Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Interview: Ask Theo de Raadt What You Will

samzenpus posted about 6 months ago | from the go-ahead-and-ask dept.

BSD 290

Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.

cancel ×

290 comments

Sorry! There are no comments related to the filter you selected.

NSA (3, Interesting)

Anonymous Coward | about 6 months ago | (#46409079)

Has the NSA scandal changed the status of the OpenBSD project?

Re:NSA (3, Insightful)

Anonymous Coward | about 6 months ago | (#46409293)

Or rather
What effect has the revelations from Snowden on the presence of active monitoring of communication in the US had on creating user demand for more secure systems?

Why are you such an asshole? (-1, Troll)

fsck-beta (3539217) | about 6 months ago | (#46409085)

Do you realize your project would be more successful and provide more value to the community if you weren't such an asshole?

Re:Why are you such an asshole? (0)

Anonymous Coward | about 6 months ago | (#46409123)

Its a valid question.

Re:Why are you such an asshole? (0)

Anonymous Coward | about 6 months ago | (#46409211)

good, then stop using any and all openssh software. show theo you mean it!

Re:Why are you such an asshole? (3, Insightful)

Wootery (1087023) | about 6 months ago | (#46410483)

In this context, asshole does not mean morally objectionable.

Theo is generally thought to be an asshole in that he's tremendously disagreeable and difficult to work with, but that's not to say he's actually evil and worth boycotting.

fsck-beta might well believe, as I'm sure many of us do, that Theo is an asshole (see early history of OpenBSD) who has done some very good work.

Re:Why are you such an asshole? (0)

Anonymous Coward | about 5 months ago | (#46410677)

That logic doesn't follow. I can use the products of an asshole, it doesn't mean they aren't one.

Re:Why are you such an asshole? (0)

Anonymous Coward | about 6 months ago | (#46409147)

Why YOU are such asshole? Think about it, how peope see themselves and how they justify their actions.

Re:Why are you such an asshole? (2, Insightful)

Anonymous Coward | about 6 months ago | (#46409157)

that's your opinion which is not widely shared by OpenBSD users. those of us who like to get things done w/o the opinionated whining and design by committee crap found in nearly every other open source project.

shut up and code.

Re:Why are you such an asshole? (-1)

Anonymous Coward | about 6 months ago | (#46409557)

Former OpenBSD user here. Dropped it after posting a perfectly legitimate question and having Theo De Asshole go on some rant about me being an idiot. Switched to FreeBSD and never looked back.

Re:Why are you such an asshole? (0)

Anonymous Coward | about 6 months ago | (#46409789)

Says an AC, all the while not providing a linky.

Re:Why are you such an asshole? (4, Funny)

rubycodez (864176) | about 6 months ago | (#46409973)

former Linux server advocate here, switched to OpenBSD as my favorite server OS 13 years ago after seeing how Theo was such an asshole about security, correctness, robustness, and preserving the BSD way and philosophy of systems admin

Re:Why are you such an asshole? (0)

Anonymous Coward | about 5 months ago | (#46410733)

I've used OpenBSD and its adjunct projects for over a decade, I still think Theo is an ass.

Re:Why are you such an asshole? (1, Funny)

iggymanz (596061) | about 6 months ago | (#46409217)

more successful?

millions of devices (including those from Cisco, Juniper, NetApp, EMC, Apple, etc.etc.) and many OS use code from Theo's projects. Maybe you are just an asshole, but Theo is a hugely successful one?

Re:Why are you such an asshole? (4, Interesting)

geekmux (1040042) | about 6 months ago | (#46409559)

Do you realize your project would be more successful and provide more value to the community if you weren't such an asshole?

How screwed up would the project be had he not been such an "asshole" as you describe?

The truth hurts. Just because people can't handle it and get butthurt doesn't make the person an asshole for pointing out the truth.

I'd also like to know how you feel about other CEO's out there that have proven far more of an asshole than Theo could do in 20 lifetimes. He's a nice guy by comparison. Trust me.

Re:Why are you such an asshole? (1)

Anrego (830717) | about 6 months ago | (#46409771)

It's actually a sad trend, but yeah, you'll find people with massive egos who don't mince words behind many successful projects. Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid, even if it means that person may quit/stop contributing.

Linux, Apple, and Microsoft all found their success with this type of personality at the helm.

Anoplasties can be done without swearing (2)

tepples (727027) | about 6 months ago | (#46409931)

Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid

Yes, I agree that sometimes an anoplasty is needed. But that doesn't mean you have to use an abrasive tone while doing so. There are usually ways to get a point across with wit and good analogies instead of NSFW language. It worked for Jesus of Nazareth when he tore the leaders of Pharisaic Judaism a new one for their hypocrisy [wikipedia.org] .--Matthew 23:1-39.

Re:Anoplasties can be done without swearing (0)

Anonymous Coward | about 6 months ago | (#46410137)

Being nice takes up too much time, being terse and quick is key.

And for the record, please don't quote and site works of fiction, it does not bode well in your favour.

Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid

Yes, I agree that sometimes an anoplasty is needed. But that doesn't mean you have to use an abrasive tone while doing so. There are usually ways to get a point across with wit and good analogies instead of NSFW language. It worked for Jesus of Nazareth when he tore the leaders of Pharisaic Judaism a new one for their hypocrisy [wikipedia.org] .--Matthew 23:1-39.

SF double standard (1)

tepples (727027) | about 6 months ago | (#46410285)

Being nice takes up too much time, being terse and quick is key.

You can be terse and quick without profanity.

And for the record, please don't quote and site works of fiction

Wouldn't that apply to geeks' favorite SF [slashdot.org] as well?

Re:Anoplasties can be done without swearing (3, Funny)

bberens (965711) | about 6 months ago | (#46410435)

“It's now very common to hear people say, 'I'm rather offended by that.' As if that gives them certain rights. It's actually nothing more... than a whine. 'I find that offensive.' It has no meaning; it has no purpose; it has no reason to be respected as a phrase. 'I am offended by that.' Well, so fucking what."

~Stephen Fry

Re:Anoplasties can be done without swearing (1)

tepples (727027) | about 5 months ago | (#46410595)

People appointed to certain government offices find things offensive. They also happen to have authority to censor speech in certain media. Even outside the FCC and foreign counterparts, there are still people who generally have little respect for what someone says if he's regularly known to use words that a supermajority of speakers of the same language find offensive.

Re:Anoplasties can be done without swearing (0)

Anonymous Coward | about 5 months ago | (#46410953)

Sometimes you need someone with no hesitations about ripping someone a new one for doing something stupid

Yes, I agree that sometimes an anoplasty is needed. But that doesn't mean you have to use an abrasive tone while doing so. There are usually ways to get a point across with wit and good analogies instead of NSFW language. It worked for Jesus of Nazareth when he tore the leaders of Pharisaic Judaism a new one for their hypocrisy [wikipedia.org] .--Matthew 23:1-39.

Uh, sorry, but I happen to believe that I can reach out and physically touch the bits and bytes of Wikipedia before I happen to believe some portions of it's context, to include tall fables of religions past.

On top of that, how do you know what kind of language was considered profane or not back then? Apparently one can easily offend with Shakespeare and all its underlying vulgarity, unbeknownst to most who read it today.

Re:Why are you such an asshole? (2, Interesting)

tlhIngan (30335) | about 6 months ago | (#46409785)

How screwed up would the project be had he not been such an "asshole" as you describe?

The truth hurts. Just because people can't handle it and get butthurt doesn't make the person an asshole for pointing out the truth.

I'd also like to know how you feel about other CEO's out there that have proven far more of an asshole than Theo could do in 20 lifetimes. He's a nice guy by comparison. Trust me.

It takes a very special person to be able to be an asshole and not alienate people. Steve Jobs is a famous example, but there's also Linux Torvalds, and Theo.

The asshole-ish nature of those people generally turns people off. However, they also have the rare ability to motivate people to doing the right thing. Jobs is an asshole, but he also managed to bring out people to do better work - he didn't accept crap if he knew it could be done better. Likewise, Linus and others are the same - they aren't afraid to call it crap.

The problem is, a lot of people don't realize that and try to emulate them by being assholes and making life miserable for everyone without any redeeming qualities. It's those qualities that allowed them to be assholes and still get stuff done, not the other way around.

Re:Why are you such an asshole? (5, Informative)

bluefoxlucid (723572) | about 6 months ago | (#46410101)

How screwed up would the project be had he not been such an "asshole" as you describe?

Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.

Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".

Linux had oprofile.

I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.

Further, most programs spent substantially less than 0.2% of their execution time in the main executable. -fPIE only affects the main executable; multiplying this together gives us 0.2% * 5.8% = 0.0116%. This means that, in any one hour period, if you could find a total of 0.42 seconds of CPU time (i.e. CPU at 50% for 0.84 seconds, CPU at 0% for 0.42 seconds, etc.), -fPIE would have zero real impact. If your system is pegged at 100% for 24 hours, it will be pegged at 100% for 10 seconds longer. In 60 seconds, you need 0.0070 seconds of additional CPU time to handle this optimization.

In short: Theo was wrong. He derailed the conversation off-list probably because he didn't have a real argument and was afraid of being proven wrong. He's never admitted he was wrong, and probably considers the whole argument a moral victory.

The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else. I wonder how many security holes have gone unseen, how many improvements have papered over unacknowledged previous issues, and so on. OpenBSD uses very specific language: only two remote exploits in the default installation in however many decades. That's because OpenBSD comes with everything switched off--like Ubuntu before Avahi--so there's no attack surface. It's great marketing, but it has no bearing on how much of the code base is secure or how risky it is to run OpenBSD vs Linux vs Windows.

Theo's manner says that the above assessment has a high probability of being valid. Not a majority probability, but a high probability: most people claim OpenBSD is "secure", and in fact I spent a time editing this out of Wikipedia because every security article cited OpenBSD--up to and including listing "use OpenBSD" under "ways to improve computer security". This was not NPOV, and I have found no empirical studies of OpenBSD security--Coverity hasn't even run their tools against the code base, and I've seen no widely published studies on number of practically exploitable local privilege escalations and shipped daemons and such comparing OpenBSD to FreeBSD and Linux and so on--so it was inappropriate. But it does say that the normal assessment is that OpenBSD is probably "secure"; and I find a lot of soft evidence suggesting that this assessment is not reliable without more hard scientific evidence. A lot has gone into showing why OpenBSD "is secure", and very little has gone into showing that it's "not as insecure".

Linus has a massive ego and can be harsh, but he admits this and admits he has been wrong and the culture around Linux is different. Linus is sub-optimal, and the poor handling of negotiation by the Grsecurity and PaX people stunted Linux security development for a while, as did a number of other things; but Theo is the quintessential off-the-deep-end egomaniac. His technical expertise is highly questionable.

Re:Why are you such an asshole? (1)

drinkypoo (153816) | about 5 months ago | (#46410957)

The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else.

What convinced me that openbsd was developed by whiny lazy babies was trying to use my Acer Aspire One D250, one of the commonest netbooks made. The commonest wlan card used in it is unsupported. So I went looking for any prior attempts and sure enough, someone had ported some changes to the driver from Linux and got it working in a substantially old revision. But even though one of the core developers has the same netbook with the same NIC, the patch was not accepted. The excuse given was FUD about licensing, but this was substantially after issues like that were settled. I didn't bother to ask on any lists to see if anyone was thinking about fixing it because I knew they weren't. The developer with the same machine had replaced the NIC rather than port the changes from Linux because they weren't interested.

OpenBSD's hardware support is shit, so unless you're building a machine specifically for a purpose odds are good you'll end up with Linux anyway. If you have or plan to inherit legacy machines, same thing. Wouldn't you rather run nominally the same OS everywhere, so you don't have to remember how to do the same thing ten different ways? If you're going to have to run Linux anyway, you might as well just run Linux.

Re:Why are you such an asshole? (1)

bmajik (96670) | about 5 months ago | (#46411099)

You're not the first person to suggest something to Theo, only to have him shoot down your idea.

In my case, I suggested a profiler that you'd run an exe under, and it would catalog the syscalls that the binary made, and all the syscall arguments. That profile would be stored for that program in a repository.

After the profile was created, if the program ever deviated from its syscall profile, the syscalls would fail and the binary would be terminated.

The goal here would be to holistically stop programs from misbehaving when under control of an attacker.

Theo's comment was, basically, "this will never be part of openbsd, and you are perhaps the 10th person to suggest such a thing"

Well, sometime later, something similar to what I suggested did in fact become part of OpenBSD. I think it appeared on Linux first.

Did I begrudge Theo at the time? No. Do I begrudge him now? No.

Even Heroes are fallible people. Theo is just a guy. He's made my life remarkably better because ever since someone remote-rooted my IRIX box, I've had his Operating system as my edge device, and I've not detected any remote-roots ever since. All I did was buy a T-shirt and a couple CDs from him. Hell, I even contributed a fix (Back in the 2.x days).

I think your assessment of OpenBSD's security is shit. Go look at old bugtraq posts. They made a good point of cataloging who was affected. Notably absent was OpenBSD -- almost always. And not because nobody tried -- but because OpenBSD didn't fail.

These guys are serious about security, and the results are self evident. Your personal beef with Theo is your problem; not a reflection of lack of results on their part. The fact that you're editing Wikipedia about this indicates a legendary amount of butt-hurt.

The OpenBSD project has given us lots of goodness, above and beyond OpenBSD itself.

I have no idea why you would question his technical expertise. He has brought up a BSD kernel on countless different pieces of hardware. How many people can say that? How many unix kernel engineers can even say that?

Re:Why are you such an asshole? (0)

Anonymous Coward | about 6 months ago | (#46410533)

The burning question on everyone's mind.

Re:Why are you such an asshole? (0)

Anonymous Coward | about 5 months ago | (#46411275)

Said an asshole.

NSA Involvement (4, Interesting)

jazman_777 (44742) | about 6 months ago | (#46409105)

Given the pervasive nature of NSA compromising, do you know of any attempts by the NSA to put in backdoors or otherwise compromise OpenBSD--either by approaching you directly, or by infiltration?

2014oksunglass.com (-1, Troll)

lisataisy (3564279) | about 6 months ago | (#46409167)

http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com] http://www.2014oksunglass.com/... [2014oksunglass.com]

Where does OpenBSD outperform Linux? (0)

Anonymous Coward | about 6 months ago | (#46409169)

Comparing the most recent stable distros of each, what areas would you say OpenBDS is better/faster/more robust etc. than Linux?

Re:Where does OpenBSD outperform Linux? (3, Insightful)

jones_supa (887896) | about 6 months ago | (#46409223)

All BSDs are more robust than Linux as they follow a much more conservative development process. Linux is in a constant bleeding edge R&D mode (which of course also means that you get cool new features quickly).

Re:Where does OpenBSD outperform Linux? (3, Interesting)

smash (1351) | about 6 months ago | (#46409349)

Pretty much that. My observations with FreeBSD at least have been that whilst Linux might get something FIRST, it will typically go through 3-4 (more?) iterations before the actual long term supported version emerges. Until someone decides to rewrite it anyway.

The FreeBSD (and likely other BSD) way seems to be to design things properly first (which takes some time that Linux skips), implement and then the user-facing interface stays the same for a long period of time.

Sometimes however, it does mean BSD gets features first. E.g., multichannel audio. Mixing has transparently happened via the FreeBSD audio driver for about 10 years now. Linux has gone through a bunch of different audio subsystems in that time.

OpenBSD.org Domain (0)

Anonymous Coward | about 6 months ago | (#46409205)

Up until recently http://openbsd.org/ went to the OpenBSD website. Now the "www." is needed to get there. Why the change? Are there security implications to having a host on yourdomain.tld?

Re:OpenBSD.org Domain (1)

iggymanz (596061) | about 6 months ago | (#46409257)

actually, there used to be a dev/test web site but www always went to the main one. the openbsd.org one was never the main site. nowadays many browsers (improperly) stuff a www in front if nothing found at a domain name

Would you ever retire? (2)

allaunjsilverfox2 (882195) | about 6 months ago | (#46409221)

If so, How do you think the community would react / correct the situation?

Re:Would you ever retire? (2)

stsp (979375) | about 6 months ago | (#46409433)

This has already been answered here: http://marc.info/?l=openbsd-mi... [marc.info]

Re:Would you ever retire? (0)

Anonymous Coward | about 6 months ago | (#46410581)

He is obviously capable of thinking of problems nobody else has thought of, and then he publishes those problems together with a suggested solution for them. I don't understand how anyone could dislike that guy.

Value of certification (1)

sinij (911942) | about 6 months ago | (#46409259)

Looking at a success of OpenSSL project in the private sector, key to this success is a very robust certification (FIPS and so on) effort. Are there any similar plans to dedicate resources to get OpenBSD endorse/certified?

Sparc64 and Oracle (5, Interesting)

kthreadd (1558445) | about 6 months ago | (#46409273)

I recently needed a free software operating system that could replace Solaris on a couple of Sun UltraSparc machines. After testing out the relatively small number of alternatives I found that OpenBSD had by far much better hardware support than the others. I know that a lot of this is the result from the effort your group spent a couple of years ago to get docoumentation from what used to be Sun. How would you describe collaboration with Oracle now when they run the remains of Sun, in particular around supporting modern Sparc64 based systems?

Re:Sparc64 and Oracle (1)

Anne Thwacks (531696) | about 6 months ago | (#46409777)

And will we need to be wearing ear-plugs when you reply?

(Also using OBSD on Sparc64 servers)

Theo: Why are you such a dick? (0)

Anonymous Coward | about 6 months ago | (#46409275)

Theo,

From all of us in the open source community, why are you such a dick? Honestly, why do you feel the need to verbally abuse everyone who annoys you in the slightest way?

Sincerely,
Concerned Members of the Community

Re:Theo: Why are you such a dick? (0)

Anonymous Coward | about 6 months ago | (#46409521)

Please dont sign yourself on everyones behalf. Theo is a dick to people who deserve it. He is a dick when he needs to be to keep the project(s) going. And occasionally he is a dick because he is human. He is the perfect guy for the job.

updated OpenBSD rack picture? (2)

rubycodez (864176) | about 6 months ago | (#46409299)

the rack picture on the lower right corner of the www.openbsd.org was taken in 2009. since architectures retired and some added since then, could we have a new circa 2014 picture?

Re:updated OpenBSD rack picture? (1)

mbregg (3564303) | about 6 months ago | (#46409455)

This is on the OpenBSD site, but I'm not sure when it was taken: http://www.openbsd.org/images/... [openbsd.org]

Re:updated OpenBSD rack picture? (0)

Anonymous Coward | about 6 months ago | (#46409715)

This is on the OpenBSD site, but I'm not sure when it was taken: http://www.openbsd.org/images/... [openbsd.org]

Judging by the fact that the 2009 pic has less old shit racked I would have to say that the one you linked to is undoubtedly older, probably by a few years.

Smoother Chroot and Sftponly integ into OpenSSH? (4, Interesting)

See Attached (1269764) | about 6 months ago | (#46409303)

Very often we admins have to make all kinds of hacks to get OpenSSH to support Chroot and ScpOnly. Would it be possible to make it simpler for these features to be added/configured without third party tools? OpenSSH is a foundational package, and making it easier to add these features would make it all that much better. Would be great to stick to your source 100%!! Thanks for your many contributions!

Re:Smoother Chroot and Sftponly integ into OpenSSH (4, Informative)

carlhaagen (1021273) | about 6 months ago | (#46410129)

There is no need for third-party tools for what you want to achieve. While the solution is a bit ungainly, all of it is already supported by OpenSSH and its sftp subsystem. This is how I configured things on my system:

First off, add a group that you call f.e. "sftponly". New users that are to be allowed only sftp access should have "sftponly" as their login group, and have /sbin/nologin as shell to deny them shell access. Their home directories should be owned by root:sftponly, and within the home dir you then create relevant user-controllable directories which should be owned by :sftponly.

Secondly, the sshd_config magic that makes the whole charade work:

Subsystem sftp /usr/libexec/sftp-server
Match Group sftponly
ForceCommand internal-sftp
ChrootDirectory %h

Re:Smoother Chroot and Sftponly integ into OpenSSH (2)

carlhaagen (1021273) | about 6 months ago | (#46410269)

Small explanation: what happens is that when the SSHd matches the user's login group successfully, it forcefully switches over to the internal sftp component instead of the default external subsystem, which in turn makes it possible to chroot the user to his/her home dir without having to place a plethora of system files in each user's home directory.

Raspberry Pi-class hardware - BeagleBone Black? (4, Interesting)

emil (695) | about 6 months ago | (#46409335)

I would like to run OpenBSD on the Raspberry Pi.

I understand, sympathize, and accept your decision to avoid that platform, but what would you recommend as a stable substitute?

The BeagleBone Black seems like the endorsed alternative, although there were stability warnings until recently. The current status reads: "There are generally still a fair number of things to do on each of these boards, however OpenBSD is generally considered to be usuable on them. The platform is now self hosting, however there is no SMP support."

Would you point OpenBSD users interested in this hardware class at the BeagleBone Black? Any other advice? SLC media preference?

TI has announced that it is discontinuing the OMAP line. Will Beagle move to another ARM licensee, and does that matter much for OpenBSD?

Trying too hard (1, Insightful)

nmb3000 (741169) | about 6 months ago | (#46409355)

Slashdot interviews for Richard Stallman, Eric Raymond, and now Theo, all in the last week?

What happened? Did someone at Dice push Slashdot management to try and "reclaim technical roots"? Is someone a little worried about http://soylentnews.org/ [soylentnews.org] ? Or maybe this is part of a last-ditch effort to increase revenue^W^W reclaim reader loyalty?

Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

source [diceholdingsinc.com] .

Perhaps not, but really, you guys are still trying way too hard now. I'd have thought you realized by now that successfully running a site like this is a marathon, not a sprint. Throwing up a few half-baked interviews with prominent open source figures isn't the answer.

Re:Trying too hard (2)

kumanopuusan (698669) | about 6 months ago | (#46409517)

When I looked at Soylent News this morning, there were 5 or so stories with less than 5 comments, and the quality of some of the last few submissions has actually been worse than what we typically see here. I'd like SN to succeed and viable competition should force Slashdot to improve, but it's going to take some real effort.

Re:Trying too hard (2)

Anrego (830717) | about 6 months ago | (#46409845)

Yeah, soylentnews seems to be fizzling.

It's a shame really, but I suspect it won't be the last "bring back old slashdot" effort. Eventually someone will get it right / get enough momentum to keep going. It might happen if slashdot ever actually switches everyone to beta.

Yes try too hard!! (3, Funny)

rubycodez (864176) | about 6 months ago | (#46409959)

I applaud efforts to make slashdot more technically relevant and useful and interesting, keep trying too hard!

Re:Trying too hard (1)

jones_supa (887896) | about 6 months ago | (#46410075)

Slashdot interviews for Richard Stallman, Eric Raymond, and now Theo, all in the last week?

I only hope we get the answers to all of them. If you watch carefully, every now and then there seems to be a Q&A session here with no answers ever posted!

Re:Trying too hard (1)

Anonymous Coward | about 5 months ago | (#46410739)

Who cares?

Everybody loves ESR, rms has some thought-provoking ideas, and Theo de Raadt is a hero. If Dice keeps this up, I might even enable the ads for the first time in almost a decade.

Are you a license purist? (0)

Anonymous Coward | about 6 months ago | (#46409359)

While there is much creative energy diverted into who has the One True Licensing scheme, is it possible that the global economy is better served by licenses that respect the diverse motives of humans?

I'd group them as proprietary, GPL, and BSD, to offer a rough taxonomy. These groups seem to correspond to the wallet, the heart, and the mind, or, three of the main drivers for hacking code.

Our energies might be better spent making sure that lawfare and legislation doesn't devour any one group.

Does that make any sense?

Cheers, Theo.

Re:Are you a license purist? (0)

Anonymous Coward | about 6 months ago | (#46410503)

The global economy would be better served by ridding itself of artificial restrictions on the free flow of information.

It is my hope that IP (as well as other annoyances, such as cryptography exportation) will become increasingly meaningless as ubiquitous strong encryption of communication and pseudonymity/anonymity become normal among users and developers of software.

Only a statist could justify violence and extortion against someone just for using a piece of information in a way its author and/or distributor doesn't like.

Finances and technologies (3, Interesting)

Noryungi (70322) | about 6 months ago | (#46409387)

OK, tongue-in-cheek question: did you cash in all those bitcoins before Mt Gox imploded?

More seriously: what are your thoughts on the future of ZFS, BHyve, non big-lock SMP, SMP-enabled pf (see NetBSD npf) on OpenBSD?

Related question: what is the future of OpenSSH-based VPN functions?

Even more seriously: in light of the recent Snowden revelations on NSA spying, can you tell us more about the audits realized after a few (past) developers were accused of creating backdoors in OpenBSD for the FBI?

Finally, and this is not a question: all my thanks for a great OS. I use it daily and truly appreciate all the hard work.

Re:Finances and technologies (1)

BlackPignouf (1017012) | about 5 months ago | (#46411071)

What part of "As usual, ask as many as you'd like, but please, one question per post." don't you understand?

What's your average day like? (4, Interesting)

ModernGeek (601932) | about 6 months ago | (#46409389)

Last time I saw pictures, you and others were working from a home. How is everything structured now? Are you living alone and working from your house, or are there others there, too? How has this affected you long term with your personal life and relationships? What type of job did you have before OpenBSD? Assuming you did before, do you ever miss working in an office?

Re:What's your average day like? (1)

pigiron (104729) | about 6 months ago | (#46409471)

No one on their deathbed ever said "Gee, I wish I had spent more time at the office."

signed code (3, Interesting)

smash (1351) | about 6 months ago | (#46409437)

What are your thoughts on code signing, and do how do you see the development of such proceeding in the free unix world. In Powershell for example, i can set a system-wide policy to only run scripts if they are signed with a trusted certificate.

This means I can, for example, delegate script development to an underling, review the script and then sign and push into production, knowing that the script will not run if it has been modified in the field without authorization - enabling proper change management process to be enforced.

Other platforms require all code to be signed before it will run.

Do you foresee anything like this (obviously with the master signing authority being the local site admin) for OpenBSD?

Thanks for all your work... (1)

carp3_noct3m (1185697) | about 6 months ago | (#46409449)

I know it can sometimes be more of a burden, but thanks for all the work you have done Theo. I use OpenSSH everyday, and I find it to be one of the most reliable, most secure (even with all the NSA revelations) pieces of software in daily use around the world.

That being said, the more I investigate how to increase security, I am increasingly struck by how borked SSL is as a whole. (CA messes, vulnerable to MITM, DPI, etc).

My question is this: do you think at some point we should start re-evaluating our fundamental kernel architectures to help alleviate some of the security issues recently revealed? I mean, with hard-drive and bios level rootkits, etc, even SSH is standing on a foundation of sand it seems. Thoughts?

Re:Thanks for all your work... (1)

tepples (727027) | about 6 months ago | (#46410197)

Is there really any difference between the security of SSH and that of self-signed SSL? Both need out-of-band validation of the public key's fingerprint.

Re:Thanks for all your work... (1)

carp3_noct3m (1185697) | about 5 months ago | (#46410991)

https://www.ietf.org/rfc/rfc42... [ietf.org]

Cryptographically they are just as secure as each other (why you need the libraries from OpenSSL for OpenSSH), but it's the implementation that suffers.

Power bills in Alberta are super high (0)

Anonymous Coward | about 6 months ago | (#46409483)

I recall the whole budget shortfall story of not all that long ago (Past few months or whatever it was) where you had to seek out donations in what sounded like something of a somewhat dire situation in order to be able to pay the power bills for your dev shed, which I also gather is attached to your home. I recall when I was in Alberta, the fossil fuel-dependent electricity system gave me bills that were something like 2-5x higher than what I was used to back in BC, and everyone was all entranced by oil heaters which also cost way too damn much... whereas back in BC, I wouldn't even run over 50 dollars in, say, December, even if I was running a space heater for most of the month and my computers would be on 24/7. Have you ever considered relocating to Vancouver or somewhere else with a cheaper avg power bill (And plenty of hiking/mountains/fresh air as well) in order to cut the costs of that end of the project down? Why Calgary?

whats up with the songs? (1)

nimbius (983462) | about 6 months ago | (#46409509)

Hi Theo, I'm a fan of OpenBSD partly for its hacker ethic and partly for the songs. A few of them don't have commentary, which I find sad. For songs like 'El Puffiachi' and 'I'm Still Here', what was your creative input if any?

Cross Pollination (1)

smutt (35184) | about 6 months ago | (#46409525)

I appreciate the fundamental work that OpenBSD does in security and other areas, especially things like the recent work in getting X to run without privileges.

AFAIK OpenBSD was the first to accomplish this, and I'm wondering how much of that research and know-how, maybe not code, can be used by other *NIXes? I know there are license conficts between the BSD's and Linux, but how much of the experience gained from that effort can be used to improve other *NIXes even if code cannot be reused? Is the OpenBSD project involved in sharing this experience, and others like it, with Linux distros or with NetBSD or FreeBSD?

Re:Cross Pollination (0)

Anonymous Coward | about 6 months ago | (#46409761)

There are no license issues taking BSD code into Linux. It is only the other way around (Taking GPL code into BSD) that causes problems.

Any apps porting activities on? (1)

unixisc (2429386) | about 6 months ago | (#46409577)

Are there any efforts made to ensure that OpenBSD can run native apps written for other platforms, such as Linux or FreeBSD? Or is OpenBSD's target usage exclusively routers & firewalls?

Huh? (0)

Anonymous Coward | about 6 months ago | (#46410079)

Almost any software that is available for Linux or FreeBSD is (or can be) ported to OpenBSD.

Or maybe you are asking if OpenBSD can run binary executables targeted for other operating systems? FreeBSD can run Linux binaries (when appropiate support packages are installed), and of course there are several emulators / virtual machines to run non-native programs.

I read your question as meaning that you find the amount of available software lacking, and I really don't think that is the reality. There is a lot of software, most free (beer/speech) software runs very well and is already ported and ready to go. But if you want to play the latest triple-A blockbuster game, then no, that is not something you can run on OpenBSD.

Full disclosure: I've run OpenBSD as my primary desktop and server OS for a few years now. Why? Because system administration is so simple and straight forward. For me (YMMV) it is much more logical and grokkable than Linux. Not to say Windows, which I never got the hang of, administration wise.

What other platforms? (3, Interesting)

unixisc (2429386) | about 6 months ago | (#46409611)

Given that a lot of the platforms that OpenBSD was ported to are now dead - such as PowerMacs, Alphas, PA-RISC and so on, are there any efforts on to port OpenBSD to non-x64 platforms that exist today?

Re:What other platforms? (1)

rubycodez (864176) | about 6 months ago | (#46409943)

there is dead in the sense of "no longer sold", but if many people still use a platform and can have a modern current OS running, is it really dead?

What other OS (1)

Billly Gates (198444) | about 6 months ago | (#46409639)

If you couldn't use OpenBSD anymore what other OS would you prefer to work with?

Why CVS (1)

Anonymous Coward | about 6 months ago | (#46409669)

Why does OpenBSD use a CVS derivative for the code repository? Why not use a distributed VCS? Do you feel that there is an advantage to use the current repository or is there another reason to use it?

strcpy (1)

QuietLagoon (813062) | about 6 months ago | (#46409751)

I read a message thread on a Linux board which presented the idea that using strlcpy, instead of strcpy, was a crutch that encouraged sloppy coding because the programmer will no longer think about buffer sizes.

.
I know you are a proponent of strlcpy. Why do you think some projects resist using it so much?

What happens if you were hit by the proverbial bus (1)

Anonymous Coward | about 6 months ago | (#46409797)

You're name is synonymous with OpenBSD. If you were to get hit by the proverbial bus, does OpenBSD a plan to keep it going and relevant?

Re:What happens if you were hit by the proverbial (1)

iggymanz (596061) | about 6 months ago | (#46410383)

which people on current team would be the best designated successor(s)?

Package Signing (0)

Anonymous Coward | about 6 months ago | (#46409801)

Why did it take the project so long to start package signing over insecure mediums such as FTP?

APIs (0)

Anonymous Coward | about 6 months ago | (#46409837)

What do you consider to be the most elegant or well-designed API in BSD?

openbsd.org (1)

destiney (149922) | about 6 months ago | (#46409841)

Why is openbsd.org such an ugly website? Is it because you want people to take it seriously or is it because no one on the project knows any CSS?

I respect your large brain and all your highly secure exploit-free software, but if I were responsible for view-source:http://www.openbsd.org/ I'd be pretty fucking embarrassed.

Re:openbsd.org (0)

Anonymous Coward | about 6 months ago | (#46410037)

CSS looks soooo great under lynx =P

Re:openbsd.org (0)

Anonymous Coward | about 6 months ago | (#46410257)

Next you are going to ask for screen shots...

--
Teun

What will it take? (1)

larry bagina (561269) | about 6 months ago | (#46409867)

It seems like every time you turn around, another bitcoin exchange is hacked or some startup social network for dogs is secretly uploading all your phone contacts over clear text or a retailer is storing unencrypted cc numbers and passwords. Some of the worst offenders are brogrammers. Is there anything we can do?

OpenBSD and Wi-Fi (2)

carlhaagen (1021273) | about 6 months ago | (#46409895)

I've been using OpenBSD as my wireless home router, server and development platform since 2005, and can from 9 years of experience safely say that the current state of OpenBSD's Wi-Fi drivers and 802.11 stack is troubling. On one hand, most chipsets out there have rudimentary driver support in OpenBSD, including WPA2 and CCMP facilities. On the other hand, the 802.11 stack still lacks 11n support (minor problem) but what's much worse is that while only two of the drivers - ral(4) and athn(4) - state that they can handle power-saving clients when running in HostAP mode, none of them actually do it properly. None of the support ral(4) chipsets can handle power-saving clients despite what the ral(4) man page claims, and while athn(4) works slightly better it's still flaky with unreliable results, no matter what wireless chipset the client uses. The effect is that OpenBSD is useless as a wireless access point without having the clients pull one of several tricks available to avoid them from entering power-saving mode, as have been posted and explained by troubled users on the OBSD mailing lists regularly over the years.

I understand that Wi-Fi portions of OpenBSD aren't exactly prioritized, but are these issues even on the roadmap?

Talk to the hardware vendors (0)

Anonymous Coward | about 6 months ago | (#46410133)

When the hardware vendors release their hardware documentation, proper drivers can (and will) be written. Until that time, no dice.

It isn't lack of priority, it is lack of (non-restricted, non-NDA) access to the chipset documentation.

Re:Talk to the hardware vendors (1)

carlhaagen (1021273) | about 6 months ago | (#46410215)

Proper support for power-saving clients comes down to buffering outgoing packets until the client asks the AP for them, rather then instantly sending them to the client which may or may not be asleep at that point. This is not a driver firmware issue, it's a fundamental stack problem and lies entirely in the hands of the OpenBSD developers.

What does OpenBSD/OpenSSL/etc. need? (3, Interesting)

tearmeapart (674637) | about 6 months ago | (#46409899)

In your opinion, what does OpenBSD/OpenSSL/etc. need from the community?
Now that you received a large donation to keep the lights on, what is next on the list of things that would help move things forward?

why are security fixes distributed as patches? (0)

Anonymous Coward | about 6 months ago | (#46409903)

production hosts usually don't have compilers on them unless they are really needed but openbsd distributes security patches instead of precompiled binaries which could easily replace the old ones. this makes patching a production system more complicated than on linux servers and lead to a more insecure system which should not have any compiler installed. why is this the case and will this change in future?

Like clockwork. (0)

Anonymous Coward | about 6 months ago | (#46409935)

To me it seems the OpenBSD project is one of the most organized open source projects out there. It's release scheduled chimes like clockwork and it has been going like this for many years now. I have read that "Dictatorships" (read Corporations) are generally more efficient than "Democracies" (read Volunteer Communities) as bureaucracy is reduced and decisions are swift, do you consciously lean to the "Dictatorship" leadership style for the project guidance of OpenBSD and do you think it is because of that style that the OpenBSD project is run so efficiently?

(Ok I think that might have been 2 questions.. but I only used one question mark so i think it will pass)

What are your thoughts regarding Capsicum? (1)

tanawts (786512) | about 6 months ago | (#46410059)

I see that GSOC 2014 has a proposal to port Capsicum to OpenBSD.

OpenCVS (0)

Anonymous Coward | about 6 months ago | (#46410063)

So what is going on with OpenCVS?

Its been coming soon for a very long time!

mod 0P (-1)

Anonymous Coward | about 6 months ago | (#46410207)

FUCKING USELDESS EFNet servers.

carp (0)

Anonymous Coward | about 6 months ago | (#46410425)

openbsd carp squats the mac address range that's assigned to vrrp and this causes severe connectivity problems if users run both protocols on the same lan with the same vhid/vrrp group id. why did you/the openbsd developers deliberately make this choice when you knew full well that it would cause breakage for end users due to the same mac addresses being used?

What are your thoughts on the "Pottering of Linux" (1)

tanawts (786512) | about 6 months ago | (#46410481)

How has OpenBSD managed to avoid these sorts of decisions historically?

Any plans of getting a proper auditing daemon? (1)

dremspider (562073) | about 5 months ago | (#46410627)

I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?

bigmem? (1)

Anonymous Coward | about 5 months ago | (#46411009)

Why is bigmem still off by default on x86 platforms?

What is OpenBSD best used for? (0)

Anonymous Coward | about 5 months ago | (#46411151)

What do you see OpenBSD best utilized as by multi-OS power users who aren't afraid of trying new things? A firewall? Number crunching platform base? Cluster node platform? Refined DNS server? Minimalized desktop environment?

I'm not afraid to get my hands dirty, or look under the hood at kernel ops, but I'd like to know what you think your platform is best at if I'm going to consider it. What sets it apart?

Was documentation a priority? (2)

dubbreak (623656) | about 5 months ago | (#46411213)

If so, how did you make it a priority? More specifically, as the leader of OpenBSD what did you do to ensure great documentation?

As a software developer I know that documentation often falls to the wayside (features take priority, schedule already tight etc). As a project manager it's difficult to get good documentation (staff does poor job, stakeholders don't want to pay for it etc). OpenBSD has really good documentation (in my opinion) and it was really useful when initially getting to know OpenBSD, PF etc. Most of the pay for middleware I use has documentation that is absolute shit (incomplete, wrong, not up to date etc). To me the state of documentation in OpenBSD is more impressive than "Only two remote holes in the default install, in a heck of a long time!". Of course, "You'll love our man pages!" doesn't have quite the same ring to it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>