OpenBSD: Hackers Meet Soldiers 336
BSDForums writes "OpenBSD has a well-deserved reputation for fanatical security. Why is the U.S. military funding it? What do you get out of it? Cameron Laird and George Peter Staplin investigate and talk to Theo de Raadt, the creator, overseer, and taskmaster of the OpenBSD project!"
Conspiracy Theories (Score:5, Funny)
Mulder, is that you?
Re:Conspiracy Theories (Score:2, Funny)
Re:Conspiracy Theories (Score:2)
but..but..
everyone has a
Re:Conspiracy Theories (Score:4, Funny)
So even if a cracker accesses the system, she'll be able to reach only the Apache root
the correct gender-neutral description in english is "he". by saying "she", the author is specifically writing about females (to the exclusion of males), and implying that a female cracker would only be able to reach the apache root (presumably a male hacker would be able to go further?).
Re:Conspiracy Theories (Score:2, Funny)
Probably outside of academia. Nobody has time for navel gazing beyond the lunatic fringe.
I can see the connection (Score:5, Funny)
Smart ships? (Score:3, Interesting)
Re:Smart ships? (Score:5, Informative)
Unless OpenBSD has the magic ability to "do what the programmer meant, not what he wrote" when encountering a divide by zero, the Navy's application would have crashed in exactly the same way on OpenBSD too.
If you want to criticize NT, fine, go ahead, but you don't have to make stuff up.
Re:Smart ships? (Score:2)
Re:Smart ships? (Score:5, Informative)
This is actually a very simple thing to do. Any OS designed for minicomputer-class hardware (e.g. VAX, RISC or 386+ CPUs) will include this magic ability (including NT). Such OSes will only crash if there is a bug in the OS itself, or in code that is treated as part of the OS.
One of the flaws with UNIX and NT, as compared to systems like VMS (with four protection modes) and Multics (with up to sixty-four protection rings), is the existence of only two protection modes: User and Kernel. This means that code which requires elevated privileges must be given the same privileges as the kernel itself, since Kernel mode is the only alternative to User mode.
This problem of only two protection modes is deeper than the OS design, however. Most RISC CPUs provide only two modes (the x86 provides four rings; the VAX provided four modes), so in order for an OS to be portable to such architectures, it must be limited to two modes like UNIX. This is probably why NT, which was designed by the architect of the four-mode VMS system, itself only supports two modes (like UNIX).
Remember that UNIX was considered very buggy and unstable in the 1980s, where as VMS (which is a younger system) was seen as rock solid. This reflects the design advantages of VMS, in being tied to the VAX architecture, with its four protection modes and robust instruction set, but that reliance on the VAX architecture was also a major weakness: unlike UNIX, VMS could not be ported to most RISC architectures, or the 386, and so only runs on VAX and Alpha. Both of these architectures support the four modes it requires, but are now niche CPUs with declining user bases. This limited hardware support was the most important reason for the decline of VMS, where as the portability of UNIX and NT were very important factors in their success.
UNIX, BSD, Linux and Windows 2000/XP show that a system with only two protection modes can eventually become stable, through simplified design and/or extensive testing on supported hardware configurations over time, but there is always the risk that new hardware will introduce new device-driver bugs, which automatically become new kernel bugs, thereby reducing any of the OSes to an unstable disaster again. The broader the hardware support is, the likelier it is this will happen.
Re:Smart ships? (Score:2)
If Linux had been created back in the 8088 days, either today's Linux would be incompatible with its legacy apps, or its stability would be comparable to Win9x.
Re:Smart ships? (Score:4, Informative)
Linux, as we know it, could never have been created on an 8088. In fact, the minimum x86 processor necessary for Linux is the 386. Linux, like Unix, requires virtual memory, preferably page based, and memory protection.
Linus deliberately set out to create himself an OS that followed the Unix model. He was unhappy with the Unix-like x86 OS implementations of the time and created his own. He clearly had in mind that his system would do as Unix does, not just look like Unix. You can make DOS look like Unix if you install enough GNU utilities, but it is fundamentally not Unix.
In a very real sense the stability of Linux, as derived from Unix, is by design, not simply because the coders are somehow better. By design, Linux proper can not operate on an 8088, and for good reason.
Note: today there are derivatives of Linux that can operate without hardware support of virtual memory. One important example is uCLinux. On systems without memory protection or VM support in hardware, the kernel suffers the same vulnerabilities to failures in user-land code as would DOS. These appeal of these systems is that they provide the POSIX API on very limited VM-less platforms.
Re:Smart ships? (Score:2)
Yes, that was exactly my point. "Linux, as we know it" requires hardware features that didn't exist in the 8088.
The only detail we may disagree on is who did the bulk of the designing that makes the stability possible. I think most of the credit should go to the 386 implementors (although they weren't the first to accomplish it) rather than to the OS implementors that took advantage of the hardware features.
Re:Smart ships? (Score:2)
Intel no more invented TLBs than Linus invented fork(). The x86 ISA and the Unix design are both the result of countless prior efforts. They evolved symbiotically over many generations, using many hardware platforms. Attempting to ascribe any particular percentage of credit to one or the other is naive. It took decades of effort to arrive at the contemporary model. The truth is that IBM implemented most of the significant features of multit
Re:Smart ships? (Score:2)
Re:Smart ships? (Score:2)
Yep. The 386 architecture looks more like supporting something more like Multics than Unix, but to my limited knowledge, nothing even remotely takes advantage of it. The main advantage of a segmented address space is that things you shouldn't be messing with are not even addressable.
Re:Smart ships? (Score:2)
For example, you can still run most DOS apps on NT-based system. If MS had done a better job, they could have preserved the ability of 99% of DOS apps to continue to work.
Re:Smart ships? (Score:2)
On the other hand, it's quite clear that real mode code in Win9x that has no reason to exist except for backword compatibility is a major cause of instability.
It easy to say that MS should have been able to make NT run 99% of legacy apps without any stability problems, but saying is quite different than doing.
Re:Smart ships? (Score:2)
Not really.
If you need to read from a device, a user account can be given access to a device entry. If you need access to a file, a user account can be given access to a file.
Then there is privlidge seperation. You can write a small, secure piece of code that runs as root, and invokes other, more complicated programs, with only the limite
Re:Smart ships? (Score:3, Informative)
Not really.
If you need to read from a device, a user account can be given access to a device entry. If you need access to a file, a user account can be given access to a file.
Do you understand what happens when you access the device entry? Your user-mode code, running under whichever account, makes a request to a kernel-mode device drive
Re:Smart ships? (Score:2)
As a matter of fact, it would be possible to give the device driver less privlidges in Unix. Once again, it just isn't done.
Well, actually I do understand the difference, I just made a mistake in interpreting what you were saying... possib
You are confusing privilege with access modes (Score:2)
Access modes is how the system is structured. There are two main modes, each with two sub modes. In the system space, which is common to all processes, there is kernel mode where the OS runs and exec mode where RMS (Record Management System) and databases run. They use the common nature of exec mode for global buffer management between processes. In per-process space w
Yeah, but GPL would be better (Score:2, Insightful)
I think the real problem is this attitude that free software is morally and intellectually equivalent to "owned" software. IMHO, this is an intellectual fraud, it screwed SCO, it will screw Sun, and it will screw us too until we finally get it.
Re:Yeah, but GPL would be better (Score:5, Interesting)
Speak for yourself - those of us who run BSD on our production servers find contributions useful.
If you pay a little attention to what the OpenBSD core team says and does, you'd realize that there is little-to-no danger that government funding will take the project in any directions but those stated in the project goals [openbsd.org].
Re:Yeah, but GPL would be better (Score:5, Insightful)
"The BSD license let's people do too many things, some of which I don't like. Therefore, the BSD license is TOO free."
"The GPL however, has just the right amount of freedom. It's still mostly free, without crossing the line of 'TOO free'. People can do what they want with it, as long as 'what they want' != 'what the FSF doesn't want'."
I have no moral problem with the GPL. I just wish people would stop calling it "free", unless they are going to put a (TM) or something after it. If you wanted your software to be truly free, you wouldn't be putting a copyright on it that contains words like "except" and "however."
Justin Dubs
Re:Yeah, but GPL would be better (Score:2)
Re:Yeah, but GPL would be better (Score:2, Interesting)
Re:Yeah, but GPL would be better (Score:2)
This is just the wooly-headed mindless nonsense that seems so prevalent amongst the stylish Slashdot crowd. Perhaps you could explain BSD licensed software is less useful than GPL'ed software. If you don't like using BSD licensed software,
People on ship said WinNT not problem (Score:5, Insightful)
The news agency that originaly broke the story you cite later distanced themselves from it by calling it early speculation. My understanding is that a naive server app corrupted it's own database and naive client apps (the infamous "LAN consoles" that crashed) needed that database to function properly and to operate equipment. Rather than rely on the early speculation of *NIX advocates why not rely on someone who was on the ship and someone who wrote the software:
http://www.sciam.com/1998/1198issue/1198techbus2.
"Others insist that NT was not the culprit. According to Lieutenant Commander Roderick Fraser, who was the chief engineer on board the ship at the time of the incident, the fault was with certain applications that were developed by CAE Electronics in Leesburg, Va. As Harvey McKelvey, former director of navy programs for CAE, admits, 'If you want to put a stick in anybody's eye, it should be in ours.' But McKelvey adds that the crash would not have happened if the navy had been using a production version of the CAE software, which he asserts has safeguards to prevent the type of failure that occurred."
OpenBSD Installation (Score:2)
Re:OpenBSD Installation (Score:2, Informative)
Installing OpenBSD is extremely easy. (Score:5, Informative)
That said, the following FAQ explains the installation process far better than anyone writing you email ever will be able to, including a complete install process in grey, which has example responses in bold [for the most part]. If you can't get it from this, then you aren't reading, and it doesn't matter if someone writes you an email message with the same thing (written more poorly no doubt). If you can't read and follow instructions, then OpenBSD is not for you, and honestly - you shouldn't bother.
Most people don't have this problem, but there are always some feeble minded folks who think that life is easier if they're spoonfed on IRC and the like. To such people: you aren't welcome. The answer to this attitude has already been given: don't ask questions that already have explicit, clear answers publically available.
If you have a problem with the instructions (not enough detail supplied, typos, etc.) then please let the OpenBSD developers know about them in order that they may be corrected. If _you_ have a problem, in that you can't understand them, well... maybe it's _JUST YOUR PROBLEM_. It might be something that you need to work on. Of course, there is an opportunity for things to be unclear, and in such cases - again, submit a bug: "such and such statement regarding fdisk is unclear, suggest more detail on partitioning so that xyz is unabiguous"
Now, if you -want- to install OpenBSD, go read:
http://www.openbsd.org/faq/faq4.html
Re:Installing OpenBSD is extremely easy. (Score:2, Insightful)
This has to do with common questions, being answer _already_ and people not taking the time to read the answers.
Does it make sense to repeat oneself over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over, just because the question w
Re:Installing OpenBSD is extremely easy. (Score:2)
Tuesday - Question covered in the FAQ is asked
Wednesday - 50 answers, ten of which are complete and detailed are sent
Thursday - The same damn fscking question is asked again
I will be more than happy to tell someone how to access the handbook, how to use man pages, where online documentation resides, etc. But if you don't even try to help yourself, don't expect me to be patient with you.
Unless you pay me $35 an hour. If you pay me $35 an hour I will patien
Re:Installing OpenBSD is extremely easy. (Score:2)
The only thing you have to do manually is partition the hard drive.
Other than that the install is a piece of cake.
Re:OpenBSD Installation (Score:2)
Note: you will install it twice, because everyone fucks up there first install. everyone. period.
Re:OpenBSD Installation (Score:2)
No, not everyone. My first OpenBSD install is still up and running as my home firewall, and has been fine since the day of install. Now my second OpenBSD install, that one went wrong[1] :-)
[1] For some reason, I couldn't get pf working the way I wanted it to (I tried to duplicate my earlier ipf rules, but it didn't want to know)
Re:I want to try OpenBSD but... (Score:2, Informative)
If you want x86, then just download it from the OpenBSD ftp site.
wget -r ftp://ftp.openbsd.org/pub/OpenBSD/3.0/i386/ Makes it easy.
Once thats done...
cd ftp.openbsd.org/pub/OpenBSD
then...
mkisofs -v -r -l -L -T -J -V "OpenBSD-3.0" -A "OpenBSD v3.0-Release, Custom ISO, 17-03-2002." -b 3.0/i386/cdrom30.fs -c boot.catalog -o openbsd-i386-3.0.iso -x openbsd-i386-3.0.iso
Burn that ISO!
Re:OpenBSD Installation (Score:3, Informative)
The recommended method is creating individual partitions for /, swap, /usr, /home, /tmp, and /var. Deciding the appropriate sizes for each of these partitions when you have no experience is probably the hardest part - but there's plenty of recommendations online. Personally, I'd recommend 80MB for /, 300MB for swap, 500MB for /tmp, 1GB for /var and s
Re:OpenBSD Installation (Score:2)
Theo de Raadt sounds foreign... (Score:4, Funny)
The Daemon Strikes Again! (Score:2, Funny)
The headline... (Score:2, Interesting)
Re:The headline... (Score:3, Insightful)
Yea, movies mirror life exactly to a T.
Obviously you havent worked in the US gov't before. The military has many IT people who are competent and advocates of "geek stuff".
Lots of top brass now recognize IT as a key part of warfighting. Watch the news when they give the tours of the command centers in Doha, Kuwait and you will see commanders sitting behind terminals.
So
M$ (Score:5, Funny)
In other news, Microsoft announces a new patent on security measures...
Answer to your question ... (Score:5, Insightful)
In a nutshell, not everyone in the "government" is a complete idiot ... *gasp* ... and sometimes ... just sometimes these "agencies" come up with supporting something that is actually useful to them and what they're trying to do.
OpenBSD is designed with security in mind. The article goes into great lengths about OpenBSD and what they've managed to acheive.
Anyone who has read my comments knows that I'm pretty much a BSD cheerleader because when I start to work with servers I will always pick a BSD solution wherever possible.
For many reasons there is a level of obscurity (try explaining to a "1337 h4x0r" what a "wheel" is ...) which also goes along with that there is some differences in the file structure as well (slackware doesn't count).
Plus theres the stability, I know linunx is stable, but the BSD stability is tested for stability and there isn't any "new exciting" features plugged in and not tested (okay at least in OpenBSD ... NetBSD does NOT count for this argument *grin*)
And my absolute favorite NO MORE THAN YOU NEED is installed!!! Something that I have also been arguing over in the SuSE disucssion ...
So what do we have, Simple, Stable, and Secure ... KISSS!!
Go DARPA, I've got tuition to pay so I can't buy an OpenBSD CD Set this semester :-(, but I did pay income taxes (so I guess I did kinda fund OpenBSD!!!)
Re:Answer to your question ... (Score:3, Insightful)
come up with supporting something that is actually useful to them and what they're trying to do.
Like the Internet.
Bluntly (Score:2)
This holds even more if you do not use OpenBSD.
(Like cars are much safer in a world with crash dummies;)
Re:Answer to your question ... (Score:2)
Now that Open
Re:Answer to your question ... (Score:2)
The government is not "forcing" anyone to use anything, they are subsidizing the development of something because it is A: beneficial to society and B: cheaper for the government to spur this development than to buy and attempt to secure copies of windows.
If OpenBSD is truly a superior product then it will continue to thrive without the "
Re:Answer to your question ... (Score:2)
Now that OpenBSD has been subsidised by the US government, what can we expect? Strings attached.
That does not sound like Theo.
Re:Answer to your question ... (Score:5, Interesting)
All three systems are equally easy to administer due to ports and apt-get. I do find that Debian is easier to keep current as apt-get/dpkg does a better job of upgradeing from one version to the next. Some admin basic admin tasks are easier under OpenBSD/FreeBSD as there is just less cruff to deal with. I prefer *BSD on my servers as I can "install and forget." I prefer Debian/testing on my workstations as it combines a good mix of current software and stability.
If you like Gentoo (which I also use) switch to FreeBSD. The packages in FreeBSD ports are better then Gentoo's ebuilds. FreeBSD aims for stability. Gentoo has a tendancy to apply too many bleeding edge patches. FreeBSD does have a completely different way of manageing the source, so it will take some getting used to.
Least there shouldn't be any back door (Score:5, Insightful)
Rus
Re:Least there shouldn't be any back door (Score:5, Insightful)
Not strictly true - the single point of failure is the compiler. If the Intel or gcc compiler has a smart 'exploit', (1) they can backdoor specific or general programs without an exploit in source, and (2) this exploit can self-propagate in the compiler, as the backdoor compiler compiles the new compiler, so once written the source for the self-propagating compiler exploit can be deleted. Donald Knuth did this with gcc(?), iirc.
Just FYI.
Re:Least there shouldn't be any back door (Score:5, Informative)
Way offtopic here now, but it was Ken Thompson, not Donald Knuth. Here's the discussion in question: Reflections on Trusting Trust [acm.org].
Also a summary entry in the Jargon File, for those who don't want to read the paper: http://www.catb.org/~esr/jargon/html/entry/back-do or.html [catb.org]
Answers (Score:5, Insightful)
My guess would be that the military will either take OpenBSD, combine it with some code from the NSA, and make a really secure OS, or take some code from it and add it to an OS they already use.
What do you get out of it?
It's Free Software so we get to see the source code that's being developed as part of the project. We get to tweak that code, make it better, port it to another system, etc.
I think it's pretty cool the US Gov. is partially funding OpenBSD. I guess it's no different that government grants to universities for medical research and such.
Re:Answers (Score:3, Informative)
And my guess is that they will simply use OpenBSD out of the box, thus incorporating whatever developments are made by the gov't funded OpenBSD programmers.
I need to choose my words wisely here, but the govt isnt the big spender it used to be, at least in terms of developing their own solutions. Especially in the
Security? (Score:4, Insightful)
Kind of like how Microsoft keeps its code private for security reasons too....
If BSD really is as secure as it has been touted, why keep your choice private "for security reasons"? Sorry, I don't mean to flame, but this statement has done more to hurt BSD than help it.
Re:Security? (Score:3, Insightful)
Re:Security? (Score:5, Insightful)
>If BSD really is as secure as it has been touted, why keep your choice private "for security reasons"?
Security through obscurity should never be one's ONLY line of defense, but as anyone truly into security knows, it IS a good idea to have it as a PART of one's defense. There's absolutely NO reason, other than OS evangelism, to advertise what kind of security you have. It's not the business of businesses to worry about helping advertise their choice of OS or security technology.
Re:Security? (Score:2, Interesting)
I'd add that obscurity only helps when _all other pieces_ of security are in place. That is, it's a bit of icing.
Re:Security? (Score:2, Insightful)
This is NOTHING alike MS keeping code private. It's like
Re:Security? (Score:2, Insightful)
1. You have OpenBSD which one can assume has a finite number of attacks which could be used against it as it is a finite system. Therefore, if there is a security flaw it WILL be found in finite time.
2. You have OpenBSD but no-one knows
Re:Security? (Score:2)
Nothing at all like it, unless you're counting cases where Microsoft choses not to run their own code, but that's keeping the knowledge of which code Microsoft is running private rather than keeping the code itself private.
It's more like banks not heavily advertising what brand of safe they use.
Methinks it helps BSD more when those "in the know" quietly use one of them instead of blandishing their choice.
Re:Security? (Score:2, Interesting)
I guess it's no longer an issue now that they decided to "keep their choice [of OpenBSD] private for security reasons".
Btw, there is a difference between not making your OS very easily detectable and not letting anybody see the source so they could check it.
Any security expert will tell you that obscurity is not a good model for security, BUT it is a helpful first barrier. Just look how well it's working for MS. There are probably hundreds of bad bugs in their code, but very very few people will be a
Re:Security? (Score:2)
RedHat DII COE [ot] (Score:3, Interesting)
The creation of DII COE kernel for RedHat implies that there may be some pressure to accept GNOME as a valid component of the Joint Technical Architecture (JTA).
In other words, the military bureaucracy is beginning to accept the fact that linux is part of the modern computing landscape. (Watching the wheels of military technology turn is like watching grass grow)
Unless they're fighting a war (Score:2)
A couple of recent rapid developments [globalsecurity.org] serve to disprove that particular bit of common wisdom. The military, when pressed, kicks ass like no other organization in existence.
Stop stealing idea's from SCO (Score:2, Funny)
No and ifs or buts. Its not like this technology is well known or taught.
After all, everyone knows that sco is the most stable, secure, and scalable unix ever made. All the great unix's borrow code from sco. There is no way Sun could of made solaris scalable without the ultra secure and scalable Xenix code. Just ask David Bois. Shesh.
Re:Stop stealing idea's from SCO (Score:3, Informative)
Re:Stop stealing idea's from SCO (Score:2)
-1, Troll is for posts that are a troll, not for trolls. If a user is a troll and you dislike trolls (How could you? we're cute and have long colored hair with a little diamond on our stomachs), add them to your foes list and set the foes modifier to -5.
Even trolls post useful/funny comments, discriminating against them is pointless since it will probably be hit with M2, or even other mods fighting you.
This article is disappointing. (Score:3, Insightful)
Maybe this will be useful to those who have never heard of OpenBSD, or are unfamiliar with its improvements for the past two years (only propolice incorporation is something more recent) - but for anyone with more than a cursory knowledge of the project, this is just not good journalism. Here you have an opportunity to have Theo answer your questions, and really get down to the meet behind the scenes, how the DARPA funding came about - how they approached him, whether there were any conditions to the work, if OpenBSD could use more of this funding, etc. But no, nothing, one quote - no new insight.
This might serve OK as an advocacy piece, and hopefully it will. But if you have two people "talk[ing] to Theo de Raadt" you would hope that they would have some more to talk about.
I find that reading interviews are far more enlightening than summary tripe such as this, because you're not just presented with a set of facts, but you get to hear information that goes beyond just the answers to questions. Often times, you then learn about things beyond the scope of the story, upcoming developments, sore spots. Say even a mention of how unfathomable it is that Sun has been holding back documentation to OpenBSD, given how many other private, public and governmental organizations (e.g. DARPA) that make no pretenses about support the opensource community are providing support to OpenBSD, whereas Sun is totally going against their own doctrine and ignoring OpenBSD developer requests (not even _offering_ an NDA as Linux et al have been presented with).
If this were a paper for a class or a personal site, fine no problem, what can a student or hobbiest do? But if you are in a position to provide journalism, it's really sad to see that power completely wasted in such a way.
Oh well, at least it can be added to the "OpenBSD is secure, free and neat, you should buy a CD" article pile, oh, I forgot to mention - continually overlooked. I guess there can never be too many of those, but it's sure starting to feel that way.
And -TWO- people wrote this article. Goddamn, two people, no brain.
OpenBSD isn't the only one ... (Score:5, Interesting)
I'd like to point out that DARPA is also funding the FreeBSD project, specifically enabling the development of FBSD 5.0's geom/gbde functions, which enable a fully modular disk access system, and transparent drive encryption. Really cool features, and it looks like once the code gets a stronger review from the crypto community it should really open up the possibilites for securing FBSD.
Re:OpenBSD isn't the only one ... (Score:4, Informative)
-- kryps
Re:OpenBSD isn't the only one ... (Score:3, Informative)
DARPA funding for BSD goes way back -- long before OpenBSD, FreeBSD, and NetBSD existed. One of the most important instances was DARPA's funding of the development of BSD's TCP/IP network stack back in the mid-1980's. This made BSD the first system in wide deployment that supported TCP/IP. It's hard to overestimate the affect that this has had on Unix and the Internet since then.
OS Money (Score:2)
You don't want your tank software blue-screening in the middle of a fight. "Hold on guys, don't fire at me for a second, I need to reboot my tank."
Alot of UNIX vendors have realized this, and they know that if they make products that the gov'ment likes that contains the features that they need, then they will continue to sell
Hybrid vigor (Score:5, Insightful)
There are several efforts to improve the security of Linux and *BSD. In the end, I think they'll benefit us all. Bruce Schneier [counterpane.com] talks about the window of exposure [counterpane.com] in his book Secrets and Lies [counterpane.com]. Efforts to improve the security of open source OSs have several benefits in reducing that window.
Some bugs will be fixed before they are ever exploited. A security vulnerability is still a vulnerability. But the damage is much less in this case.
Some bugs will be fixed faster after they are first exploited. Again, this reduces the damage that is done.
But in the long run, a greater benefit is the number of people who acquire some knowledge of how to analyze and test for security vulnerabilities and how to fix them. That is going to be greatest in open source. It provides the opportunity for competent programmers to wear the white hats.
Inform SCO (Score:3, Funny)
We will no longer need to worry about the lawsuit they filed against IBM.
Thin Gruel Indeed (Score:5, Insightful)
OpenBSD has a reputation for very good security. I wouldn't consider the quest for strong security "fanatical" any more than I would consider the quest for a bug-free operating system "fanatical."
Why is the U.S. military funding it? What do you get out of it?
The U.S. military is funding it because it makes sense to do so. Anyone who looks at OpenBSD's record for security and stability, the fact that it is free to use and modify in any way you desire, and doesn't consider it as a potentially cheap and useful platform for security applications...well, they aren't thinking clearly.
What do you get out of it?
I find it makes a great platform for firewalls and terminal servers, among other things. Ones that are reliable, very secure, with no software cost and lot of online support information.
Cameron Laird and George Peter Staplin investigate and talk to Theo de Raadt, the creator, overseer, and taskmaster of the OpenBSD project!"
They may have talked to Theo, but they sure didn't *quote* him much. The article was very thin on information. In my opinion it hardly merited a
Re:Thin Gruel Indeed (Score:2)
OpenBSD In USA? (Score:3, Interesting)
How about let Americans work on it, gov't? (Score:3, Interesting)
Isn't it ironic (Score:5, Interesting)
If I remember correctly, OpenBSD development was based in Canada (in part) because encryption code was considered a munition and thus the US government refused to allow it's export (while it was allowed from Canada).
Now the military (who were probably the source of these rules) are paying for the continued development of a technology that the forced out of the country on security grounds.
Convoluted enough for you???
Re:Isn't it ironic (Score:2)
Hacker Soldiers (Score:2, Interesting)
Because they want the most secure operating system available. I may get my ass shot at a lot less. Or, maybe, terrorist hackers won't be able to figure out when my flight home is leaving Kuwait City International Airport.
I'm in the Army National Guard. It used to be my full time job. Now I'm a "weekend warrior".
I used to administer NT boxes for the Army among other job duties. It gave me the heebie-jeebies! I am a helluva lot more comf
Theo's Hardware (Score:4, Funny)
I find it amazing in these days of 3.6GHz machines needed to run bleeding edge games and gimmicky OS's and everyone and their mothers going gooey over the latest GHz jump in analy embedded mobile devices that OpenBSD's chief developer uses computers that actually fit his needs. It is comforting to know that the SECURE processing and dissemination of digital information can be done efficiently without the large, bright, rounded, colourful buttons and Windows found in most other OS's.
Re:OpenBSD Secure? (Score:5, Interesting)
I remember hearing a good explanation of there "roles".
This isn't exact, but close enough.
FreeBSD, a sportscar. Hauls ass.
NetBSD, a hummer (or a jeep). Can go anywhere.
OpenBSD, a tank. I'd feel safe in one.
Anyone know who originally explained it similar to this? I'd like the original quote.
Re:OpenBSD Secure? (Score:2)
Re:OpenBSD Secure? (Score:2, Interesting)
Re:OpenBSD Secure? (Score:3, Informative)
The vehicle analogy is more than somewhat flawed. You mention weapons, but the truth is that all are stationary systems, that can be attacked by anyone, and can't move out of the way. They do not wear down after tons of successful attacks, but rather are either broken with one, or remain perfectly intact at full strength. I could go on, but there's not much point.
As for the logo, I'm pretty sure the blowfish comes from the wide
Re:OpenBSD Secure? (Score:2)
Well, by that logic, Linux is even less functional than Windows by several orders of magnitude...
Re:OpenBSD Secure? (Score:2)
Windows was a station wagon, MacOS was a sedan (with the hood welded shut), BeOS was Batmobiles, and Linux was a used lot where a bunch of volunteers were making tanks and lining them up on the side of the street with the keys in the ignition.
Re:OpenBSD Secure? (Score:2)
Its (at least) as old as Usenet's comp.sys.*.advocacy groups.
That's nice... (Score:2)
Re:OpenBSD Secure? (Score:2)
and here is Linux [revaindia.com].
Re:OpenBSD security on Debian (Score:2, Insightful)
The -point- for doing something like that, instead of simply improving OpenBSD with its own license, is completely beyond me. Does ther
Re:I'm convinced (Score:2)
I know you're trolling, but..... (Score:5, Insightful)
Way to go DARPA, I hope you realise that you are funding foreigners to indirectly assist Terrorists by making their systems harder to crack by US intelligence agencies.
Sound ridiculous? I hope so.
Or: Way to go Theo, I hope you realise that you are indirectly assisting civil rights and human rights groups by making their systems harder to crack by corrupt dictatorships.
Re:one thing (Score:5, Insightful)
Oh, and theo's stubborn incorrect opinion that users don't need security models. This is wrong, as we need stuff like rsbac or grsecurity to bring *nix security up to a powerfull level.
With OpenBSD not implementing such a basic ideaology, They might suceed as a hobbiest OS, but never as a *secure* os.
Partially correct, but my impression is that if you want Multics, then use Multics.
Regarding OpenBSD and it security models or lack thereof. Theo's opinion matters. Yours does not. Mine does not. They are responsible to themselves for their own definition of what OpenBSD should be. ONLY. They happen to be nice enough to share the fruits of their labors, but that is their decision not our right.
as a hobbiest OS
Yep, but that's one hell of a hobby. It strikes me as what paranoid professionals use on their own private systems when they like to sleep peacefully at night.
Re:one thing (Score:2)
Spoken like someone whose knowledge of security comes from a Web page they read once.
Underline this one and write it in bold: high-quality software is secure software. Software insecurity arises when software either does something it's not supposed to do, or does something it's supposed to do in a way it's not supposed to do it.
When software works exactly as intended, even in the face of a