On 10/06/13 20:48, dera...@cvs.openbsd.org wrote:
Now, why do I mention this in relation to OpenBSD? Well, at the end
of 2007 someone decided to open an impersonation account on twitter in
my name, and start sending a mix of things I have said (see wikiquote
for instance), with things that I would never say. That account is
http://twitter.com/theoderaadt
A few notes: The account has now changed to declare that it is a
parody account and renamed to "Not Theo de Raadt", as of a few days
ago. If you read back into the past, you will see true character of
the account and the individual.
People in the local community were directed to the account, to give a
negative, if not slanderous, view of my character. The ones directing
them have high-profile roles in the community, so people would take
what they say as true. Since I am the network manager for the
exchange equipment, this by extension was meant to hurt YYCIX.
Why would stewards of important infrastructure projects deliberately
spread such false stories?
[...]
Layers of hurt being thrown around. Why?
I don't know, but I can guess. Probably the same reason that a year or
two ago some crap came out trying to discredit OpenBSD's IPSec
implementation: To discredit you, and OpenBSD as a whole.
Like I said, I have absolutely no doubt the NSA has been keeping tabs on
OpenBSD as a whole. Anything more than that is pure speculation on my part.
You, and the project, are financially reliant on donations, so if you
are discredited, those donations lessen, and the project falters. I'd
bet money that the NSA would love to see OpenBSD "go away".
What other real options would someone, like the NSA but not necessarily
them, or just them, have?
Hack the OpenBSD servers? Good luck with that. OpenBSD is the "gold
standard" in the hacker underground. I've heard hackers say that when
they are looking for targets, they skip the OpenBSD boxes they find; a
waste of time. (I don't know how true that is, so take it with a grain
of salt.)
Inject code? (Like was alleged in the IPSec situation.) Good luck.
Commits are public, reviewed, audited, etc.
Corrupt the project leaders, usually financially. Theo is an idealist.
(I mean that in a good way, don't get me wrong.) If he wanted to make
serious money, he could easily do so with his reputation, experience,
and skill set. I wish anyone luck with corrupting Theo, or those he
trusts, with money. I deeply believe that unlike psychopathic
CxO-types, he's not in it for the money, or power.
Blackmail the leaders into doing your bidding. Last I checked, Theo
isn't married, so he doesn't have to worry about a leak of him with his
mistress. I suspect that Theo wouldn't cave if someone were to reveal
he used the services of ladies of the night. (For the record, I'm just
making up scenarios here, I have no idea what he does in his private
time, other than cycling.)
The other thing to consider is that I don't think many people in the
OpenBSD community would give a shit if Theo did "questionable" things in
his private life. I'm not interested, and I doubt any serious person
would be. I simply look at the work he does. The dedication and quality.
*Everyone* has secrets, period. Nobody wants cameras in their bedrooms
or bathrooms. (Canada had a Prime Minister in the 70s by the name of
Pierre Trudeau, that said quite clearly that the state has no business
in the bedrooms of the nation. He made plenty of mistakes, but he got
that one dead right.) What would Theo's (fictional!) indiscretions, or
any other dev's indiscretions, have to do with OpenBSD development?
Nothing.
However, not everyone thinks that way, so I think one of the simpler
ways to attack OpenBSD is to discredit the project (IPSec), and
discredit the project leader (fake twitter bullshit). This demoralizes
the funding base. It scares people away, whether they are existing
users or potential users. Some say there's no such thing as bad
publicity. I beg to differ.
Theo needs to continuously refute the bullshit with truth and honesty,
standing on his body of years of dedication and work. Given his status,
I'm sure that would be a full-time task in itself. Perhaps a PR firm
using OpenBSD could donate some work in that area, to give back. (I
realize that's wishful thinking, but you never know..)
I'm sure Sun Tzu could read more into this, but he's dead. One of his
principal tenets was "know your enemy", and thanks to Snowden et al., we
have seen the enemy, they are legion, and include the NSA. Now we know
much more about them, their tactics and methods. Again, he is a hero.
I'd laugh if his future leaks were titled "To: NSA; Subject: From Russia
with Love". :)
--
Scott McEachern
https://www.blackstaff.ca
"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers,
kidnappers, and child pornographers. Seems like you can scare any public into allowing
the government to do anything with those four." -- Bruce Schneier
