Theo De Raadt Says FreeBSD Is Just Catching Up On Security 280
An anonymous reader writes "The OpenBSD project has no reason to follow the steps taken by FreeBSD with regard to hardware-based cryptography because it has already been doing this for a decade, according to Theo de Raadt. 'FreeBSD has caught up to what OpenBSD has been doing for over 10 years,' the OpenBSD founder told iTWire. 'I see nothing new in their changes. Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone.'"
Framing the debate (Score:4, Informative)
As usual:
- Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the
times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.
- FreeBSD really is stupid about some things.
Let's take for instance their complete refusal to implement any strong security in their distribution chain.
You can't verify their ISO's or packages back to their source in any way. Their repo is ancient svn, not
git or monotone, so they have no signable hashes in their repos. There's no deterministic builds. etc.
And when you bring it up, they just handwave about process and workflow as reasons to continue
doing the same. FreeBSD is pretty damn good as an OS, but their standing on these things is BULLSHIT.
Re:Do these projects OpenBSD, FreeBSD matter anywa (Score:2, Informative)
aaa.... everywhere? just cause you are living under a rock, doesnt mean that everybody else is. dunno what os you're using right now, but chances are pretty high you're using a tool/technology/library developed by one of these bsd's.
windows - shitton of tools are taken verbatim from freebsd (network related)
mac - is a freebsd 5 clone, with improvements made to it (plus a ui) and backported from the main release. they have on payroll a fair few of the freebsd folks.
all of them (linux included): anything security related, that's openbsd. when they dont take from openbsd they do it wrong and they have holes.
Re:Do these projects OpenBSD, FreeBSD matter anywa (Score:4, Informative)
Also, Mac OS X is essentially a fork of FreeBSD.
The OS on all Juniper equipment is a modified version of FreeBSD.
The Playstation 3 and 4 OS are both modified FreeBSD.
Plus more [freebsd.org].
Re:Framing the debate (Score:5, Informative)
Yeah the bit that struck me here was that Theo was relatively complimentary about Linux and Linux devs. eg mentioning Linux also did this stuff ages ago and that OpenBSD used some research from Ted Ts'o (and others) in their implementation.
So the complaint wasn't about credit for who was first, just about how FreeBSD got a bunch of Snowden related media coverage for something practically everyone else did ages ago as if it was something new to worry about.
Re:Framing the debate (Score:4, Informative)
And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.
Citation needed. I can't find a published example of any actual SHA-1 collision, much less one from a Git repo.
Re:Quick Wiki Summary (Score:4, Informative)
Re: Now, if... (Score:3, Informative)
The openbsd installer is one of the fastest and easiest installers I have seen. I prefer the developers work on developing a secure and functional system then waste time making a pretty GUI for the people who have phobias of text interfaces, or can't be bothered to learn how to edit a text file.
Not really (Score:4, Informative)
He's often "technically correct". What I mean is that OpenBSD is really secure in its default setup... because it doesn't do fuck-all. Security via turning off everything isn't really that impressive. When something is supposedly so much superior on a security front, yet seems to get very little usage, well, there's a reason.
Also, even if you are right, you shouldn't be a dick about it. Perception matters in the world and if you want to persuade people to your position, you need some empathy. If you act like a jerk all the time, it puts people off and makes them dislike you, and thus not consider the content of your claims.
Re:Do these projects OpenBSD, FreeBSD matter anywa (Score:3, Informative)
Also, Mac OS X is essentially a fork of FreeBSD.
Bull [wikipedia.org]-fucking [wikipedia.org]-shit [slashdot.org].
I know this is slashdot, but for fuck's sake you should still know better than that! And +5 informative too?
What the fuck is wrong with you people?
Re:Framing the debate (Score:3, Informative)
But in the mail you link to, Linus was talking about collisions of the *first 7 characters* of the SHA1-Hash, not a full SHA1 collision. This is opnly important, because in many situations, git defaults to printing only the first 7 digits of the hash, not the full hash. It is *not* a SHA1-collision.
Up to this date, there is no (public) known SHA1 collision, and there is no (public) known method to generate one within any reasonable time frame.
Re:Not really (Score:4, Informative)
Not having stuff running by default is not the only thing OpenBSD does. It has a crapload of features regarding security, starting with the very nice firewall, so please go educate yourself and then comeback. That system is perfect for production systems like web servers and proxy servers which is where I use it.
Re:Do these projects OpenBSD, FreeBSD matter anywa (Score:3, Informative)
Pedant fail. The basis for OS X was NeXTSTEP, and the basis for NeXTSTEP was BSD.
Have you considered switching to fucking decaf? Then you might notice that operating systems are more than just a kernel.