Media Coverage

April, 2008

• OpenBSD 4.3 Released, OSNews, April 30, 2008
  OSNews is among the first to mention the newest release: "Theo de Raadt has lifted the veil off OpenBSD 4.3. We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. Boasting as always, but when it's justified, arrogance is a virtue."

• Puffy and the Cryptonauts: What's New in OpenBSD 4.3, onLamp, April 29, 2008
  Federico Biancuzzi interviewed several OpenBSD developers about the changes in the 4.3 release, providing a more comprehensive overview than others. Topics range across networking (including new and improved drivers, and our own SNMP implementation), storage (faster flash, bigger disk support), platforms (Sparc64 SMP, audio drivers), kernel improvements, malloc support, read/write cleanups, and much more.

November, 2007

• Using OpenBSD 4.2, Software In Review, November 5, 2007
  Jem Matzem advocates using OpenBSD and shows readers how to get started and some hints on using the system after it's installed, including setting up ports/packages to use third-party software. Under the "For More Information" category, he acknowledges that "OpenBSD has the most thorough, easy to follow native documentation of any Unix-like operating system..."

• A Few Cheers For OpenBSD, Information Week, November 2, 2007
  "With all of the hollering about Linux..., there's another open-source operating system that just celebrated getting a new 4.2 release out the door. It's one that hasn't been quite as widely-celebrated as Linux but is still deeply important in its own way: OpenBSD" Talks about how BSD is real UNIX, and what that means, and our security policy "secure by default". Ends with a reminder that Linux is "not the only open-source, Unix-like game in town."

• Puffy's Marathon: What's New in OpenBSD 4.2, onLamp, Nov 1, 2007
  Federico Biancuzzi interviewed almost two dozen OpenBSD developers and combined their comments into this interview. Opens with: "...this release comes with some amazing performance improvements: basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper), and the improved frequency scaling on MP systems can help save nearly 20 percent of battery power.

  "And then the new features: FFS2, support for the Advanced Host Controller Interface, IP balancing in CARP, layer 7 manipulation with hoststated, Xenocara, and more!"

  And goes on to discuss each of these and more with the good folk who make it happen.

July, 2007

• OpenBSD Encrypted NAS How-To, geektechnique.org, July 15, 2007
  Mark Hoekstra gives a detailed step-by-step description of how to build an encrypted network storage box using off-the-shelf hardware and OpenBSD software.
  Also reported in SlashDot and net-security.

May, 2007

• [GERMAN] OpenBSD 4.1 bietet Lastverteilung auf Layer 7, iX magazine, May 18, 2007
  The German IT magazine iX reviews the new hoststated(8) Host Status Daemon that comes with OpenBSD 4.1. The article describes various configurations including SSL acceleration and gives a good insight into what hoststated(8) can do for the reader.

• OpenBSD 4.1: Puffy Strikes Again, ONLamp, May 5, 2007
  Federico Biancuzzi interviewed a number of developers about the major changes in 4.1: Mark Kettenis on UltraSPARC III and UltraSPARC T1; Otto Moerbeek on the landisk port and fsck_ffs; Artur Grabowski on rthreads and AMD64 timekeeping; Kurt Miller on pthreads and, with Robert Nagy, on OpenOffice; Marc Espie on the changes "under the hood" in the package tools and on the new pkg_config; Matthieu Herrb on our new X11 build system xenocara, Henning Brauer on syslogd, hoststated and RSTP; Henning and Claudio Jeker on a variety of topics in routing and PF; Bob Beck on spam fighting; and Jonathan Gray on WEP and on why authpf is better than WPA/WPA2. Quite readable overview of some of the main issues in this release.
  Linked to from OSNews. Mentions of the release also appeared in Tectonic, Newsforge and SlashDot (the latter two include pointers to official release announcements).

April, 2007

• Reducing spam with OpenBSD and spamd, Linux.com, April 11, 2007
  This is the first installment of a multi-part article on using OpenBSD's anti-spam tools. This part contains a general overview of spamd, greylisting and tarpitting. Later installments will cover the how-to details.

March, 2007

• Introduction to PF with Jason Dixon, BSDTalk 105, March 26, 2007
  Jason provides a nice general overview of OpenBSD's Packet Filter PF, emphasizing the "why" rather than the "how" of using PF. Goes over pf's history, initial setup, stateful filtering, normalization with "scrub", use of synproxy, authpf, CARP and pfsync, GUI configurations vs config files, the pfsense project, logging, transparent bridges, AltQ queuing, macros, lists and tables, and the tie-in to spamd.

• Welsh Government Agency demonstrates Open Source best practice, SourceWire, March 8, 2007
  The Countryside Council for Wales, the UK Government's regional wildlife conservation authority for Wales, has hired UK Open Source service provider Sirius Corporation to extend OpenBSD's interoperability with the proprietary Cisco IOS software; part of the agreement calls for Sirius to contribute its source changes back to the OpenBSD project.

February, 2007

• Is Symantec's Vista Security Assessment Credible?, Microsoft Watch, February 28, 2007
  This paper is nominally about the relationship between Symantec and Microsoft, talking about a white paper released by the former. But it's quite revealing about Microsoft itself. "Even Microsoft... now acknowledges that UAC (User Account Control) - Vista's most [high-]profile security feature - is vulnerable to subversion, particularly through social-engineering tactics." And while the Symantec report says some good things about Vista security, "its criticisms are brutal - for their clarity and foreboding:

  "Many of the technologies that Microsoft has employed to bolster the security of Windows Vista are not new. In fact, most are derived from the groundwork originally laid by open-source operating systems such as Linux and OpenBSD, the PaX and Stackguard projects, as well as numerous academic publications.... The majority of these technologies first appeared in Windows XP SP2 [Service Pack 2]. Windows XP SP2, at the time of its release, was also billed as the most secure version of Windows."

  So remember, folks, if it's about security, you may well have heard it here first, long before Microsoft "invented" it.

• [GERMAN] OpenBSD und Linux: Kritik an Stillhalteabkommen für Treiberentwicklung, heise online, February 2, 2007
  Short article about OpenBSD's clear statement against device driver development under non-disclosure agreement (NDA). It attempts to summarize the reaction of the OpenBSD community against the "Free Linux Driver Development" under NDA offered by the linux developer Greg Kroah-Hartman which previously raised some discussion. Code written under NDA will make it difficult to improve it in the future because somebody signed an agreement to keep the required hardware documentation secret. For the OpenBSD project NDAs are never acceptable.

• [FRENCH] GNU/Linux Magazine France special issue number 29 is dedicated to BSD systems. It features several articles about OpenBSD: a pf tutorial, an article on IPSec and two articles on high-availability with pf and CARP and with dynamic routing protocols using OpenOSPFd and OpenBGPd.

January, 2007

• Greylisting with PF, O'Reilly onLAMP, January 18, 2007
  This onLAMP article by Dan Langille leads you through the process of setting up greylisting using OpenBSD's pf and spamd, which has now been ported to most other BSD systems. The article is quite detailed, but readers should ignore the FreeBSD-specific stuff like kldload (OpenBSD uses modload, but, OpenBSD always has pf built-in so you don't need this). Parts of the article are based on Bob Beck's spamd talk at NYCBSDCon.

December, 2006

• [GERMAN] 23C3: Interview mit Henning und Reyk von OpenBSD, Radio Unerhört Marbug, December 29, 2006
  Interview with Henning Brauer and Reyk Flöter about OpenBSD and the latest changes since 4.0 during the 23rd Chaos Communications Congress in Berlin.

• New Year's Resolution No. 1: Get OpenBSD, InfoWorld, December 29, 2006
  InfoWorld's Security Advisor columnist Roger A. Grimes says: "Kick off 2007 with a new, more secure operating system." Citing OpenBSD's code-auditing security process and its excellent security record, Grimes advises readers to give the system a try. Despite repeating some old canards about the "unfriendly" install, he notes favorably that "OpenBSD is shipped secure-by-default, with all non-essential services disabled. You won't find NFS, mountd, or Apache [httpd] enabled by default. The /bin and /sbin folders will be emptier than other Linux or BSD distros. Install OpenBSD and you can be assured that it doesn't default to an insecure state."

• [GERMAN] OpenBSD 4.0 - Kanadische Eröffnung iX magazine, December 14, 2006
  The German IT magazine iX reviews the 4.0 release of OpenBSD and also mentions why we don't support blobs and why this is beneficial to our users. The article gives OpenBSD a very good rating for being strictly free software, its swift installation, the support for upgrades, and the large number of platforms and architectures it runs on.

November, 2006

• Official support for OpenBSD in Parallels Workstation undeadly.org, November 10, 2006
  OpenBSD is now supported by Parallels, a commercial OS virtualization product for Mac OS X, Linux or MS-Windows. In addition to allowing users to run both OpenBSD and one of those other systems concurrently, the announcement means that developers with Intel Mac hardware can run multiple test systems; the Undeadly Editor adds: "I've had up to six OpenBSD guest systems operating simultaneously, versions 3.8 through 4.0 (and -current)." This also reinforces the increasing commercial acceptance of our favorite OS.

• Interview with Jason Wright, BSDTalk 82, November 8, 2006
  Jason talks about the OpenBSD development process (particularly for device drivers and getting hardware documentation from vendors), Sun SPARC hardware (particularly the Ultra III), ham radio (APRS) with OpenBSD, and more.

• OpenBSD turns 4.0 CNET News.com, November 3, 2006
  Stephen Shankland talks about the UltraSPARC III code in 4.0, and notes that OpenBSD has chosen to stay with stable GCC versions rather than moving to the latest and most bloated GCC versions like Linux did. Quotes Theo as saying: OpenBSD doesn't aim for particular niches, but it's popular in network applications... "The biggest users of OpenBSD these days are people who need our fancy networking features..."

• OpenBSD 4.0 Review, Software In Review, November 1, 2006
  "In an era when the next edition of Microsoft Windows is pushed back more than a year, and popular GNU/Linux distributions are almost expected to have their release dates delayed by weeks or months, it's nice to know that at least one operating system releases on schedule without all kinds of showstopping bugs and problems. OpenBSD 4.0 was released on November 1 with its usual mix of new hardware support and enhanced operating system features." So opens Jem Matzam's review of the new 4.0 release. Jem gives a brief overview of the project, discusses several of the most important new features, evaluates his installation and use of the system on a desktop and a notebook. He also offers a few recommendations for future developments to make the project even better. There's even a link to the Wikipedia article on Humppa, for those who may have heard this term but not the music behind it.

• Big changes with OpenBSD 4.0 out today Tectonic, November 1, 2006
  "With his characteristic no-frills approach OpenBSD team leader Theo de Raadt this morning announced the release of OpenBSD 4.0." This article lists the highlights of the 4.0 release and tells readers where to order CD's or download the release. Quotes Theo: ""We are pleased to announce the official release of OpenBSD 4.0. This is our 20th release on CD-Rom (and 21st via FTP). We remain proud of OpenBSD's record of ten years with only a single remote hole in the default install,"

• OpenBSD 4.0 released Ars Technica, November 1, 2006
  A short note about the 4.0 release; refers to the O'ReillyNet article below.

October, 2006

• OpenBSD 4.0: Pufferix's Adventures, O'Reilly Network, October 26, 2006
  Federico Biancuzzi interviewed a dozen and a half developers and compiled the results into this report, all while listening to the obligatory Humppa. Topics include the new blob-free wireless drivers, pf and pf/dhcp interaction, CARP demotion, ipsecctl replacing ipsecadm, hardware support for disk/bioctl, USB serial, new installation customization features, ports/packages, RCS, X, CPU support for Sparc/64, AMD/Intel "speed step" techniques, and more.

• Interview with Marc Balmer about OpenCON 2006, bsdtalk076, October 12, 2006
  BSDTalk interviews Marc Balmer about the upcoming OpenCON 2006 conference in Venice, Italy, how he got involved in the OpenBSD project, and what he uses the OpenBSD operating system for in his company. Marc Balmer tells us about the history of the conference that is dedicated solely to OpenBSD, why it is taking place in Venice, and why he likes OpenBSD as the platform of choice for his many customers.

• OLPC under fire for proprietary components, Engadget, October 11, 2006
  Hardware site Engadget is one of several that has picked up this controversy from the Jem Report quoted below and on the mailing lists. Quotes Theo's reaction to Jim Gettys' latest comments: "Jim is obviously very clever at convincing people that children need proprietary laptops (OLPC has a greater percentage of undocumented hardware than a Thinkpad from 3 years ago). It is easy for Jim to convince people these things because he doesn't care at all about the future maintainance of drivers. I do. And I think most of you also do." The article ends with: "Wow, them be fightin' words -- we're pulling up ringside seats already."

• Making sense of the One Laptop Per Child proprietary software row, The Jem Report, October 9, 2006
  Jem Matzan explores this ongoing controversy by blending separate interviews with Jim Gettys, Richard Stallman and our own Theo de Raadt. Theo consistently and clearly defends the project's interest in getting documentation on, and permission to distribute, firmware so that users can use hardware they have paid for. Commenting on the multiple NDA-requiring parts in the current version of the OLPC laptop, Theo notes that "If I am careful in selection, I can buy a laptop on the market today that has fewer proprietary parts." And on the OLPC project's use of NDA-requiring parts at all: "I feel they have misled the community by acting as if they are open; they rode on our coat-tails. Now it turns out they are going to ship GPL'd code mixed with NDA-requiring proprietary drivers in the end. Even their LinuxBIOS will need to link into drivers that no one can repair because the documentation is locked up..."

• OLPC hurts wireless documentation efforts, undeadly.org, October 6, 2006
  Theo de Raadt takes on the high-profile OLPC (One Laptop Per Child) Project for not demanding open documentation from its wireless chip manufacturer, wasting a "golden moment" opportunity to use sales volume in the millions to pressure chip vendors, and thus helping destroy the open source movement that makes the OLPC laptops affordable - truly, betraying that hand that feeds it. Also strong words from other developers such as Bob Beck.

• The sad state of computer security, PC World Australia, October 5, 2006
  Roger Grimes opines on how bad security really is for most of the world (and it is really bad). "If you aren't using OpenBSD [or a few others], then every other product in the world is pretty bad in comparison.
  "Most software contains numerous vulnerabilities, holes, and exploitable routines. Even our anti-malware software and devices, the things that are supposed to protect us, are full of buffer overflows and vulnerabilities."
  And, Grimes generalizes, "Sadly, the world has decided that real computer security doesn't matter any more than real terrorist security. It's all lip service. We are, and apparently choose to be, reactive sheep. Proactive thinkers get ignored and ridiculed... As more and more of the world goes online, and as more of our important infrastructure goes "e-something," it would appear that we are on a collision course headed toward a tipping point event. And when it does, the sheep will stand aghast wondering how it happened." Worth reading!

• OpenBSD creator wants users to pressure Intel on open source policies, Ars Technica, October 2, 2006.
  Summarizes Theo's efforts to obtain documentation and freely redistributable firmware from Intel.

September, 2006

• OpenBSD: Intel Accused Of Being "An Open Source Fraud", KernelTrap, September 30, 2006.
  Mentions Damien's thread on misc summarizing Intel's policy toward open-source software as being to make Intel "look like we're open-source friendly by opening a project on sourceforge," and, "give the open-source community the bare minimum so that they can serve as our beta-testers." Damien reverse engineered the wpi(4) driver source for the Intel PRO/Wireless 3945ABG Driver, despite Intel's refusal to freely provide documentation. Regular readers will know that OpenBSD has been at war with Intel for ages over these chipsets. Quotes Theo as saying: "before we ask a vendor, we have already lost (ie. the device does not work). When a vendor says no, we have lost nothing further -- there is no way we can lose further than having the device not work. We can only win, and then the device works. So there is no point in giving up until we win back the rights to write software for the hardware that we have purchased."

• Interview with Christoph Egger about Xen on OpenBSD, bsdtalk069, September 26, 2006
  BSDTalk interviews Christoph Egger about Xen and about how Christoph make OpenBSD able to run as a guest operating system on Xen. Includes some background about Xen as well as what it would take to make OpenBSD run as the "dom0" or master host.

• Intervew with OpenBSD developer Bob Beck, bsdtalk068, September 22, 2006
  Bob Beck talks about spamd and his history with OpenBSD and UNIX on Will Backman's bsdtalk. Bob gives us a look into his work on OpenBSD and gives us amusing stories of how spamd works and how it actually fares in 'the wild.' The podcast lasts a whole 25 minutes, 59 seconds so it's long enough to occupy a meal or a small commute.

• OpenBSD 4.0 pre-orders are up!, undeadly.org, September 20, 2006
  One of the first mentions of 4.0 going on sale for pre-ordering (the official release date is November 1). Also gives a list of the many good things that have been added in 4.0, including many new device drivers, support for UltraSPARC III on sparc64, improvements to ipsecctl, a new RCS implementation, and much more. Includes a reminder to "show your support for the project by placing your pre-orders today!"

August, 2006

• OpenBSD/Xen boots multi-user, Recoil Blog, August 21, 2006
  Anil discusses his stewardship of a Google Summer of Code project in which Christoph Egger ported and revised some NetBSD code to make OpenBSD boot up natively as a guest operating system under Xen, the open-source hypervisor or "virtualization" system.

• Take a closer look at OpenBSD, IBM developerWorks, August 08, 2006
  Tim McIntire holds OpenBSD up as a beacon to UNIX users, calling it "quite possibly the most secure operating system on the planet." He talks about how the development process leads to greater security and how tools like OpenSSH make it out into the wider UNIX/Linux world. "OpenBSD might not have a huge user base compared to other UNIX-like operating systems, but it is installed at the most crucial points of many networks." Has a somewhat brief but effective discussion of installing the software, and ends with references to several papers and sites of interest.

July, 2006

• Founder breathes the Open air, The Age, July 18, 2006
  Subtitled "Hiking in exotic climes is a brain adventure for the founder of OpenBSD", this is as much about hiking and learning new symbols as about software, but our leader manages to do both, and bring both into the interview. The article quotes Theo as saying "Another major lesson I have learnt is that most people only care about things working for themselves, and thus it is very easy in a group to build poorly thought-out solutions. It is very simple to write small hacks and end up with unmaintainable systems in the long term." Describes the hackathons as an important part of the project's process and describes the funding issues as well.

June, 2006

• Alternatives to LAMP, informit.com, June 2, 2006
  While "Linux, Apache, MySQL and PHP" get most of the attention, there are alternatives to each that are, in some way, better. David Chisnal starts this article with a look at OS alternatives, and OpenBSD gets the most detailed coverage, including this: "When it comes to security, OpenBSD has a well-earned reputation as the operating system for the truly paranoid. The entire kernel and base system, including the OpenBSD fork of Apache, undergoes a constant auditing process. The OpenBSD attitude is that any bug is potentially exploitable, and when a bug is found by the auditing team the next step is to attempt to remove every single occurrence of that category of bug. This approach leads to an incredibly secure system." Also talks about our pioneering use of W^X and the "incredibly powerful and easy to configure" packet filter, pf.

• Microsoft adopts open-source security feature, OSDir.com, June 1, 2006
  Microsoft borrows one of OpenBSD's security features for Vista, stack/library randomization, under the name Address Space Layout Randomization (ASLR). "Until now, the feature has been most prominently used in the OpenBSD Unix variant and the PaX and Exec Shield security patches for Linux" (despite the article's title, there is nothing open-source about Microsoft's implementation).

May, 2006

• OpenBSD: wpi, A Blob Free Intel PRO/Wireless 3945ABG Driver, KernelTrap, May 28, 2006
  Damien Bergamini wrote OpenBSD's all-open-source driver for the Intel Pro/Wireless, a sharp contrast to other projects' bogus "open source" drivers that are just wrappers around a "binary blob" (source code not available, sorry) provided by the vendor. "His announcement came a little over two months after Intel released the controversial ipw3945 driver for Linux which included a binary-only daemon described as necessary for enforcing regulatory limits for the radio transmitter on the wireless device." Bergamini's work proves yet again that vendors don't have to obscure their products to make them useful.

• c2k6, Who's Who At the 2006 OpenBSD Hackathon, Part I and Part II, KernelTrap, May 28, 2006
  Jeremy Andrews visited our developers at the Hackathon and gives a brief but colorful summary of most of the team members: why they chose OpenBSD, how they got involved, what they do, and their plans for the week.

• Installing OpenBSD on Flash, Ping Wales, May 22, 2006
  David Chisnall shows how to set up an OpenBSD boot image for Soekris or PC Engines machines that boot from flash memory.

• Enterprise Unix Roundup: Whither BSD?, ServerWatch, May 5, 2006
  Amy Newman and Brian Proffitt state that the BSDs are often overlooked because of their limited commercial acceptance. The authors call this an unfortunate oversight, because recent releases of the freely available BSD flavors show significant technical improvements. As an example, they specifically refer to OpenBSD's sensor framework (introduced with 3.9). Newman and Proffitt also accuse big vendors of picking the nice parts from the BSDs' code and giving nothing back to the community in return.

• OpenBSD 3.9 Review, Software In Review, May 3, 2006
  Jem Matzan takes the 3.9 release out for a spin, and likes it. Noting that each release consists of a lot of small changes and some major improvements - and mentioning hardware support, sensors, and "blob removal" - he clearly thinks the project is doing a lot of things right. "Everything you get in the release is production-ready, secure by default... and comes with possibly the finest integrated documentation in the Unix-clone world. While you might find a poorly programmed driver or other base system component in other BSDs and GNU/Linux distributions, in OpenBSD if something is supported, it works."

• [GERMAN] Mozilla greift OpenBSD unter die Arme, Linux Magazin, Issue 06/06, May 2006, p. 18
  The German Linux Magazin has a short article about OpenBSD's financial situation and Marco Peereboom's call for donations on undeadly.org. The article further mentions how OpenSSH development is connected to OpenBSD.

• Interview: Theo de Raadt, KernelTrap, May 2, 2006
  Jeremy Andrews conducts a free-ranging interview, focused mainly on 3.9 and drivers, that gives Theo a chance to explain how the big North American chip vendors' business practices make it harder for open source projects, talk about "binary blobs" vs firmware in drivers, and more. There's also coverage of where the project is going up to and after 3.9 and where it might (or might not) go in the future, why doing things right (and running this project) is so important to Theo, and even why he does mountain biking!

April, 2006

• Mac OS X Password Implementation Compared to OpenBSD's, April 28, 2006
  Dave Dribin analyzes Mac OS X's password implementation and compares it with OpenBSD's: "The king of the hill has to go to OpenBSD, which uses a hash based on the Blowfish block cipher called bcrypt. The benefit of [bcrypt] is best stated on their website:

  The most important property of bcrypt (and thus crypt_blowfish) is that it is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. Already now bcrypt hashes you would use are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes.

  This is just plain cool."

• OpenBSD 3.9: Blob-Busters Interviewed, OnLAMP, April 27, 2006
  Federico Biancuzzi interviews several of the developers on improvements in 3.9: the continuing absence of "blob drivers", IPMI and sensors, apmd performance adjustment, Macs, rthreads, multicast, trunk, hostapd, and more. jsg clarifies the issue of "binary blob" drivers vs "firmware", and discusses the NVIDIA nForce Ethernet driver he did after NVIDIA did refuse to give out documentation; they can't stop us, but they can slow us down. The result: "There aren't any drivers in OpenBSD with binary-only components; this is quite a contrast to pretty much everyone else out there." marco comments on the IPMI work in 3.9, and adds: "IPMI is a standard, but there are vendors out there that have reading comprehension issues...". A long list of other developers explain their contributions and other changes that make 3.9 one of our best releases yet.

• [GERMAN] Stop BLOB!, UpTimes, April 25, 2006
  Wilhelm Bühler gives an overview in a short article about Blobs, what they are and why they are bad.

• Using OpenBSD, Software In Review, April 24, 2006
  Jem Matzan gives a brief overview of using the system. Covers ports and packages, use of SMP kernel, and more. Capsule summary of how our security policy affects the administrator: "Because it is secure by default, you may have to do more initial configuration with OpenBSD than with most other Unix and Unix-like operating systems, but you'll spend a lot less time securing it -- maybe no time at all, if you follow the instructions in the manual pages."

• Using OpenBSD on the desktop, NewsForge, April 21, 2006
  Considers the use of OpenBSD as a desktop operating system, starting with "Secure by default" - who wants to have their desktop hacked? - and continues: "OpenBSD's clean code and design also provide rock-solid stability. I used to have lots of problems and crashes with new versions of Linux (kernel 2.6.x) and FreeBSD (versions 5.x and 6.x). The main focus of OpenBSD developers is to provide programs that work ... [they] prefer to improve their code rather than just add more new features and end up with a bloated and unstable product." Covers X, ports/packages, window managers, what is and is not supported, and more. Final thought: "OpenBSD's clean design and remarkable stability, along with its proactive security, not only make OpenBSD a potential candidate for home desktop users but also every system administrator's dream come true for business environments."

• [FRENCH] JDN Développeurs interviews Damien Miller, JDN Développeurs, April 19, 2006
  Interview with Damien Miller, discussing OpenSSH security, the OpenBSD development approach, the problem of blobby drivers and the recent request for funding.

• Interview with developers Jonathan Gray and Damien Bergamini, Kerneltrap, April 19, 2006
  An interview with the authors of OpenBSD's new NVIDIA Ethernet driver. OpenBSD's policy forbidding binary driver blobs is discussed, and the developers give a good overview of how they went about implementing the new driver.

• GoDaddy.com Donates $10K to Open Source Development Project, The Hosting News, April 19, 2006
  GoDaddy.com, which claims to be "the Number One registrar of domain names worldwide", recently donated $10,000 to the OpenSSH project because, "according to the company, OpenSSH has become a staple of all free Unix and Linux operating systems in the world." They use it, and their customers use it, and they recognize the value of supporting an open source projects that is, as company CEO Bob Parsons says, "integral to online security".
  Similar articles at hostsearch.com and LinuxElectrons.com

• [FRENCH] Principles and usage of OpenSSH, Linux Magazine France, issue 82, April 2006, p. 28-33
  A 6 page article from Alexandre Courbot focuses on OpenSSH and its basics. It begins with an history of the different implementations, and is punctuated with examples. Tunneling features are described, as well as scp, ssh-agent, and sftp.

• [GERMAN] Mozilla Foundation spendet für OpenBSD, heise online, April 4, 2006
  Short article mentioning the donation the Mozilla Foundation made in support of further OpenSSH development. The article emphasizes the opportunity to wire money through the project's new European account - this one donation will not meet the project's funding needs for all time.

• [GERMAN] "OpenBSD mit finanziellen Problemen", c't 8/06, p. 45., April 3, 2006
  A very short article about OpenBSD's financial problems. They mention that this could compromise future hackathons.

March, 2006

• Interview with Theo de Raadt, DaemonNews, March, 2006
  Chris Silva conducts a lightweight but wide-ranging and fun interview with Theo on topics including "Puffy", the logos used by certain other BSD projects - Theo quips that "I really like how they make absolutely no statement at all" - what's new in 3.9, and of course project expenses. Theo notes that "The electric bill is about $100 USD per week". The interviewer nicely ends with a link to our donations page.

• Linux supporters fiddle while OpenSSH burns, The Jem Report, March 28, 2006
  This write-up focusses on OpenBSD/OpenSSH funding, and has some original legwork to go with it. Writer Jem Matzan took the trouble to contact many of the companies who charge a lot for products featuring OpenSSH and yet give nothing to OpenSSH in return. Companies like SCO, IBM, Apple, and Sun. Sun apparently did the worst job of responding: "Since the release of Solaris 10, who has been a larger open source software cheerleader than Sun Microsystems?", Matzan asks. "I asked Sun representatives what they would do if OpenSSH were to disappear. The only response I got was that there are parts of Solaris that compete with OpenSSH, and that because of this, the company would rather not comment further on the issue." What the Sun teleprompter-readers don't seem to realize - but Matzan does - is that SunSSH is OpenSSH. Or, at least, a mangled version of it... IBM, on the other hand, is still trying to formulate their response.
  

• Interview: Theo de Raadt of OpenBSD, NewsForge, March 28, 2006
  A wide-ranging interview with Theo about new stuff in 3.9, security, funding, "blob" drivers, and more. Theo notes that "We've had 10 years of nearly fanatical devotion to anything which can make OpenBSD more secure. A very important part of that is that we have not been afraid to completely overhaul anything even if it breaks backward compatibility. Secondly, when we have found a flaw in any part of the system we have assumed that the same mistake was made elsewhere, and gone on a hunt to fix them all. Thirdly, we have developed and incorporated a collection of methods that make software flaws very difficult to attack..." Ends by trying to shame the companies that use OpenSSH without contributing anything back - Sun is given especial mention here - and ends with the tantalizing line ".. if an OpenSSH hole is found that applies to SunSSH, Sun will not be informed. Or maybe that has happened already." Hmmmm.

• OpenBSD 3.9 adds sensor framework, ZDNet UK, March 24, 2006
  It's easy to focus on our project's security, but we innovate in other areas too. This article highlights the "sensors" framework added in 3.9 to provide and integrated approach to handling Dell PowerEdge servers' Embedded Server Management (ESM), IPMI, and in general temperature and environmental issues. "There is a significant new sensor framework [in OpenBSD 3.9], which supports voltage sensors, fan sensors, temperature sensors, and so on," said de Raadt. "Such a feature is still missing in Linux and other major operating systems." ... De Raadt has already been using the sensor framework to monitor the machines running in the project's server room. "I now get a call on my cell phone whenever something is wrong in the machine room,"

• Paying for free software may be the bargain of a lifetime, ZDNet UK, March 24, 2006
  Starts with a Theo quote from the previous article on ZDNet: "A culture of entitlement is starting to damage the open source community". The article argues that mega-computer-companies that use open source tend to use BSD: "The open BSDs may be less famous than Linux, but they are arguably superior in stability and security. This has made it popular in ISPs and elsewhere - Apple, for example, adopted BSD within OS X. BSD, unlike software released under the GPL, carrys no legal obligations for the adopter to provide anything for the community in return." Goes on to argue that these companies ought to be fair enough to send a small bit of their money back into funding open source. "In the time it takes to read this article, we calculate that Apple will have easily made enough to pay-off OpenBSD's annual losses, with a little left over to buy black turtlenecks for all. It's not just Apple's baby - other companies owe far more to OpenBSD - but in open source a little symbolism goes a long way."

• [GERMAN] OpenBSD muss an den Sparstrumpf, heise online, March 23, 2006
  OpenBSD is touching its savings - Small news article about the project's financial situation.

• OpenBSD Founder Makes Funding Plea, ZDNet UK, March 23, 2006
  One of the first mainstream sites to pick up on Marco's article (below), this one reports the funding figures on how much it really costs to produce our favorite operating system. "Although OpenBSD has a number of commercial users, including many ISPs, de Raadt claimed that all of its donations come from individuals rather than companies many of who claim the have no budget to pay for the operating system. "The culture of entitlement is starting to damage the open source community," he said."
  Also online at ZDNet India.

• OpenBSD in Financial Trouble, Ping Wales, March 21, 2006
  David Chisnall reports that "OpenBSD is one of my favourite platforms; its focus on security and ease-of-use makes it a very simple and safe system to use. Unfortunately, the OpenBSD organisation is now experiencing financial difficulty. For the last two years, the project has made a $20,000/year loss, something which it cannot sustain indefinitely." Goes on to report on the growing use of OpenBSD in commercial software (and hardware!), and that none of the "big guys" has given anything back. Unlike most of the articles on this topic, this one is kind enough to include a direct link to our orders page and recommend its readers to buy a copy of the CD to help fund the project.

• OpenBSD Project in Financial Danger, Slashdot, March 21, 2006
  Slashdot mentions and quotes from Marco's article (below), with a reminder that "The OpenBSD team is the one that also develops the OpenSSH suite, used nowadays almost everywhere." Ends with this quote from Marco: "Without naming entities or projects by name, there are others out there that are sitting on some cash. It would be wonderful if these entities could share some of the wealth to keep us going."

• OpenBSD Finances, OpenBSD Journal, March 21, 2006
  Marco Peereboom's article notes that "OpenBSD for the past 2 years has turned a loss of approximately $20K USD" per year. Hackathons - where a lot of developers get together in critical mass and churn out new ideas and new code in great quantity - cost from US$10K-30K each, and we try to run a few of them each year. Meanwhile, compananies that use OpenBSD and companies - many of them highly profitable - that incorporate OpenSSH into operating systems and even routers and other appliances have not been forthcoming: no major computer company has given funding to the OpenBSD project. It's time for them to do so.

• Software RAID on OpenBSD using RAIDframe, NewsForge, March 14, 2006
  "Software RAID provides an easy way to add redundancy or speed up a system without spending lots of money on a RAID adapter." Manolis Tzanidakis talks us through setting up RAID using OpenBSD. He describes the detailed steps, and recommends careful testing before putting the system into production, including taking one disk out of service and ensuring that it gets reloaded correctly. Ends with a technique for monitoring clean operation on an ongoing basis.

• Report on Business Television March 10, 5:45pm MST
  Theo de Raadt was interviewed by Howard Green on The Business Show:
  European mirror: Interview 35MB AVI file
  A longer segment is also available at www.robtv.ca.

• OpenBGPd in OpenBSD Daemon News, March, 2006
  Check out the notes and slides from Henning Brauer's presentation at NANOG 36; the text and questions cover everything from how and why OpenBGPd got created, through configuration and tools, to integration with pf and CARP, to technical issues regarding use of IPSEC to provide security for BGP packets. Along the way there's considerable discussion on how the program was designed to provide reliability and security.

February, 2006

• Zero to IPSec in 4 minutes Security Focus, February 28, 2006
  This article, as its lead-in says, "looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat". If you've shied away from setting up an IPSEC VPN because of config file complexity, now is the time to reconsider. Dragos Ruiu shows you how the ipsecctl command (introduced to the world in OpenBSD 3.8) makes it really easy to set up a VPN between consenting OpenBSD machines. He states that he and a colleague were able to get two machines talking over IPSEC in a few minutes, and only changing a few configuration files. He also comments on the relative ease of installing our favorite OS, and hopes that our ipsecctl will be adopted by the other BSDs (hopefully in a compatible way) to make firewall setups easier all around the network. But you don't need to wait for that if you're running OpenBSD 3.8; just follow the steps in the article.

• The Worm in the Machine Network Magazine India, February 2006
  Dilip Ranade elaborates on several reasons why software is drearily buggy and endlessly insecure, particularly in comparison with other technologies. Imagines how very bad shape the automotive industry would be in if you had to sign the same disclaimer of (non-)usability that almost every commercial EULA requires of computer users. Ends with "I once dreamt that all the computer users in the world arose in revolt and switched to hardened OpenBSD", though he admits that there's "fat chance" of it happening in real life.

January, 2006

• Kevin Mitnick on Coast to Coast AM Radio Show with Art Bell, Jan 28, 2006
  Art Bell interviewed Kevin Mitnick on his call-in show; Paul Zacharzewski from Edmonton called to ask Mitnick for his opinion of OpenBSD. If you don't want to download the whole show from coasttocoastam.com, you can listen to an MP3 excerpt of this call in which Mitnick says: "Well, I actually use OpenBSD, so I do like it".

December, 2005

• [GERMAN] Wehrhaft abtauchen - HA-fähige Firewall mit OpenBSD/PF, Linux-Magazin, December 2005
  High available firewall setups are considered as the high arts of network protection. Due to clustering the network stays online even if one firewall fails. This article from Stephan A. Rickauer (Institute of Neuroinformatics, ETH / University Zurich) shows how well OpenBSD/PF performs in comparison to the well-known duo Linux/Netfilter.

• OpenSSH cutting edge SecurityFocus, December 19, 2005
  Federico Biancuzzi interviews OpenSSH developer Damien Miller to discuss features included in the upcoming version 4.3, public key crypto protocols details, timing based attacks and anti-worm measures.

• Creating Secure Wireless Access Points with OpenBSD and OpenVPN NewsForge, December 13, 2005
  A cookbook approach to setting up a wireless interface as a secure Access Point using OpenBSD's hostap, pf, and authpf. Configuration examples are given with basic explanations and links to sites with more information on most topics.

November, 2005

• OpenBSD Goes to Venice, OpenBSD Journal, November 16, 2005
  "What happens when you put a dozen developers on a little island with their laptops, power, and an internet connection?
  During the first week of November some OpenBSD developers met in a little island in Venice's lagoon to hack on the ports system. This was probably the first ports hackathon and was followed by OpenCON, a European conference fully dedicated to OpenBSD..." Great coverage of the OpenBSD Porting Hackathon: people, ports, beer, ... Contains a link to pval's summary slides.

• Trying out the new OpenBSD 3.8, NewsForge, November 11, 2005
  This article describes the installation of OpenBSD 3.8 from a Linux user's perspective, noting the simple elegance of the installer. Although the installation process may be hard to get used to at first for the average Linux user, the author tells us that one can learn a lot from it. Furthermore, the article clears up the common misconception that working on an OpenBSD system is very different from working on a Linux system. In particular, the author states that on OpenBSD, "virtually the entire catalog of familiar free and open source software titles is available through the packages and ports system".

• Return of The BSDs, internetnews.com, November 3, 2005
  This article mentions that with all three major BSD flavors having had a release this fall, BSD is "still very much alive and kicking among all the noise and buzz created by Linux". The author talks about various new or improved features of 3.8, such as bioctl(8), hostapd(8), network interface aggregation and sasyncd(8), and there are some quotes from Bob Beck.

• OpenBSD 3.8 improves hardware support, ZDNet UK, November 1, 2005
  This article reports on OpenBSD 3.8, which was released on November 1. The author gives an overview of the improvements and new features that were made with 3.8, and quotes Theo on RAID management and Linux.
  The 3.8 release hit the news also in some other places: Slashdot and OSNews also report about it, mostly repeating parts of the release ANNOUNCEMENT.

October, 2005

• 'Nightmare' drove desperate user to open source, Computerworld, October 24, 2005
  A great tale of how Mark Uemura of PricewaterhouseCoopers Japan was forced to move to OpenBSD because the alternatives were too costly and too unreliable. This quote will rattle some cages: "IT managers who want to deploy an open source solution but are worried about company politics should go ahead and do it without asking," according to Uemura, who was promoted to IT Manager of PWC Japan after saving the company seven IT-samurais' salaries. Further, "In Japan large organizations like Morgan Stanley and the Bank of America have moved all their backend systems to open source, Uemura said, because with open source you can reduce IT operating costs without any commercial lock-in."

• OpenBSD 3.8: Hackers of the Lost RAID, ONLamp.com, October 20, 2005
  Federico Biancuzzi interviews several OpenBSD developers about the new features in OpenBSD 3.8 including interface trunking, internationalization support, Inter-Access Point Protocol (IAPP), IPSec SA synchronization daemon, and RAID management. There is also some discussion about future plans.

• OpenBSD's network stack, SecurityFocus, October 12, 2005
  Federico Biancuzzi interviews several OpenBSD developers about OpenBSD's network stack, including protection against ICMP attacks, and propagation of enhancements into other BSDs and into Linux. The interview also features the other protection mechanisms in the network stack, a comparison to the network stack in Linux, and the history and current status of OpenBGPD.

September, 2005

• Security-related innovation in Unix, SecurityFocus, Sept. 28, 2005
  An article examining the mmap-based malloc() implementation to be included in OpenBSD 3.8. The author states that "it will help OpenBSD users to find bugs in software more easily, which will result in better applications for everyone". He goes on to say that "the more hurdles that one has to jump through for good security, the less likely people will go through the trouble. OpenBSD allows even the most inexperienced users to take advantage of these technologies without any effort".

• [FRENCH] Champ libre : les chantiers OpenBSD Misc, number 21, Sept/Oct, 2005, p. 4-14
  An interesting article about OpenBSD and associated projects. Saad Kadhi and Guillaume Arcas describe useful things you can do with PF and OpenSSH, and give a nice introduction to OpenNTPD and OpenCVS. If the article is focused on the presentation, you can find some interesting technical aspects people are not always acquainted to. A few examples are shown, like a basic CARP setup, or the manner to use multiplexing with OpenSSH and even how to check an OpenSSH server's keys using DNS.

• Big debate over small packets, SecurityFocus, Sept. 7, 2005
  Robert Lemos discusses the ICMP denial-of-service vulnerabilities found by Fernando Gont and fixed in OpenBSD. To date, OpenBSD is the only system that has implemented all of the fixes recommended in the IETF draft.

• [FRENCH] "Quel est le meilleur système libre pour votre ordinateur ?", PC Expert, number 156, p. 42-62
  Philippe Roure compares 11 Linux and *BSD operating systems, including OpenBSD 3.7, on different criteria such as security, documentation and usability. OpenBSD earned a 5/5 mark (see pages 60-61) and while a mark isn't necessarily objective, the author seems to grasp the OpenBSD project, its goals, and how good is the operating system. The article includes an interview with Saad Kadhi.

• Monitoring PF Firewalls for Health and Performance, Sys Admin Magazine, Volume 14, Number 9, p. 37
  Ryan Matteson describes several utilities that can be used to monitor the health and performance of a PF firewall. Besides pfctl, the article covers pftop, fwanalog, monitoring logs with tcpdump and graphing performance data with pfstat.

July, 2005

• Feature: OpenBSD Hackathon 2005, Part III, Kerneltrap, July 6, 2005
  Jeremy Andrews writes about the recent Blind ICMP attacks discovered by Fernando Gont, and the fixes done by him and OpenBSD during the 2005 Hackathon. The article goes into the technical background of the attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source quenching, and path MTU discovery; many helpful RFCs and technical papers are linked from the explanations. This is followed by a recap of the whole ICMP story, involving Gont's struggle with other free projects, Cisco lawyers, Microsoft people, and others.
  The article concludes that OpenBSD was the first project to take Fernando Gont's findings seriously, and also the first group to be really painless to work with.

• Security meltdown: who's to blame?, The Register, July 6, 2005
  This article talks about various groups that are frequently blamed for poor security: individuals, ISPs, companies, crackers, security mailing lists, and last but not least: OS vendors! In the last paragraph, OpenBSD's style of "dumbed-down, simplified and secure systems (with a heavily audited code base)" is described as "one of the smartest approaches to security".

• Theo de Raadt on Industry and Free Software, The Epoch Times, July 5, 2005
  In this interview, Theo talks about the inception of the OpenBSD project and its goals, as well as its impact on the commercial IT industry. He points out once more that "vendors who incorporate OpenSSH have given us absolutely nothing back - not a cent". Other topics covered include the OpenBSD team, Theo's role as "benevolent dictator", and the security process, which he compares to the security efforts led by other free software projects and some commercial vendors.

June, 2005

• The true cost of computer crime, EurekAlert / New Scientist Magazine, issue June 25, 2005
  This article looks at computer crime, especially the way upcoming vulnerability reports are dealt with. It also gives a short overview of the institutions involved in the process (vendors, free projects, CERTs).
  The author mentions the work of Andy Ozment, who researches vulnerability disclosure at the University of Cambridge. Using OpenBSD as a good example of how disclosure and consequent fixing of bugs helps to strengthen security, he refutes the widely spread FUD that disclosing vulnerabilities leads to more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs and note when fixes were published; his research shows that "the number of vulnerabilities decreases as a result of disclosure".

• Free Bird, Forbes, June 16, 2005
  (Registration required) A second Forbes article about OpenBSD, more focused on the project itself this time. It contains good description of the history of OpenBSD along with its prime motivations. Mention is made of the DARPA grant and the annual hackathon. Theo's motto "shut up and hack" finally becomes famous in this piece and there are some other very insightful quotes such as "All I care about is making high-quality code. If I had to work at a regular job, it would drive me nuts". This is certainly an astute and perceptive article, well worth reading. Do note that the big picture of Theo's machine room will only be available in the print edition.

• Is Linux For Losers?, Forbes, June 16, 2005
  An interesting article, if somewhat polemic in tone, which raises questions about the quality of Linux code compared to OpenBSD. There is also some short discussion of the OpenBSD development model and focus (push for quality above everything else) including good quotes from Theo. It seems that the need for high quality software is beginning to be recognised by the mainstream.

• BSD cognoscenti on Linux, NewsForge, June 16, 2005
  NewsForge talks with Theo de Raadt and NetBSD's Christos Zoulas about the similarities and differences between the Linux kernel and the BSD operating systems. The questions asked were similar to those asked of Linus Torvalds in a previous interview.

• A good morning with Theo de Raadt, Tux Journal, June 2, 2005
  Brief but wide-ranging interview with Theo in which our leader opines about the good things in 3.7: "The list of new developments is impressive, but in my view not nearly as impressive as the small little details that continue to be fixed during each development cycle." And modestly credits all the developers for the project's continuing success, attributing it to "The passion of the developers, and the wide experience they bring into their development efforts. By amazing coincidence, our users typically have the same needs as we do." Manages to sidestep getting drawn into comparisons with Linux, e.g., when asked if he likes it/why/why not, deftly replies "I have never used it."

May, 2005

• Feature: OpenBSD Hackathon 2005, Part II, Kerneltrap, May 28, 2005
  In the second installment of Kerneltrap's Hackathon 2005 feature, Jeremy Andrews speaks with the pf developers at length about their plans for future enhancements.

• TV coverage: OpenBSD hackathon, CTV/CFCN, May 27, 2005
  A TV spot done a Canadian national TV station about the Calgary hackathon this year, with 60 developers.
  North America mirror:
  • Intro
  • spot 1
    
  • spot 2
  European mirror:
  • Intro
  • spot 1
  • spot 2
    

• Feature: OpenBSD Hackathon 2005, Part I, Kerneltrap, May 27, 2005
  Jeremy Andrews of KernelTrap does a good job of describing what it's like to be at the Hackathon in Part I of KernelTrap's Hackathon feature. Several developers are interviewed in detail about what they are working on.

• OpenBSD Hackathon 2005: Day 6?, Kerneltrap, May 27, 2005
  Kjell Wooding describes a typical day at the Hackathon in this entertaining first-hand account.

• Review: OpenBSD 3.7, NewsForge.com, May 20, 2005
  "OpenBSD is not only highly polished and easy to configure because of its documentation, it's also totally free-as-in-rights. With an obsession with security, freedom of source code, and quality of programming technique, OpenBSD 3.7 continues the legacy established by its previous releases," writes Jem Matzan in this nice, small review.

• OpenBSD 3.7: The Wizard of OS, ONLamp.com, May 19, 2005
  Federico Biancuzzi interviews several OpenBSD developers about the new features in OpenBSD 3.7, including new wireless chipsets, new spam-fighting features, zaurus, pf improvements, propolice, and many other things. A good overview of what's new in this release, plus some interesting comments about future direction.

• Next incarnation of OpenBSD released, Ping Wales, May 19, 2005
  "OpenBSD is often unjustly overlooked as a free UNIX-like system in favour of the more-hyped Linux. While it receives a lot less publicity than other operating systems, this is not due to lack of technical merit." says David Chisnall, in what is a clear and concise overview of the new features in 3.7 and indeed the project as a whole.

• 2005 Calgary Hackathon, KernelTrap Coverage, Kerneltrap, May 16, 2005
  A great article about the annual OpenBSD Hackathon, detailing how the event functions, work done at previous Hackathons and features which may come out of this one. Includes many relevant quotes from developers themselves, and of course information about the legendary Hackathon BBQ!

• "Failover Firewalls with OpenBSD and CARP", Sys Admin Magazine, Volume 14, Number 5, p. 33
  Jason Dixon discusses the history of the CARP and pfsync protocols and demonstrates using them to create redundant stateful firewalls with OpenBSD.

April, 2005

• Security guru wants access to bug databases, ZDNet UK, April 21, 2005
  Ingrid Marson reports on Cambridge professor Ross Anderson's call for analysis of software maintenance records to determine whether open source code is more secure than closed source, as we have long contended. "One of Anderson's research students, Andy Ozment, has already done research using empirical data on bugs found in the open source operating system OpenBSD between 1997 and 2000. This research found that finding and fixing bugs results in a more secure product..." Just as the OpenBSD project has been saying for years.

  This article can also be found online as Academic calls for better bug tracking (uk.builder.com).

• [FRENCH] "PC Expert", number 152, p. 58
  Very short interview of Marc Espie about OpenBSD as a free OS focusing on security, part of a larger dossier «les secrets des hackers».

• [GERMAN] "Doppelwacht", iX 5/2005, p. 150.
  Stephan Tesch gives an introduction to CARP and using a pair of OpenBSD boxes as Firewalls in High Availibility scenarios. He goes on explaining CARP and pfsync protocols, and does not forget to cover the issues we had with IETF.

March, 2005

• OpenBSD's "Out of the Box" Wireless Support, Kerneltrap, March 8, 2005
  This article is about the upcoming wireless support in OpenBSD 3.7 and the outcome of the work to open wireless chipsets. Jeremy Andrews talked with Theo de Raadt and the developers Damien Bergamini and Reyk Floeter who did some efforts to implement free and functional drivers.

• OpenBSD to support more wireless chipsets, The Age, March 1, 2005
  "The forthcoming 3.7 release of the OpenBSD operating system has added support for five more wireless chipsets, according to OpenBSD project founder Theo de Raadt... OpenBSD 3.7 will also have have new drivers for Intel wireless parts that do not work without the non-redistributable firmware," namely the Intel PRO/Wireless 2100 IEEE 802.11B and 2200BG/2225BG/2915ABG IEEE 802.11A/B/G wireless network adapters. Mentions OpenBSD's activism in getting vendors to release chip specs. Referring to vendors that still refuse to play ball with open source projects, quotes Damien Miller as saying "Given the number of appliance devices that are built on free OSs, I think that the recalcitrant vendors are missing an important boat."

February, 2005

• Theo de Raadt presented with the 2004 Free Software Award, FSF, February 26, 2005
  The Free Software Foundation awarded Theo de Raadt their "2004 Free Software Award" for his unwavering commitment to free software. Most recently he has been fighting hardware manufacturers for free redistribution of wireless card firmware. Similar articles can be found online at:
  • Theo de Raadt presented with the 2004 Free Software Award, Tectonic.za, March 3, 2005
    
  • De Raadt gets free software award, OSDir, February 28, 2005
    
  • De Raadt gets free software award, The Age, February 28, 2005
    
  • Theo de Raadt gets 2004 FSF Award, Slashdot, February 27, 2005
    

January, 2005

• Systrace in OpenBSD, informit.com, January 28, 2005
  This article talks about our systrace systrace(1) mechanism: what it is and why and how to use it, with examples. Another excerpt from the book Secure Architectures with OpenBSD by Brandon Palmer and Jose Nazario.

• Overview of OpenBSD, informit.com, January 21, 2005
  "OpenBSD is one of the most secure and well-designed operating systems available today. It has its roots in countless hours of research and development based on some of the best UNIX flavors of the past, and it boasts all the features of modern operating systems. The OS is widely considered one of the most secure general-purpose operating systems available today and it supports many key parts of the global Internet infrastructure..." This article is a sample chapter from Secure Architectures with OpenBSD by Brandon Palmer and Jose Nazario.

• OpenBSD operating system, PCPlus.co.uk, January, 2005
  Paul Grosse gives a brief tutorial on installing OpenBSD on i386 for people moving in a Windows->Linux direction, encouraging them to go a bit further for security. "While Linux out-scores Windows substantially (or completely) on [security as well as many other issues], it's still possible to use a more secure operating system on the PC... OpenBSD." Gives a brief but understandable walkthrough on the installation process, right up to downloading and installing the third-party packages, and ends with a sidebar on security.

December, 2004

• What are the real vulnerabilities of Linux? NewsForge.com, December 6, 2004
  Several security consultants were asked about "the real vulnerabilities of Linux". Cybersoure CEO Con Symaris seems to get it better than the rest: "One needs to approach security as a prime requirement and motivator, much as the OpenBSD team do," Zymaris said... "The Linux community mindset is different. Linux development is dynamic and races ahead towards more and broader functionality, drawing a multitude of interested parties in to make interesting extensions and adaptations at a rapid rate."

  "In order to do security the BSD way, however, much more effort needs to be spent auditing code for holes, which is much less sexy, and attracts a different set of coders," Zymaris added.

• Closed Source Hardware Security Focus, December 1, 2004
  Symantec Threat Analyst Jason Miller analyzes the potential security threats when hardware vendors won't provide device documentation and instead provide "binary only" driver code for inclusion in open source operating systems. Miller is an open-source fan who says he uses a variety of systems, including OpenBSD on his firewall. Of the recent trend to closed-source binary drivers for open-source systems, he writes:

  The closed-source component required to support this hardware is completely independent of the associated operating system, and as such, is also independent of the engineering team, security team, auditing process, and quality control procedures normally related to the operating system...
  What's possibly even more disturbing is that we're talking about a chunk of code in the operating system, running with the highest possible level of privilege (the kernel), which is supplied by a third-party vendor. This code could do anything once loaded, including leaking active WEP keys, gathering usage statistics, sniffing and disclosing traffic, and it could even introduce a subtle backdoor into the operating system itself (much the same as any device driver in a closed source operating system).
  [A]lthough some of these scenarios are a little far-fetched, the possibility for them to exist is there... Ultimately it becomes an issue of trust, which is a cornerstone of good security: whom do you trust, and how much do you trust them?

  And he comments that trust "seems to be a one-way street": vendors demand that you trust them, but they won't trust you to know how their hardware and software operates. This lack of trust is one reason why OpenBSD has recently completed reverse-engineering the Atheros wireless chipset driver that was originally provided as a binary insert.

November, 2004

• Review: OpenBSD 3.6 Widens Its Scope eWEEK, November 22, 2004
  Jason Brooks reviews OpenBSD 3.6, and likes the changes it brings, including the multi-processing support which, he notes, "will be even more important as multicore processors--which occupy space on the road maps of Intel, AMD, Sun Microsystems Inc. and others-- become more prevalent." Comments favorably on OpenNTPD ("the three-line configuration file we needed to modify ... on OpenBSD was much simpler to deal with than the equivalent configuration file on the Linux systems we've tested"). Overall a favorable review of some of the new stuff in 3.6.

• Review: OpenBSD 3.6 shows steady improvement NewsForge, November 17, 2004
  Jem Matzan reviews OpenBSD 3.6, and is impressed by the professional way OpenBSD is developed and released: "... it's released on time with few problems and it does exactly what it claims to do".

• Intel says no to permitting firmware redistribution misc@, November 8, 2004
  Theo recounts the struggle to get Intel to provide redistributable versions of the firmware for their wireless chipsets, and their ultimate refusal to allow OpenBSD to redistribute the chipsets' firmware. Includes a caveat about Intel's disingenuous "FAQ", typical of many corporate FAQs that answer questions nobody actually thought to ask, and don't truthfully answer the questions you want hard answers to. At the end Theo names the names (and their emails) that need to be contacted by large numbers of end-users and developers if Intel is to change (yes, this is a hint). Of interest is that this posting to one of our mailing lists was picked up on the Screaming Electron Forum and from there reported on SlashDot, where it is accompanied by a link to SlashDot's paper on effective advocacy (be firm, but also be polite).

• OpenBSD Works To Open Wireless Chipsets Kerneltrap, November 2, 2004
  A good summary of the battle on the wireless firmware front, including an interview with Theo de Raadt that answers questions about the significance and rationale behind the current efforts.

October, 2004

• Activism Pays Off for OpenBSD, The Age, October 29, 2004
  Favorable report on the project's continuing efforts to get hardware vendors to release documentation and/or binary code under reasonable conditions so that we can include drivers in the system. Names companies that have been naughty and nice, and warns the non-responsive companies that the activism will continue (registration required).

• OpenBSD 3.6 Live, ONLamp.com, October 28, 2004
  "There is a mounting excitement for the upcoming OpenBSD 3.6 release, as it is the first release that supports multiprocessor systems." So saying, Federico Biancuzzi interviewed several OpenBSD developers to discuss their current contributions and future plans. Provides interesting social notes, and a good overview of a lot of the important changes in 3.6.

• Integer overflows - the next big threat, The Malaysia Star - TechCentral, October 26, 2004
  Interview with Theo after HITBSecConf 2004. "The next big problem the IT security community faces is integer overflow attacks... because the community currently can't see a clear method to circumvent future vulnerabilities" that might arise from integer overflows... Talks about the security improvements in OpenBSD such as stackguard and propolice. Nice quote on the art and science of programming: "Technology is getting sloppier. Sometimes art is taken too far and that's when the science falls apart."

• Which platform will save you from the nasties?, The Age, October 19, 2004
  Starts with the question:

  "... which is more secure - Windows or Linux?
  A snide answer is OpenBSD, which has an exemplary record with respect to security. But let's stick to the two most broadly used platforms in IT today.
  Microsoft's hired analysts claim that Windows is more secure than Linux. Should we believe them?"

  Not surprisingly, the answer is in the negative. Good discussion on why Microsoft's OS is still not really secure. Ends with the conclusion that, if you must use MS-Windows, do so, but have another computer running an OS "which has a lower-risk profile" for your mail, web and other online activities. That could be OpenBSD (registration required).

• Simple Simon, Only Punjab Business News, October 17, 2004
  Report on Lok Technologies and its founder Simon Lok, a 26-year-old with three Masters degrees and most of a PhD. Lok's current product is a box for Wireless ISPs (WISPs) that includes registration, administration, routing/firewall, and more. Of course the "Airlok" is based on OpenBSD. J. Russ Grant, technical manager at American Airlines, likes the Airlok:

  because it takes a "tough love" approach; when it spots a virus on a computer, it automatically blocks that machine, "blackholing" the user, and notifies Grant... "The Airlok has the best firewall I have ever seen," says Grant, who believes the product could even change the Web itself. "Imagine if Comcast or other ISPs started using Airloks. If someone got a virus, the system would just shut that person down before it could spread. This could make hackers obsolete."

  Maybe a bit of hyperbole, but the product does look good, and serves as an example of what you can do with OpenBSD as a base.

• Staying on the Cutting Edge, The Age, October 6, 2004
  Fascinating interview with Theo, not just about OpenBSD but how he got started in computers and came to know and love BSD, and how the project got started. "Despite the impression generally given out that the founder of the OpenBSD project is a person who is inclined to be anti-social, I find him to be nothing but warm and friendly...". Ends with some interesting dark comments about the lack of support for OpenBSD from hardware vendors, and how the project gets so much done in spite of it (registration required, but worth it).

• As seen in The Power of Many, Portland Communique, October 6, 2004
  The Portland Communique is a small, localized e-zine with an average readership of about 6,000 per month in the Portland, Oregon area. Communique's publisher is cited in The Power of Many, Christian Crumlish's book about the web, saying "On the technical end, Communique runs via Movable Type on an OpenBSD box in my apartment, served over a DSL line."

• Schneier: Security outsourcing widespread by 2010, SearchSecurity, October 5, 2004
  Brief interview with Bruce Schneier of Crypto-Gram fame, in which he mentions OpenBSD favorably yet again:

  There's lots of open-source software out there that no one has analyzed and is no more secure than all the closed-source products that no one has analyzed. But then there are things like Linux, Apache or OpenBSD that get a lot of analysis. When open-source code is properly analyzed, there's nothing better.

September, 2004

• Protecting the Perimeter With OpenBSD, ServerWatch, September 30, 2004
  Reasonably positive review of OpenBSD 3.5 in the context of other UNIX-like systems. Favorite line: "In the Unix-like family, OpenBSD is akin to the crazy, paranoid uncle. Not necessarily in a bad way."

• Going further to stop hackers The Star TechCentral. September 28, 2004
  An article sprinkled with quotations from our globetrotting Theo de Raadt as he prepares for his talk at the Kuala Lumpur Hack-In-The-Box Security Conference (HITBSecConf2004). At one point, the article states:

  Just as brilliant scientists are capable of making spelling mistakes, brilliant coders can also make fatal mistakes in their software perhaps because writing good software is both a science and an art.

  And then quotes Theo as saying:

  "Also, more people in the coding community are writing code, while fewer are reading or auditing code."

• OpenSSH marks its fifth birthday The Age. September 28, 2004
  Not only is OpenSSH now five years old, but it now commands an 88% market share. Article includes a brief history of the OpenSSH project (registration required).

• OpenBSD's Theo de Raadt talks software security, Computerworld. September 10, 2004
  An interview with Theo de Raadt touching on the source of security problems, prevention techniques, and what OS vendors are doing wrong.

• OpenBSD: Maintaining the quality mindset, ZDNet Australia. September 3, 2004
  Interview with Theo de Raadt about quality control in OpenBSD. This article also talks about the release cycle of OpenBSD.

• SMP-capable OpenBSD 3.6 set for November, Computer Business Review Online. September 2, 2004
  Very positive article that highlights things as OpenBSD ships SMP capable kernel on amd64 6 months ahead of SUN and other vendors. It also discusses the new possibilities to deploy OpenBSD in a bigger iron playground.

July, 2004

• Review: Secure Architectures with OpenBSD, Unix Review, July, 2004
  UNIX luminary Peter Salus reviews the book Secure Architectures with OpenBSD by Brandon Palmer & Jose Nazario. "I view OpenBSD as the most secure operating system available. It certainly has far fewer holes than Windows, and fewer than any flavor of Linux I've looked at... Most of the chapters (e.g., XWindow, DNS, etc.) are very fine; the emphasis on security is thorough and well-instantiated. The frequent code examples are appropriate and enlightening. On an information level, Palmer and Nazario are very good." His only criticisms have to do with production issues: incomplete copy editing by the publisher leading to un-explained acronyms, poor cross-referencing and even spelling/wording errors. Overall he seems to like the book (and the operating system, of course).

• Review: OpenBSD 3.5, NewsForge, July 22, 2004
  Jem Matzan "really enjoyed using OpenBSD 3.5 for the review".

• OpenBSD Project Releases OpenNTPD, Slashdot, July 17, 2004
  Announcing OpenNTPD, including a quick review.

• OpenBSD - For Your Eyes Only, DistroWatch, July 7, 2004
  Robert Storey reviews OpenBSD 3.5, concluding: "The world owes a debt of gratitude to Theo and his crew for creating OpenBSD."

• [GERMAN] GeNUA moves to OpenBSD
  German security company GeNUA moves its firewall product line "GeNUgate" from BSD/OS to OpenBSD.

June, 2004

• The Gift Economy and Free Software, NewsForge, June 5, 2004
  Jem Matzan explores the "gift economy" that has become more prevalent. Contains snippets from Theo de Raadt about why OpenBSD exists and some details on how funds are dispersed.

May, 2004

• OpenBSD 3.4/3.5 for SPARC64 Addendum, OSNews.com, May 26, 2004
  Tony Bourke updates his April 29 piece (see below) for 3.5. After overcoming some issues in getting MySQL going using ports and packages, he runs performance measurements, and finds OpenBSD faster than FreeBSD in several tests, albeit slower on inserting large number of SQL records. Despite various grumblings about the system (some of which are misunderstandings), he does conclude that it is "a useful system and would make a good development system in addition to a great firewall/router."

• Secure by Default, SecurityFocus, May 13, 2004
  Jason Miller of SecurityFocus showers praise upon OpenBSD's policy of "Secure by Default" and recommends that other vendors adopt this mentality.

• OpenBSD: Cisco Applies For Patents To Secured TCP, KernelTrap, May 11, 2004
  Before Jeremy even had a chance to post part II, he speaks again with Theo de Raadt about the trappings of the IETF, patents and Cisco. The history seen in the OpenBSD's development of CARP to counter VRRP is apparently repeating itself. The difference being, this time OpenBSD already had existing solutions to TCP stack implementation weaknesses prior to a proprietary vendor attempting to patent such a fix.

• Feature: Understanding TCP Reset Attacks, Part I, KernelTrap, May 10, 2004
  Using OpenBSD and discussions with Theo de Raadt as a reference point, Jeremy Andrews of kerneltrap.org begins a two part series discussing the technical details behind TCP reset attacks.

• OpenBSD PF Developer Interview, Part 2, ONLamp.com, May 6, 2004
  Federico Biancuzzi of onlamp.com concludes his interview with various OpenBSD developers discussing their work on PF and future goals.

April, 2004

• OpenBSD 3.4 SPARC64 Edition, OSNews.com, April 29, 2004
  Tony Bourke explores using OpenBSD on his Sun Ultra 5 while comparing and constrasting performance and features that exist on other operating systems available for sparc64.

• Diskless, Low-Form-Factor OpenBSD Systems, ONLamp.com, April 29, 2004
  Michael Lucas continues his series of articles on OpenBSD and Soekris devices. This time describing how to make use of tftpd, dhcpd, rarpd and NFS to accomplish booting OpenBSD without using a local disk.

• CARP your way to high availability, NewsForge, April 16, 2004
  This write-up of OpenBSD's new Common Address Redundancy Protocol (CARP) covers its origins in Cisco's patent nonsense, then moves on to what it does: CARP provides sharing of an IP address among several hosts on the same network to provide failover and limited load balancing. Gives enough technical detail to get you started using it. Quote: "Some of you with highly redundant and fault-tolerant hardware may think CARP won't help you. Think again... think of how nice it would be to patch and reboot during normal business hours instead of at 2 a.m. Think about not having to balance doing system upgrades against taking an entire building offline. Think about hot-testing new technologies while knowing that, if things just don't work out, your old solution is simply a halt away."

• OpenBSD PF Developer Interview, ONLamp.com, April 15, 2004
  Federico Biancuzzi of onlamp.com interviews Daniel Hartmeier, Henning Brauer, Mike Frantzen, Cedric Berger, Ryan McBride, and Can Erkin Acar about PF, their work with it, and what's new and cool in OpenBSD 3.5.

• Interview with Ryan McBride, KernelTrap, April 7, 2004
  In this interview conducted by Jeremy Andrews, Ryan McBride discusses the new CARP and pfsync protocols which allow for firewall failover, and covers the ongoing struggle with the IETF for truly open standards unencumbered by patents.

March, 2004

• Intel cribbed x86-64 tech 'from AMD documents', The Register, April 7th, 2004.
  Quotes Tom Halfhill in Microprocessor Reports as saying that Intel developed its 64-bit extensions to the 32-bit x86 instruction set by "reading AMD's pre-release documentation". After detailed comparison of AMD's 64-bit products and Intel's clone of them, "In every case," Halfhill concludes, "we found Intel had patterned its 64-bit x86 architecture after AMD64 in almost every detail." Quotes the OpenBSD team as saying "We've tested the Intel x86 64-bit stuff, and it works for OpenBSD. But it's nasty, because they left out the NX (non-executable) bit in the page tables." Maybe there was a page missing from Intel's photocopy of AMD's documentation.

• Microsoft Preparing to Release Code to Open Source, Computer Business Review Online, March 30, 2004.
  An article about how Microsoft is looking to release portions of their non-core code (non-OS portions) under their "Shared Source" license. Some discussion of how Microsoft has been shipping free software in their Unix Services for Windows product, which includes OpenBSD source code.

• An Interview with OpenBSD's Marc Espie, ONLamp.com, March 18, 2004.
  A really good and colorful interview with Marc Espie. The interviewer gets Marc to list his areas of contributions to the project, but soon it gets around to methodology, how we differ from other open source OS projects (quote: "Evolve the OS, not Revolutionize it. This is in violent contrast to Linux."), how each release of gcc is slower than the previous, the ubiquitous licensing wars (and the GPL'd stuff we've replaced by BSD-licensed), future plans, and so on. Marc is careful to credit a number of the other developers for their work on the system.

• Homemade Embedded BSD Systems, ONLamp.com, March 11, 2004.
  The start of a short series of articles on putting OpenBSD on the Soekris device, a small x86 based PC device. Using the NET4801 device, the author pares down OpenBSD for installation on a CF storage device. A list of resources are available, too.

• [GERMAN] Apparently insecure, analysis of Windows 2000, Linux and OpenBSD sourcecode, iX 04/04, p. 14.
  A small article describing the results of examining Windows 2000, Linux and OpenBSD source code using Flawfinder. "OpenBSD is ahead, Flawfinder finds a surprisingly small number of potentially dangerous constructs. The source code audit by the OpenBSD team seems to pay out. Additionally, OpenBSD uses the secure strlcpy/strlcat by Todd C. Miller instead of strcpy etc."

January, 2004

• Banks' use of IIS scary, ComputerWorld, January 30, 2004.
  A brief but solid mention of OpenBSD. After examining how many Australian banks use IIS on Windows, web server security is examined. The article ends with a priceless quote, "I recommend OpenBSD for Apache as it can't be overlooked for edge security and there is no such thing as viruses for it."

• Fosdem Interview: Henning Brauer, Fosdem 2004, January 6, 2004.
  A brief interview with Henning Brauer conducted as the Fosdem conference approaches. Henning talks about changes in 3.4, in -current, and the BGP daemon he's been working on for the past few months.

October, 2003

• Outside Looking In: The BSD Operating Systems, eWeek, October 31, 2003.
  A commentary on all of the BSDs and what kind of commercial success they've enjoyed. While Steven J. Vaughan-Nichols notes that Linux is easier to install and configure than the freely available BSDs, he does continually praise them, especially OpenBSD.

• VIA wows with nano-sized x86, entropy-based security, tiny PCs, LinuxDevices.com, October 15, 2003.
  Another article which extracts heavily from the VIA press release and includes a quote from Theo de Raadt about OpenBSD support for the processor. Additionally, it shows a photo of the processor next to a US one cent coin and an Intel Pentium M processor, illustrating its small form factor.

• VIA Unveils New NanoBGA VIA Eden-N Processor, World's Smallest & Lowest Power Native x86 Processor with Industry's Most Advanced Embedded Security Features, Press Release, October 14, 2003.
  VIA announces a new small, low power native x86 processor with an integrated multi-mode AES implementation. Theo de Raadt is quoted as saying, "There's just no way to describe how happy we were to find such an inexpensive, blazingly fast, and correctly operating device as the VIA Eden-N processor's Padlock ACE ..." OpenBSD 3.4 has support for this processor and its integrated cryptographic engine.

  This article can also be found online at:

  • VIA Unveils New NanoBGA VIA Eden-N Processor, Worlds Smallest & Lowest Power Native x86 Processor with Industrys Most Advanced Embedded Security Features, HardwareZone.com, October 14, 2003. (somewhat shortened version).

• Adding System Calls (an OpenBSD Example), O'Reilly Net OnLamp.com BSD DevCenter, October 9, 2003.
  Another O'ReillyNet article about OpenBSD by an OpenBSD developer. This one, by Kevin Lo, is a quick introduction to the modification of the OpenBSD kernel to support a new system call. Example code is included.

• Diving into GCC: OpenBSD and m88k, O'Reilly Net OnLamp.com BSD DevCenter, October 2, 2003.
  Our own Miod Vallat discusses how he learned to stop fearing GCC by just getting down and messing with its internals. Since he "started with almost zero gcc internals knowledge, it should be understandable by anyone able to read C code, and proves that diving into gcc is not as hard as one could imagine." Along the way, he gives some informative background on the Motorola 88000 architecture and its history with OpenBSD.

September, 2003

• A Digital Preservation Network Appliance Based on OpenBSD, BSDcon, September, 2003.
  David S. H. Rosenthal's paper on the design, implementation and deployment of the LOCKSS network appliance based on OpenBSD.

August, 2003

• [GERMAN] OpenBSD-Firewall erkennt Betriebssysteme, heise online, August 26, 2003.
  Short announcement of pf's passive os fingerprinting.

July, 2003

• The Open Road: Return of Packet Filter, UNIX Review, July, 2003.
  Joe "Zonker" Brockmeier returns to give a more detailed tour of the configuration and use of PF. Lots of links and pointers for people who want more information.

• Clarke advocates grass-roots action to protect critical IT, Government Computer News, July 22, 2003.
  Richard Clarke, the former cybersecurity czar for the White House (US), discusses challenges to developing a secure IT infrastructure. The end of the article mentions the awards presentations he made with SANS to OpenBSD for effective OS security testing.

• Users Recognize Leadership in Operating System and Network Security, SANS Institute, July 22, 2003.
  OpenBSD was chosen as a winner in the 2003 Information Security Leadership Awards, organized by the SANS institute. OpenBSD was chosen as the winner of the award for effective security testing of an operating system. To quote part of the award, "In the 2003 competition among military academies and grad schools, in which they competed to provide the best defense against cyber attacks launched by National Security Agency specialists, the judges acknowledged that in the final analysis, use of OpenBSD was a determining factor in the winner's ability to fight off attacks." The awards were presented by Richard Clarke in Washington DC. Other awards included patch distribution mechanisms and denial of service attack mitigation techniques.

• The Essence of OpenBSD, OnLamp.com, July 17, 2003.
  Cameron Laird and George Peter Staplin offer an interview with several OpenBSD developers, including Theo de Raadt, Daniel Hartmeier, Jason Wright, Miod Vallat, and Dale Rahn. The developers talk about how the project came to be in 1995, how they came to the project, and what they have been working on.

June, 2003

• The Open Road: OpenBSD's Packet Filter, UNIX Review, June, 2003.
  Author Joe "Zonker" Brockmeier provides a brief introduction to installing OpenBSD and the basics of PF. The article is quite short and cannot provide enough detail to do anything but start looking at the rules and use of PF. This is the first in a two-part series on OpenBSD and PF.

• Is It Time for BSD?, eWeek, June 23, 2003.
  Jim Rapoza discusses the current SCO legal battles against IBM and the Linux community. Citing the legal friction, Rapoza encourages IT departments to investigate the BSD world, especially OpenBSD, which have already settled their UNIX source code claims with AT&T. The security and track record of the BSD distributions is also touted as a reason to investigate their use in corporate IT settings.

• Loose Lips Sink Ships, Software Development Online, June, 2003.
  Alexandra Weber Morales provides a concise summary of the DARPA-OpenBSD funding issue by repeating some information published elsewhere and also providing original material from others. Old and new quotes from Jan Walker reiterate the original DARPA position. Gene Spafford, Gary McGraw both contribute comments on the project's situation and current state. Also provides a concise summary of the project's latest release and current activities.

• [GERMAN] "We don't do politics, we write software", c't 13/03, p. 106.
  An interview with Theo - over two pages, he talks about the DARPA funding story, explains the importance of the hackathons and how the 2003 hackathon was different from the past ones that had a "mission", like replacing ipf with pf at the Boston hackathon. Opposed to that, this year's hackathon didn't have a mission, but rather around 20 teams working on different projects and forming new teams later to attack other problems. He describes a "very complex and intense climate" and points out that support for AMD Hammer, UltraSPARC III, SMP and Mozilla was done. Theo also talks about the DARPA funding cut and its effects - basically that funding will work like it did before the grant, through CD, T-Shirt and Poster sales as well as donations. Asked about Linus Torvald's role in Linux Theo describes his role in OpenBSD as a "friendly dictator" who is involved in all major decisions. A further topic is, naturally, security. Theo points out that an absolutely secure system would imply a bugfree system and thus is not possible, and briefly explains ProPolice and W^X. A small followup article focuses on the basics of ProPolice and W^X.

• OpenBSD gets harder to crack, Page 58, eWeek, June 2, 2003.
  Timothy Dyck reviews the latest OpenBSD release, 3.3, and focuses on the new features: PF and the integration with ALTQ and the system wide stack protection mechanisms. Some of the criticisms in the article have already been addressed in -current.

May, 2003

• Interview with Ivan Arce, CTO of Core Security Technologies Help Net Security, May 29, 2003.
  Berislav Kucan interviews Ivan Arce, CTO of Core Security Technologies. Several of the people at Core have been involved in the development of OpenBSD, and they commonly use OpenBSD as one of their development and deployment platforms. In the interview, Ivan is quoted as saying "... from a purely security perspective. I would say that OpenBSD is still the king of the hill." PF is also one of Ivan's top five security tools.

• Beyond Linux, InfoWorld, May 23, 2003.
  Columnist Chad Dickerson discusses several Open Source projects as alternatives to Linux. OpenBSD gets a brief mention as the most secure free OS available. The BSD license is also touted in a positive light compared to the GPL.

• Elite Programmers `Hack' to Help Others, Pages A1/D1/D4, Calgary Herald, May 17, 2003.
  Tamara Gignac came out to the hackathon and spent much of the day talking to team members; her article takes up half the front page of the business section and half of another page inside (plus a four-column-inch teaser on the front page). "We're addicted to making good stuff that works", she quotes Theo, in talking about the project's history and goals. Goes over the whole gamut of meanings of the term "hacker" - including early MIT hackerdom and quotes from Tim Berners-Lee - and how the term went downhill in the public's mind after the War Games movie. Photos of dhartmei, jason and others.
  This article can also be found online at:
  • Hackers Try for a Good Rap, Saskatoon StarPhoenix, May 17, 2003 (somewhat shortened version).
  • Hackers try to buff their image, Montreal Gazette, May 21, 2003

• Funding cut linked to antiwar remarks, Page E5, Calgary Herald, May 7, 2003.
  An article not yet on the net by Tamara Gignac once again discusses the DARPA funding cut and how it will have no affect on the Hackathon happening in Calgary starting the 9th.

• Shame on DARPA for Pulling OpenBSD Funding, OsOpinion, May 6, 2003.
  Joe Brockmeier writes a scathing discussion regarding the perception of wrongdoing inside DARPA and Air Force in regards to the funding cut.
  This article can also be found online at:
  • Shame on DARPA for Pulling OpenBSD Funding, NewsFactor Network.

• OpenBSD, closed doors, ITBusiness, May 2, 2003.
  Shane Schick covers a quick recount of the DARPA funding situation, the release of 3.3 and its buffer-overflow fighting security features. Despite some errors, the article interestingly ends with a suggestion that the Canadian government should help fund OpenBSD.

• OpenBSD launches latest release, InfoWorld, May 1, 2003.
  Carly Suppa discusses the new things that can be found in OpenBSD 3.3.
  This article can also be found online at:
  • OpenBSD launches latest release, IDG Singapore.

• OpenBSD 3.3 prevails despite funding cut, ZDNet, May 1, 2003.
  An article with a number of errors, apparently cobbled together by someone using parts from previous articles.
  This article can also be found online at:
  • Developers give OpenBSD to public, BusinessWeek.com.
  • Developers give OpenBSD to public, CNET News.com.
  • OpenBSD releases version 3.3, ZDNet UK.
  • OpenBSD 3.3 has been released, Help Net Security, Croatia.

• OpenBSD 3.3 Released, Todd Miller in openbsd-announce, May 1, 2003.
  The official announcement of the 3.3 release lists all the great things that have been added to the system in 3.3, including ProPolice, W^X, fewer setuid/setgid programs, more privsep, major security and usability improvements in pf, more hardware support including the HPPA platform, spamd, more and better third-party "ports", many upgrades to included software, and more. Recommends purchase of CD and T-shirts to provide continuing funding for the project (more so now that the DARPA funding is gone). As always, OpenBSD remains free software, so you can FTP it for free.

April, 2003

• Can OpenBSD really eliminate buffer over-runs?, TechRepublic, April 28, 2003.
  John McCormick writes about the recent W^X and ProPolice efforts in the upcoming 3.3 release, noting that other vendors should look at this work.
  Can also be found online at:
  • Can OpenBSD really eliminate buffer over-runs?, ZDNet UK.

• OpenBSD contract suspended due to 'world events', IDG, April 24, 2003.
  Grant Gross provides another summary of new information regarding the DARPA grant situation. Like other reporters, he runs into a wall, as DARPA refuses to "go into any more detail."
  Can also be found online at:
  • OpenBSD contract suspended due to 'world events, InfoWorld.

• The Fix Is In: Programmers can stop Internet worms. Will they?, Slate, April 24, 2003.
  Paul Boutin asks whether the buffer overflow prevention techniques found in OpenBSD 3.3 will, in time, find themselves into commercial operating systems like Windows, where they could have stopped major buffer-overflow based problems like Slammer, Code Red, and Nimda.

• OpenBSD Funding, LWN.net Weekly Edition, April 24, 2003.
  ($ registration required; free after May 1, 2003).
  More detailed discussion of why the funding was cut, by whom and when. Concludes that the funding cut "may not be as dramatic as it sounds", since OpenBSD has other sources of funding.

• [ITALIAN] La DARPA ritira i fondi per OpenBSD, WebNews online, April 24, 2003.
  Notes that DARPA's funding cut is "a gesture that has echoed throughout the free software community". Refers to the AP article below, and has lots of links to other articles.

• Canadian Programmer Says U.S. Cut Funding After Comments, New York Times, April 24, 2003.
  Another take on the ongoing saga, with some interesting remarks: Reporter Jennifer Lee comments that the controversy "highlights the delicate balance between the military and the anti-establishment bent of some in the technology community. It also shows that the international pool of computer programmers and hackers, possessing vast technological expertise, is not entirely sympathetic to the American military's current role in world affairs." Notes the discrepancy between DARPA's public position and what the people working on the UPenn project have been told.
  Describes Theo de Raadt as "A respected Canadian computer programmer ... the 35-year-old founder of an international collaborative software project known as OpenBSD", and quotes him as saying that the hackathon will go on: "We are free people, we are hobbyists," he said. "We do this for fun."
  Can also be found online at:
  • Canadian Programmer Says U.S. Cut Funding After Comments, Common Dreams NewsCenter

• Organizer: 'Hackathon' Will Go On, Wired, April 24, 2003.
  Another retelling of the tale, similar in scope to the NYTimes.com article above. Quotes Theo as saying: "The hackathon will go on," de Raadt said. "There's no way I'll be taking 60 people's personal flights and wasting them."
  Can also be found online at:
  • [JAPANESE] Wired News Japan 

• Open Source Enables Terrorist States, Slashdot, April 23, 2003.
  Coverage and commentary on DARPA's cancellation and its implications for open source software.

• Federal funding abruptly cut for research project, dailypennsylvanian.com, April 23, 2003.
  An article from the University of Pennsylvania commenting on the DARPA cut and the university involvement in it.

• [GERMAN] OpenBSD in Ungnade, Heise online, April 23, 2003.
  OpenBSD in disgrace - UPenn's actions against the hackathon.

• [DUTCH] Defensie VS stopt subsidie OpenBSD, WebWereld NL, April 22, 2003.
  This article works from information found in the CNET article.

• OpenBSD loses funding due to anti-war statements, Sydney Morning Herald, April 21, 2003.
  Yet another article on the DARPA moves, this time from down under. Days before the grant was recalled, Jonathan M. Smith told de Raadt that "perceptions of wrong doing" were very important to UPENN. When papers around the world start making assertions of wrong doing on UPENN and DARPA's part, how is that for perception?
  Can also be found online at:
  • OpenBSD loses funding due to anti-war statements, The Age.
  • [INDONESIAN] OpenBSD Terhambat Anti-Perang, detiki-Net, Indonesia.

• [TURKISH] DARPA OpenBSD'ye Destegini Geri Çekiyor..., Olympos Security, April 20, 2003.
  The leading Turkish IT Security Portal reporting about the DARPA fund cut. Talks about the DARPA CHATS funding to POSSE program and the benefits to the open source community. Quotes from de Raadt's anti-war views from the interview and his plans for holding the approaching hackathon even without funding. Also covers the OpenBSD project's many contributions to the field of operating system security and proactive auditing.

• Researcher feels anti-war views cost him U.S. funding, Globe & Mail, April 18, 2003.
  David Akin writes a second article about the DARPA situation. His original article, found further down, was the one which reputedly angered officials at UPenn and DARPA.

• [FRENCH] La DARPA coupe les vi