Slashdot Log In
OpenBSD 3.0 Release, Interview with Theo
Posted by
michael
on Thu Nov 29, 2001 01:28 PM
from the wuftpd-not-installed-by-default dept.
from the wuftpd-not-installed-by-default dept.
mvw writes: "Here is an interview with OpenBSD's Theo de Raadt. Interesting is his comment on Soft Updates and the comparison to the rivaling Journaling file systems technology. Further he links to a very interesting paper by some Soft Updates researchers." And although OpenBSD 3.0 has an "official" release date of December 1 for whatever reason, it seems to be available by FTP or CD already. Lots of changes since 2.9.
This discussion has been archived.
No new comments can be posted.
OpenBSD 3.0 Release, Interview with Theo
|
Log In/Create an Account
| Top
| 307 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
As much as I (Score:1)
Re:As much as I (Score:5, Funny)
take a look at this [theaimsgroup.com]
it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.
Is waiting for fsck to finish really that much of a problem for you?
Re:As much as I (Score:4, Funny)
Yes, actually, when you're dealing with servers with 100's of gigs.
This is a very good thing! (Score:3, Informative)
For those running OpenBSD, especially as a gateway/firewall/NAT box, this is an important fix. I am running 2.9 with this patch added, and my snort [snort.org] logs tell me (judging from the number of attempts) that this exploit is a fairly commonly tried one. In November alone, there were at least 30 lpd overflow attempts on my machine. Granted, not most people have lpd open to the world, but I can imagine a few people might want to do remote printing from work, etc.
Re:This is a very good thing! (Score:4, Flamebait)
Fixes (Score:3, Informative)
Here is the list: http://www.openbsd.org/errata.html [openbsd.org]
Don't forget to update to OpenSSH 3.0.1
-J
Release Date (Score:3, Interesting)
Probably because they want to avoid a fiasco like the last tremendous release mess that michael caused [slashdot.org].
It's not uncommon for "official" releases to be after the initial release. It's like when a large department store has a "GRAND OPENING". In many cases, the GRAND OPENING is about a week after the store actually opens. Or if the store opens during the week, the GRAND OPENING will be on that weekend.
The origin of OpenBSD (Score:5, Informative)
If you haven't read them before, it's quite a read, and a good lesson of how personal politics can fragment a collaborative project.
Here's the link: http://zeus.theos.com/deraadt/coremail [theos.com]
Re:The origin of OpenBSD (Score:4, Insightful)
He's got a right to be an asshole, and god knows I'm the pot calling the kettle black, but to link to those emails and think they provide vindication is heavily disconnected from reality.
Re:The origin of OpenBSD (Score:4, Insightful)
Then I guess you are just stupid.
That made me laugh like mad. I love it. Sounds like me. Sounds like my friends. Hey, he cycles. He caves. He founds OpenBSD. He speaks his mind. He has a sense of humor. He sounds cool, not like an asshole at all.
Some of the other people I was reading... Like the guy who kept on about professionalism and representing your organization, even in private e-mail... sound like pricks/assholes to me. I've had to deal with people like that -- people who feel like the dollars and the "drive to succeed" are all that matter and that individuality and honesty have no place in America.
But then, I will never sell me soul to my employer or anyone else, no matter how much cash or recognition it would get me. Guess that makes me a commie.
Rant, rant, yaddah, yadda...
I dig Theo. OpenBSD just scored personality points in my book.
Re:The origin of OpenBSD (Score:5, Insightful)
Basically, Theo had a history of being abusive and petty to anyone who didn't meet his standards of cluefulness. He pretty much admits this himself in the interview. This was alienating a large number of NetBSD developers who ended up leaving the project (I was one of them.)
The Core team repeatedly asked him to tone it down; their feeling seemed more of a "anyone who wants to help with NetBSD will be welcome," instead of "You must be this elite to code NetBSD." Theo maintained that he was doing nothing wrong.
Eventually, they shut Theo down, which is where the email thread starts. A large part of the thread deals with Theo's requests to regain CVS access. The Core group was willing to submit his code as patches themselves, but Theo would only submit code if he could have CVS write access. Core was worried that Theo might decide to get "revenge" by damaging the CVS tree; This might seem worry-warting, except they all knew that Theo had been previously fired from a SysAdmin job at the U of C for doing something like that.
Eventually, Theo started OpenBSD and now has his own sandbox where nobody can tell him what to do. In the end, I guess that's good, because both OpenBSD and NetBSD regularly crib from each other's trees anyways and people now get the choice of whether they want to deal with Theo or not.
Sounds like Linux (Score:1)
Why 1st December ... (Score:1)
On the plus side, you don't have to answer to the question "when will be the next release"
MandrakeBSD? (Score:5, Insightful)
b) I'm surprised (not to say hurt, disappointed and disconsolate) that no one (am I wrong?) has come out with the equivalent of Mandrake to at least one of the BSDs -- and by equivalent I mean in a certain superficial but important way: user-friendly, pretty install, emphasis on user experience, intelligibility.
c) Really, I'm just talking about the install. Something with some graphical flair, built-in help system for new users, and a game or two, or a little slideshow, or some interesting history text files, *something* built in to play while slow parts of the install proceed. No accounting for taste, but I think there are a lot of good graphic artists (all the Ximian stuff, for instance, and many great KDE examples) working in the world of free software. (Hey, I also like the BSD art, so obviously I am open for attack by the art critics;)).
I name Mandrake as my prototype here, just because I happen to like their stuff -- RH also makes a pretty install, not quite as cute, and so do several other distros. But Mandrake is in Walmart, which suits my example ("Walmart: making things accessable to the masses")
Cheers,
Tim
Re:MandrakeBSD? (Score:4, Insightful)
VMS is the original anti-UNIX. It later added some general POSIXy behaviour simply because everyone was using UNIX. Windows NT also had the stated goal of becoming "a better UNIX than UNIX," but they certainly haven't spent much time actually trying to be Unix compatible. Their POSIX layer is a joke, and they don't even have a decent way to fork() for crying out loud.
Besides, while Microsoft almost certainly is looking into "borrowing" portions of BSD code (which will then magically become innovative), they aren't ever likely to actually release an OS that is Unix like. Part of the fun of the BSDs, Linux, and Commercial Unixen is that it usually isn't too much trouble to port your software from one of these platforms to a different one. This is precisely what Microsoft wants to avoid. Microsoft wants the equivalent of a one way valve when it comes to software portability. They want for it to be easy to port from Unix to Windows, but they want it to be impossible to port from Windows to Unix. Clearly shifting to a BSD based OS would work against them.
Status of the pf packet filter? (Score:1)
Is it stable, secure, and feature complete or is it recommended to install ipf from other sources?
3.0 already? (Score:1)
Code at the speed of light!
Interested... (Score:1)
Does OpenBSD include any support for decent irc connection tracking like what is available in iptables for linux? I have people behind the gateway that use DCC within IRC, and without good connection tracking, I'm not sure how to go about securely allowing one or more people to use IRC and have DCC work.
Everything else I plan on using this system for (software RAID, NIS+, samba PDC and fileserver, NFS) seems to be fine, but this one little nitpick of mine may keep me off of OpenBSD.
Also, how is the raid implementation as far as moving the array from one openbsd install to another, and is there any semblance of lvm there? The volume management stuff w/ resizable partitions would be nice, but by no means necessary..
softupdates new? (Score:1)
pf : an excellent packet filter (Score:5, Informative)
pf seems to be very stable so far. Just don't forget to apply the related errata if you're planning to use IPv6.
Another great feature of OpenBSD 3.0 regarding network filtering/routing is the integration of AltQ, that brings quality of service to your IP traffic. It basically has the same (but very flexible and efficient) algorithms and class system that Linux has. But it's very nice to see it in OpenBSD.
Re:pf : an excellent packet filter (Score:5, Informative)
OpenBSD 3.0 has a transparent ftp proxy called "ftp-proxy". You have to run it through inetd (or any super server. I use it with tcpserver) . It listens to a local port, and you just have to redirect outgoing traffic for port 21 to the local ftp proxy port. It allows active and passive connections to NATed internal hosts.
If it can help, my
rdr on vr1 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
nat on vr0 from 10.1.1.0/24 to any -> 195.132.209.36
I start ftp-proxy like this :
*WARNING*
ftp-proxy has a nice security feature to only accept anonymous sessions (-A). But don't trust it : clients can bypass the restrictions with some buggy servers (the flaw works with proftpd and ncftpd. it doesn't work with pureftpd) .
* For firewalling (without NAT) :
You have to explicitely open some ports for active connections. For the minimum number of ports : choose at least twice the max number of simultaneous sessions you need. Open them on the firewall. Then, force your FTP server to only use these ports. On Pure-FTPd, it's with '-p
pure-ftpd -4 -p 50000:51000 &
(don't forget '-4' for OpenBSD) .
file systems (Score:1)
Thank you.
"Don't like my spelling? blame a teacher"
Re:file systems (Score:5, Informative)
http://www.usenix.org/publications/library/procee
http://www.osnews.com/story.php?news_id=153 [osnews.com]
http://www.freebsd-fr.org/docs/fr/others/systeme-
http://www-106.ibm.com/developerworks/linux/libra
http://docs.freebsd.org/44doc/smm/05.fastfs/paper
ISO download (Score:5, Informative)
As usual, ISO images here [zedz.net].
I'm waitting on our 3 OpenBSD CDs (Score:3)
OpenBSD has a real problem that I was never able to resolve, this makes it worthless for a database server. The machine is quite "efficient" with memory, which let it run with very little memory. However, with a lot of memory (our db servers normally have 1.5GB -> 2GB, I LIKE giving PostgreSQL lots of buffers and sortmem) there is little documentation on tweaking the system. I even contacted the developers in charge of the SysV memory support, etc., and they thought I hit the crack rock a little to hard.
For web servers, however, I'm quite comfortable with our OpenBSD servers sitting open on the Internet. I'm terrified of a RedHat box not being hidden. As a result, I keep the database nice and hidden.
Linux blows OpenBSD's performance away. This is a matter of Linux focusing on performance. However, for web servers (that for us just run PHP, mod_rewrite, and some other toys) I don't care... When I need more web serving power, I buy another web server for $2K. Having SSL built in to Apache is nice, and the ports is too fucking slick.
BTW: OpenBSD seems to run quite nicely on my Penguin Computing 1U servers...
Alex
I expect to keep our production servers on 2.9 for 2-3 months, but move development to 3.0.
Looking to get into using BSD (Score:1, Offtopic)
So.....
1. Which is the easiest/best to get started with?
2. Which has the best documentation
3. Do any of them have compatability with Linux configuration tools like Kudzu and HardDrake?
4. Which one supports the most x86 hardware
TUX2 Phase Tree: Better than Soft Updates (Score:1, Flamebait)
TUX2 Phase Tree: Better than Soft Updates
As Levar Burton says in Reading Rainbow, "but don't take my word for it."
-l
KDE on PPC? (Score:1)
--saint
The reason for the early release: (Score:3, Informative)
Btw, the headlines from this site are available as a slashbox, just check the box in your
Snake_dad (who runs Linux, Winedose, Novell 3.12 and
This is a few days old (Score:2)
This news (both Theo interview and others) has been up for a few days on OpenBSD Journal [deadly.org].
Slashdot readers who have made an account and are logged in can customize their display [slashdot.org] to add the headlines from OpenBSD journal and other sites to their main slashdot page, and catch news like this as it happens. It's a neat feature. ;)
Slashdot bias (Score:2)
-Aaron, who has seen too many serious posts that began with similar statements
The main problem with OpenBSD (Score:1, Interesting)
I read that T.Deraadt email thread when I first looked at OpenBSD, and my initial impression was that Theo had a real baaaaadddd attitude. I do know for a fact that a lot of the NetBSD folks were upset to see him leave and fork off his own version of the OS, and to lose him as a developer. But in reading his email he obviously has a problem with taking any criticism, and had no problem with jumping down someone's throat with a flamethrower and foul language. Denial, its not just a river in Egypt...
Not that I wouldn't use OpenBSD, or any other operating system that met my technical needs, whatever the personality of the people involved. I've dealt with enough bad attitudes from commercial OS vendors in my years in the industry to be able to deal with it if I have to. It just seems that *BSD has an extra heaping helping of bad attitudes that make commercial vendors look like pikers.
If you *really* read that email thread, you would see the attitude loud and clear. "We don't think that it helps anything for you to tell someone he's a f**khead when he's posting a message trying to help with the OS development." "F**K YOU, *I* want control of the source and if you don't like it I'll fork my own off!"
That's my impression of it... He sounded like an immature little upset kid to me. The development of any of the O.S. OS's is a group effort, and having one person think they have all the answers and have to be the one in control is dead wrong. So, now he *has* control of his own fork of BSD, and lost the ability to maintain many of the various platform ports because he has no developers. Thus, the OpenBSD page says that for a VAX port, for instance, "support can be easily ported over from NetBSD". Why these problems are so prevalent under FreeBSD/OpenBSD/NetBSD remains something of a mystery. These systems seem to be self selective in their attraction to weirdos and big egos.
The split had nothing to do with the quality of his coding work, and everything to do with his nasty attitude towards people... and NOT just the people of NetBSD Core, but other people who were just civilians trying to help out, or looking for help. No wonder BSD has lost.
Just installed it... (Score:1)
I recently installed 3.0 to replace a 2.8 that I was using as a firewall. At first I didn't want to upgrade due to ipf and ipnat having been removed (ipnat in particular is quite powerful given its simplicity). Fortunately, pf is quite easy to set up, and I managed to do the switch in the course of one work day (most of it spent installing the OS). I noticed the following gotchas, though:
However, those are minor issues, mind. In the end, I'm quite pleased with the changes. It "feels" much more stable, for one. And the installer couldn't be any simpler: it sets up your disklabels, formats the partitions, configures your network connections, and downloads the OS, and you only need one floppy for that.
Say it like it is. (Score:2)
From the interview:
You gotta love comments like these! Well, you might not, but I do anyway. I say, why hide behind glossy, laminated marketing? (By the way, I'm not trying to say anything against the NetBSD team. They're good folks and NetBSD is a great product, as is OpenBSD.) All I'm saying is that people should say things as they are. If you can't read a man page, you shouldn't be using a computer! It's as simple as that.Oh well.
Good read; Proper maintainance. (Score:2)
Theo included a good link [usenix.org] in his interview...
I just finished reading it and it is some wonderful information. Seriously, everybody who runs any of the BSDs or Linux should read this paper. It will give you a much deeper understanding of what's going on and why, and this will lead to better choices when you configure your next box (or maintain those you're running right now). As always, reliable operation of any machine (be it a computer, a car, or a nuclear power plant) depends heavily on knowledgeable use and proper maintainence.
Oh well.
SLACKERS! (Score:1, Offtopic)
Better start beefing your trolls up. You're gonna get overrun by a buncha girly geeks!
-DFW : Jamie banned.
Re:When I installed... (Score:1, Informative)
http://www.tuxedo.org/~esr/jargon/html/entry/wh
Re:Donations have slumped? (Score:1, Informative)
It is too bad that OBSD lists/newgroups are often frequented by impressionable Theo-wanna-be's that are under the misimpression that it is cool to be rude. Theo acting alone would just be a curiousity
As to the lack of SMP support, the OBSD core group's reasoning is pretty sound. They feel that it will introduce security complications, and isn't a big advantage in the roles OBSD generally serves (e.g. firewall; basic web-server; OBSD enthusiast desktop). Since security is their priority, it is ridiculous to critize them for slow progress in SMP support. I believe the official line is the unreligious statement 'if you truely need or want SMP, look elsewhere for now'.
Re:When I installed... (Score:1)
users in the wheel group can "take the wheel", as it were. if you're not in wheel, you don't get to drive. wheel is still implemented on openbsd and freebsd (dunno about net)
Re:Donations have slumped? (Score:1)
itachi
Re:VA Software confirms.. *BSD is dying (Score:1)
In case you didn't even bother to read the title of the parent article (except for the letters "BSD"), OpenBSD 3.0 is going to be released on December 1st. New releases are not a good sign of impending doom.
"Mothra, you are Life Eternal! Hear the prayers of your servants. Come back to us from out of the legend. Come and save us with your power of Life!"
- From the US release of "Mothra"
15 days until Mothra returns!
Re:Donations have slumped? (Score:1)
as Theo says, he does it as a hobby and doesn't want to force anyone to use OpenBSD.
The fewer users, the more the developers have time to hack (which is joy for him).
Even I got an answer
> journalling is for linux weenies
I liked fewer fsck time, but I have let me persuade by the team. Softupdates are ok.
See the thread on linux-kernel@ (yes I follow l-k, misc@, tech@, source-changes@ and few others) on "Journalling pointless with today's hard drives?"
> what did you do before
4.2BSD FFS
4.4BSD LFS
check it out - LFS is still in the tree (escept for newlfs), albeit defunct.
I tried to get it running, but won't compile.
> bit performance boost on SMP
A Pentium-133 with 64MB RAM can easily saturate a 100Mbps line as web- and fileserver at up to 30% load.
My Pentium-100 (OC'ed 90) with 24MB additionally acts as Samba server and router/NAT/firewall,
and as IPv6 native router + tunnel endpoint.
This box using a Hercules gfx card (oh yes, this thingy at 720x348x1) and a self-built snapshot by anoncvs. It is rock solid, and I regularily hit the power switch by accident.
And my Windoze user profiles are stored on it, and it's my companion on almost any LAN I attend.
> Security
Prove an exploit.