Why I abandoned OpenBSD, and why you should too...

classic Classic list List threaded Threaded
46 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Why I abandoned OpenBSD, and why you should too...

Thomas Jennings
Dear OpenBSD developers and users:

Regretfully, I have decided to abandon OpenBSD and thought I would
share my reasoning with this list. I thought the 4th of July was a
good date to do so since my reasons address national security
implications. As a group of people who take development, security, and
privacy seriously, I know you will want to know why I made the drastic
decision to abandon OpenBSD and never look back.

I'm sure we've all heard of PRISM by now, the user-friendly name of
the United States Federal Government's massive civilian and resident
spying program otherwise known as US-984XN. PRISM is certainly bad
enough of its own accord, but it's how PRISM works, and the pattern of
behavior found in OpenBSD development, that was the tipping point for
my use of OpenBSD.

And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
After being fired from the NetBSD team, Theo forked the code and
started OpenBSD. He's been pretty much solely responsible for
development of OpenBSD over the years, taking volunteer code as he
sees fit. He also has final say over security audits in the operating
system, something that turns out to be very important.

I was prepping to migrate the whole of our shop, a regional ISP in the
United States of America, to OpenBSD 5.3 when the news broke: CBS News
reporter Sharyl Attkisson claimed, during a live radio interview, that
she had been dealing with suspicious computer and phone issues. Check
out this snippet from the full transcript of the interview. One line
in particular trashed my plans for the OpenBSD upgrade:

> Well, I have been, as I said, pursuing an issue for a long time now — much longer
> than you’ve been hearing about this in the news — with some compromising of my
> computer systems in my house — my personal computer systems as well as my
> work computer systems. I thought they were immune to being compromised —
> because they all ran OpenBSD — but I guess I was wrong. So, we’re digging into
> that and just not ready to say much more right now, but I am concerned.

Since that interview in May, I've watched story after story of direct
server access, PRISM, and NSA spying and connected some dots. For
example, consider the accusations that the FBI had been accused of
planting backdoors in OpenBSD's IPSEC in December of 2012, and that
the accusations later proved true. The two scandals broke 18 only
months apart.

Consider that PRISM allows the United States Federal Government to
directly access the servers of virtually any company doing online
business, including tech giants like Apple, Facebook, Google, and
Microsoft. But those same tech giants deny complicity. I'm sure we all
agree that personal privacy is beyond the scope of private enterprise,
but let's assume their denials are true. Then connect more dots:

OpenBSD has shipped on over half of all network devices, including
things like routers, switches, gateways, and servers, for the last six
years. The current estimated number of OpenBSD installations sits at
over 350 million devices, comprising an almost ubiquitous presence of
OpenBSD in networks worldwide.

EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.

There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
to mind. OpenBSD is part and parcel to the United States Federal
Government's program to spy on its own citizens through bodies like
the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
about a dozen years ago.

Yesterday, I told the company that we must migrate all our services
from OpenBSD to something else because the risk to our customers'
privacy and security is simply unacceptable. Theo de Raadt may seem
like some kind of guard dog of security, but he's really just a little
bitch bought and sold by the United State Federal Government.

The kicker is that Theo denies anything suggesting that OpenBSD is
less than perfect at security, as if he's personally offended by the
mere suggestion. He routinely attacks developers and enthusiasts for
simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
HISTORY OF THE WORLD?!

Today, be a true patriot to the ideals of personal privacy and public
liberty: prevent and reject any and all use of OpenBSD.

Happy 4th of July.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Ryan R
Please pass point to the code which you believe to be the backdoor so that
I may review it myself.

Thanks
On Jul 4, 2013 10:57 PM, "Thomas Jennings" <[hidden email]>
wrote:

> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.
>
> I'm sure we've all heard of PRISM by now, the user-friendly name of
> the United States Federal Government's massive civilian and resident
> spying program otherwise known as US-984XN. PRISM is certainly bad
> enough of its own accord, but it's how PRISM works, and the pattern of
> behavior found in OpenBSD development, that was the tipping point for
> my use of OpenBSD.
>
> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
> After being fired from the NetBSD team, Theo forked the code and
> started OpenBSD. He's been pretty much solely responsible for
> development of OpenBSD over the years, taking volunteer code as he
> sees fit. He also has final say over security audits in the operating
> system, something that turns out to be very important.
>
> I was prepping to migrate the whole of our shop, a regional ISP in the
> United States of America, to OpenBSD 5.3 when the news broke: CBS News
> reporter Sharyl Attkisson claimed, during a live radio interview, that
> she had been dealing with suspicious computer and phone issues. Check
> out this snippet from the full transcript of the interview. One line
> in particular trashed my plans for the OpenBSD upgrade:
>
> > Well, I have been, as I said, pursuing an issue for a long time now —
> much longer
> > than you’ve been hearing about this in the news — with some compromising
> of my
> > computer systems in my house — my personal computer systems as well as my
> > work computer systems. I thought they were immune to being compromised —
> > because they all ran OpenBSD — but I guess I was wrong. So, we’re
> digging into
> > that and just not ready to say much more right now, but I am concerned.
>
> Since that interview in May, I've watched story after story of direct
> server access, PRISM, and NSA spying and connected some dots. For
> example, consider the accusations that the FBI had been accused of
> planting backdoors in OpenBSD's IPSEC in December of 2012, and that
> the accusations later proved true. The two scandals broke 18 only
> months apart.
>
> Consider that PRISM allows the United States Federal Government to
> directly access the servers of virtually any company doing online
> business, including tech giants like Apple, Facebook, Google, and
> Microsoft. But those same tech giants deny complicity. I'm sure we all
> agree that personal privacy is beyond the scope of private enterprise,
> but let's assume their denials are true. Then connect more dots:
>
> OpenBSD has shipped on over half of all network devices, including
> things like routers, switches, gateways, and servers, for the last six
> years. The current estimated number of OpenBSD installations sits at
> over 350 million devices, comprising an almost ubiquitous presence of
> OpenBSD in networks worldwide.
>
> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.
>
> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
> to mind. OpenBSD is part and parcel to the United States Federal
> Government's program to spy on its own citizens through bodies like
> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
> about a dozen years ago.
>
> Yesterday, I told the company that we must migrate all our services
> from OpenBSD to something else because the risk to our customers'
> privacy and security is simply unacceptable. Theo de Raadt may seem
> like some kind of guard dog of security, but he's really just a little
> bitch bought and sold by the United State Federal Government.
>
> The kicker is that Theo denies anything suggesting that OpenBSD is
> less than perfect at security, as if he's personally offended by the
> mere suggestion. He routinely attacks developers and enthusiasts for
> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
> HISTORY OF THE WORLD?!
>
> Today, be a true patriot to the ideals of personal privacy and public
> liberty: prevent and reject any and all use of OpenBSD.
>
> Happy 4th of July.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Tito Mari Francis Escano-2
I was initially thinking this is a troll, but with these quotes:

"...was prepping to migrate the whole of our shop, a regional ISP in the
United States of America, to OpenBSD 5.3..."

Pray tell what regional ISP you speak of here to earn their deserved
praise or ridicule for avoiding the OpenBSD deployment.

"OpenBSD has shipped on over half of all network devices, including
things like routers, switches, gateways, and servers, for the last six
years. The current estimated number of OpenBSD installations sits at
over 350 million devices, comprising an almost ubiquitous presence of
OpenBSD in networks worldwide"

I wondered if Theo or the OpenBSD Foundation has budget to pay for
publicity, good or bad, just for the kicks.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Zamri Besar
On Fri, Jul 5, 2013 at 12:28 PM, Tito Mari Francis Escaño <
[hidden email]> wrote:

> I was initially thinking this is a troll, but with these quotes:
>


I vote for another troll... but... this year April Fool was over 3 months
ago.

--
Thank you.

Zamri Besar

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

opendaddy
In reply to this post by Tito Mari Francis Escano-2
On 5. juli 2013 at 4:30 AM, "Tito Mari Francis Escaño" <[hidden email]> wrote:
>
> [...snip...]

Can't you tell by the way he wrote that that he's just a kid (or an uneducated adult)?

I oughta smack y'all faces in for even replying to this shit.

O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Eric Oyen
In reply to this post by Thomas Jennings
Inquiring minds want to know…. Please cite the sources for your assertions (including links to actual sources and documents).

In all honesty, it sounds like you have a personal problem with the man himself.

As for OpenBSD, I've found it to be a hell of a lot more secure than most of the other OS's. My only problem (and it seems none of the devs really understand this) is that I must have sighted assistance to install and initially configure the OS. Other than that 1 problem, the OS is pretty much usable for me via SSH

Anyway, unless you provide factual sources, I seriously have doubts as to the veracity of your statements.

If you can't prove your assertions, then I name you what you are: TROLL.

-eric

On Jul 4, 2013, at 8:56 PM, Thomas Jennings wrote:

> Dear OpenBSD developers and users:

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Douglas Allen
In reply to this post by Thomas Jennings
On 7/4/2013 10:56 PM, Thomas Jennings wrote:
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.

You are free to use or not use whatever software you wish.  I won't try
to change your mind.  However I would need more evidence than you have
put forth here to get me to make changes to the machines I have here.

> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
> After being fired from the NetBSD team, Theo forked the code and
> started OpenBSD. He's been pretty much solely responsible for
> development of OpenBSD over the years, taking volunteer code as he
> sees fit. He also has final say over security audits in the operating
> system, something that turns out to be very important.

I have known several of the developers over the years, including Theo.  
He can be blunt at times, which is fine from my point of view.  I know
he left NetBSD because of differences of opinion on how certain parts of
the system should proceed.  He forked the code and started OpenBSD, as
you stated.  He has never, to my knowledge, told anyone that they HAD to
use OpenBSD.  If people don't like the way he does things, they are free
to go elsewhere.  He has never tried to make any other way to my knowledge.

> I was prepping to migrate the whole of our shop, a regional ISP in the
> United States of America, to OpenBSD 5.3 when the news broke: CBS News
> reporter Sharyl Attkisson claimed, during a live radio interview, that
> she had been dealing with suspicious computer and phone issues. Check
> out this snippet from the full transcript of the interview. One line
> in particular trashed my plans for the OpenBSD upgrade:
>
>> Well, I have been, as I said, pursuing an issue for a long time now — much longer
>> than you’ve been hearing about this in the news — with some compromising of my
>> computer systems in my house — my personal computer systems as well as my
>> work computer systems. I thought they were immune to being compromised —
>> because they all ran OpenBSD — but I guess I was wrong. So, we’re digging into
>> that and just not ready to say much more right now, but I am concerned.

Without knowing exactly what Ms. Attkisson is running on those machines,
I wouldn't venture to try to explain in any detail why the issues are
occurring.  It has, to my knowledge, always been the stated position of
the development team that they only audit the base software.  They do
not guarantee that they have audited the software in ports or packages.  
Since it has been my experience that few people run a system with
nothing from ports or packages, it seems at least possible that any
security hole may come from that source.  I consider it unfair to blame
either the project or people within it for problems with software that
they did not write themselves.

> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.
>
> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
> to mind. OpenBSD is part and parcel to the United States Federal
> Government's program to spy on its own citizens through bodies like
> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
> about a dozen years ago.

I would need more evidence than one persons statement of their
existence, before I would believe such a statement.

I believe that the project is located outside the U.S. to avoid having
to provide exactly what you are claiming to exist.  I also believe that
certain contracts were not renewed between members of the development
team and certain U.S. governmental agencies for the same reason.

> The kicker is that Theo denies anything suggesting that OpenBSD is
> less than perfect at security, as if he's personally offended by the
> mere suggestion. He routinely attacks developers and enthusiasts for
> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
> HISTORY OF THE WORLD?!

What I have seen is Theo denying a suggestion without be given proof
that a problem in fact exists.  As one person who has been on the
receiving end of a few caustic replies from Theo, I can understand why
he gets that way with people who do not even make an attempt to look for
an answer in the documentation.  In each instance, I would say that it
was justified - since I either hadn't looked far enough into the
documentation or into pieces of code where the documentation did not
completely answer the question.  I also maintain that in my cases, it
was justified to be a little unpleasant because I could find or figure
out the answer once I did make that detailed search of the documentation
and/or the source files.

With all that said, I again reiterate that you are free to use whatever
you wish to use for your own machines and any machines that you are
required to maintain.

Doug

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

opendaddy
In reply to this post by Eric Oyen
On 5. juli 2013 at 4:59 AM, "eric oyen" <[hidden email]> wrote:
>
> My only problem (and it seems none of the devs really understand this)
> is that I must have sighted assistance to install and initially configure the OS.

What do you mean sighted assistance?

O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Marc Espie-2
In reply to this post by Thomas Jennings
On Thu, Jul 04, 2013 at 11:56:50PM -0400, Thomas Jennings wrote:
> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.

I actually, no, we don't.  You're not anybody I've ever heard of, and your
opinion doesn't matter. I have no particular reason to trust you.

Now, I read your hilarious email. You have real crackpot talent, you should
go on a show with the Bogdanof and various other crackpots from other
the world. That would certainly be funnier than a lot of reality television
out there.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

opendaddy
On 5. juli 2013 at 5:13 AM, "Marc Espie" <[hidden email]> wrote:
>
> I actually, no, we don't.  You're not anybody I've ever heard of, and your
> opinion doesn't matter. I have no particular reason to trust you.

They said the same of Edward Snowden you know.

> Now, I read your hilarious email. You have real crackpot talent, you should
> go on a show with the Bogdanof and various other crackpots from other
> the world. That would certainly be funnier than a lot of reality television
> out there.

I don't get the reference. I take it you watch a lot of reality television?

O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Jean-Francois Simon
In reply to this post by Thomas Jennings
May I understand you U go for Microsoft instead ?
That would be great idea, they are said to be free from backdoors.

Sorry

Le 05/07/2013 05:56, Thomas Jennings a écrit :

> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.
>
> I'm sure we've all heard of PRISM by now, the user-friendly name of
> the United States Federal Government's massive civilian and resident
> spying program otherwise known as US-984XN. PRISM is certainly bad
> enough of its own accord, but it's how PRISM works, and the pattern of
> behavior found in OpenBSD development, that was the tipping point for
> my use of OpenBSD.
>
> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
> After being fired from the NetBSD team, Theo forked the code and
> started OpenBSD. He's been pretty much solely responsible for
> development of OpenBSD over the years, taking volunteer code as he
> sees fit. He also has final say over security audits in the operating
> system, something that turns out to be very important.
>
> I was prepping to migrate the whole of our shop, a regional ISP in the
> United States of America, to OpenBSD 5.3 when the news broke: CBS News
> reporter Sharyl Attkisson claimed, during a live radio interview, that
> she had been dealing with suspicious computer and phone issues. Check
> out this snippet from the full transcript of the interview. One line
> in particular trashed my plans for the OpenBSD upgrade:
>
>> Well, I have been, as I said, pursuing an issue for a long time now — much longer
>> than you’ve been hearing about this in the news — with some compromising of my
>> computer systems in my house — my personal computer systems as well as my
>> work computer systems. I thought they were immune to being compromised —
>> because they all ran OpenBSD — but I guess I was wrong. So, we’re digging into
>> that and just not ready to say much more right now, but I am concerned.
> Since that interview in May, I've watched story after story of direct
> server access, PRISM, and NSA spying and connected some dots. For
> example, consider the accusations that the FBI had been accused of
> planting backdoors in OpenBSD's IPSEC in December of 2012, and that
> the accusations later proved true. The two scandals broke 18 only
> months apart.
>
> Consider that PRISM allows the United States Federal Government to
> directly access the servers of virtually any company doing online
> business, including tech giants like Apple, Facebook, Google, and
> Microsoft. But those same tech giants deny complicity. I'm sure we all
> agree that personal privacy is beyond the scope of private enterprise,
> but let's assume their denials are true. Then connect more dots:
>
> OpenBSD has shipped on over half of all network devices, including
> things like routers, switches, gateways, and servers, for the last six
> years. The current estimated number of OpenBSD installations sits at
> over 350 million devices, comprising an almost ubiquitous presence of
> OpenBSD in networks worldwide.
>
> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.
>
> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
> to mind. OpenBSD is part and parcel to the United States Federal
> Government's program to spy on its own citizens through bodies like
> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
> about a dozen years ago.
>
> Yesterday, I told the company that we must migrate all our services
> from OpenBSD to something else because the risk to our customers'
> privacy and security is simply unacceptable. Theo de Raadt may seem
> like some kind of guard dog of security, but he's really just a little
> bitch bought and sold by the United State Federal Government.
>
> The kicker is that Theo denies anything suggesting that OpenBSD is
> less than perfect at security, as if he's personally offended by the
> mere suggestion. He routinely attacks developers and enthusiasts for
> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
> HISTORY OF THE WORLD?!
>
> Today, be a true patriot to the ideals of personal privacy and public
> liberty: prevent and reject any and all use of OpenBSD.
>
> Happy 4th of July.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

opendaddy
On 5. juli 2013 at 5:31 AM, "Jean-Francois Simon" <[hidden email]> wrote:
>
> May I understand you U go for Microsoft instead ?
> That would be great idea, they are said to be free from backdoors.
>
> Sorry

France is in the house y'all.

O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Jay Patel-7
In reply to this post by Thomas Jennings
HEHEHEHE....  someone from time to time posts like this without any
references and links .... if you can prove there's backdoor. i will remove
OpenBSD. prove it nut head.


On Fri, Jul 5, 2013 at 9:26 AM, Thomas Jennings <
[hidden email]> wrote:

> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.
>
> I'm sure we've all heard of PRISM by now, the user-friendly name of
> the United States Federal Government's massive civilian and resident
> spying program otherwise known as US-984XN. PRISM is certainly bad
> enough of its own accord, but it's how PRISM works, and the pattern of
> behavior found in OpenBSD development, that was the tipping point for
> my use of OpenBSD.
>
> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
> After being fired from the NetBSD team, Theo forked the code and
> started OpenBSD. He's been pretty much solely responsible for
> development of OpenBSD over the years, taking volunteer code as he
> sees fit. He also has final say over security audits in the operating
> system, something that turns out to be very important.
>
> I was prepping to migrate the whole of our shop, a regional ISP in the
> United States of America, to OpenBSD 5.3 when the news broke: CBS News
> reporter Sharyl Attkisson claimed, during a live radio interview, that
> she had been dealing with suspicious computer and phone issues. Check
> out this snippet from the full transcript of the interview. One line
> in particular trashed my plans for the OpenBSD upgrade:
>
> > Well, I have been, as I said, pursuing an issue for a long time now —
> much longer
> > than you’ve been hearing about this in the news — with some compromising
> of my
> > computer systems in my house — my personal computer systems as well as my
> > work computer systems. I thought they were immune to being compromised —
> > because they all ran OpenBSD — but I guess I was wrong. So, we’re
> digging into
> > that and just not ready to say much more right now, but I am concerned.
>
> Since that interview in May, I've watched story after story of direct
> server access, PRISM, and NSA spying and connected some dots. For
> example, consider the accusations that the FBI had been accused of
> planting backdoors in OpenBSD's IPSEC in December of 2012, and that
> the accusations later proved true. The two scandals broke 18 only
> months apart.
>
> Consider that PRISM allows the United States Federal Government to
> directly access the servers of virtually any company doing online
> business, including tech giants like Apple, Facebook, Google, and
> Microsoft. But those same tech giants deny complicity. I'm sure we all
> agree that personal privacy is beyond the scope of private enterprise,
> but let's assume their denials are true. Then connect more dots:
>
> OpenBSD has shipped on over half of all network devices, including
> things like routers, switches, gateways, and servers, for the last six
> years. The current estimated number of OpenBSD installations sits at
> over 350 million devices, comprising an almost ubiquitous presence of
> OpenBSD in networks worldwide.
>
> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.
>
> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
> to mind. OpenBSD is part and parcel to the United States Federal
> Government's program to spy on its own citizens through bodies like
> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
> about a dozen years ago.
>
> Yesterday, I told the company that we must migrate all our services
> from OpenBSD to something else because the risk to our customers'
> privacy and security is simply unacceptable. Theo de Raadt may seem
> like some kind of guard dog of security, but he's really just a little
> bitch bought and sold by the United State Federal Government.
>
> The kicker is that Theo denies anything suggesting that OpenBSD is
> less than perfect at security, as if he's personally offended by the
> mere suggestion. He routinely attacks developers and enthusiasts for
> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
> HISTORY OF THE WORLD?!
>
> Today, be a true patriot to the ideals of personal privacy and public
> liberty: prevent and reject any and all use of OpenBSD.
>
> Happy 4th of July.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Luca Ferrari
In reply to this post by Thomas Jennings
On Fri, Jul 5, 2013 at 5:56 AM, Thomas Jennings
<[hidden email]> wrote:
> Regretfully, I have decided to abandon OpenBSD

Uhm...and I guess OpenBSD is feeling the same for abandoning you ;)!
I believe people, from time to time, should try to read source code
and track the development. It will remove this stupid messages.

Luca

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

James Griffin-2
In reply to this post by Thomas Jennings
................Thu  4.Jul'13 at 23:56:50 -0400, Thomas Jennings................
> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.

[ ... ]

Then you'd also better stop using mobile phones, landlines, using search
engines, email ... come to think of it, any form of electronic
comminucation, and go back to living in the woods or in a cave and
clubbing your wife with large peices of wood if you're so concerned
about the security services.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Eric Oyen
In reply to this post by opendaddy
Sighted assistance. It simply means that I am blind (as in I wear prosthetic eyes and can't see a thing). I can use most of my equipment here with either some screen reader access or braille. Unfortunately, that can't be said for installation and first time configuration of OpenBSD (the man AfterBoot process). Only after SSH is enabled can I do anything with the machine. It certainly would be a lot better if OpenBSD supported a general CLI screen reader right from boot up. I do know that enough of the hardware gets detected to at least support this. Unfortunately, I am not a coder, so I can't really try this without some help. Running a compiler script (configure, make and make install) are easy enough from a CLI SSH session, but unless I can run a package immediately after the OS has completely booted and given me a login prompt, I am literally operating in the blind zone.

This is what I mean by sighted assistance. So right now, if I can't do it myself, whats the point?

-eric


On Jul 4, 2013, at 10:09 PM, [hidden email] wrote:

> On 5. juli 2013 at 4:59 AM, "eric oyen" <[hidden email]> wrote:
>>
>> My only problem (and it seems none of the devs really understand this)
>> is that I must have sighted assistance to install and initially configure the OS.
>
> What do you mean sighted assistance?
>
> O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Marko Cupać
In reply to this post by Thomas Jennings
I find it sad that it is now third day that noone responded to my
call for help with system hang, at least something like "ask on bugs
list", while threads like this get 15 responses in a matter of hours :(

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

opendaddy
In reply to this post by Luca Ferrari
On 5. juli 2013 at 6:49 AM, "Luca Ferrari" <[hidden email]> wrote:
>
> Uhm...and I guess OpenBSD is feeling the same for abandoning you ;)!
> I believe people, from time to time, should try to read source code
> and track the development. It will remove this stupid messages.

No it won't. Stop talking shit man.

O.D.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

Greg Thomas
In reply to this post by Thomas Jennings
Nice parody of something, I don't know what though.  Replace OpenBSD with
Cisco and Windows and it makes sense.

Anyway, I've never seen where Sharyl Attkisson said she uses OpenBSD, and
it's highly unlikely that she does judging from the network reporters I
know.

"OpenBSD has shipped on over half of all network devices, including
things like routers, switches, gateways, and servers, for the last six
years. The current estimated number of OpenBSD installations sits at
over 350 million devices, comprising an almost ubiquitous presence of
OpenBSD in networks worldwide."

OpenBSD or OpenSSH?  Or Cisco?


On Thu, Jul 4, 2013 at 8:56 PM, Thomas Jennings <
[hidden email]> wrote:

> Dear OpenBSD developers and users:
>
> Regretfully, I have decided to abandon OpenBSD and thought I would
> share my reasoning with this list. I thought the 4th of July was a
> good date to do so since my reasons address national security
> implications. As a group of people who take development, security, and
> privacy seriously, I know you will want to know why I made the drastic
> decision to abandon OpenBSD and never look back.
>
> I'm sure we've all heard of PRISM by now, the user-friendly name of
> the United States Federal Government's massive civilian and resident
> spying program otherwise known as US-984XN. PRISM is certainly bad
> enough of its own accord, but it's how PRISM works, and the pattern of
> behavior found in OpenBSD development, that was the tipping point for
> my use of OpenBSD.
>
> And we all know Theo de Raadt, OpenBSD generalissimo of much infamy.
> After being fired from the NetBSD team, Theo forked the code and
> started OpenBSD. He's been pretty much solely responsible for
> development of OpenBSD over the years, taking volunteer code as he
> sees fit. He also has final say over security audits in the operating
> system, something that turns out to be very important.
>
> I was prepping to migrate the whole of our shop, a regional ISP in the
> United States of America, to OpenBSD 5.3 when the news broke: CBS News
> reporter Sharyl Attkisson claimed, during a live radio interview, that
> she had been dealing with suspicious computer and phone issues. Check
> out this snippet from the full transcript of the interview. One line
> in particular trashed my plans for the OpenBSD upgrade:
>
> > Well, I have been, as I said, pursuing an issue for a long time now —
> much longer
> > than you’ve been hearing about this in the news — with some compromising
> of my
> > computer systems in my house — my personal computer systems as well as my
> > work computer systems. I thought they were immune to being compromised —
> > because they all ran OpenBSD — but I guess I was wrong. So, we’re
> digging into
> > that and just not ready to say much more right now, but I am concerned.
>
> Since that interview in May, I've watched story after story of direct
> server access, PRISM, and NSA spying and connected some dots. For
> example, consider the accusations that the FBI had been accused of
> planting backdoors in OpenBSD's IPSEC in December of 2012, and that
> the accusations later proved true. The two scandals broke 18 only
> months apart.
>
> Consider that PRISM allows the United States Federal Government to
> directly access the servers of virtually any company doing online
> business, including tech giants like Apple, Facebook, Google, and
> Microsoft. But those same tech giants deny complicity. I'm sure we all
> agree that personal privacy is beyond the scope of private enterprise,
> but let's assume their denials are true. Then connect more dots:
>
> OpenBSD has shipped on over half of all network devices, including
> things like routers, switches, gateways, and servers, for the last six
> years. The current estimated number of OpenBSD installations sits at
> over 350 million devices, comprising an almost ubiquitous presence of
> OpenBSD in networks worldwide.
>
> EVEN IF NO CORPORATION OFFERS THE UNITED STATE FEDERAL GOVERNMENT
> DIRECT ACCESS TO ITS SERVERS THROUGH PRISM, OPENBSD OFFERS THAT SAME
> ACCESS THROUGH THE PRESENCE OF ITS BACKDOORS.
>
> There it is. Let it sink in. Words like Gestapo and Stasi and KGB come
> to mind. OpenBSD is part and parcel to the United States Federal
> Government's program to spy on its own citizens through bodies like
> the NSA and FBI and has been since the FBI paid for backdoors in IPSEC
> about a dozen years ago.
>
> Yesterday, I told the company that we must migrate all our services
> from OpenBSD to something else because the risk to our customers'
> privacy and security is simply unacceptable. Theo de Raadt may seem
> like some kind of guard dog of security, but he's really just a little
> bitch bought and sold by the United State Federal Government.
>
> The kicker is that Theo denies anything suggesting that OpenBSD is
> less than perfect at security, as if he's personally offended by the
> mere suggestion. He routinely attacks developers and enthusiasts for
> simply asking questions. WHY SO TOUCHY, THEO? COULD IT BE BECAUSE
> YOU'RE COMPLICIT IN THE BIGGEST CITIZEN SPYING PROGRAM EVER RUN IN THE
> HISTORY OF THE WORLD?!
>
> Today, be a true patriot to the ideals of personal privacy and public
> liberty: prevent and reject any and all use of OpenBSD.
>
> Happy 4th of July.

Reply | Threaded
Open this post in threaded view
|

Re: Why I abandoned OpenBSD, and why you should too...

John Long-4
In reply to this post by Thomas Jennings
On Thu, Jul 04, 2013 at 11:56:50PM -0400, Thomas Jennings wrote:

[drug / alcohol withdrawal-induced rant elided]

I don't know where you get the idea OpenBSD is involved. I heard a few
interviews including the one here http://www.youtube.com/watch?v=ISXYITh09TA
and she clearly said she has an Apple system. She also said "for someone to come
into my home" so apparently this was not only an over the network hack but
somebody had physical access to her computers. No consumer computer is safe
when somebody else has physical access to it. Security 101.

Intel's new BIOS would seem to provide new attack vectors. See the comments
to the video and elsewhere, old news. Don't use it, no problem.

Atkisson also admits she doesn't know much about computers- her own words.
That's an unlikely OpenBSD user profile considering she was talking about
her home and company machines. Why do you believe OpenBSD is involved at all?
Are you confused by the fact Apple's OSX is based on some (Free) BSD pieces?
From the interviews it's a simple case of somebody getting access to a few
PCs and installing some spyware. Can you name a consumer device and common
desktop OS that can't be compromised in that situation?

OpenBSD is open source and you can build the whole OS and userland from
source. It seems real unlikely there is compromise or people would have
noticed it. So far all the screaming and accusations haven't resulted in one
reference by anybody to the alleged bad code.

On the other hand the system mentioned by Atkisson is a notorious high
walled garden and the people who put it out have already been implicated in
collusion with the anti-freedom lobby by everybody's favorite fugitive Snowden.

You really need to get a clue and you really need to apologize to Theo, all
the OpenBSD developers, and everybody unfortunate enough to read your rant
on these lists. As usual for people slinging accusations like you, you
failed to cite anything or back up your claims. Pure FUD.

To paraphase Benny Hill, "everyone's entitled to be stupid, but some people
abuse the privilege."

123