, but living in poverty because you're paranoid about security is not healthy.
CVS is ok if you don't go moving and renaming files. Due to the nature of OpenBSD, that does not happen very often. Granted, I think OpenSVN would be a much better use of there efforts in terms of it benefiting the rest of us, but they are free to do as they want.
You are right that Theo and friends take the simplicity a bit too far and functionality does suffer. However, OpenBSD does have its niche in my world. If I wanted to use an old machine to act as a firewall or a box with SSH access to the world,
You are VERY confused. (Score:1, Insightful)
Re: (Score:1)
Re:OpenCVS? (Score:5, Informative)
Re:OpenCVS? (Score:5, Informative)
What people seems to forget is that even if CVS usage is replaced with something else (like for example SVN) it doesn't make all the old CVS repositories go away. So, 20 years into the future (when we have flying cars which runs on water) you sit there (on your levitating chair) and wants to extract some files from an old CVS repo you found in the company's archive. No problem, except that GNU CVS isn't available on SuperDuper Windows Extra Deluxe 2027, due to the fact that code base and build system is such a mess that no one manages to make packages for Cygwin anymore (that and the fact that Microsoft (Operating Systems Division) does not any longer permit that GPLed software is used on its products.
Ok, I'm exaggerating, but the point is that there is no fault in having a clean and maintainable code base for the future - even if it's only used for handling legacy projects.
Besides, who are we to tell these people how to use their spare time? If anyone want to re-implement Unix in Brainf*ck, then let them.
Re: (Score:2)
I tell ya one thing though.. all those pig-headed people who are reluctant to upgrade their CVS servers already are even less likely to do it if OpenCVS is a success.
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
and the drive to keep it going was partially fueled by the desire to have a home grown system that the developers understand, can easily modify, and that is completely compatible with the current cvs tree
Re: (Score:2)
You seem to think that me saying Theo doesn't get along with others is somehow belittling his work.. it isn't.
It's belittling his ability to get along with others.
Interesting (Score:3, Insightful)
Either way i'm happy. At least there's even more support for open source software and anything non-windows related.
Re: (Score:2, Insightful)
> so I wonder if he'll embrace this with open arms, or just shun it like he does most things.
This is an official OpenBSD effort, all of the directors are OpenBSD developers. I'm sure
Theo was pretty central to setting it up, he is unlikely to shun it.
Re:Interesting (Score:5, Interesting)
Besides, the OpenBSD Foundation stated very clearly [openbsdfoundation.org] that it will focus on large donations (of funds, hardware, etc) and that small donations should be sent directly to OpenBSD through the usual channels. RTFA and all that.
I do think Theo will be A-OK with that.
Re: (Score:1)
Did anyone notice the spelling error? (Score:2)
Re: (Score:1, Insightful)
Re: (Score:1)
It's because of the tradition, sure - and rather faint convicting force of some other version control system
Just look at the way CVSup http://www.cvsup.org/ [cvsup.org] is used.
These people just need a CVS software they would like to maintain for some time in the future.
Accounced (Score:4, Funny)
Netcraft confirms it! (Score:1, Funny)
The Race for funds begins (Score:1, Interesting)
But look at the overhead! NetBSD listed $10k in donations for 2006 and $2k in le
That's the way to go (Score:1)
Canadian - It's got piracy written all over it! (Score:1)
Don't they realize that by establishing a Canadian foundation, they're aligning themselves with the greatest piracy threat against the MAFIAA members' intellectual property? Everyone knows OSS is all about piracy and cracking, and basing it in Canada increases that threat!
Not tax deductable! (Score:2)
From their Donations page:
If it's so stinking hard to do in Canada, maybe they should have
Re: (Score:2)
Re: (Score:2)
You've also completely missed the point. That being that having a registered charity "would di
Re: (Score:2)
Well, first-off, my mom's 501(c)(3) has a board of directors which has on and off included attorneys and CPAs, and they have all been OK with the paperwork being done. There's lots of info on the web, and it's just forms to fill out. At least in the US, a few a year, and not that many. My personal taxes, as far as I can tell, are way harder, and I do them every year without any real problems.
I continue to not accept the assertion that not being able to accept tax-deductible contributions somehow improves t
Is Theo Involved? (Score:2)
While i respect him greatly for his technical abilities, as a marketing guy he sucks wind. His political views get in the way every time. ( and his abrasive personality does not help much either )
Re: (Score:1)
I remember a Slash article a few months ago discussing how Theo was super broke, at that discussion led to how OpenBSD's financial problems would be much more tractable if they'd just set up a foundation people or businesses could donate to. So, apparently other OpenBSD devs thought the sam
Re: (Score:2)
It would be a shame to see OBSD die out.
Do it, do it, do it! (Score:2, Insightful)
a disadvantage of foundations (Score:2)
Re: (Score:2, Redundant)
Re: (Score:1, Redundant)
Re: (Score:2)
Thkfly, ntrl lngag hs evlvd engh rdndncy to prvd fr frly rlibl err crrctn.
Even better, it's compressed, and can be decompressed by using the error correction already present and running. Score!
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re:WTF (Score:4, Funny)
Another time I accounced my neighbours dog for barking while I was trying to sleep. I used a teaspoon. It was fun.
Re: (Score:1, Offtopic)
Re: (Score:2, Offtopic)
I very much doubt that. I suspect that what your country was in the shadow of was Stalinism. Just because the nice American man said you were living under communism doesn't mean anything as Americans generally can not tell the difference between Communism, Stalinism, and Socialism (and assume they're all Stalinism).
Communism, like capitalism, is based on a model of the world which only works if everyone acts in exactly the way the inventor of the mo
Re: (Score:1)