Despite feeding a troll, since it was posted on advocacy@ I felt the urge to share how great my 10 years plus experience has been with OpenBSD that run all our backends and internal communication system. We've been online since 1998 and it is the OS that helped us topple a 23 years old dictatorship in Tunisia/North Africa (for the brief account http://www.technologyreview.com/featuredstory/425137/streetbook/ )
Best Foetus On Fri, Jul 5, 2013 at 6:58 AM, Douglas Allen <[email protected]> wrote: > On 7/4/2013 10:56 PM, Thomas Jennings wrote: >> >> Regretfully, I have decided to abandon OpenBSD and thought I would >> share my reasoning with this list. I thought the 4th of July was a >> good date to do so since my reasons address national security >> implications. As a group of people who take development, security, and >> privacy seriously, I know you will want to know why I made the drastic >> decision to abandon OpenBSD and never look back. > > > You are free to use or not use whatever software you wish. I won't try to > change your mind. However I would need more evidence than you have put > forth here to get me to make changes to the machines I have here. > > >> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy. >> After being fired from the NetBSD team, Theo forked the code and >> started OpenBSD. He's been pretty much solely responsible for >> development of OpenBSD over the years, taking volunteer code as he >> sees fit. He also has final say over security audits in the operating >> system, something that turns out to be very important. > > > I have known several of the developers over the years, including Theo. He > can be blunt at times, which is fine from my point of view. I know he left > NetBSD because of differences of opinion on how certain parts of the system > should proceed. He forked the code and started OpenBSD, as you stated. He > has never, to my knowledge, told anyone that they HAD to use OpenBSD. If > people don't like the way he does things, they are free to go elsewhere. He > has never tried to make any other way to my knowledge. > > >> I was prepping to migrate the whole of our shop, a regional ISP in the >> United States of America, to OpenBSD 5.3 when the news broke: CBS News >> reporter Sharyl Attkisson claimed, during a live radio interview, that >> she had been dealing with suspicious computer and phone issues. Check >> out this snippet from the full transcript of the interview. One line >> in particular trashed my plans for the OpenBSD upgrade: >> >>> Well, I have been, as I said, pursuing an issue for a long time now — >>> much longer >>> than you’ve been hearing about this in the news — with some compromising >>> of my >>> computer systems in my house — my personal computer systems as well as my >>> work computer systems. I thought they were immune to being compromised — >>> because they all ran OpenBSD — but I guess I was wrong. So, we’re digging >>> into >>> that and just not ready to say much more right now, but I am concerned. > > > Without knowing exactly what Ms. Attkisson is running on those machines, I > wouldn't venture to try to explain in any detail why the issues are > occurring. It has, to my knowledge, always been the stated position of the > development team that they only audit the base software. They do not > guarantee that they have audited the software in ports or packages. Since > it has been my experience that few people run a system with nothing from > ports or packages, it seems at least possible that any security hole may > come from that source. I consider it unfair to blame either the project or > people within it for problems with software that they did not write > themselves. > > >> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT >> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME >> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS. >> >> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come >> to mind. OpenBSD is part and parcel to the United States Federal >> Government's program to spy on its own citizens through bodies like >> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC >> about a dozen years ago. > > > I would need more evidence than one persons statement of their existence, > before I would believe such a statement. > > I believe that the project is located outside the U.S. to avoid having to > provide exactly what you are claiming to exist. I also believe that certain > contracts were not renewed between members of the development team and > certain U.S. governmental agencies for the same reason. > > >> The kicker is that Theo denies anything suggesting that OpenBSD is >> less than perfect at security, as if he's personally offended by the >> mere suggestion. He routinely attacks developers and enthusiasts for >> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE >> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE >> HISTORY OF THE WORLD?! > > > What I have seen is Theo denying a suggestion without be given proof that a > problem in fact exists. As one person who has been on the receiving end of > a few caustic replies from Theo, I can understand why he gets that way with > people who do not even make an attempt to look for an answer in the > documentation. In each instance, I would say that it was justified - since > I either hadn't looked far enough into the documentation or into pieces of > code where the documentation did not completely answer the question. I also > maintain that in my cases, it was justified to be a little unpleasant > because I could find or figure out the answer once I did make that detailed > search of the documentation and/or the source files. > > With all that said, I again reiterate that you are free to use whatever you > wish to use for your own machines and any machines that you are required to > maintain. > > Doug
