Ask Theo de Raadt about OpenBSD 208
OpenBSD 2.8 was released today, so this seemed like a good time to ask project leader Theo de Raadt about OpenBSD -- or anything else. He's a rather colorful person; a pizza eater, kernel hacker, and devout rock climber, so even though this is a big day for OpenBSD you might want to discuss a few other things with Theo, too. We'll choose about 10 of the highest-moderated questions and e-mail them to him shortly after noon (US EST) tomorrow. His answers will appear next week.
Trusted Solaris; Programming tools (Score:1)
trusted Solaris and if he is going to download
the recently released Solaris source code.
Another question: what tools do you use for
hacking? Vim or Emacs? ctags and grep and what
else? Can you share few tricks (like some Vi or
Emacs commands)?
/Alex
Re:Important Clarification and Comment (Score:2)
Yes, I can find out what's been changed historically, if I *really* go looking. I have no way of knowing easily that:
bash-2.04# perl -v
This is perl, v5.6.0 built for sparc-openbsd
was compiled from a different codebase than:
bash-2.04# perl -v
This is perl, v5.6.0 built for i386-linux
My point is, if you change the source, change the version. That I can hunt something down in CVS is pretty meaningless if I don't know that I need to.
--Dan
Kernel design (Score:5)
I have only been using OpenBSD for a short while now, so forgive me if this question is based upon some incorrect assumtions.
OpenBSD's kernel design seems to be of the monolithic species. OpenVMS (no relation) and NT are two prominent operating systems that use a microkernel archetecture. The microkernel design seems to me to be fundamentally more secure, since there is less priveledged code. Further, if one of the servers is compromised, the damage is minimezed.
My question is this: Is the OpenBSD design fundamentally secure, or is it only a very well done implementation of a basically flawed design?
Where Did You Learn Your Code Audit Discipline? (Score:5)
Re:encryption (Score:1)
Re:Availability of ISO images (Score:2)
You *can* do an ftp install or AFS install or even make your own CD. So its not like you *have* to pay to get it.
The CD is $30.00 plus S/h, so buy it, get the CD set and have the warm fuzzy feeling of having contributed to the project in some way.
Btw the T shirts kick ass too
The number of the beast
Re:University of Alberta (Score:1)
TrustedBSD (Score:2)
Additional hardware support (Score:1)
Re:Pizza donations (Score:1)
Anyway I guess My question would be this- Are you a beer drinker, Theo? If these guys are going to donate pizza, what type of beer would be appropriate and where would I have it shipped?
Gifts May Not Be Taxable :-) (Score:4)
More realistically, the amounts get diminished in two obvious ways:
What doesn't get sold transforms magically into "pieces of chad" that aren't being fought over by Floridan electoral officials, but which rather cost that $5, and result in zero input of cash.
I'd be surprised if Theo's seeing as much as $100K of "positive" cash flow, all in all. If he's seeing more than that, bully for him; it's not as if he hasn't put in a lot of work that resulted in that.
As for your suggestion that it would be slick to have a "charity" to handle the money, while part of me agrees, there's definitely room for duality here.
What I would like to see is for people to take the action of Just Plain Giving Out Gifts to developers that they want to give money to. No "charitable contribution;" no "tax deduction."
One might think that this is a losing proposition, as there's "no deduction." To the contrary, if there's that deduction, on your side, then the money must be treated as a taxable income on the part of those that receive it as income.
It's worse than that; employment income involves deductions, which means that lots of the money gets eaten up by taxation.
In contrast, if you give someone $50 a gift of your after-tax income, it may not be deductible in your hands, but should correspondingly not be taxable in their hands. If someone received $40K in nontaxable gifts, that might well be as good as receiving $60K in taxable income...
Food for thought...
BKL SMP for OpenBSD? (Score:2)
And focusing on OpenBSDs strengths, a second step to remove the BKL for the networking code could result in useful SMP for firewalling, VPN and IDS applications under SMP. Any plans or thoughts on minimal SMP support like this for OpenBSD?
Re:Time warp (Score:1)
Please remember that the use of "X" to represent "Something" is deprecated, and has been replaced with the more featureful "FOO"
Re:Mountains (Score:1)
I hear Fernie isn't too bad, either, if you don't want to drive too far from Alberta. Don't bother Theo with questions that could be answered by any Canadian.
Re:will the zaniness never stop? (Score:1)
OpenBSD in Canada (Score:2)
What legal trends do you see as particularly threatening to OpenBSD or similar projects?
Re:Making the rest secure (Score:1)
Re:Because Theo is a BIG TIME asshole jew turd (Score:1)
love,
Brian
Re:Where doe the money go? (Score:2)
Re:Mountains (Score:2)
Pizza! (Score:4)
----------------------------
Re:BSD == Satanism (Score:1)
Re:Easy to use based OS? (Score:1)
It's not that I hate MS, it's that I hate the idea that you are either for or against them. We use the best tool for each job we do. If we ever see a need for an MS based solution, it certainly won't destroy me to use it. Forget the entire "We don't want another MS" rant and realize that another choice to free software is not going to be another MS. I didn't say anywhere that I didn't want something modular. I wouldn't use it if it wasn't package based, or in some way easily managed. And I don't even see the possibility of a free software distro coming out without some form of package management in this day and age.
Nothing personal against you, but it seems you failed to grasp what I was driving at.
Still hindering? (Score:4)
Do you think your once overzealous (now calmed) ego is still hurting OpenBSD? Or has time calmed the fires?
In the early days the open fighting between the NetBSD (we won't take changes until hell freezes over) and the OpenBSD (we are the best, you suck) camps was pretty unattractive, to say the least.
Re:Unifying the base? (Score:1)
Re:Why FreeBSD? (Score:1)
"That fat, dumb, and bald guy sure plays a mean hardball."
Re:A book on code auditing? (Score:1)
Dear Moderators, (Score:1)
Question About Chroot (Score:1)
turns out from looking at the OpenBSD, suse, redhat man pages that chroot is only invokable as root.
Now I know the idea of chroot is so that programs you do not necessarily trust can be run in a smaller box than that of the entire system and you can put only the necessary tools needed for it to run in this box.
What I would like to do is take a program that I run chrooted and also have it run as a lower priviledge user (than root). I believe this to be a good idea.
Programs like apache and bind have support for this.
However there are quite a few programs that do not has support or understanding of "run_as_user or a "-u" flag etc.
Since I can only launch chroot as root, the program I spawn is run as root, granted its in a chrooted shell, but I would like the program to run chrooted and be run as a low priv user. I certainly dont want to put something like su in the chrooted directory (and maybe even a shell) to have to make this run as another user.
What is your take on this? Should there be something like a "-u user" flag to chroot?
Why would this be a good/bad idea?
Mac OS X & BSD (Score:4)
Re:University of Alberta (Score:2)
Two *real* questions (Score:2)
Thus sprach DrQu+xum, SID=218745.
Important Clarification and Comment (Score:2)
I'm actually pretty confident that OpenBSD tracks the changes they make, but those changes(I believe) are to the overall package that is OpenBSD, not to the individual files.
You wrote:
===
I don't think you understand how they package up their releases. It isn't like Red Hat or Debian, i.e. there are no individual packages like perl-5.003-666 or nethack-23-skiddoo.
===
To which I reply:
ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/
That being said, it may very well be that anything that Theo directly touches is considered a critical component and is kept out of the "packages" tree. This would be somewhat surprising to me(given the amount of energy Theo et al puts into creating a "high quality package archive"), but wouldn't be unimaginable. However, it remains unclear what has been touched and what hasn't. Is that really Perl 5.6.0? What about Netcat 1.1.0? I can't even compare binaries; I have to diff source trees.
Not too long ago, one security guru got taken to task *HARD* for assuming that the version of Debian he had downloaded possessed the same security holes as...uh, that version actually had. Except it was the Debian unmarked modified patched version, and he didn't know. He submitted a total mea culpa...but I'm just not sure he should have.
This is actually the topic of a paper I've been considering writing, but I think it'd be much more interesting to hear what Theo has to say on the matter first.
Yours Truly,
Dan Kaminsky, CISSP
Cisco Systems, Advanced Network Services
http://www.doxpara.com
My question for Theo... (Score:5)
Firewall/NAT box (Score:5)
Are there any plans to produce something like this? Something with a very simple user interface that is quick and easy to get set up? I'd love to play with OpenBSD and do it by hand but I simply do not have the time.
Re:Blowfish passwords (Score:2)
From crypt(3) (OpenBSD 2.6):
The Blowfish version of crypt has 128 bits of salt in order to makebuilding dictionaries of common passwords space consuming. The initial
state of the Blowfish cipher is expanded using the salt and the password
repeating the process a variable number of rounds, which is encoded in
the password string. The maximum password length is 72. The final Blow-
fish password entry is created by encrypting the string ``OrpheanBehold-
erScryDoubt'' with the Blowfish state 64 times.
There is no "blowfish key" to keep secret. The password and the random salt are the key. If there were some "secret key", it wouldn't stay a secret very long -- the passwd(1) source would have to contain it, and you'd get it straight from the CVS server (or the CVS snapshot on the CDs).
A more interesting question, then, is whether it's possible to launch a known-plaintext attack to retrieve the key (and thus the password). The plaintext is in the man page that I quoted above, and the cyphertext is in the master password file. But I'm no cryptographer (I don't even pretend to be one), so I can't speculate on how feasible such a feat would be.
Re:Dear Moderators, (Score:2)
The BSD's are projects just like any other... They're developed with different mindsets, different goals. And since it's under all the BSD license... the leaders from any of the other BSD's can pick and choose from anything any other *BSD has done. So effort doesn't need to be wasted unless one has a better solution in mind, in which case it's not wasted after all.
Re:Kernel design (Score:3)
Currently, very few vulnerabilities of mainstream (monolithic kernel) systems involve compromise of the kernel proper. I can't think of any off hand. Some involve DOS'ing the kernel (ping of death). Some involve tricking the kernel into sending bad data to someone else (eg, modprobe). I've heard of potential buffer overruns being fixed in Linux, but I've never heard of any being exploited. Perhaps it's because there are too many bugs to exploit above the kernel, or because it's too hard to develop and tests the exploits, or because kernel developers are just a careful breed; but making the kernel harder to take over doesn't seem to buy you much in practice.
Even if you are worried about such attacks, it's not at all clear that a microkernel wins. A great benefit of a monolithic kernel is that the entire development project is more unified. Developers are more likely to be familiar with the whole codebase, aware of interrelationships and finding bugs throughout. This is why Linus insists on keeping megs of random drivers in the kernel distribution. If the parts of a microkernel are developed in more isolation, there are fewer eyes on the whole thing, and more chance of miscommunication. For example, the Linux/modprobe bug mentioned above could just as well have happened between two services in a microkernel-based system.
A "capabilities" model for OpenBSD? (Score:2)
Will OpenBSD ever support "role accounts" with the ability to perform very specific functions that would otherwise require superuser access?
Direction of OBSD (Score:2)
I do not belong in the spam.redirect.de domain.
Packages? (Score:4)
Does your team support the efforts towards a unified package structure?
Further down the road, if one package structure does develop for *BSD, would you also support an effort towards a common package from *BSD to linux?
Thanks for a great OS..
What about IA64? (Score:2)
-dB
Code-auditing (Score:5)
Serious kernel related... (Score:4)
Boxers or briefs ?
Elaborate.
Linux publicity (Score:3)
Mountains (Score:2)
Dual Processor Support (Score:5)
From what I've heard, multiprocessing support is going to be a very tricky thing to implement, because it gives rise to so many possible exploits, particularly with regards to race conditions. I also understand that it would take a remarkable amount of effort and time to rewrite much of the code base for SMP without compromising the OS's integrity.
With that in mind, what kind of resources would you need before you could seriously consider attempting dual or quad processor support? And, if you were given unlimited access to those resources, how long would it take before a -stable release would be ready? I would really like to see this feature get implemented, although I know that at this point your developer team is busy enough as it is.
New Miss Blowfish Logo (Score:2)
I love the cute new version of the blowfish logo! [openbsd.org] From the file name, it looks like she's called "Sushi".
So my questions are (a) Who is the artist, and (b) When will there be a T-shirt with a picture of Sushi printed really big?
Torrey Hoffman (Azog)
Re:Kernel design (Score:2)
NT's kernel isn't all that micro; network-layer and transport-layer protocols, file systems, and the drivers to which they talk live in kernel-mode code. Some of the Win32 environment is provided by a privileged user-mode server process, but this isn't one of those "almost all the real work is done in servers" microkernesl.
VMS was, at least at one point, more microkernelish, as file systems were implemented in user-mode Ancillary Control Processes (or whatever ACP stood for); I have the impression that the file system code may have moved into kernel or executive mode, however.
Re:What about IA64? (Score:2)
Low volume != silence. There is an IA64 FreeBSD port in progress [freebsd.org], although it's in its very early stages; I don't know whether the NetBSD folk are doing anything with IA64, but they've probably at least considered it.
Re:Making the rest secure (Score:2)
How about looking at tools to allow insecure software to be used without compromising the integrity of the system? The effort to produce a secure OS base is largely wasted if adding new programs trashes the security. It's nice to have an OS like OpenBSD as the basis for high security bits like firewalls, but it's never going to get beyond a niche market if the security evaporates the moment that desktop/workstation applications are installed. What kinds of things is OpenBSD doing to help make it easier for developers to make secure applications?
Re:Kernel design (Score:2)
(The kernels that -are- secure & stable are imposibly slow.)
Availability of ISO images (Score:2)
Pizza donations (Score:2)
Have you considered the technical feasibility and nutritious benefits of a pizza donation form on the openbsd.org site? Perhaps powered through partnership with a local pizza joint?
OpenBSD/Plan 9? (Score:2)
Re:A "capabilities" model for OpenBSD? (Score:2)
Here's my opinion: Linux capabilities aren't. You want real capabilities, check out EROS [eros-os.org].
Re:Gifts May Not Be Taxable :-) (Score:2)
Also, I'm no tax lawyer, but I'd expect that total gift income (and certainly any inocome from CD sales) is taxable once the total amount is sufficiently large. If most of that money was going to support the project, there could be tax savings in creating an organization.
Re:Time warp (Score:2)
Heh!
You're absolutely right, though. I completely forgot. Guess I need to brush up and do a "man foo".
Binary patches? (Score:2)
-jfedor
Re:A book on code auditing? (Score:2)
Microsoft have beaten them to it... some years ago they came out with this [amazon.co.uk]
I use my copy that was bought by the PHB to raise the height of my monitor - and it's been stable for years. Ironic?.
Full Disclosure And Version Numbering (Score:5)
First of all, I want to thank you for the hard work you've done building OpenBSD. It truly is a wonderful package.
Much of the security in OpenBSD lies under the hood in the work you've done cleansing the source of unsafe library calls. While this work is appreciated, I've become more and more concerned lately about the fact that these changes are not necessarily documented and certainly not reflected in the version number of an application or utility.
Version numbers reflect a snapshot in the life of a codebase. They're used to reference unsafe editions or particularly stable builds. Major number reflect code branches, but minor numbers reflect specific states of the code--such is the expectation of a user or an administrator when a version number is detected. Without granularity of versioning, I have no reason to trust or distrust a given application by its number; I must personally audit its source--and end up giving it a number of my own.
You and your team are code auditing masters. Rather than pollute the namespace by making indistinguishable your securely built modified code and the original(and, by extension, your secure code and numerous unnamed distributions' "just get it to compile" modifications), wouldn't it be appropriate for OpenBSD to apply a name extension to any package which it has modified, and in the interests of full disclosure, to provide a reasonable CHANGELOG of the fixes contained therein?
Yours Truly,
Dan Kaminsky, CISSP
DoxPara Research
http://www.doxpara.com
Hey Biker (Score:2)
Stay muddy,
Jason
Re:OpenBSD's niche in the computing world (Score:2)
I wouldn't say that it has a clunky interface, exactly, or a higher learning curve. What it has is actually a very simple and elegant interface which encourages and assists you in learning in depth about your system very rapidly. Admittedly, my first free Unix-like system that I installed was Debian GNU/Linux (Specifically, "slink"), and I thought it was pretty easy to do, and people are always bitching about that, so YMMV.
Regardless, I found the interface to be refreshingly simple, and it gave me a great deal of control over my system. I'm now completely addicted to OpenBSD. Sure, there are some things about Debian I miss, but there were things that I missed about Windows when I switched to Debian. And in both cases, I feel the benefits I get from the transition far outweigh the sacrifices I have to make.
The ports system goes a long way to making things easier, much as apt does with Debian. So I can browse with a graphical browser, I can use KDE if I want, I can use Dia, the Gimp, and most other programs I find important for doing work. The main thing that needs to be done to make OpenBSD just about perfect for me as a Workstation OS is to have more supported audio programs, and part of that could just be ignorance on my part.
Anyway, I've been using OpenBSD as my workstation OS for the past sixth months, and I've been very happy with it.
Where doe the money go? (Score:5)
I greatly appreciate the work that the OpenBSD project developers have put in, and I plan on continuing to use, purchase, and donate to OpenBSD (and maybe even contribute when I get the technical skills) regardless of the answer to this question: Where exactly does the money go?
Question (Score:2)
Also, are there any plans to integrate Biometric hardware support into OpenBSD, to get rid of the human factor somewhat? Biometric capable OpenSSH would be a good start... Biometric capable login software...
Thanks for your time,
The Lerfted One
Re:Serious kernel related... (Score:2)
This is not the first time OpenBSD boxers have been suggested, but it seems there are no companies that will silkscreen boxers.
OpenBSD on laptop (Score:2)
Your take on TrustedBSD (Score:3)
Re:Full Disclosure And Version Numbering (Score:2)
Well, all of their code is in CVS. Every time one commits a change in CVS, it bumps the RCS version number. Also, if traffic on source-changes@openbsd.org is any indication, they are pretty good at logging what they do to their code, so maybe the answer to your question is effictively a grep of their CVS data.
I don't think you understand how they package up their releases. It isn't like Red Hat or Debian, i.e. there are no individual packages like perl-5.003-666 or nethack-23-skiddoo. In CVS, one can have vendor releases that are imported as branches off the main line, to be integrated at some later date, so again this may become a matter of writing some kind of reporting system for their CVS tree.
Does any of this make sense?
Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16
Re:Dear Moderators, (Score:2)
Time warp (Score:5)
Thanks for your work, Theo. I use OBSD every day as a workstation and as a firewall, and the Cop-chasing-script-kiddie t-shirt is the best.
If you could time warp back to the beginning of OpenBSD's development (ignoring the scism that brought you to that point), what would you do differently? Would you have chosen a more commercial focus? Pushed SMP development earlier? Run around in circles waving your hands in the air?
On another note, what's your feeling about commercial use of OpenBSD? i.e., do you support it, tolerate it, or what? (better example, I make a set-top box running OpenBSD, and I need the OS to do "X". If I called you and said, "Theo, I need OpenBSD to support 'X'", would I be told to piss up a rope, write it myself, or would the OpenBSD team do it for a price?)
Theo (Score:3)
Re:Making the rest secure (Score:2)
The site quotes: "The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security.
Let's open the question up in one direction (Score:2)
To what extent do you see OpenBSD using more graphical tools as part of the system and install? Newbies coming to Linux in the last year now have a range of handholding options that make security and other decisions on their behalf, often with little merit, along the lines of the 'let's keep it in line with the Windows-style experience'. Do you think OpenBSD should make any moves in this direction?
Very much looking forward to ordering 2.8.
Re:A book on code auditing? (Score:3)
Writing Solid Code : Microsoft's Techniques for Developing Bug-Free C Programs by Steve Maguire is a good book on the subject. Ignoring the obvious anti-MS mindset of the original poster, this book has good techniques for any platform.
One of the books I rate higher then this is Steve McConnell's "Code Complete," which is also from MS Press. Maybe MS doesn't read their own books - but a lot of the are great.
Re:Mac OS X & BSD (Score:2)
Other *NIXes (Score:4)
Also, which UNIXes do you enjoy working with (other than OpenBSD)?
Re:Making the rest secure (Score:2)
Linux vs. BSD (Score:2)
OpenBSD's niche in the computing world (Score:3)
Security education (Score:2)
Trust (Score:5)
Would it be possible to, say, make a very small, very simple (read: no optimizations) cc compiler written in assembly for each architecture, and compile gcc (or whatever our system compiler is) with this trivial compiler first? It seems to me that this would eliminate the problem of having to know whether the entire history of whatever code we were running was trojan-free or not. If this is in fact possible, is it something that you would be interested in having in OpenBSD? In any event, keep up the good work!
Easy to use based OS? (Score:4)
However, as a person that deals with new entries into the use of open-source/free software on a regular basis, I have often wondered about the possibility of an easy to use/install version of OpenBSD. I realize in the past that the OpenBSD team has sort of shrugged off the ease of use idea as un-important when compared to the security issues, and that is all well and good for the primary drive of OpenBSD. However, as a person that would like to see people become more security concious (or at least aware of security as an issue), and a person that would love to see common desktop systems become far more secure, I have often wondered about developing a solid desktop system on top of OpenBSD.
My question is not whether or not you and the OpenBSD team would themselves do this. I believe you have addressed this in the past (with a resounding "not now"). But, I would be interested in whether you would support an effort to do this sort of project or not. If a group were established with the sole purpose of developing a desktop distribution based on OpenBSD (and auditing every line of the desktop applications as well as your current teams does the base system), would you look at that as a positive for OpenBSD, or a negative? Would you be willing to commicate with the individuals that would be attempting this, and occassionally help them out with coding issues if they asked? Or would you at least voice support for an effort such as this? Or would you flat out seperate "real" OpenBSD from any attempt to make it more "user friendly"?
I would be very interested in your response.
OpenBSD ISO Policies (Score:4)
Systems Programming (Score:5)
First, thanks for your work. I use OpenBSD every day for both workstations and servers. It's hard to beat.
My question is: How did you get started with OS programming? I guess reading books(Such as The design and implementation of 4.4BSD by McKusick & Bostic) together with source is one way to start. But which path did you take and how would you recommend getting into the details, given a solid knowledge of C, application development etc is present?
Good luck in the future!
A book on code auditing? (Score:5)
Chris
Comment removed (Score:5)
Rock Climbing (Score:4)
I also am an avid rock climber and I was wondering what level you climb at and what you feelis your biggest climbing accomplishment. Do you do big wall or any mountaineering, or do you just do sport climbing and bouldering?
--neutrino
What sets Open BSD apart? (Score:3)
Assuming you are speaking with someone who somewhat unfamiliar with OpenBSD, what would you say sets it apart from other operating systems? Why would it be preferable to *nixes or NT or whatever else someone could think of?
Unifying the base? (Score:4)
This probably has been commented a lot, and there are more issues than just pure technical ones for this not having happenned before. But, is there any thought on your part, of possibly more code sharing between the bsd's.
Maybe even creating an "architecture council" in which the core of each project would have a say on features that should/can/may be implemented on both kernel and userland?
This would not have to be a "you must do this" kinda thing, but rather and amicable forum to discuss new ideas and share implementations?
So what's your thought on this? do-able, possibility, of have i been smoking too much crack?
Re:Time warp (more specific) (Score:2)
I guess I could be more specific
As a wise AC posted below, let's say I have a product in mind that uses OBSD as a base. However, in order to make the product more powerful, I needed the OBSD kernel to move from user-space threads to kernel threads.
If I offered the OBSD team $50K to move the kernel to that model, would they do it?
A more egregious example: in order to make my Whizzo Superdevice sell, I need OBSD to integrate a proprietary security algorithm within the kernel structure (for God-knows what reason -- it's an hypothetical, worst-case example). The kernel needs to support it, but the algorithm can't be distributed with the normal distribution. Would the OBSD team merge it into CVS (assuming I'm just a guy with a great idea but no coding "skillz")?
It would be a tough call for me, I know. I'm not terribly idealistic, and the $$$s might sway me -- I was wondering if Theo is immune or not.
Re:Security Improvements... (Score:2)
it's the first link on the page. why was this moderated so high?
Re:Firewall/NAT box (Score:2)
Re:My question for Theo... (Score:2)
My own perceptions:
FreeBSD is nifty, and accepts code almost as liberally as Linux. That is, poorly written but functional is acceptable. This tends to result in FreeBSD having more nifty features that work before any of the other BSDs. However, the design is very evolutionary and distributed, and some bits of the code are just plain scary. Broken things that lots of people care about (like speed issues) are fixed quickly. Broken things that not many people care about tend to be ignored.
NetBSD contains the sort of code that'd make CS professors proud. It's clean and well-documented, and there's a lot of thought given to design and the larger picture. Like a CS project, though, it tends to be slow, as the most intuitive way to do things is often not the fastest. There are also times when the "run on anything" focus gets in the way of maximum performance.
OpenBSD audits their code for security, and the auditing gets rid of the worst of the poorly written code, but sometimes, the most secure design is horrifically unintuitive. The newer bits (like OpenSSH) show this the most: you'll need to make a sanity check after looking at some bits of that code. I really REALLY like the emphasis on security, though. It feels a little bit slower than FreeBSD, but not as slow as NetBSD. I have no hard numbers to back me up, just personal perception.
--
Re:Time warp (Score:4)
The OpenBSD team is happy to have the commercial use of OpenBSD...a quote from their web page:"OpenBSD encourages companies and independent developers to create products for use with OpenBSD, or based on OpenBSD itself. "[1]
They may or may not implement "X" for you though. I would imagine that if what you want is of general interest to everyone, they would probably do it for free, if not you could contact some of the developers on this page [openbsd.org], and they would probably be happy to help you out..for a price.
[1] taken from http://openbsd.org/products.html [openbsd.org]
Embedded/Floppy Based OpenBSD (Score:2)
OpenBSD, security, et al. (Score:5)
On a side note, is OpenBSD likely to ever head in the direction of being a distributed kernel? And, if so, how would security and resource management be maintained? (It's hard enough on a central kernel system.)
Forks and cooperation (Score:5)
Egos are delicate things, but do you see any chance for greater cooperation in the future, or do you see more forking and division as inevitable?
--
Do you see OpenBSD in the trailing position? (Score:2)
Do you feel that others opinion of you hurts the progress of the OpenBSD project? (if honey attracts flies {bugs}, does your vinegar nature keep the bugs away?)
Security Improvements... (Score:4)
Where is there still room for a lot of improvement? Also what are the goals of the OpenBSD project besides default Security?