Re: OT: Re: [m0n0wall] OpenBSD Packet Filter in m0n0wall?

From:	Jim Thompson <jim at netgate dot com>
To:	"Sancho2k.net Lists" <lists at sancho2k dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: OT: Re: [m0n0wall] OpenBSD Packet Filter in m0n0wall?
Date:	Wed, 30 Mar 2005 22:53:25 -1000
Sancho2k.net Lists wrote:

>Jim Thompson wrote:
>
>  
>
>>OpenBSD's "security uber alles" was originally a fine thing. Now its
>>essentially marketing hype, since the playing field on that front is
>>essentially level. Performance will soon level out, except where
>>FreeBSD's VM continues to dominate on Intel hardware (and then only for
>>applications that are sensitive to VM performance issues.)
>>    
>>
>
>Innovation can hardly be labeled legacy. What most people see as a claim
>to security I see as an innovative approach to hardening the operating
>system on many levels. Was it not the production of a free SSH protocol
>package that encouraged users to move away from dangerous r- utils and
>telnet? 
>

Bah.

I was managing Doug Barnes (Of c2.net fame, I managed him @ Tadpole) 
when he was working on a DH-enabled telnet (and ftp) package back in 
1993, as part of a larger "austin-cypherpunks" group, which also 
included Jim McCoy (of mojo-nation fame), etc. It was even working 
before ssh hit the net, and used telnet extensions to get its work done, 
so the IETF process would have been... minimal.

http://cypherpunks.venona.com/date/1993/11/msg00366.html
http://cypherpunks.venona.com/date/1993/11/msg00745.html

The 'SSH idea' was hardly original, nor did the OpenBSD group originate 
the protocol. Yes, they produced a 'free' one. Rah. History: 
http://www.openssh.com/history.html

>Was it not strict adherence to integrated security, auditing and
>rewriting applications, and coding the base platform with safety in mind
>ahead of features that gave it the reputation it has today?
>
This was Theo's focus when he split off from NetBSD. He was "leveraging" 
his Canadian-ness. Do we have to re-hash that history here? See: 
http://zeus.theos.com/deraadt/coremail.html for Theo's version.

> I feel it is
>unfair to dismiss so quickly a platform that has had so much positive
>influence on the "other" *nix operating systems everyone runs. 
>
You make it sound as though OpenBSD influences the others, but OpenBSD 
takes *nothing* from
FreeBSD, NetBSD, linux, etc. Rather than bait you, I'll just state that 
this is in no way 'true', and
wait for you to retort.

>
>>OpenBSD's legacy challenge remains the issues encountered when dealing
>>with Theo, and the wireless HAL damage.
>>    
>>
>
>Bah. Atheros isn't the only chipset out there, nor will it keep its
>current post forever. 
>
Nor will Wireless LAN be important 'forever'. But its important now.

>As for Theo, I happily run OpenBSD without having
>the least amount of interaction with him. I don't see the influence of
>one man affecting the project in as severe a way as your portray, and
>I've been using it for around 5 years. If I pulled that attitude about
>people in Theo's position, I wouldn't use the telephone because the CEO
>of Qwest is an ass.
>  
>
But have you had *personal* interactions with either?

I was part of the IPF explosion..., which was post OpenBSD explosion. 
When Darrin changed the license
for ipfilter, I offered up the Smallworks (smallworks.com is now my 
blog) "netgate" product (check my email address) which was a 
packet-filtering firewall. Since my work pre-dated nearly any 
conceivable "packet filter" patents, it would have neatly closed the 
whole Bay Networks patent issue that Darrin raised.

Theo went 'pf', and the other distros went their own way. No problem. pf 
was a fine choice.

But Theo has always been rude, and OpenBSD is his bully pulpit. I choose 
to not participate.

Jim