OpenBSD's PF Developers Interview 110
An anonymous reader writes "ONLamp.com has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@).
Start reading from the first half and continue with the second part."
Re:So the world wants to know... (Score:1, Interesting)
OpenBSD problems (Score:-1, Interesting)
I read that T.Deraadt email thread when I first looked at OpenBSD, and my initial impression was that Theo had a real baaaaadddd attitude. I do know for a fact that a lot of the NetBSD folks were upset to see him leave and fork off his own version of the OS, and to lose him as a developer. But in reading his email he obviously has a problem with taking any criticism, and had no problem with jumping down someone's throat with a flamethrower and foul language. Denial, its not just a river in Egypt...
Not that I wouldn't use OpenBSD, or any other operating system that met my technical needs, whatever the personality of the people involved. I've dealt with enough bad attitudes from commercial OS vendors in my years in the industry to be able to deal with it if I have to. It just seems that *BSD has an extra heaping helping of bad attitudes that make commercial vendors look like pikers.
If you *really* read that email thread, you would see the attitude loud and clear. "We don't think that it helps anything for you to tell someone he's a f**khead when he's posting a message trying to help with the OS development." "F**K YOU, *I* want control of the source and if you don't like it I'll fork my own off!"
That's my impression of it... He sounded like an immature little upset kid to me. The development of any of the O.S. OS's is a group effort, and having one person think they have all the answers and have to be the one in control is dead wrong. So, now he *has* control of his own fork of BSD, and lost the ability to maintain many of the various platform ports because he has no developers. Thus, the OpenBSD page says that for a VAX port, for instance, "support can be easily ported over from NetBSD". Why these problems are so prevalent under FreeBSD/OpenBSD/NetBSD remains something of a mystery. These systems seem to be self selective in their attraction to weirdos and big egos.
The split had nothing to do with the quality of his coding work, and everything to do with his nasty attitude towards people... and NOT just the people of NetBSD Core, but other people who were just civilians trying to help out, or looking for help. No wonder BSD has lost.
PF can Filers By OS (Score:5, Interesting)
It's great of VPN stuff - all of my VPN equipment is OpenBSD - so I just don't allow any packets from any other OS. This mitigates any attack - now my attacker has to have and OpenBSD computer (or at least spoof one)
Re:OpenBSD problems (Score:5, Interesting)
Quite the contrary, actually.
He has a project that's rock solid, and he doesn't want forks polluting OpenBSD's good reputation.
I don't see why that's a problem. After all, OpenBSD is _his_ baby, and it's his call what to do with it.
I'd probably do the same if I were in Theo's shoes.
Wow (Score:1, Interesting)
Re:OpenBSD problems (Score:3, Interesting)
Re:OpenBSD problems (Score:1, Interesting)
In most cases, the fork should be named "BrokenBSD" by default.
Re:Wow (Score:5, Interesting)
Re:PF can Filers By OS (Score:1, Interesting)
Block external Windows clients? But I'm behind an OpenBSD firewall running pf myself, so connections from my Windows machine will look like OpenBSD. (synproxy
And what happens when Longhorn starts using a TCP/IP stack indistinguishable from OpenBSD? (not that that's likely...)
What are the chances of someone attacking (let along successfully) an OpenBSD machine from Windows anyway? More likely they're on Linux or something else and have the ability to spoof any OS they want.
You can't rely on it at all, and the rest of OpenBSD is secure enough that you don't really have to.
I suppose you can use OS fingerprinting to enforce internal policy ("no Windows machines on out network"), since you really need 2 machines to evade that, but that's kinda silly.
Re:pf vs ipf vs ipfw vs iptables (Score:2, Interesting)
I love OpenBSD for firewall/vpn duties... now if they'd just hurry the hell up and implement NAT-t for isakmpd i'd be a happy camper...